Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/qCdv80sibwgcDWrBkOAdR0yI5Rk.roa
File:                     qCdv80sibwgcDWrBkOAdR0yI5Rk.roa (raw, json)
Hash identifier:          jfTociXvEdeVf1tdesLXp6XKyVZIWzfOs/i6aEZeLbE=
Subject key identifier:   A8:27:6F:F3:4B:22:6F:08:1C:0D:6A:C1:90:E0:1D:47:4C:88:E5:19
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAD53B303949A17149C369C7C99534
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/qCdv80sibwgcDWrBkOAdR0yI5Rk.roa
Signing time:             Mon 01 Jan 2024 02:29:30 +0000
ROA not before:           Mon 01 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56373
IP address blocks:        82.177.12.0/23 maxlen: 24
                          82.177.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d5:3b:30:39:49:a1:71:49:c3:69:c7:c9:95:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8276ff34b226f081c0d6ac190e01d474c88e519
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e0:6f:00:cb:6b:8a:8c:4b:fc:3b:66:ee:ac:
                    39:65:26:52:8e:5f:27:40:8f:34:aa:d4:56:c6:d2:
                    ed:c3:37:6f:95:ec:b8:f5:bf:71:49:dd:41:84:76:
                    f6:5b:83:0c:47:77:89:9b:52:55:54:cd:6a:d1:cc:
                    d5:42:ab:7f:d2:1e:f8:f1:a3:53:11:45:95:85:ea:
                    ea:c7:23:ee:43:0f:b1:11:2c:53:23:4c:de:de:9e:
                    65:16:2d:99:70:8f:51:15:d8:f3:d6:80:4f:5a:fb:
                    dd:7a:de:87:8c:86:99:2c:e1:1e:12:5e:d2:03:6f:
                    ae:a2:47:cc:6e:78:18:ac:fb:ca:c5:c6:d2:61:80:
                    31:2f:6b:6e:23:ca:64:f0:59:d0:bb:09:c1:17:c8:
                    d8:39:c1:5e:8f:f0:21:47:df:c5:d6:6a:01:f1:8d:
                    6b:a8:77:c0:d1:a2:7f:25:87:77:04:8f:e2:3a:e9:
                    c3:82:01:84:5c:a0:7b:dd:7d:48:21:46:8c:80:1b:
                    b5:93:23:8f:8c:d7:37:88:6e:cf:e7:7c:75:80:dd:
                    28:d7:a3:c7:7b:71:21:07:20:58:71:85:3e:a8:17:
                    fe:a2:39:06:02:be:91:a3:27:c0:95:ed:35:3f:1a:
                    f5:b8:49:d2:94:69:59:9a:04:8b:6f:d1:e1:7c:9d:
                    c7:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:27:6F:F3:4B:22:6F:08:1C:0D:6A:C1:90:E0:1D:47:4C:88:E5:19
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/qCdv80sibwgcDWrBkOAdR0yI5Rk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.177.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:f4:cc:fc:d8:ae:1c:df:ff:d5:c0:e7:88:7a:e1:0d:2f:68:
         4a:3c:7f:b7:27:c4:5e:f5:ea:1d:1d:bf:3c:23:7a:90:81:28:
         f4:25:8c:49:1b:3d:a4:90:d1:32:c0:f5:25:74:c7:ad:ec:c7:
         65:20:a5:c8:22:c5:b8:04:78:31:2c:d8:69:27:e8:e8:81:a9:
         7a:b7:f3:27:ef:37:7e:93:ed:bc:38:46:9a:08:13:df:81:bd:
         5c:ad:ec:76:fa:92:69:a3:2f:73:6f:42:39:8a:aa:06:c1:93:
         48:41:48:bf:0b:ff:25:9a:80:1a:08:4c:8b:2a:02:fb:53:5b:
         a5:92:ae:9a:87:ad:ca:be:4d:92:76:d7:2d:79:c9:b9:0e:d3:
         c8:29:5f:d8:28:d2:d3:82:06:1f:d4:75:4e:2f:da:b8:08:02:
         01:0a:9f:98:1c:a9:33:c7:aa:c1:60:59:f2:5d:99:26:68:7a:
         3a:f9:56:26:43:e4:db:ef:14:81:6c:8b:38:22:fd:cf:08:1f:
         81:92:ec:d2:d9:a9:1f:c2:b9:5f:2c:8e:3d:1c:c5:4e:87:79:
         da:48:c8:c7:39:35:de:7b:f7:9f:ad:69:d6:0e:56:65:3a:f5:
         f4:6e:59:23:f5:0b:4e:bc:2c:ea:38:ad:3b:8e:25:4b:ea:0e:
         60:9c:ba:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tU7MDlJoXFJw2nHyZU0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODI3NmZmMzRiMjI2ZjA4MWMwZDZhYzE5MGUwMWQ0NzRjODhlNTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOBvAMtrioxL/Dtm7qw5ZSZSjl8n
QI80qtRWxtLtwzdvley49b9xSd1BhHb2W4MMR3eJm1JVVM1q0czVQqt/0h748aNT
EUWVherqxyPuQw+xESxTI0ze3p5lFi2ZcI9RFdjz1oBPWvvdet6HjIaZLOEeEl7S
A2+uokfMbngYrPvKxcbSYYAxL2tuI8pk8FnQuwnBF8jYOcFej/AhR9/F1moB8Y1r
qHfA0aJ/JYd3BI/iOunDggGEXKB73X1IIUaMgBu1kyOPjNc3iG7P53x1gN0o16PH
e3EhByBYcYU+qBf+ojkGAr6RoyfAle01Pxr1uEnSlGlZmgSLb9HhfJ3HJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKgnb/NLIm8IHA1qwZDgHUdMiOUZMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvcUNkdjgwc2lid2djRFdyQmtPQWRSMHlJNVJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUrEMMA0G
CSqGSIb3DQEBCwUAA4IBAQCL9Mz82K4c3//VwOeIeuENL2hKPH+3J8Re9eodHb88
I3qQgSj0JYxJGz2kkNEywPUldMet7MdlIKXIIsW4BHgxLNhpJ+jogal6t/Mn7zd+
k+28OEaaCBPfgb1crex2+pJpoy9zb0I5iqoGwZNIQUi/C/8lmoAaCEyLKgL7U1ul
kq6ah63Kvk2Sdtctecm5DtPIKV/YKNLTggYf1HVOL9q4CAIBCp+YHKkzx6rBYFny
XZkmaHo6+VYmQ+Tb7xSBbIs4Iv3PCB+BkuzS2akfwrlfLI49HMVOh3naSMjHOTXe
e/efrWnWDlZlOvX0blkj9QtOvCzqOK07jiVL6g5gnLqu
-----END CERTIFICATE-----