Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/l_tW-Cyf74AIER-CuqNqm6oj05s.roa
File:                     l_tW-Cyf74AIER-CuqNqm6oj05s.roa (raw, json)
Hash identifier:          OvC5yjalL7LUAyZnL4RhBk3KentLaBQqI8IPqCvWfic=
Subject key identifier:   97:FB:56:F8:2C:9F:EF:80:08:11:1F:82:BA:A3:6A:9B:AA:23:D3:9B
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019421B21EAB8B5A45CD7B9A3DBFE56C8196
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/l_tW-Cyf74AIER-CuqNqm6oj05s.roa
Signing time:             Wed 01 Jan 2025 11:48:28 +0000
ROA not before:           Wed 01 Jan 2025 11:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56373
IP address blocks:        82.177.12.0/23 maxlen: 24
                          82.177.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:1e:ab:8b:5a:45:cd:7b:9a:3d:bf:e5:6c:81:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 11:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97fb56f82c9fef8008111f82baa36a9baa23d39b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:60:5c:9a:c6:4c:7d:41:f8:d7:bb:e6:d4:9c:
                    8a:1b:fa:bd:65:b7:19:c5:01:5a:bc:91:65:14:d2:
                    0d:d4:10:b7:81:6a:d9:e5:9e:db:d2:40:05:01:b6:
                    fb:b6:be:5f:5e:37:ed:bb:0c:7b:b3:8b:94:df:a9:
                    63:6c:38:e8:75:3c:b2:54:23:e7:30:94:58:a6:ab:
                    b3:8d:b1:cf:fc:25:6e:c3:0f:69:26:50:54:ea:70:
                    ff:1e:4b:bb:1f:87:99:ea:6e:9e:d2:c5:60:06:57:
                    af:5f:8a:2b:f7:34:50:47:98:e2:77:87:3d:d9:33:
                    11:ee:66:bd:02:4d:d7:81:cd:bd:29:a9:7b:21:cf:
                    01:bc:dc:a4:94:20:30:df:2a:ac:ca:64:22:2d:9c:
                    98:2c:07:0f:6d:53:50:fb:60:6c:0c:8d:60:a5:e7:
                    ab:b8:4f:94:7f:f1:24:e2:15:c4:10:c6:32:05:00:
                    d3:26:55:18:0c:fd:79:15:aa:9b:4d:79:58:08:3a:
                    6c:77:2a:47:45:b4:31:70:95:ca:1e:31:fe:48:59:
                    3a:80:22:c0:91:e4:68:ed:4f:2b:c2:35:39:c2:28:
                    03:05:63:5a:8d:4f:07:f5:06:09:36:88:70:5e:29:
                    16:03:7a:80:1b:01:4e:74:26:64:ef:90:cf:f7:10:
                    6d:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:FB:56:F8:2C:9F:EF:80:08:11:1F:82:BA:A3:6A:9B:AA:23:D3:9B
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/l_tW-Cyf74AIER-CuqNqm6oj05s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.177.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:0c:b7:15:0e:37:f7:04:eb:a0:12:47:b5:2f:e3:36:28:db:
         72:cb:6c:31:db:9b:a2:71:38:d5:57:03:df:a8:79:12:71:48:
         17:b7:8e:5d:2e:d5:82:37:c3:1b:15:39:cb:5e:ec:f7:17:09:
         f5:c4:ea:15:6d:d4:8e:34:85:fa:27:1c:3a:04:12:80:31:da:
         b0:fc:05:3a:6a:b6:7c:e8:66:48:29:2f:83:00:b4:4d:96:c7:
         27:e0:ba:00:56:49:bd:0d:c6:0e:2d:dd:6a:55:80:df:07:dc:
         d6:19:8b:63:cb:e0:6f:e1:19:67:f0:52:f7:9e:88:aa:bc:4f:
         4f:ef:0a:88:7c:f3:d8:5f:d8:7b:a1:3f:8f:fc:e0:52:bb:64:
         82:af:d1:b6:06:3e:2a:43:2f:31:a5:9a:88:07:9f:e3:05:1d:
         93:88:b3:55:3d:ed:59:01:7c:03:85:13:c3:63:0a:15:b1:4e:
         27:da:c2:39:1b:25:9d:a2:b8:99:9e:6b:5d:bf:bf:de:9e:03:
         8b:80:1b:c3:6b:14:6a:82:7c:3c:0c:a4:3d:c3:07:df:3e:1c:
         3f:98:a3:32:09:9e:c9:6c:85:3a:1e:0e:ca:56:13:b5:e1:3f:
         5c:e0:de:32:1b:7e:a8:9e:12:1a:10:53:52:64:07:70:ff:86:
         c0:fe:e1:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsh6ri1pFzXuaPb/lbIGWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjUwMTAxMTE0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2ZiNTZmODJjOWZlZjgwMDgxMTFmODJiYWEzNmE5YmFhMjNkMzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA32BcmsZMfUH417vm1JyKG/q9ZbcZ
xQFavJFlFNIN1BC3gWrZ5Z7b0kAFAbb7tr5fXjftuwx7s4uU36ljbDjodTyyVCPn
MJRYpquzjbHP/CVuww9pJlBU6nD/Hku7H4eZ6m6e0sVgBlevX4or9zRQR5jid4c9
2TMR7ma9Ak3Xgc29Kal7Ic8BvNyklCAw3yqsymQiLZyYLAcPbVNQ+2BsDI1gpeer
uE+Uf/Ek4hXEEMYyBQDTJlUYDP15FaqbTXlYCDpsdypHRbQxcJXKHjH+SFk6gCLA
keRo7U8rwjU5wigDBWNajU8H9QYJNohwXikWA3qAGwFOdCZk75DP9xBt3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJf7Vvgsn++ACBEfgrqjapuqI9ObMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvbF90Vy1DeWY3NEFJRVItQ3VxTnFtNm9qMDVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUrEMMA0G
CSqGSIb3DQEBCwUAA4IBAQByDLcVDjf3BOugEke1L+M2KNtyy2wx25uicTjVVwPf
qHkScUgXt45dLtWCN8MbFTnLXuz3Fwn1xOoVbdSONIX6Jxw6BBKAMdqw/AU6arZ8
6GZIKS+DALRNlscn4LoAVkm9DcYOLd1qVYDfB9zWGYtjy+Bv4Rln8FL3noiqvE9P
7wqIfPPYX9h7oT+P/OBSu2SCr9G2Bj4qQy8xpZqIB5/jBR2TiLNVPe1ZAXwDhRPD
YwoVsU4n2sI5GyWdoriZnmtdv7/engOLgBvDaxRqgnw8DKQ9wwffPhw/mKMyCZ7J
bIU6Hg7KVhO14T9c4N4yG36onhIaEFNSZAdw/4bA/uHd
-----END CERTIFICATE-----