Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/mdefCcbmurnINyCbniZK6Sqb69I.roa
File:                     mdefCcbmurnINyCbniZK6Sqb69I.roa (raw, json)
Hash identifier:          v5pQJhtKg0UmAVXmbtPh7xjz9sQlSBcekLzLyHcMJ2s=
Subject key identifier:   99:D7:9F:09:C6:E6:BA:B9:C8:37:20:9B:9E:26:4A:E9:2A:9B:EB:D2
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DADE6544CB40B7241503B7F16A955A
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/mdefCcbmurnINyCbniZK6Sqb69I.roa
Signing time:             Mon 01 Jan 2024 02:29:32 +0000
ROA not before:           Mon 01 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201893
IP address blocks:        195.136.66.0/23 maxlen: 24
                          82.177.134.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:de:65:44:cb:40:b7:24:15:03:b7:f1:6a:95:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99d79f09c6e6bab9c837209b9e264ae92a9bebd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:96:14:ed:86:af:2f:91:c2:d1:4e:21:0a:7c:
                    f4:7d:b3:40:a8:16:cd:66:9b:14:37:a1:43:95:26:
                    2c:2b:0a:8f:6a:ad:c7:7f:9b:68:e1:ec:92:31:a9:
                    23:63:4a:8e:72:06:6e:bc:27:32:d7:5a:8e:1e:ec:
                    fa:2a:45:47:2f:3a:c3:66:c5:b9:19:eb:b6:52:e4:
                    11:43:68:e6:a2:3b:ca:00:fd:c5:50:7a:52:08:18:
                    7d:41:9e:9b:e7:43:44:d6:73:10:79:78:db:d5:b9:
                    4a:00:65:70:81:73:a3:6c:36:fa:86:10:89:32:70:
                    c5:75:4f:0b:3c:15:fe:0f:9b:ee:30:0c:e9:db:73:
                    9c:70:a5:e2:f9:43:36:ce:8f:20:e3:38:14:ee:db:
                    d4:af:dd:6d:ae:03:2f:1f:3d:31:7d:26:ff:f9:98:
                    c9:5f:78:9f:1f:69:ce:bf:92:d4:9c:b0:be:33:c3:
                    b0:ba:87:e6:23:b9:6b:fa:8c:5b:26:3f:63:f9:58:
                    0a:23:e1:26:98:0b:1a:5a:7f:07:cb:52:0c:c3:a5:
                    4f:a5:fc:b0:a3:b9:c8:30:7e:76:a1:a1:fb:f7:57:
                    02:70:6a:e1:4c:60:9c:4f:05:53:6f:a0:19:0e:1a:
                    91:31:28:c8:b2:34:30:56:05:97:c2:15:a3:c9:1f:
                    89:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:D7:9F:09:C6:E6:BA:B9:C8:37:20:9B:9E:26:4A:E9:2A:9B:EB:D2
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/mdefCcbmurnINyCbniZK6Sqb69I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.177.134.0/23
                  195.136.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:b4:d7:f5:9a:9f:b5:df:e7:4e:50:aa:ef:b8:6d:cf:ef:6a:
         45:f3:c5:18:b2:81:6c:23:47:e7:3c:98:f2:41:77:3d:85:9e:
         34:d2:92:89:bb:f4:f8:a4:9f:4c:6d:ea:bc:da:52:f9:d2:6c:
         05:90:9c:2b:87:f3:20:59:9e:78:0e:52:d9:68:37:8e:4d:39:
         1e:68:4c:08:6f:f4:8f:4a:a0:ba:7d:ba:a3:b9:f7:f7:ff:c9:
         a1:4a:e1:7e:3f:2d:c8:22:b8:d4:f3:6b:3a:c2:a5:b7:74:d2:
         88:f5:78:f5:19:4e:01:9b:f5:6f:97:c0:54:bd:14:be:9b:45:
         7c:f0:41:35:e4:8f:63:b2:d4:76:7b:bf:8c:95:bd:a4:7b:c1:
         3d:f8:9d:11:a8:68:61:d4:b6:ea:1f:83:07:ad:9c:4c:1a:95:
         13:69:fd:ab:b8:b1:aa:25:3d:ba:63:12:c8:b7:9a:7e:19:ea:
         aa:dc:cd:d6:91:10:97:64:f4:9f:c9:0a:b2:df:2d:0d:1b:a5:
         6c:df:f4:d7:ab:37:4d:ab:d7:ae:c9:c2:7c:36:40:e5:a6:c8:
         92:a4:88:0b:04:3f:04:bb:6c:2b:f7:c7:ed:ce:13:1f:34:17:
         5d:48:66:f8:bb:49:73:ae:a7:a4:18:b1:7f:96:70:52:6e:45:
         70:89:37:6b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2t5lRMtAtyQVA7fxapVaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWQ3OWYwOWM2ZTZiYWI5YzgzNzIwOWI5ZTI2NGFlOTJhOWJlYmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpYU7YavL5HC0U4hCnz0fbNAqBbN
ZpsUN6FDlSYsKwqPaq3Hf5to4eySMakjY0qOcgZuvCcy11qOHuz6KkVHLzrDZsW5
Geu2UuQRQ2jmojvKAP3FUHpSCBh9QZ6b50NE1nMQeXjb1blKAGVwgXOjbDb6hhCJ
MnDFdU8LPBX+D5vuMAzp23OccKXi+UM2zo8g4zgU7tvUr91trgMvHz0xfSb/+ZjJ
X3ifH2nOv5LUnLC+M8OwuofmI7lr+oxbJj9j+VgKI+EmmAsaWn8Hy1IMw6VPpfyw
o7nIMH52oaH791cCcGrhTGCcTwVTb6AZDhqRMSjIsjQwVgWXwhWjyR+JwQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJnXnwnG5rq5yDcgm54mSukqm+vSMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvbWRlZkNjYm11cm5JTnlDYm5pWks2U3FiNjlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUrGGAwQB
w4hCMA0GCSqGSIb3DQEBCwUAA4IBAQAWtNf1mp+13+dOUKrvuG3P72pF88UYsoFs
I0fnPJjyQXc9hZ400pKJu/T4pJ9Mbeq82lL50mwFkJwrh/MgWZ54DlLZaDeOTTke
aEwIb/SPSqC6fbqjuff3/8mhSuF+Py3IIrjU82s6wqW3dNKI9Xj1GU4Bm/Vvl8BU
vRS+m0V88EE15I9jstR2e7+Mlb2ke8E9+J0RqGhh1LbqH4MHrZxMGpUTaf2ruLGq
JT26YxLIt5p+Geqq3M3WkRCXZPSfyQqy3y0NG6Vs3/TXqzdNq9euycJ8NkDlpsiS
pIgLBD8Eu2wr98ftzhMfNBddSGb4u0lzrqekGLF/lnBSbkVwiTdr
-----END CERTIFICATE-----