Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/ll6vfztM6Q_2L4tWnsWqc0JIdKg.roa
File:                     ll6vfztM6Q_2L4tWnsWqc0JIdKg.roa (raw, json)
Hash identifier:          jPam0RSOLxWTXSTVsZNh70z3arU6LNkf+KGv6ZJg6BM=
Subject key identifier:   96:5E:AF:7F:3B:4C:E9:0F:F6:2F:8B:56:9E:C5:AA:73:42:48:74:A8
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAE45D20D04195ECA685CBA7F999F5
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/ll6vfztM6Q_2L4tWnsWqc0JIdKg.roa
Signing time:             Mon 01 Jan 2024 02:29:34 +0000
ROA not before:           Mon 01 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206093
IP address blocks:        82.177.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e4:5d:20:d0:41:95:ec:a6:85:cb:a7:f9:99:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=965eaf7f3b4ce90ff62f8b569ec5aa73424874a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c9:60:e9:ab:16:48:c8:6b:52:52:47:76:e4:
                    93:7c:9a:c9:c1:59:2b:77:1d:8b:33:d7:28:13:e9:
                    8d:38:c8:29:92:47:22:38:87:27:0c:6b:32:1d:7f:
                    25:2f:00:78:98:d5:7e:55:21:1c:5c:56:63:9e:42:
                    3d:f9:ca:3e:ca:c1:84:d3:31:0f:80:b6:f6:5f:90:
                    cf:ae:11:00:b8:89:75:67:16:eb:fd:23:ec:38:7a:
                    e3:2f:6a:e9:94:77:96:52:2a:c5:6b:36:fa:46:e3:
                    b8:68:88:24:7e:c8:8b:f9:2f:f8:ed:42:ff:e5:fe:
                    91:cd:d7:72:22:b7:51:7f:16:4a:9b:0d:d9:6f:a6:
                    22:d9:50:0e:0c:be:7a:4a:5e:96:c5:d2:d2:9f:1e:
                    50:be:5c:93:b1:54:0e:57:e8:17:99:70:af:58:7f:
                    ee:93:de:89:f8:87:c6:77:df:03:cf:34:98:22:86:
                    5f:f1:79:bf:a1:0f:31:ac:d4:82:ad:b7:8b:61:dc:
                    9e:04:46:37:7d:7a:8b:35:9d:9d:b5:23:c8:c3:3d:
                    b2:d4:14:ca:c5:0b:f2:33:53:7e:4c:ec:8b:6f:54:
                    f9:3b:29:1f:5e:0f:d8:45:4e:11:53:52:95:bf:a3:
                    f1:b5:b7:8e:c1:d8:1e:f3:7a:43:62:87:13:a6:6e:
                    98:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:5E:AF:7F:3B:4C:E9:0F:F6:2F:8B:56:9E:C5:AA:73:42:48:74:A8
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/ll6vfztM6Q_2L4tWnsWqc0JIdKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.177.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:4b:04:d9:74:14:eb:a6:0d:8c:71:44:36:9a:e2:fb:0d:46:
         42:31:cc:a6:d3:8d:09:67:04:c6:83:f7:d1:c5:10:a4:52:7b:
         60:74:0b:b1:95:73:31:64:72:87:d9:7b:2d:be:18:34:cd:4b:
         ae:fc:21:6f:3a:88:70:45:98:4b:97:91:4d:3c:ff:99:1e:e6:
         9d:5f:59:53:72:70:14:d3:40:b7:af:92:41:29:2c:cc:93:a9:
         7f:da:b3:e8:5a:36:19:b4:1b:a1:e1:4e:47:52:a8:d0:4d:07:
         60:97:fe:41:3f:dd:58:ec:fd:8f:85:c5:e5:89:64:24:5d:3f:
         cc:3a:2b:24:27:8f:ad:69:e1:b5:d4:c5:b3:d2:17:21:75:32:
         0e:c6:bf:36:88:58:ef:42:88:a1:46:50:fc:ca:6b:01:ae:5c:
         36:5b:b6:b4:7a:be:ec:9a:ca:36:1e:9f:b7:f7:e9:85:91:d5:
         c8:50:22:9a:6a:a5:98:46:69:f0:42:22:4d:9b:d0:2a:5d:51:
         dc:88:f0:35:b2:53:95:01:3e:eb:a7:69:32:58:c1:92:44:8e:
         74:62:3e:00:ec:32:e5:02:3e:ca:8a:54:de:4f:a0:71:b9:ed:
         5f:87:c0:8f:e5:88:be:cb:ca:14:b8:75:1b:e1:63:48:a3:ee:
         f0:c9:7e:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2uRdINBBleymhcun+Zn1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjVlYWY3ZjNiNGNlOTBmZjYyZjhiNTY5ZWM1YWE3MzQyNDg3NGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqslg6asWSMhrUlJHduSTfJrJwVkr
dx2LM9coE+mNOMgpkkciOIcnDGsyHX8lLwB4mNV+VSEcXFZjnkI9+co+ysGE0zEP
gLb2X5DPrhEAuIl1Zxbr/SPsOHrjL2rplHeWUirFazb6RuO4aIgkfsiL+S/47UL/
5f6RzddyIrdRfxZKmw3Zb6Yi2VAODL56Sl6WxdLSnx5QvlyTsVQOV+gXmXCvWH/u
k96J+IfGd98DzzSYIoZf8Xm/oQ8xrNSCrbeLYdyeBEY3fXqLNZ2dtSPIwz2y1BTK
xQvyM1N+TOyLb1T5OykfXg/YRU4RU1KVv6PxtbeOwdge83pDYocTpm6YYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJZer387TOkP9i+LVp7FqnNCSHSoMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvbGw2dmZ6dE02UV8yTDR0V25zV3FjMEpJZEtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUrGAMA0G
CSqGSIb3DQEBCwUAA4IBAQCVSwTZdBTrpg2McUQ2muL7DUZCMcym040JZwTGg/fR
xRCkUntgdAuxlXMxZHKH2Xstvhg0zUuu/CFvOohwRZhLl5FNPP+ZHuadX1lTcnAU
00C3r5JBKSzMk6l/2rPoWjYZtBuh4U5HUqjQTQdgl/5BP91Y7P2PhcXliWQkXT/M
OiskJ4+taeG11MWz0hchdTIOxr82iFjvQoihRlD8ymsBrlw2W7a0er7smso2Hp+3
9+mFkdXIUCKaaqWYRmnwQiJNm9AqXVHciPA1slOVAT7rp2kyWMGSRI50Yj4A7DLl
Aj7KilTeT6Bxue1fh8CP5Yi+y8oUuHUb4WNIo+7wyX4P
-----END CERTIFICATE-----