Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/n377KJvSjS4prY3VTJaOyZ3mwsE.roa
File:                     n377KJvSjS4prY3VTJaOyZ3mwsE.roa (raw, json)
Hash identifier:          evfsgp6Gn/trVg8xwMn46ZSK18WNE2iJKKz73U5NMPc=
Subject key identifier:   9F:7E:FB:28:9B:D2:8D:2E:29:AD:8D:D5:4C:96:8E:C9:9D:E6:C2:C1
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAD4E108F9AE219587F37BB77F7F7C
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/n377KJvSjS4prY3VTJaOyZ3mwsE.roa
Signing time:             Mon 01 Jan 2024 02:29:30 +0000
ROA not before:           Mon 01 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51393
IP address blocks:        195.136.2.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d4:e1:08:f9:ae:21:95:87:f3:7b:b7:7f:7f:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f7efb289bd28d2e29ad8dd54c968ec99de6c2c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:97:9e:25:a7:9c:4c:52:3c:5a:ef:7c:d7:f5:
                    6c:a4:70:28:c2:8f:d2:29:1f:c2:6e:66:94:a3:45:
                    09:04:91:89:e3:fb:34:b4:c8:b9:03:15:0e:a4:c3:
                    b8:f0:b9:4c:a8:d7:98:e2:f4:13:c2:26:6d:4e:2a:
                    92:88:7b:2b:56:17:ec:e6:52:a2:c8:d2:20:48:45:
                    d8:ec:94:ea:b2:2b:60:f2:3b:dc:91:a1:b1:8c:e9:
                    bc:36:54:f3:81:ea:15:e3:57:f0:5d:11:c4:a5:70:
                    0b:a7:9f:4e:32:d3:2e:01:aa:5a:bf:5f:80:76:13:
                    8a:48:4a:ea:8d:ea:b0:32:b6:97:71:19:60:ac:46:
                    4c:2c:9a:4a:cd:44:80:6a:00:5e:7f:56:e0:6f:67:
                    44:2d:e2:f0:29:4e:e5:d1:98:98:fd:f8:a8:1a:23:
                    c8:2e:33:e8:fa:6c:6f:c1:b8:20:ca:4d:48:35:44:
                    23:85:8a:b8:bc:93:02:20:09:d5:52:82:62:30:ca:
                    66:96:2b:30:fe:32:a2:d8:b0:da:66:87:74:23:a9:
                    9d:87:cb:4e:f3:b6:11:df:87:32:53:f3:7b:f1:61:
                    86:37:af:78:c4:5d:c9:a1:a5:b3:f4:67:66:82:d7:
                    9d:1e:4b:c9:98:fc:71:ad:5c:88:57:2e:a4:40:2c:
                    f7:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:7E:FB:28:9B:D2:8D:2E:29:AD:8D:D5:4C:96:8E:C9:9D:E6:C2:C1
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/n377KJvSjS4prY3VTJaOyZ3mwsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.136.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:f3:be:0c:37:8b:9a:bc:46:7c:d9:0e:55:a3:32:e9:17:58:
         05:78:c2:4f:a7:bd:39:9f:6a:ba:18:8b:1e:ee:cb:c1:32:83:
         67:9d:32:28:99:71:82:1a:3f:ae:c4:03:ee:a3:ca:12:60:c2:
         ba:8f:d0:ac:0c:fd:29:03:60:66:4b:02:c5:d4:66:f2:c7:57:
         58:d5:aa:05:af:8c:8e:86:13:55:9b:50:fc:a4:76:44:85:30:
         0e:c8:e7:44:55:d2:96:e8:9b:2f:63:a0:a2:49:9b:4b:7a:4e:
         c6:41:7a:2f:f0:fb:9d:a8:48:6b:b1:55:2c:e6:ea:b3:67:57:
         02:19:68:4c:48:07:0f:09:12:74:93:b9:17:fd:4c:e1:b9:63:
         80:6e:02:af:59:64:51:7c:8c:f0:11:cf:89:a2:77:13:ec:c8:
         ee:e6:99:71:1c:ec:54:6c:2a:32:ec:b9:33:65:f6:36:1f:4a:
         b5:87:5b:9f:72:d8:d1:59:c8:b3:e6:c3:d3:93:e6:f7:69:e2:
         00:26:1c:84:27:c1:08:3c:b6:a5:68:94:87:fe:9a:05:2c:e9:
         b2:f0:c0:57:79:71:23:db:46:17:c1:cd:a1:a8:06:37:36:2e:
         37:66:12:29:18:1d:06:c7:72:3b:87:17:2d:eb:b9:10:2f:5c:
         cd:39:59:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tThCPmuIZWH83u3f398MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjdlZmIyODliZDI4ZDJlMjlhZDhkZDU0Yzk2OGVjOTlkZTZjMmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopeeJaecTFI8Wu981/VspHAowo/S
KR/CbmaUo0UJBJGJ4/s0tMi5AxUOpMO48LlMqNeY4vQTwiZtTiqSiHsrVhfs5lKi
yNIgSEXY7JTqsitg8jvckaGxjOm8NlTzgeoV41fwXRHEpXALp59OMtMuAapav1+A
dhOKSErqjeqwMraXcRlgrEZMLJpKzUSAagBef1bgb2dELeLwKU7l0ZiY/fioGiPI
LjPo+mxvwbggyk1INUQjhYq4vJMCIAnVUoJiMMpmlisw/jKi2LDaZod0I6mdh8tO
87YR34cyU/N78WGGN694xF3JoaWz9GdmgtedHkvJmPxxrVyIVy6kQCz3CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ9++yib0o0uKa2N1UyWjsmd5sLBMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvbjM3N0tKdlNqUzRwclkzVlRKYU95WjNtd3NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw4gCMA0G
CSqGSIb3DQEBCwUAA4IBAQBq874MN4uavEZ82Q5VozLpF1gFeMJPp705n2q6GIse
7svBMoNnnTIomXGCGj+uxAPuo8oSYMK6j9CsDP0pA2BmSwLF1Gbyx1dY1aoFr4yO
hhNVm1D8pHZEhTAOyOdEVdKW6JsvY6CiSZtLek7GQXov8PudqEhrsVUs5uqzZ1cC
GWhMSAcPCRJ0k7kX/UzhuWOAbgKvWWRRfIzwEc+JoncT7Mju5plxHOxUbCoy7Lkz
ZfY2H0q1h1ufctjRWciz5sPTk+b3aeIAJhyEJ8EIPLalaJSH/poFLOmy8MBXeXEj
20YXwc2hqAY3Ni43ZhIpGB0Gx3I7hxct67kQL1zNOVkk
-----END CERTIFICATE-----