Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/iYe_54XRenB9xMIRX5pfH6ZiJxU.roa
File:                     iYe_54XRenB9xMIRX5pfH6ZiJxU.roa (raw, json)
Hash identifier:          XLxIyHou0uB0cyDyqcLxcp+BdJLzkT8ExeIzSMU7qOk=
Subject key identifier:   89:87:BF:E7:85:D1:7A:70:7D:C4:C2:11:5F:9A:5F:1F:A6:62:27:15
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAE53D0FDEE4EC394E2DA71C24AD8E
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/iYe_54XRenB9xMIRX5pfH6ZiJxU.roa
Signing time:             Mon 01 Jan 2024 02:29:34 +0000
ROA not before:           Mon 01 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206442
IP address blocks:        195.136.204.0/22 maxlen: 24
                          82.177.202.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 18:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e5:3d:0f:de:e4:ec:39:4e:2d:a7:1c:24:ad:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8987bfe785d17a707dc4c2115f9a5f1fa6622715
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:3a:aa:89:1d:bf:6f:1b:3b:dd:89:4b:66:55:
                    7c:24:34:bb:9a:1c:49:f3:88:d7:ae:82:ff:7b:64:
                    a6:78:35:30:23:cd:4d:15:7b:fb:e2:27:0d:5f:0c:
                    60:4f:2f:6a:8e:f7:de:72:71:6e:aa:31:41:b2:da:
                    05:56:d9:d5:46:59:cd:ec:57:8b:93:ea:e3:46:d7:
                    20:4f:6e:7f:94:c5:ef:37:ba:19:e1:b4:1e:74:ed:
                    e5:3e:93:af:51:ae:78:01:3f:32:26:ec:c2:8b:9b:
                    90:31:b7:45:1c:21:a8:f2:df:f7:e6:8d:58:56:4a:
                    dc:47:58:1e:4e:fe:d3:e7:e9:8e:dc:09:bf:4a:bc:
                    72:0d:80:7e:34:40:b6:cd:f1:78:08:ad:0f:e4:2f:
                    42:51:ed:85:f3:89:f3:df:e8:af:88:0a:14:b3:4e:
                    42:31:74:17:1c:57:06:96:aa:ff:69:5e:ca:03:7f:
                    b9:52:06:29:0e:69:2d:f4:20:fb:63:0f:72:d1:14:
                    5f:01:68:a8:c7:f3:68:e7:4b:a1:a2:fe:5f:9e:d0:
                    da:5d:9b:1c:24:04:11:12:16:30:81:5d:45:48:47:
                    12:1e:38:85:8b:2b:fa:65:2d:fc:b5:68:dc:ba:ba:
                    5c:fc:92:81:1a:62:be:1a:0a:66:0e:22:32:67:39:
                    4a:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:87:BF:E7:85:D1:7A:70:7D:C4:C2:11:5F:9A:5F:1F:A6:62:27:15
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/iYe_54XRenB9xMIRX5pfH6ZiJxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.177.202.0/23
                  195.136.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:33:80:09:96:44:86:6c:12:c6:1d:b7:5a:36:28:83:73:23:
         1b:91:97:bb:10:6f:98:04:56:0f:65:f3:6a:fc:69:cd:0a:2f:
         a7:d6:3f:41:2e:0e:85:7d:d7:f4:fc:61:d1:18:21:68:1b:4e:
         1d:b1:14:83:2d:6b:ee:62:08:32:08:c8:47:04:99:da:51:87:
         e2:a8:1d:da:2e:c3:70:fd:85:0c:00:97:73:f0:2e:01:ed:3c:
         05:df:1f:e2:69:89:22:94:8f:95:c0:d1:16:7d:a8:fc:7b:46:
         80:59:b6:bb:41:d5:a8:18:0c:f7:11:44:0d:bb:33:76:f4:16:
         85:90:e8:64:a3:7a:e8:f1:ea:09:a0:3b:a8:b4:0a:e2:d4:5d:
         2d:22:a7:7e:cf:ff:c8:40:9a:2d:ae:8b:d9:70:c5:0a:43:52:
         cb:2d:d9:96:c2:be:fd:fe:da:51:87:d1:8e:57:de:4b:83:14:
         67:75:1b:24:c0:21:6a:84:69:84:1d:8d:fe:81:b9:bc:6e:7e:
         41:be:eb:cb:7c:71:bd:da:74:b6:3e:54:ee:de:7e:5c:01:14:
         c3:27:b8:cb:13:f0:da:bf:b9:78:da:31:0b:4d:2b:00:a2:d5:
         3b:46:1c:4c:7a:cc:04:0a:00:ea:b0:b2:25:37:10:2e:e0:f1:
         38:07:0b:87
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2uU9D97k7DlOLaccJK2OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTg3YmZlNzg1ZDE3YTcwN2RjNGMyMTE1ZjlhNWYxZmE2NjIyNzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzqqiR2/bxs73YlLZlV8JDS7mhxJ
84jXroL/e2SmeDUwI81NFXv74icNXwxgTy9qjvfecnFuqjFBstoFVtnVRlnN7FeL
k+rjRtcgT25/lMXvN7oZ4bQedO3lPpOvUa54AT8yJuzCi5uQMbdFHCGo8t/35o1Y
VkrcR1geTv7T5+mO3Am/SrxyDYB+NEC2zfF4CK0P5C9CUe2F84nz3+iviAoUs05C
MXQXHFcGlqr/aV7KA3+5UgYpDmkt9CD7Yw9y0RRfAWiox/No50uhov5fntDaXZsc
JAQREhYwgV1FSEcSHjiFiyv6ZS38tWjcurpc/JKBGmK+GgpmDiIyZzlK7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFImHv+eF0XpwfcTCEV+aXx+mYicVMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvaVllXzU0WFJlbkI5eE1JUlg1cGZINlppSnhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUrHKAwQC
w4jMMA0GCSqGSIb3DQEBCwUAA4IBAQAUM4AJlkSGbBLGHbdaNiiDcyMbkZe7EG+Y
BFYPZfNq/GnNCi+n1j9BLg6Ffdf0/GHRGCFoG04dsRSDLWvuYggyCMhHBJnaUYfi
qB3aLsNw/YUMAJdz8C4B7TwF3x/iaYkilI+VwNEWfaj8e0aAWba7QdWoGAz3EUQN
uzN29BaFkOhko3ro8eoJoDuotAri1F0tIqd+z//IQJotrovZcMUKQ1LLLdmWwr79
/tpRh9GOV95LgxRndRskwCFqhGmEHY3+gbm8bn5BvuvLfHG92nS2PlTu3n5cARTD
J7jLE/Dav7l42jELTSsAotU7RhxMeswECgDqsLIlNxAu4PE4BwuH
-----END CERTIFICATE-----