Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/V-pQ24HQCmEVUh6VU-wJToDUAmE.roa
File:                     V-pQ24HQCmEVUh6VU-wJToDUAmE.roa (raw, json)
Hash identifier:          UZkcbujhQxRNO6cTkCv0XI5BxuBgCITJICJ8BeaDyfo=
Subject key identifier:   57:EA:50:DB:81:D0:0A:61:15:52:1E:95:53:EC:09:4E:80:D4:02:61
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DACFE065BF0B89DD91F73EB32012EC
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/V-pQ24HQCmEVUh6VU-wJToDUAmE.roa
Signing time:             Mon 01 Jan 2024 02:29:29 +0000
ROA not before:           Mon 01 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35787
IP address blocks:        195.136.72.0/23 maxlen: 23
                          195.136.32.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:cf:e0:65:bf:0b:89:dd:91:f7:3e:b3:20:12:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57ea50db81d00a6115521e9553ec094e80d40261
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:1d:02:ac:26:ba:26:c9:e7:07:59:ca:ef:fc:
                    3b:e4:82:a5:52:a4:e3:54:c2:c0:2c:39:47:77:43:
                    f1:62:f5:dd:54:88:7c:5e:b0:5d:e4:93:f8:2e:f1:
                    6b:31:12:63:61:f9:d4:53:65:c1:5b:ad:1a:c0:49:
                    0c:5b:f4:c7:27:93:32:35:75:98:0e:58:b0:3f:ed:
                    e0:6c:f1:74:69:8a:1c:2c:4a:53:9b:c1:61:68:e9:
                    af:c3:c5:d3:ba:77:12:e4:28:02:b1:8e:da:b6:83:
                    d7:b5:27:81:96:83:31:cc:4f:5a:71:95:06:53:5a:
                    47:ed:18:2c:1d:9e:39:cb:9d:19:10:07:43:11:a8:
                    13:90:c7:b5:da:2b:cc:3e:1e:3b:27:30:ef:97:49:
                    cc:a6:8a:c2:77:16:4e:db:54:4a:85:b3:76:9c:75:
                    90:13:08:7f:a8:9c:34:40:bb:b4:e3:07:f2:a8:5c:
                    e9:f2:96:98:24:eb:be:c2:fa:98:89:0c:8d:6a:61:
                    28:c4:eb:eb:fe:90:a3:2c:a2:47:4a:cf:f7:b7:d5:
                    66:ef:7b:9e:dd:f6:68:c0:0f:39:01:0e:18:ac:a7:
                    7c:ca:2d:48:9e:58:42:ca:a7:b1:86:29:15:b5:f4:
                    e9:56:39:d7:a3:a7:80:59:9c:b0:88:ee:c7:44:3b:
                    80:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:EA:50:DB:81:D0:0A:61:15:52:1E:95:53:EC:09:4E:80:D4:02:61
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/V-pQ24HQCmEVUh6VU-wJToDUAmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.136.32.0/23
                  195.136.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4d:73:b6:7f:6f:12:55:2a:72:a3:36:72:6f:33:e0:bf:be:22:
         ae:90:29:d2:46:54:ad:69:dc:ee:94:3b:43:25:5a:44:5b:41:
         ce:43:80:5b:39:bb:f4:bf:fe:ea:c8:44:5c:22:2a:1b:00:48:
         df:25:ad:dd:18:1b:2c:2e:38:5b:e5:cf:f0:4e:39:91:78:9d:
         4b:1b:d3:bd:ed:f2:77:08:1a:32:56:18:e5:2e:b0:72:ae:c3:
         29:8b:56:52:4a:d4:e6:f2:03:fc:92:73:b8:07:b2:70:cb:7c:
         26:1d:f4:c9:9c:c8:ea:78:d7:11:8b:13:34:49:6f:29:92:d0:
         f5:36:3d:9a:0d:b3:86:46:ba:b5:d3:d2:81:01:33:e0:2f:b1:
         97:ae:72:22:9c:b8:9e:8b:35:24:be:35:01:98:b7:87:96:25:
         14:79:18:ff:e8:92:de:34:59:cd:f5:3f:e3:a5:69:06:2d:34:
         32:27:56:b9:4a:7b:d9:40:86:bf:6a:2e:0b:da:d5:03:9b:97:
         df:58:69:3c:ff:7f:05:e4:ba:cb:34:2c:ba:03:fb:eb:22:b0:
         1a:d5:11:b0:d3:14:40:a2:71:6f:e8:22:a2:32:9c:0c:ee:59:
         3d:44:bc:eb:fc:5a:d0:0b:a8:a6:3f:0e:d4:03:a5:1e:74:b3:
         92:c9:31:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2s/gZb8Lid2R9z6zIBLsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2VhNTBkYjgxZDAwYTYxMTU1MjFlOTU1M2VjMDk0ZTgwZDQwMjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnx0CrCa6JsnnB1nK7/w75IKlUqTj
VMLALDlHd0PxYvXdVIh8XrBd5JP4LvFrMRJjYfnUU2XBW60awEkMW/THJ5MyNXWY
DliwP+3gbPF0aYocLEpTm8FhaOmvw8XTuncS5CgCsY7atoPXtSeBloMxzE9acZUG
U1pH7RgsHZ45y50ZEAdDEagTkMe12ivMPh47JzDvl0nMporCdxZO21RKhbN2nHWQ
Ewh/qJw0QLu04wfyqFzp8paYJOu+wvqYiQyNamEoxOvr/pCjLKJHSs/3t9Vm73ue
3fZowA85AQ4YrKd8yi1InlhCyqexhikVtfTpVjnXo6eAWZywiO7HRDuAwQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFfqUNuB0AphFVIelVPsCU6A1AJhMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvVi1wUTI0SFFDbUVWVWg2VlUtd0pUb0RVQW1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBw4ggAwQB
w4hIMA0GCSqGSIb3DQEBCwUAA4IBAQBNc7Z/bxJVKnKjNnJvM+C/viKukCnSRlSt
adzulDtDJVpEW0HOQ4BbObv0v/7qyERcIiobAEjfJa3dGBssLjhb5c/wTjmReJ1L
G9O97fJ3CBoyVhjlLrByrsMpi1ZSStTm8gP8knO4B7Jwy3wmHfTJnMjqeNcRixM0
SW8pktD1Nj2aDbOGRrq109KBATPgL7GXrnIinLieizUkvjUBmLeHliUUeRj/6JLe
NFnN9T/jpWkGLTQyJ1a5SnvZQIa/ai4L2tUDm5ffWGk8/38F5LrLNCy6A/vrIrAa
1RGw0xRAonFv6CKiMpwM7lk9RLzr/FrQC6imPw7UA6UedLOSyTHL
-----END CERTIFICATE-----