Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/c_tGuzEiOBeAJ_uoUkxmDOWrwqo.roa
File:                     c_tGuzEiOBeAJ_uoUkxmDOWrwqo.roa (raw, json)
Hash identifier:          tl8nAWLzZV2T0+dhNBOtOKBKJm3XgsoPs00jmZ7Ztp4=
Subject key identifier:   73:FB:46:BB:31:22:38:17:80:27:FB:A8:52:4C:66:0C:E5:AB:C2:AA
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019421B2354C8644B13AEB59C96F8D7168CE
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/c_tGuzEiOBeAJ_uoUkxmDOWrwqo.roa
Signing time:             Wed 01 Jan 2025 11:48:34 +0000
ROA not before:           Wed 01 Jan 2025 11:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206442
IP address blocks:        82.177.202.0/23 maxlen: 23
                          195.136.204.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:35:4c:86:44:b1:3a:eb:59:c9:6f:8d:71:68:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 11:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=73fb46bb312238178027fba8524c660ce5abc2aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f7:f1:d5:36:03:5d:66:b7:fd:42:83:73:73:
                    7e:52:52:a4:2c:48:bf:c4:c9:08:91:c5:5a:86:6b:
                    71:c2:c3:5d:85:b1:c5:e5:b1:2d:25:1c:03:70:3a:
                    7d:5a:d3:d9:ea:3e:eb:b7:e4:2e:90:40:ab:91:25:
                    11:89:69:15:ac:9a:9b:20:95:fc:25:8f:f8:33:ee:
                    42:00:c8:0a:18:c8:91:46:f3:98:f5:34:0a:88:bf:
                    9c:f9:6a:03:6f:be:d6:a6:11:b1:4f:5c:39:ea:b6:
                    df:92:66:51:69:67:47:2d:38:54:1b:e2:d3:01:a3:
                    5e:6d:ad:4f:48:57:3f:30:a4:55:9c:a6:e2:27:b9:
                    9d:f5:d5:e4:c6:10:a1:69:f9:a5:30:78:48:a0:33:
                    2c:88:18:d4:dd:4e:78:c7:93:6b:23:85:1e:91:a6:
                    a7:47:c0:89:40:d2:21:43:5c:1d:74:e6:c4:05:87:
                    58:3f:f1:3b:6a:60:e6:b6:70:49:6c:4d:bb:52:34:
                    7d:4f:53:55:fb:0f:ff:e0:74:59:4a:9e:b5:5c:56:
                    09:e9:2f:01:86:4d:32:e9:c1:dc:18:dd:9e:d3:54:
                    3d:6a:42:09:19:bf:08:bb:ee:6d:77:92:b3:32:58:
                    24:a5:cb:3c:77:05:1b:20:7f:08:66:12:65:d4:0a:
                    08:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:FB:46:BB:31:22:38:17:80:27:FB:A8:52:4C:66:0C:E5:AB:C2:AA
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/c_tGuzEiOBeAJ_uoUkxmDOWrwqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.177.202.0/23
                  195.136.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:02:f6:5d:04:f4:e8:a1:9f:82:c2:92:06:f4:03:02:26:ba:
         40:e5:fe:b1:b8:88:8f:c8:53:54:29:fb:87:d9:40:1a:11:b3:
         0a:fe:e5:4e:0b:88:fc:10:bb:fd:0f:d4:8a:c0:89:c3:9d:75:
         46:88:ab:c7:73:c4:4f:70:35:92:73:32:20:eb:07:e2:71:90:
         4e:a4:f9:17:03:ce:89:bc:cc:3d:db:99:9e:59:4f:84:03:79:
         86:34:a5:e5:96:5b:bb:a1:6c:d3:21:a4:1b:3e:a5:3a:99:83:
         48:05:06:49:c2:26:be:e5:86:87:06:a9:31:ad:9d:f3:ba:4c:
         bc:20:c7:cc:77:09:ce:69:e6:12:a4:06:38:0c:7b:35:cc:af:
         68:08:17:88:5a:23:d5:05:7f:9a:d7:a0:c1:8c:b1:fb:5b:f0:
         39:4e:cf:96:1e:e4:93:da:76:4c:79:51:7e:7d:4a:ff:ab:c8:
         77:7d:65:83:22:03:f5:d5:a8:5a:91:8d:7b:c9:cb:a4:f7:51:
         5a:0a:b8:72:24:a4:27:a2:2d:d1:e6:df:f5:d6:19:b3:36:36:
         d3:36:30:64:9f:29:19:15:bb:83:d8:16:f5:df:31:f3:ca:cc:
         24:38:12:f0:3a:10:56:84:f4:26:37:61:dc:1a:67:41:04:9d:
         79:a1:09:e8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsjVMhkSxOutZyW+NcWjOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjUwMTAxMTE0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2ZiNDZiYjMxMjIzODE3ODAyN2ZiYTg1MjRjNjYwY2U1YWJjMmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPfx1TYDXWa3/UKDc3N+UlKkLEi/
xMkIkcVahmtxwsNdhbHF5bEtJRwDcDp9WtPZ6j7rt+QukECrkSURiWkVrJqbIJX8
JY/4M+5CAMgKGMiRRvOY9TQKiL+c+WoDb77WphGxT1w56rbfkmZRaWdHLThUG+LT
AaNeba1PSFc/MKRVnKbiJ7md9dXkxhChafmlMHhIoDMsiBjU3U54x5NrI4Uekaan
R8CJQNIhQ1wddObEBYdYP/E7amDmtnBJbE27UjR9T1NV+w//4HRZSp61XFYJ6S8B
hk0y6cHcGN2e01Q9akIJGb8Iu+5td5KzMlgkpcs8dwUbIH8IZhJl1AoI7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHP7RrsxIjgXgCf7qFJMZgzlq8KqMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvY190R3V6RWlPQmVBSl91b1VreG1ET1dyd3FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUrHKAwQC
w4jMMA0GCSqGSIb3DQEBCwUAA4IBAQB9AvZdBPTooZ+CwpIG9AMCJrpA5f6xuIiP
yFNUKfuH2UAaEbMK/uVOC4j8ELv9D9SKwInDnXVGiKvHc8RPcDWSczIg6wficZBO
pPkXA86JvMw925meWU+EA3mGNKXlllu7oWzTIaQbPqU6mYNIBQZJwia+5YaHBqkx
rZ3zuky8IMfMdwnOaeYSpAY4DHs1zK9oCBeIWiPVBX+a16DBjLH7W/A5Ts+WHuST
2nZMeVF+fUr/q8h3fWWDIgP11ahakY17ycuk91FaCrhyJKQnoi3R5t/11hmzNjbT
NjBknykZFbuD2Bb13zHzyswkOBLwOhBWhPQmN2HcGmdBBJ15oQno
-----END CERTIFICATE-----