Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/XRyJq_gN2Wd0jrnNFSHdIx-ZoA0.roa
File:                     XRyJq_gN2Wd0jrnNFSHdIx-ZoA0.roa (raw, json)
Hash identifier:          3uKtS8W8/iGpV4HncpewUsaafGQKsLpPn01CSjOY1bI=
Subject key identifier:   5D:1C:89:AB:F8:0D:D9:67:74:8E:B9:CD:15:21:DD:23:1F:99:A0:0D
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAE7B7FD02751DC34A4A75A79493AD
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/XRyJq_gN2Wd0jrnNFSHdIx-ZoA0.roa
Signing time:             Mon 01 Jan 2024 02:29:35 +0000
ROA not before:           Mon 01 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208227
IP address blocks:        82.177.44.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e7:b7:fd:02:75:1d:c3:4a:4a:75:a7:94:93:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d1c89abf80dd967748eb9cd1521dd231f99a00d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:90:1b:37:fc:da:b7:52:a0:5e:b0:fd:4f:50:
                    52:0a:4c:3c:6c:46:24:d5:b8:18:8c:21:33:68:93:
                    77:2d:70:4f:8f:ad:f9:f2:4d:f1:70:57:32:11:d2:
                    ed:ad:2a:f7:f8:c8:5a:65:a2:f4:44:ef:68:bd:b8:
                    95:16:d6:1b:41:e0:44:f3:af:41:48:f9:b1:63:ea:
                    df:65:e7:e2:cf:33:cd:83:e9:14:b1:2c:c3:98:9a:
                    cd:cf:11:d3:b3:d2:dd:eb:bc:3e:7a:e8:95:74:d6:
                    46:56:c7:60:f8:d5:57:f8:db:ad:c7:dd:08:0e:91:
                    52:5f:bb:98:ea:7a:51:03:ac:6e:71:21:d0:c4:b5:
                    a2:d2:47:32:95:3f:e5:3c:17:f5:9b:e0:63:76:66:
                    a5:7e:b0:03:e2:2c:02:7f:57:ff:67:f5:19:67:99:
                    45:56:5b:8e:c0:1a:38:d4:ea:d0:1e:9a:84:59:bd:
                    69:fc:95:9f:94:22:b5:8d:27:da:7f:84:77:fd:14:
                    27:5e:68:1b:d9:3f:b1:c7:66:bd:97:a8:a0:c4:35:
                    8e:81:6f:6c:af:8a:a4:8f:2f:c4:06:8b:2d:a8:29:
                    0e:c1:cb:0a:16:41:d7:af:4d:e6:a6:57:d2:2a:2f:
                    1e:e8:22:80:2f:49:bd:d4:cc:a7:f5:26:37:32:ea:
                    93:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:1C:89:AB:F8:0D:D9:67:74:8E:B9:CD:15:21:DD:23:1F:99:A0:0D
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/XRyJq_gN2Wd0jrnNFSHdIx-ZoA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.177.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:ad:21:70:3c:d6:29:af:ed:41:ef:80:cf:d0:1f:46:1c:8c:
         c4:42:f3:32:3f:d5:17:9f:24:b3:e1:ba:cd:45:17:63:31:36:
         fe:3f:3e:35:60:80:f0:e1:20:cb:1a:85:f1:3f:e5:b1:4b:84:
         ec:3e:db:5e:d6:c7:26:89:a8:ec:52:4b:b4:ea:39:f6:6b:78:
         32:29:b9:77:7a:3f:97:40:48:dd:db:d3:9b:71:d2:80:2b:14:
         ee:83:83:03:eb:cd:d4:28:2f:2b:0a:f3:2e:74:fb:e8:a7:02:
         f6:e5:bd:8f:4c:84:99:df:05:40:27:bf:55:99:7d:30:67:0f:
         2d:cf:c8:a0:a9:8d:1f:3c:bc:1d:aa:f3:35:ff:48:cb:6c:f2:
         e7:56:33:de:e3:31:14:38:33:75:cf:74:24:81:a3:43:47:f3:
         4c:df:ce:bd:4f:04:e8:ce:d4:87:ae:44:f3:f7:26:cb:a7:9c:
         c0:d7:55:c4:0f:9d:7b:f8:0f:b7:d9:6e:c9:f5:09:10:59:e2:
         1a:13:f2:04:6e:eb:70:41:59:e5:d4:f9:f2:ca:00:1d:bc:65:
         91:a0:08:f3:e3:1b:6d:e9:02:b6:c5:34:d9:b2:67:04:7d:1b:
         b3:aa:df:bd:68:14:ce:17:0d:6e:75:64:03:85:0b:1b:c8:69:
         13:52:fa:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2ue3/QJ1HcNKSnWnlJOtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDFjODlhYmY4MGRkOTY3NzQ4ZWI5Y2QxNTIxZGQyMzFmOTlhMDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5AbN/zat1KgXrD9T1BSCkw8bEYk
1bgYjCEzaJN3LXBPj6358k3xcFcyEdLtrSr3+MhaZaL0RO9ovbiVFtYbQeBE869B
SPmxY+rfZefizzPNg+kUsSzDmJrNzxHTs9Ld67w+euiVdNZGVsdg+NVX+Nutx90I
DpFSX7uY6npRA6xucSHQxLWi0kcylT/lPBf1m+BjdmalfrAD4iwCf1f/Z/UZZ5lF
VluOwBo41OrQHpqEWb1p/JWflCK1jSfaf4R3/RQnXmgb2T+xx2a9l6igxDWOgW9s
r4qkjy/EBostqCkOwcsKFkHXr03mplfSKi8e6CKAL0m91Myn9SY3MuqT3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF0ciav4DdlndI65zRUh3SMfmaANMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvWFJ5SnFfZ04yV2QwanJuTkZTSGRJeC1ab0EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUrEsMA0G
CSqGSIb3DQEBCwUAA4IBAQAdrSFwPNYpr+1B74DP0B9GHIzEQvMyP9UXnySz4brN
RRdjMTb+Pz41YIDw4SDLGoXxP+WxS4TsPtte1scmiajsUku06jn2a3gyKbl3ej+X
QEjd29ObcdKAKxTug4MD683UKC8rCvMudPvopwL25b2PTISZ3wVAJ79VmX0wZw8t
z8igqY0fPLwdqvM1/0jLbPLnVjPe4zEUODN1z3QkgaNDR/NM3869TwToztSHrkTz
9ybLp5zA11XED517+A+32W7J9QkQWeIaE/IEbutwQVnl1PnyygAdvGWRoAjz4xtt
6QK2xTTZsmcEfRuzqt+9aBTOFw1udWQDhQsbyGkTUvpe
-----END CERTIFICATE-----