Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/u9IZodmKoWo1IynL3jX2dGe6Ko8.roa
File:                     u9IZodmKoWo1IynL3jX2dGe6Ko8.roa (raw, json)
Hash identifier:          bFVQ5UHjNUR/ZgXHKnfGgFYtV18FGDorFuqku8kbDxY=
Subject key identifier:   BB:D2:19:A1:D9:8A:A1:6A:35:23:29:CB:DE:35:F6:74:67:BA:2A:8F
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAD56BCFAD1A8DE51F6B45EAEAC8DB
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/u9IZodmKoWo1IynL3jX2dGe6Ko8.roa
Signing time:             Mon 01 Jan 2024 02:29:30 +0000
ROA not before:           Mon 01 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57101
IP address blocks:        195.136.136.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 18:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d5:6b:cf:ad:1a:8d:e5:1f:6b:45:ea:ea:c8:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbd219a1d98aa16a352329cbde35f67467ba2a8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:64:5e:47:8d:74:d1:fd:85:7a:81:31:55:3f:
                    9a:aa:e6:03:5b:f0:9a:28:d4:f4:85:b8:e8:36:05:
                    f8:04:81:62:2f:0c:10:7a:ba:d0:aa:6a:93:54:f9:
                    4b:03:5e:c5:9c:4b:5e:44:68:12:a4:6e:90:f3:70:
                    1f:27:de:28:88:65:e5:2d:be:14:08:ef:8d:a4:16:
                    e5:a6:8a:92:ee:27:1a:42:a8:dd:ae:cc:f4:9b:17:
                    d6:6d:de:b3:56:6f:3f:22:77:7f:e0:f9:5c:61:57:
                    f3:54:98:d2:86:8d:78:8a:c7:e2:b1:2a:79:04:00:
                    22:b1:45:40:59:f6:5b:70:18:5f:95:d2:e9:79:b7:
                    36:a5:59:8d:96:c7:db:ca:c5:f9:d7:46:0a:6c:7b:
                    77:3e:ea:af:65:ec:d0:bf:75:61:4c:e5:44:cd:9e:
                    59:70:71:d0:d3:15:a8:cc:49:54:f5:4b:b1:62:d8:
                    e2:08:8f:77:ce:90:a3:bb:7e:ff:fa:06:37:b6:f4:
                    2a:10:0d:b5:07:9e:40:a5:69:48:78:94:d7:bd:2a:
                    35:15:dc:4f:ef:56:b0:bb:84:84:bd:3c:06:b3:46:
                    68:06:11:c6:ab:1d:e1:95:e1:a6:39:ed:ec:3d:5c:
                    db:26:28:81:20:3c:ce:4d:05:a9:c5:91:ad:ba:c9:
                    e8:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:D2:19:A1:D9:8A:A1:6A:35:23:29:CB:DE:35:F6:74:67:BA:2A:8F
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/u9IZodmKoWo1IynL3jX2dGe6Ko8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.136.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:e8:51:73:5d:03:1b:7c:0c:26:8e:18:bf:cb:b3:06:bb:20:
         f4:56:bc:3a:ee:27:2f:e2:c5:9f:81:3a:ef:03:50:cd:eb:48:
         c8:b7:48:43:f5:0c:74:7b:f1:02:ba:4a:c5:d4:88:82:32:cf:
         ee:42:d1:1d:52:ef:19:ee:e7:3f:58:5e:ab:1d:aa:dc:61:ca:
         39:a9:97:26:15:ea:21:f5:68:a4:de:6e:ae:5a:3d:6c:bd:9c:
         a3:fe:40:12:f0:2f:6b:0f:23:b9:43:24:5a:a6:e6:d6:95:17:
         85:7f:31:ca:14:f8:4e:18:db:29:b9:1e:10:50:51:30:b2:b4:
         69:b1:46:8c:e1:2a:80:4f:dc:b1:61:d9:60:b3:b6:b2:f4:f1:
         6a:d8:9b:89:c7:3e:7d:5c:c3:75:a6:f3:43:72:3d:80:c7:b3:
         30:62:d8:ac:dd:d9:ea:87:c8:8e:02:37:e3:b8:a7:1c:bb:f4:
         af:24:00:cd:81:fb:de:45:ee:10:18:33:80:2e:7c:ed:84:f3:
         9a:4c:3e:43:bf:46:a1:53:5d:e0:9b:86:59:4f:10:75:44:42:
         51:fd:03:79:e6:51:af:46:03:8c:73:b0:12:b7:73:ce:22:58:
         91:56:24:ee:54:28:90:ad:30:ad:bb:fe:93:42:f9:7a:6c:28:
         6e:36:b0:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tVrz60ajeUfa0Xq6sjbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmQyMTlhMWQ5OGFhMTZhMzUyMzI5Y2JkZTM1ZjY3NDY3YmEyYThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGReR4100f2FeoExVT+aquYDW/Ca
KNT0hbjoNgX4BIFiLwwQerrQqmqTVPlLA17FnEteRGgSpG6Q83AfJ94oiGXlLb4U
CO+NpBblpoqS7icaQqjdrsz0mxfWbd6zVm8/Ind/4PlcYVfzVJjSho14isfisSp5
BAAisUVAWfZbcBhfldLpebc2pVmNlsfbysX510YKbHt3PuqvZezQv3VhTOVEzZ5Z
cHHQ0xWozElU9UuxYtjiCI93zpCju37/+gY3tvQqEA21B55ApWlIeJTXvSo1FdxP
71awu4SEvTwGs0ZoBhHGqx3hleGmOe3sPVzbJiiBIDzOTQWpxZGtusnoEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLvSGaHZiqFqNSMpy9419nRnuiqPMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvdTlJWm9kbUtvV28xSXluTDNqWDJkR2U2S284LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw4iIMA0G
CSqGSIb3DQEBCwUAA4IBAQBG6FFzXQMbfAwmjhi/y7MGuyD0Vrw67icv4sWfgTrv
A1DN60jIt0hD9Qx0e/ECukrF1IiCMs/uQtEdUu8Z7uc/WF6rHarcYco5qZcmFeoh
9Wik3m6uWj1svZyj/kAS8C9rDyO5QyRapubWlReFfzHKFPhOGNspuR4QUFEwsrRp
sUaM4SqAT9yxYdlgs7ay9PFq2JuJxz59XMN1pvNDcj2Ax7MwYtis3dnqh8iOAjfj
uKccu/SvJADNgfveRe4QGDOALnzthPOaTD5Dv0ahU13gm4ZZTxB1REJR/QN55lGv
RgOMc7ASt3POIliRViTuVCiQrTCtu/6TQvl6bChuNrAd
-----END CERTIFICATE-----