Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/vHKdGEfMQfJwz_lbvI3MrIUve9Y.roa
File:                     vHKdGEfMQfJwz_lbvI3MrIUve9Y.roa (raw, json)
Hash identifier:          TL8Q/U6QQtQK7hxAwtPxnr3T3GenQvNMUYo6lyhHvZg=
Subject key identifier:   BC:72:9D:18:47:CC:41:F2:70:CF:F9:5B:BC:8D:CC:AC:85:2F:7B:D6
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAD694E2BAC4F5E89361F882F4F2E8
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/vHKdGEfMQfJwz_lbvI3MrIUve9Y.roa
Signing time:             Mon 01 Jan 2024 02:29:30 +0000
ROA not before:           Mon 01 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60378
IP address blocks:        81.15.200.0/24 maxlen: 24
                          82.177.136.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d6:94:e2:ba:c4:f5:e8:93:61:f8:82:f4:f2:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc729d1847cc41f270cff95bbc8dccac852f7bd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a4:bf:6c:f1:d5:4a:ef:6a:bc:b4:9f:79:44:
                    15:15:4f:ea:c9:12:80:6e:15:56:fc:d0:ed:25:7e:
                    df:e3:fe:e1:fa:79:f5:d8:b8:5d:57:36:bb:37:82:
                    8e:65:b3:24:ae:d7:f5:9f:0f:20:69:52:1a:be:f8:
                    1e:1b:22:11:0f:82:27:1b:9a:1b:d4:db:e9:1b:e3:
                    02:11:ba:c5:cc:9a:83:0f:d6:1f:0d:63:e9:da:41:
                    68:ce:01:8d:24:cd:89:bb:de:66:80:32:8d:29:1c:
                    24:83:b9:da:1c:a2:38:8d:9f:99:1f:a7:54:69:83:
                    f7:75:31:df:b1:6b:0d:5f:10:92:8d:0d:99:f6:e3:
                    7e:58:ea:6e:c1:8b:34:46:a9:9f:dd:49:31:c1:e4:
                    c4:29:5a:12:0b:42:b1:60:68:36:f8:45:c6:23:78:
                    06:c2:19:1e:fa:82:e5:f7:f2:c1:e7:9d:91:34:a5:
                    6b:7d:15:fa:68:87:5b:83:b1:83:78:99:63:52:af:
                    e8:2a:55:1c:bd:68:7b:49:9b:47:e5:c8:37:71:4a:
                    de:00:a2:45:fb:7b:2c:74:3e:6a:fe:b6:1f:f2:9c:
                    90:70:57:af:19:38:05:85:f8:0d:d5:32:bc:38:c6:
                    15:9f:da:41:b2:a2:80:b6:35:22:84:8d:af:1d:e6:
                    4e:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:72:9D:18:47:CC:41:F2:70:CF:F9:5B:BC:8D:CC:AC:85:2F:7B:D6
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/vHKdGEfMQfJwz_lbvI3MrIUve9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.15.200.0/24
                  82.177.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:c8:0d:0a:77:4b:da:24:4c:4b:7e:f9:98:90:cd:0b:b7:28:
         c2:51:c2:9f:1a:51:ac:bd:de:2c:9b:8d:5c:74:9d:4e:f4:9d:
         29:f7:c7:1a:bb:ab:c4:16:7f:e4:18:21:aa:db:51:4f:2f:17:
         b2:6e:24:4b:de:8c:e9:60:f2:33:ef:7e:ac:88:f1:d9:d1:ad:
         1c:fa:78:da:93:b1:b5:74:95:8a:e1:f4:47:3f:4a:8b:c3:3a:
         9d:fe:34:37:9b:68:0c:ff:bd:db:16:ac:47:fe:1a:4b:3c:be:
         19:c4:13:86:07:af:5f:ae:7a:3d:a0:e4:fb:c3:4f:a6:43:ef:
         a1:84:99:d1:59:8b:f5:0d:c7:53:38:86:b9:64:14:61:cc:52:
         ab:27:6c:63:13:7e:0b:78:5e:83:be:09:b2:46:07:f1:1e:d7:
         ff:bd:2c:f5:5a:42:c1:d0:0d:48:75:c5:e0:a9:c1:15:88:e1:
         8c:18:36:db:c5:17:e1:39:97:9f:c7:48:dc:84:33:7d:3a:07:
         49:92:2d:43:43:fd:5b:81:38:f1:fd:af:7c:8b:7c:0b:4a:2e:
         ae:60:65:54:67:ca:dc:48:01:8f:30:fd:46:aa:b6:a8:5e:fe:
         bd:3d:98:71:6f:e7:22:e6:8d:9a:89:5e:21:d8:d4:68:db:b7:
         67:71:a4:ee
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2taU4rrE9eiTYfiC9PLoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzcyOWQxODQ3Y2M0MWYyNzBjZmY5NWJiYzhkY2NhYzg1MmY3YmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaS/bPHVSu9qvLSfeUQVFU/qyRKA
bhVW/NDtJX7f4/7h+nn12LhdVza7N4KOZbMkrtf1nw8gaVIavvgeGyIRD4InG5ob
1NvpG+MCEbrFzJqDD9YfDWPp2kFozgGNJM2Ju95mgDKNKRwkg7naHKI4jZ+ZH6dU
aYP3dTHfsWsNXxCSjQ2Z9uN+WOpuwYs0Rqmf3UkxweTEKVoSC0KxYGg2+EXGI3gG
whke+oLl9/LB552RNKVrfRX6aIdbg7GDeJljUq/oKlUcvWh7SZtH5cg3cUreAKJF
+3ssdD5q/rYf8pyQcFevGTgFhfgN1TK8OMYVn9pBsqKAtjUihI2vHeZO4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLxynRhHzEHycM/5W7yNzKyFL3vWMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvdkhLZEdFZk1RZkp3el9sYnZJM01ySVV2ZTlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUQ/IAwQB
UrGIMA0GCSqGSIb3DQEBCwUAA4IBAQCLyA0Kd0vaJExLfvmYkM0LtyjCUcKfGlGs
vd4sm41cdJ1O9J0p98cau6vEFn/kGCGq21FPLxeybiRL3ozpYPIz736siPHZ0a0c
+njak7G1dJWK4fRHP0qLwzqd/jQ3m2gM/73bFqxH/hpLPL4ZxBOGB69frno9oOT7
w0+mQ++hhJnRWYv1DcdTOIa5ZBRhzFKrJ2xjE34LeF6DvgmyRgfxHtf/vSz1WkLB
0A1IdcXgqcEViOGMGDbbxRfhOZefx0jchDN9OgdJki1DQ/1bgTjx/a98i3wLSi6u
YGVUZ8rcSAGPMP1GqraoXv69PZhxb+ci5o2aiV4h2NRo27dncaTu
-----END CERTIFICATE-----