Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/dFXu9vP7vufGrRPmnMKpMOLPFe0.roa
File:                     dFXu9vP7vufGrRPmnMKpMOLPFe0.roa (raw, json)
Hash identifier:          E++puErWoxX18Bwd8NFHHoU+NBPr1kighEpoF/jgI7M=
Subject key identifier:   74:55:EE:F6:F3:FB:BE:E7:C6:AD:13:E6:9C:C2:A9:30:E2:CF:15:ED
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DACCEE155C977B434530F1A9A9211B
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/dFXu9vP7vufGrRPmnMKpMOLPFe0.roa
Signing time:             Mon 01 Jan 2024 02:29:28 +0000
ROA not before:           Mon 01 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33806
IP address blocks:        195.136.182.0/23 maxlen: 23
                          195.136.180.0/23 maxlen: 23
                          195.136.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:cc:ee:15:5c:97:7b:43:45:30:f1:a9:a9:21:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7455eef6f3fbbee7c6ad13e69cc2a930e2cf15ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c6:3e:de:ec:f3:7b:0a:db:7d:a6:e7:f4:18:
                    0d:82:12:e2:d2:78:b6:39:6f:08:78:d5:9e:53:d8:
                    b6:96:0c:ca:1b:ab:18:1c:5d:b3:84:4b:ff:d4:0e:
                    13:9b:90:e3:d9:97:8f:7e:9b:7a:7e:c3:b5:69:bc:
                    d0:92:ff:c7:c5:41:bd:0e:01:c9:34:9b:bc:cd:5f:
                    5a:e4:8a:49:ec:9e:df:c0:90:34:72:bb:c2:ee:9e:
                    c0:e8:70:1a:86:c4:84:13:25:0d:6e:3b:f7:6c:a2:
                    30:76:45:21:60:bd:0e:ef:00:09:cb:c3:a3:21:a4:
                    fc:4c:3d:b9:20:6b:fe:5a:0e:45:30:d7:7b:98:4a:
                    51:cf:c7:1e:db:bb:3b:11:b2:67:38:a6:4a:66:be:
                    2f:7f:20:b8:7f:4f:7f:c0:8d:58:3d:f1:52:98:7b:
                    14:0a:e4:99:2e:b2:47:60:53:d4:b2:8a:c0:6b:b5:
                    60:40:bc:1f:9f:57:c5:e8:7f:7d:8b:93:7d:2e:4f:
                    cf:46:09:26:df:d7:be:18:2d:86:3b:b8:81:36:65:
                    6f:af:b6:60:46:62:a7:de:7e:d2:47:b0:da:e7:1e:
                    55:2d:ac:42:84:6c:4c:fe:c9:c8:ae:a4:5c:a5:6d:
                    83:e2:68:aa:76:08:62:e1:3e:78:db:2d:31:32:fc:
                    f7:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:55:EE:F6:F3:FB:BE:E7:C6:AD:13:E6:9C:C2:A9:30:E2:CF:15:ED
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/dFXu9vP7vufGrRPmnMKpMOLPFe0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.136.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:f8:73:65:57:ae:8d:95:fd:3d:4d:0e:31:a7:94:c3:42:96:
         f7:fa:33:19:5d:bb:e9:be:81:59:e2:12:49:1d:b0:01:e3:df:
         8a:60:e0:64:8d:60:7e:e4:39:06:6d:a9:bc:ae:9c:ca:ed:6d:
         8a:a9:f6:6c:af:db:b4:98:1b:5c:c5:86:a6:10:7a:f8:cf:0e:
         fb:2e:b9:d5:38:b7:35:5e:51:73:6f:42:40:62:29:1a:2f:b5:
         5e:d2:5b:a5:d6:f1:23:e2:87:26:5e:7b:ee:3b:d6:19:e0:44:
         01:c3:30:10:ab:1a:c3:f7:25:da:8b:b8:3c:be:a8:cd:f5:8f:
         c9:77:92:4c:2d:67:7f:1d:d7:62:77:2f:9d:4d:ee:34:4b:e5:
         02:3c:83:22:90:0c:d4:67:71:aa:a2:04:f2:6a:c8:01:36:38:
         96:44:31:29:09:da:16:b9:2d:16:73:fe:5a:f0:1d:bc:84:ad:
         08:30:6c:c0:ca:b1:1c:4f:1f:e5:28:79:76:ca:c3:94:70:9b:
         81:95:6a:b7:ce:46:ac:9c:55:90:c6:85:40:67:69:61:83:01:
         0a:d7:bf:82:21:d2:3e:de:02:de:15:12:16:8e:1d:38:61:6b:
         a0:ee:cd:cc:f6:16:8e:ae:57:cd:22:d9:75:36:e8:6c:00:28:
         e2:37:73:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2szuFVyXe0NFMPGpqSEbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDU1ZWVmNmYzZmJiZWU3YzZhZDEzZTY5Y2MyYTkzMGUyY2YxNWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8Y+3uzzewrbfabn9BgNghLi0ni2
OW8IeNWeU9i2lgzKG6sYHF2zhEv/1A4Tm5Dj2ZePfpt6fsO1abzQkv/HxUG9DgHJ
NJu8zV9a5IpJ7J7fwJA0crvC7p7A6HAahsSEEyUNbjv3bKIwdkUhYL0O7wAJy8Oj
IaT8TD25IGv+Wg5FMNd7mEpRz8ce27s7EbJnOKZKZr4vfyC4f09/wI1YPfFSmHsU
CuSZLrJHYFPUsorAa7VgQLwfn1fF6H99i5N9Lk/PRgkm39e+GC2GO7iBNmVvr7Zg
RmKn3n7SR7Da5x5VLaxChGxM/snIrqRcpW2D4miqdghi4T542y0xMvz3cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHRV7vbz+77nxq0T5pzCqTDizxXtMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvZEZYdTl2UDd2dWZHclJQbW5NS3BNT0xQRmUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw4i0MA0G
CSqGSIb3DQEBCwUAA4IBAQCK+HNlV66Nlf09TQ4xp5TDQpb3+jMZXbvpvoFZ4hJJ
HbAB49+KYOBkjWB+5DkGbam8rpzK7W2KqfZsr9u0mBtcxYamEHr4zw77LrnVOLc1
XlFzb0JAYikaL7Ve0lul1vEj4ocmXnvuO9YZ4EQBwzAQqxrD9yXai7g8vqjN9Y/J
d5JMLWd/Hddidy+dTe40S+UCPIMikAzUZ3GqogTyasgBNjiWRDEpCdoWuS0Wc/5a
8B28hK0IMGzAyrEcTx/lKHl2ysOUcJuBlWq3zkasnFWQxoVAZ2lhgwEK17+CIdI+
3gLeFRIWjh04YWug7s3M9haOrlfNItl1NuhsACjiN3MR
-----END CERTIFICATE-----