Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/nUN0eStc2p-xLjKsLoZrLeJI3zw.roa
File:                     nUN0eStc2p-xLjKsLoZrLeJI3zw.roa (raw, json)
Hash identifier:          FPFaYO6y0E1GCTT9JpLhdMnvYCKEh4sRQyv7klCv0q0=
Subject key identifier:   9D:43:74:79:2B:5C:DA:9F:B1:2E:32:AC:2E:86:6B:2D:E2:48:DF:3C
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DACE9BFE74F2FFCB2F2E7B8C316DF5
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/nUN0eStc2p-xLjKsLoZrLeJI3zw.roa
Signing time:             Mon 01 Jan 2024 02:29:28 +0000
ROA not before:           Mon 01 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35378
IP address blocks:        195.136.116.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ce:9b:fe:74:f2:ff:cb:2f:2e:7b:8c:31:6d:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d4374792b5cda9fb12e32ac2e866b2de248df3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:64:79:96:94:d5:7d:1a:d0:98:e0:cb:47:8c:
                    f4:c7:04:93:9a:fa:55:4c:ed:ee:6d:ee:b2:8b:04:
                    f5:b0:21:f8:b0:72:b3:03:af:c2:77:ae:ee:06:96:
                    af:de:10:6c:00:70:55:26:24:12:8d:68:5d:34:9e:
                    57:6e:b1:7e:f2:2c:5f:9d:69:32:59:32:87:7b:ca:
                    75:9c:a0:5c:af:9b:c1:9e:a0:e9:e5:43:d9:ec:e8:
                    df:77:00:33:f8:a0:02:62:fa:9a:79:82:68:70:4e:
                    c1:d9:bd:c2:be:5e:c2:b6:e2:0c:0a:94:7d:4d:b6:
                    ce:a1:72:fa:53:45:93:9a:ab:e5:5a:22:c2:a1:94:
                    ef:e8:4e:e0:2f:6d:6f:15:87:e4:3f:00:d5:eb:46:
                    00:5c:eb:29:ff:c7:da:fe:68:2a:41:2a:8f:88:40:
                    6a:d0:73:80:f8:01:a3:3d:f6:00:fe:bf:53:44:9d:
                    5e:07:7e:b1:96:fe:21:88:b8:f3:4d:76:02:bf:62:
                    5c:11:44:27:fc:66:86:0e:71:dc:c4:a9:24:08:3f:
                    aa:70:0a:eb:38:d4:87:d8:95:9e:ab:f3:8d:a1:9e:
                    63:8e:88:3c:8c:10:5a:c8:c1:a5:f3:be:2d:51:0f:
                    b4:81:18:9d:c1:4c:9c:70:33:de:2c:5e:b2:f5:18:
                    d2:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:43:74:79:2B:5C:DA:9F:B1:2E:32:AC:2E:86:6B:2D:E2:48:DF:3C
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/nUN0eStc2p-xLjKsLoZrLeJI3zw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.136.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:a1:17:9b:12:a7:1f:bd:00:44:b7:14:81:69:50:7b:33:33:
         1c:d4:18:ec:bd:14:d6:88:4f:54:31:c0:9e:d2:91:76:4d:5a:
         fe:f7:b6:d1:07:e8:d4:49:95:64:d6:f2:7b:38:4f:ad:90:ce:
         2a:77:9b:a0:d1:7a:1c:30:cf:16:16:94:05:af:39:83:e7:12:
         55:7e:09:b1:95:2d:c5:e5:de:5f:64:97:01:53:80:71:a5:4f:
         69:b6:d2:74:d1:d8:98:76:30:63:57:fb:91:d1:c7:99:e9:c2:
         1b:06:51:0d:cd:1c:70:66:53:a8:41:a8:e0:b9:f7:33:5f:fd:
         47:5c:b9:bf:b1:aa:b9:52:85:1f:97:bd:ed:89:71:89:84:dd:
         ac:24:e1:d9:67:b3:11:12:76:80:bc:86:fa:28:31:fb:b5:04:
         78:38:74:f0:2d:8c:1e:40:41:ff:17:59:f0:be:94:6a:a6:ac:
         08:da:ad:f5:1d:66:1d:06:55:aa:96:a1:1b:c3:59:0f:fb:37:
         72:4e:e0:5a:c4:24:ad:83:a1:c8:99:50:72:64:3d:87:71:21:
         56:ab:02:ae:c1:cd:86:fe:a6:78:35:27:3b:e7:59:db:c6:10:
         49:32:50:b3:85:43:b1:a8:c2:13:fb:e3:60:ee:05:14:da:2c:
         5d:b7:e0:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2s6b/nTy/8svLnuMMW31MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDQzNzQ3OTJiNWNkYTlmYjEyZTMyYWMyZTg2NmIyZGUyNDhkZjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWR5lpTVfRrQmODLR4z0xwSTmvpV
TO3ube6yiwT1sCH4sHKzA6/Cd67uBpav3hBsAHBVJiQSjWhdNJ5XbrF+8ixfnWky
WTKHe8p1nKBcr5vBnqDp5UPZ7OjfdwAz+KACYvqaeYJocE7B2b3Cvl7CtuIMCpR9
TbbOoXL6U0WTmqvlWiLCoZTv6E7gL21vFYfkPwDV60YAXOsp/8fa/mgqQSqPiEBq
0HOA+AGjPfYA/r9TRJ1eB36xlv4hiLjzTXYCv2JcEUQn/GaGDnHcxKkkCD+qcArr
ONSH2JWeq/ONoZ5jjog8jBBayMGl874tUQ+0gRidwUyccDPeLF6y9RjS4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1DdHkrXNqfsS4yrC6Gay3iSN88MB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvblVOMGVTdGMycC14TGpLc0xvWnJMZUpJM3p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw4h0MA0G
CSqGSIb3DQEBCwUAA4IBAQBToRebEqcfvQBEtxSBaVB7MzMc1BjsvRTWiE9UMcCe
0pF2TVr+97bRB+jUSZVk1vJ7OE+tkM4qd5ug0XocMM8WFpQFrzmD5xJVfgmxlS3F
5d5fZJcBU4BxpU9pttJ00diYdjBjV/uR0ceZ6cIbBlENzRxwZlOoQajgufczX/1H
XLm/saq5UoUfl73tiXGJhN2sJOHZZ7MREnaAvIb6KDH7tQR4OHTwLYweQEH/F1nw
vpRqpqwI2q31HWYdBlWqlqEbw1kP+zdyTuBaxCStg6HImVByZD2HcSFWqwKuwc2G
/qZ4NSc751nbxhBJMlCzhUOxqMIT++Ng7gUU2ixdt+CW
-----END CERTIFICATE-----