Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/UhIa6I7lORYYX9hQ1Rt9jWOgb_M.roa
File:                     UhIa6I7lORYYX9hQ1Rt9jWOgb_M.roa (raw, json)
Hash identifier:          mrfbtYnqfAjQA9afof6ETcUZK4xmjjeJpjcoB1Pd0rM=
Subject key identifier:   52:12:1A:E8:8E:E5:39:16:18:5F:D8:50:D5:1B:7D:8D:63:A0:6F:F3
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DACBB0DEE25D512B667F9EA90E5DFC
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/UhIa6I7lORYYX9hQ1Rt9jWOgb_M.roa
Signing time:             Mon 01 Jan 2024 02:29:28 +0000
ROA not before:           Mon 01 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24577
IP address blocks:        82.177.142.0/24 maxlen: 24
                          82.177.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:cb:b0:de:e2:5d:51:2b:66:7f:9e:a9:0e:5d:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52121ae88ee53916185fd850d51b7d8d63a06ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:2d:51:a2:4e:c5:69:84:3e:52:57:f9:a9:cd:
                    c3:81:4f:06:f8:11:f3:0d:90:e8:e1:8c:12:e8:c4:
                    9b:85:d4:68:c0:85:76:ee:c6:9b:b5:8c:75:8e:f7:
                    a7:5a:35:48:38:69:2c:a1:68:c0:52:fb:db:b2:18:
                    3c:5e:09:11:93:a7:1a:5f:45:1b:a3:14:4a:6e:97:
                    a6:c4:39:80:79:84:04:7d:8e:8a:fe:49:63:16:3a:
                    f7:ef:95:15:eb:37:61:41:8c:b5:dc:63:9d:03:ca:
                    5c:21:d5:ac:7b:12:54:a6:df:74:93:3a:e6:cb:80:
                    b8:62:e5:15:32:99:62:87:b7:de:78:ec:e8:0b:f7:
                    37:d1:77:d1:c1:83:ac:e7:05:3b:26:41:78:f1:c6:
                    bd:7b:b5:67:47:ec:e4:74:fa:80:0a:6d:bd:89:df:
                    f9:aa:df:d9:3a:e7:7c:ce:da:04:90:9e:87:9d:92:
                    5c:ec:00:ca:e1:9c:d6:d0:c1:53:dd:91:5b:01:b9:
                    57:49:0c:04:ec:c2:c7:eb:1d:89:2e:4a:54:33:b6:
                    b6:dc:1a:c3:2f:b1:ae:57:5b:c7:b2:c9:e2:7c:08:
                    ca:95:b3:7d:37:49:b7:87:1f:81:10:53:75:b9:6d:
                    c8:8d:2d:43:97:b4:78:8b:98:79:8f:7a:f1:9c:e6:
                    d1:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:12:1A:E8:8E:E5:39:16:18:5F:D8:50:D5:1B:7D:8D:63:A0:6F:F3
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/UhIa6I7lORYYX9hQ1Rt9jWOgb_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.177.142.0/24
                  82.177.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:0a:53:4c:62:56:89:39:59:a2:8b:8e:f0:8a:4b:fd:6a:7f:
         97:8d:71:52:b0:bc:3f:49:5b:63:4f:2f:dc:bf:f8:d5:2d:45:
         10:6c:ff:af:25:5c:d7:7d:c0:fe:d8:36:3e:70:f9:f4:6a:31:
         77:c9:7a:5e:7d:2d:ef:29:e1:4c:48:d9:3e:55:53:78:cb:e9:
         f8:00:a0:f7:80:48:f2:ce:e3:52:c2:bf:2b:12:e5:e2:8e:48:
         cf:d7:9b:71:24:2a:7b:ca:02:ec:9c:3b:55:40:f1:40:79:52:
         5e:da:3f:2c:94:b0:5a:a0:7c:08:bb:f2:70:88:c0:c0:64:fa:
         e5:cc:97:aa:45:51:00:94:76:bb:50:1a:e6:e3:38:a1:35:85:
         ab:8e:f7:7b:05:77:59:a1:65:a2:bd:fc:09:8c:3f:74:4c:06:
         b3:b3:9b:ef:bd:71:89:d2:55:3b:11:da:43:90:bd:5f:0e:95:
         5f:fa:c5:2b:8c:14:97:f3:f6:d3:c8:a3:08:b8:46:bf:e9:57:
         69:87:52:ef:f8:f0:ac:18:b7:ec:95:fc:54:ab:c5:44:4f:bd:
         2c:a2:11:1f:c7:83:db:5c:5d:8f:2e:54:dd:85:b2:92:3c:ab:
         93:5c:b8:d6:f6:92:6b:b6:38:0e:1c:87:ff:ab:80:da:73:35:
         a9:df:e7:42
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2suw3uJdUStmf56pDl38MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjEyMWFlODhlZTUzOTE2MTg1ZmQ4NTBkNTFiN2Q4ZDYzYTA2ZmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArC1Rok7FaYQ+Ulf5qc3DgU8G+BHz
DZDo4YwS6MSbhdRowIV27sabtYx1jvenWjVIOGksoWjAUvvbshg8XgkRk6caX0Ub
oxRKbpemxDmAeYQEfY6K/kljFjr375UV6zdhQYy13GOdA8pcIdWsexJUpt90kzrm
y4C4YuUVMplih7feeOzoC/c30XfRwYOs5wU7JkF48ca9e7VnR+zkdPqACm29id/5
qt/ZOud8ztoEkJ6HnZJc7ADK4ZzW0MFT3ZFbAblXSQwE7MLH6x2JLkpUM7a23BrD
L7GuV1vHssnifAjKlbN9N0m3hx+BEFN1uW3IjS1Dl7R4i5h5j3rxnObRiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFISGuiO5TkWGF/YUNUbfY1joG/zMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvVWhJYTZJN2xPUllZWDloUTFSdDlqV09nYl9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUrGOAwQA
UrG9MA0GCSqGSIb3DQEBCwUAA4IBAQAyClNMYlaJOVmii47wikv9an+XjXFSsLw/
SVtjTy/cv/jVLUUQbP+vJVzXfcD+2DY+cPn0ajF3yXpefS3vKeFMSNk+VVN4y+n4
AKD3gEjyzuNSwr8rEuXijkjP15txJCp7ygLsnDtVQPFAeVJe2j8slLBaoHwIu/Jw
iMDAZPrlzJeqRVEAlHa7UBrm4zihNYWrjvd7BXdZoWWivfwJjD90TAazs5vvvXGJ
0lU7EdpDkL1fDpVf+sUrjBSX8/bTyKMIuEa/6Vdph1Lv+PCsGLfslfxUq8VET70s
ohEfx4PbXF2PLlTdhbKSPKuTXLjW9pJrtjgOHIf/q4DaczWp3+dC
-----END CERTIFICATE-----