Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/m_AB1tKZfFLURt8AUi1AOGpIeAo.roa
File:                     m_AB1tKZfFLURt8AUi1AOGpIeAo.roa (raw, json)
Hash identifier:          aLaJ+OGg75qmbuxdLW0kmjZltV5vPINajyXvHOeH7OA=
Subject key identifier:   9B:F0:01:D6:D2:99:7C:52:D4:46:DF:00:52:2D:40:38:6A:48:78:0A
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019421B23AFC21CB4DA76D2D1E30DC601FCF
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/m_AB1tKZfFLURt8AUi1AOGpIeAo.roa
Signing time:             Wed 01 Jan 2025 11:48:36 +0000
ROA not before:           Wed 01 Jan 2025 11:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215985
IP address blocks:        195.136.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:3a:fc:21:cb:4d:a7:6d:2d:1e:30:dc:60:1f:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 11:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9bf001d6d2997c52d446df00522d40386a48780a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:92:dd:88:b5:c2:c4:b8:f3:2b:2d:f5:18:af:
                    11:ff:ef:bd:5c:ce:7f:17:13:46:fd:47:8a:24:42:
                    d9:dc:ca:78:7b:1a:7a:43:cd:d4:ae:b7:c3:7d:bb:
                    5d:ae:e5:87:26:08:8f:7f:09:31:2b:0e:59:a2:95:
                    4a:a1:86:05:e1:a3:9c:c4:46:1b:6d:42:44:74:ff:
                    0a:4f:47:3c:61:c8:e2:0d:9b:8a:62:e9:97:aa:95:
                    a0:18:67:cb:08:ca:3e:78:53:cf:11:28:79:03:a2:
                    82:79:be:3b:72:2e:85:38:76:a9:52:2e:3d:57:19:
                    e4:87:68:c2:e5:58:18:06:00:2a:8d:e3:70:c8:ff:
                    78:1b:e7:68:7f:74:e1:fb:4d:74:6d:67:f1:f5:74:
                    15:3d:69:5e:d3:87:72:14:6d:e7:1f:e6:25:48:c4:
                    64:1f:fd:a5:1f:bb:49:42:48:53:04:b0:49:42:bb:
                    96:9b:42:0a:76:1c:b8:d4:12:4d:14:ab:41:f1:bf:
                    f5:1b:9c:fb:9e:97:48:7b:fa:58:3e:86:a9:da:d4:
                    c9:d2:1c:f2:b9:fc:e7:78:fb:da:d4:ea:f6:15:25:
                    e9:1a:77:b7:a7:b8:ae:c1:a8:d5:53:1a:56:e1:62:
                    12:49:4f:cc:af:e1:7c:cf:e3:9e:48:7a:4a:12:21:
                    a3:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:F0:01:D6:D2:99:7C:52:D4:46:DF:00:52:2D:40:38:6A:48:78:0A
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/m_AB1tKZfFLURt8AUi1AOGpIeAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.136.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:2e:9b:f8:ad:f3:a9:09:5f:d3:fd:e1:c8:f8:48:2d:9a:88:
         34:e8:d3:66:e9:ef:82:43:8d:1d:92:d6:9e:1c:6a:d4:2f:1f:
         8b:34:5e:03:12:dd:be:88:82:b7:28:67:cb:0e:ba:9a:e4:e5:
         5c:31:92:26:9c:ad:65:16:df:7b:34:7e:94:13:83:7a:98:30:
         cd:5e:7d:67:43:af:f3:11:55:2e:5a:8b:b6:c5:c9:39:e7:82:
         bf:32:ed:17:f2:8a:e5:05:05:db:dc:f2:05:20:08:e2:9a:e6:
         f7:55:27:9f:6d:d3:87:f4:05:40:d1:e4:3d:21:40:05:84:38:
         70:37:95:ad:8a:ab:e6:16:d6:0e:6d:cf:36:9e:ee:66:15:84:
         cf:22:6f:db:8b:44:09:7a:f9:c1:9e:40:59:e4:65:0a:9a:e0:
         0e:a1:3f:16:ae:9f:d5:06:cf:b7:db:3a:65:8f:55:74:4a:b9:
         c8:24:63:e2:ba:9d:62:b1:43:92:9b:2b:8b:d9:72:19:ec:46:
         ff:ae:63:e0:78:b1:64:ae:40:9d:42:75:36:f6:16:42:6e:a2:
         c1:a9:01:e6:db:eb:53:7a:50:a1:c5:ef:1e:6b:53:e6:a1:40:
         80:26:8a:20:6c:21:99:11:d7:c9:c2:d9:bb:28:a9:ef:24:bb:
         f3:56:ff:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsjr8IctNp20tHjDcYB/PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjUwMTAxMTE0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmYwMDFkNmQyOTk3YzUyZDQ0NmRmMDA1MjJkNDAzODZhNDg3ODBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5LdiLXCxLjzKy31GK8R/++9XM5/
FxNG/UeKJELZ3Mp4exp6Q83UrrfDfbtdruWHJgiPfwkxKw5ZopVKoYYF4aOcxEYb
bUJEdP8KT0c8YcjiDZuKYumXqpWgGGfLCMo+eFPPESh5A6KCeb47ci6FOHapUi49
Vxnkh2jC5VgYBgAqjeNwyP94G+dof3Th+010bWfx9XQVPWle04dyFG3nH+YlSMRk
H/2lH7tJQkhTBLBJQruWm0IKdhy41BJNFKtB8b/1G5z7npdIe/pYPoap2tTJ0hzy
ufznePva1Or2FSXpGne3p7iuwajVUxpW4WISSU/Mr+F8z+OeSHpKEiGj3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJvwAdbSmXxS1EbfAFItQDhqSHgKMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvbV9BQjF0S1pmRkxVUnQ4QVVpMUFPR3BJZUFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4j3MA0G
CSqGSIb3DQEBCwUAA4IBAQB2Lpv4rfOpCV/T/eHI+Egtmog06NNm6e+CQ40dktae
HGrULx+LNF4DEt2+iIK3KGfLDrqa5OVcMZImnK1lFt97NH6UE4N6mDDNXn1nQ6/z
EVUuWou2xck554K/Mu0X8orlBQXb3PIFIAjimub3VSefbdOH9AVA0eQ9IUAFhDhw
N5WtiqvmFtYObc82nu5mFYTPIm/bi0QJevnBnkBZ5GUKmuAOoT8Wrp/VBs+32zpl
j1V0SrnIJGPiup1isUOSmyuL2XIZ7Eb/rmPgeLFkrkCdQnU29hZCbqLBqQHm2+tT
elChxe8ea1PmoUCAJoogbCGZEdfJwtm7KKnvJLvzVv+l
-----END CERTIFICATE-----