Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/ip8TPeeUMzqhopgjpL3zSrFyzh0.roa
File:                     ip8TPeeUMzqhopgjpL3zSrFyzh0.roa (raw, json)
Hash identifier:          yKaSVzfWt1uOh5H5npa9snJeAGJn17YZKicrczUvNGg=
Subject key identifier:   8A:9F:13:3D:E7:94:33:3A:A1:A2:98:23:A4:BD:F3:4A:B1:72:CE:1D
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAD8D7A04A7FFC4C36E8A712EAA79D
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/ip8TPeeUMzqhopgjpL3zSrFyzh0.roa
Signing time:             Mon 01 Jan 2024 02:29:31 +0000
ROA not before:           Mon 01 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197142
IP address blocks:        82.177.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d8:d7:a0:4a:7f:fc:4c:36:e8:a7:12:ea:a7:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a9f133de794333aa1a29823a4bdf34ab172ce1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:1a:59:de:b0:f8:83:20:74:0c:32:e3:1b:98:
                    27:50:1e:09:ee:21:18:46:1f:4b:39:23:7f:dc:14:
                    23:c6:65:62:d8:5b:92:7f:f9:da:ac:88:33:33:da:
                    7b:a2:3c:28:08:24:60:bc:db:2c:ec:3e:48:1f:de:
                    67:e9:fe:ef:70:ed:38:d2:42:d2:85:d7:0d:af:b7:
                    1a:fc:9d:61:0a:49:a7:a3:e8:cc:98:c2:ec:ec:c0:
                    71:5c:cc:c4:0b:0b:c4:37:96:2a:1a:2e:76:9e:86:
                    50:1c:30:10:25:89:4d:98:2c:4a:16:ad:f8:9c:02:
                    7e:17:4c:d4:d6:ba:de:88:1e:e7:b5:66:f3:69:ac:
                    95:be:80:28:7f:08:ff:c7:52:98:98:d1:4f:26:71:
                    e5:63:2b:02:ce:16:dc:96:38:8c:5a:bd:9a:14:fb:
                    5b:93:0e:d9:d4:f3:76:53:4c:8f:df:70:fd:fc:99:
                    ca:e4:f8:ab:70:92:f1:d6:d0:b1:75:f2:f2:53:9a:
                    fd:e7:36:0e:28:ad:77:86:50:c4:a4:87:27:d2:b6:
                    22:c8:c2:0f:30:a6:67:bb:09:fc:78:fa:1c:68:f8:
                    01:90:86:c4:d1:f5:88:fc:39:ef:99:12:03:97:99:
                    d7:74:89:72:2d:41:7e:c5:c5:5f:fc:6c:f5:07:26:
                    a5:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:9F:13:3D:E7:94:33:3A:A1:A2:98:23:A4:BD:F3:4A:B1:72:CE:1D
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/ip8TPeeUMzqhopgjpL3zSrFyzh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.177.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:74:2a:a2:06:ef:99:72:a9:17:44:dc:bc:c9:78:e0:b0:e3:
         0d:3e:ba:4e:36:35:3f:a0:9f:58:f1:76:8a:16:7d:da:bd:c3:
         b3:fa:20:c6:50:1a:02:ce:19:f0:f3:e5:88:7c:da:1c:4a:f4:
         1b:e3:6b:8d:0d:a7:2f:e2:ee:55:51:0a:98:72:9b:4b:80:fe:
         3f:c9:4a:69:bb:16:62:1d:55:51:61:cb:de:01:65:2f:3f:37:
         cf:7a:4a:b1:0b:df:59:86:1a:38:17:0c:af:5d:f0:ec:80:e4:
         a8:bd:82:59:6f:45:49:50:9b:c7:59:f1:f2:b3:6e:3e:5a:dd:
         f8:66:7e:f7:71:05:22:69:98:9c:37:f4:77:9b:e4:0f:e6:53:
         31:e7:b4:21:d3:81:0a:49:16:ae:5f:00:70:e6:fd:f0:9f:38:
         36:b6:a7:26:70:1f:43:32:37:87:1b:b0:4a:a6:76:24:35:36:
         e0:d2:ef:3b:7b:35:f8:db:ed:7e:86:0a:bd:3e:24:cf:da:8f:
         9b:a3:65:65:03:80:a9:81:ef:a3:56:2e:c8:75:6c:8a:76:82:
         b0:00:62:40:e3:2d:dc:64:1d:1c:76:09:4f:87:84:cc:05:9e:
         67:eb:65:81:f5:e4:75:fa:df:ab:d8:de:8f:bf:cb:d8:ce:b9:
         f0:c8:6c:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tjXoEp//Ew26KcS6qedMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTlmMTMzZGU3OTQzMzNhYTFhMjk4MjNhNGJkZjM0YWIxNzJjZTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2xpZ3rD4gyB0DDLjG5gnUB4J7iEY
Rh9LOSN/3BQjxmVi2FuSf/narIgzM9p7ojwoCCRgvNss7D5IH95n6f7vcO040kLS
hdcNr7ca/J1hCkmno+jMmMLs7MBxXMzECwvEN5YqGi52noZQHDAQJYlNmCxKFq34
nAJ+F0zU1rreiB7ntWbzaayVvoAofwj/x1KYmNFPJnHlYysCzhbcljiMWr2aFPtb
kw7Z1PN2U0yP33D9/JnK5PircJLx1tCxdfLyU5r95zYOKK13hlDEpIcn0rYiyMIP
MKZnuwn8ePocaPgBkIbE0fWI/DnvmRIDl5nXdIlyLUF+xcVf/Gz1ByalsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIqfEz3nlDM6oaKYI6S980qxcs4dMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvaXA4VFBlZVVNenFob3BnanBMM3pTckZ5emgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUrHDMA0G
CSqGSIb3DQEBCwUAA4IBAQAddCqiBu+ZcqkXRNy8yXjgsOMNPrpONjU/oJ9Y8XaK
Fn3avcOz+iDGUBoCzhnw8+WIfNocSvQb42uNDacv4u5VUQqYcptLgP4/yUppuxZi
HVVRYcveAWUvPzfPekqxC99Zhho4FwyvXfDsgOSovYJZb0VJUJvHWfHys24+Wt34
Zn73cQUiaZicN/R3m+QP5lMx57Qh04EKSRauXwBw5v3wnzg2tqcmcB9DMjeHG7BK
pnYkNTbg0u87ezX42+1+hgq9PiTP2o+bo2VlA4Cpge+jVi7IdWyKdoKwAGJA4y3c
ZB0cdglPh4TMBZ5n62WB9eR1+t+r2N6Pv8vYzrnwyGwX
-----END CERTIFICATE-----