Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/fQZR8FKVvZuOxIX-ZcglyJQ1VeI.roa
File:                     fQZR8FKVvZuOxIX-ZcglyJQ1VeI.roa (raw, json)
Hash identifier:          kXI8lfQ8+/W2zJz+mtwrHNhL7r/PrDHhe11RoZrKqg8=
Subject key identifier:   7D:06:51:F0:52:95:BD:9B:8E:C4:85:FE:65:C8:25:C8:94:35:55:E2
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019421B2205EC100D2E0FDF2AC93E6941BBD
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/fQZR8FKVvZuOxIX-ZcglyJQ1VeI.roa
Signing time:             Wed 01 Jan 2025 11:48:29 +0000
ROA not before:           Wed 01 Jan 2025 11:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57101
IP address blocks:        195.136.136.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:20:5e:c1:00:d2:e0:fd:f2:ac:93:e6:94:1b:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 11:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7d0651f05295bd9b8ec485fe65c825c8943555e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:1c:9e:21:6f:0f:0f:3a:b3:2c:29:71:da:34:
                    93:5e:92:83:43:90:e1:14:30:f4:0e:6a:23:e2:1c:
                    ce:18:0b:c7:dd:0c:8f:e6:7d:92:bf:40:b1:a2:c5:
                    c0:7f:1c:b4:e9:7c:31:59:c0:65:4d:07:6b:aa:92:
                    ca:eb:51:43:fb:ca:59:01:0f:b3:63:c6:be:72:7b:
                    6b:98:58:dd:88:33:b8:18:7b:5e:39:be:e1:b5:3c:
                    78:46:50:fd:a8:b4:92:2e:86:e2:10:57:04:23:a4:
                    a8:69:44:7d:4e:b8:23:13:24:6f:44:5b:f8:e9:ef:
                    c6:2c:b2:30:13:97:a9:58:b3:6b:01:ca:58:0e:1b:
                    9a:05:d2:7d:1f:3a:4c:08:3c:0b:e4:73:b6:e5:40:
                    a1:38:ce:dd:39:33:91:d9:36:41:a6:ab:89:cd:29:
                    b7:19:73:fe:2c:b4:c7:5d:73:74:f9:2d:4a:29:af:
                    07:30:7e:96:b0:07:ed:a3:59:ad:0b:d3:77:bb:29:
                    96:67:00:1c:f8:12:2c:8f:b4:d3:63:d3:f1:b3:8f:
                    2c:1f:9f:33:54:aa:c6:04:c5:64:5d:06:be:ae:da:
                    2c:b5:c1:d8:b3:b6:dc:81:b8:ab:ae:a6:8e:0b:e4:
                    70:ae:e6:71:63:5d:dc:39:97:69:00:3c:3e:cb:9f:
                    45:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:06:51:F0:52:95:BD:9B:8E:C4:85:FE:65:C8:25:C8:94:35:55:E2
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/fQZR8FKVvZuOxIX-ZcglyJQ1VeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.136.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:8d:47:4b:0a:dc:0d:73:5d:aa:17:20:14:aa:3e:43:5a:91:
         e1:5a:3a:92:32:14:0e:ec:48:94:4a:f8:b0:78:51:4c:71:75:
         1d:19:a2:5c:51:68:68:03:e8:3f:27:71:47:5e:a9:b7:e8:5b:
         6d:29:68:9b:44:3d:04:de:3c:64:fc:22:e1:ad:5d:f1:02:dc:
         02:73:f4:06:e6:ce:af:d5:cc:f7:fa:ff:8b:de:70:9f:fc:f5:
         6d:f8:fb:fc:a2:c1:84:a0:6d:c4:a2:17:e3:ae:fb:8d:76:9d:
         b0:0a:eb:07:fa:d3:a6:05:fd:63:d4:1f:55:62:f8:0e:9f:a7:
         8c:df:48:48:ab:fb:5b:b1:7e:90:91:e3:02:5a:33:9b:fa:16:
         fa:6f:72:e6:e8:a6:f6:c6:3f:2e:2d:fb:54:a0:84:14:79:8b:
         01:01:3d:31:56:f8:be:78:70:e8:9d:1d:89:c6:31:c3:1c:aa:
         63:1f:ab:13:de:e5:c8:93:70:7f:3f:1f:58:e4:76:d5:aa:fd:
         5e:77:4b:b5:94:cc:d9:ef:1e:ad:34:7a:04:fe:38:6f:25:1d:
         31:42:d0:cc:10:76:5d:17:a7:26:8f:85:2b:48:74:1a:bd:ee:
         59:69:eb:e8:96:d7:e6:01:d8:5b:fa:a9:76:3b:1e:60:56:66:
         68:63:03:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsiBewQDS4P3yrJPmlBu9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjUwMTAxMTE0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDA2NTFmMDUyOTViZDliOGVjNDg1ZmU2NWM4MjVjODk0MzU1NWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphyeIW8PDzqzLClx2jSTXpKDQ5Dh
FDD0Dmoj4hzOGAvH3QyP5n2Sv0CxosXAfxy06XwxWcBlTQdrqpLK61FD+8pZAQ+z
Y8a+cntrmFjdiDO4GHteOb7htTx4RlD9qLSSLobiEFcEI6SoaUR9TrgjEyRvRFv4
6e/GLLIwE5epWLNrAcpYDhuaBdJ9HzpMCDwL5HO25UChOM7dOTOR2TZBpquJzSm3
GXP+LLTHXXN0+S1KKa8HMH6WsAfto1mtC9N3uymWZwAc+BIsj7TTY9Pxs48sH58z
VKrGBMVkXQa+rtostcHYs7bcgbirrqaOC+RwruZxY13cOZdpADw+y59FRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH0GUfBSlb2bjsSF/mXIJciUNVXiMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvZlFaUjhGS1Z2WnVPeElYLVpjZ2x5SlExVmVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw4iIMA0G
CSqGSIb3DQEBCwUAA4IBAQARjUdLCtwNc12qFyAUqj5DWpHhWjqSMhQO7EiUSviw
eFFMcXUdGaJcUWhoA+g/J3FHXqm36FttKWibRD0E3jxk/CLhrV3xAtwCc/QG5s6v
1cz3+v+L3nCf/PVt+Pv8osGEoG3EohfjrvuNdp2wCusH+tOmBf1j1B9VYvgOn6eM
30hIq/tbsX6QkeMCWjOb+hb6b3Lm6Kb2xj8uLftUoIQUeYsBAT0xVvi+eHDonR2J
xjHDHKpjH6sT3uXIk3B/Px9Y5HbVqv1ed0u1lMzZ7x6tNHoE/jhvJR0xQtDMEHZd
F6cmj4UrSHQave5ZaevoltfmAdhb+ql2Ox5gVmZoYwOu
-----END CERTIFICATE-----