Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/wi6XUs9mZTWTLWs3ovDyiE6Sd_I.roa
File:                     wi6XUs9mZTWTLWs3ovDyiE6Sd_I.roa (raw, json)
Hash identifier:          o+KWT4C9EqUG5EeV42Wzd6oIt1KZLRSkl+L8Au0S6Kg=
Subject key identifier:   C2:2E:97:52:CF:66:65:35:93:2D:6B:37:A2:F0:F2:88:4E:92:77:F2
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019421B21427558B25928FE78E68CF98D97D
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/wi6XUs9mZTWTLWs3ovDyiE6Sd_I.roa
Signing time:             Wed 01 Jan 2025 11:48:26 +0000
ROA not before:           Wed 01 Jan 2025 11:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35378
IP address blocks:        195.136.116.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:14:27:55:8b:25:92:8f:e7:8e:68:cf:98:d9:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 11:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c22e9752cf666535932d6b37a2f0f2884e9277f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:62:2c:34:11:2f:f0:02:dc:77:68:ea:36:d4:
                    64:49:20:66:a6:e0:89:f5:11:85:53:52:2b:29:04:
                    c1:f7:9b:45:5f:28:23:77:71:a0:91:1e:95:08:28:
                    3e:89:85:44:bc:d9:26:2b:48:e2:69:b1:2a:0c:57:
                    dc:44:f0:8e:0c:b8:b1:fd:23:5e:6d:78:5b:c9:a4:
                    a4:13:7c:62:80:cb:49:a4:0b:1c:7f:cd:a8:54:f4:
                    cd:36:90:3c:18:af:4f:63:b1:af:c3:ab:94:e5:c8:
                    75:62:ed:ff:a0:76:0a:38:d9:c7:ec:10:07:ad:bf:
                    29:87:5e:1e:32:c8:40:9b:cf:dd:95:54:0a:45:d4:
                    8a:d1:17:02:99:90:4f:28:f0:0e:ba:3e:ed:b0:fe:
                    5f:3f:33:ed:d1:91:31:a3:c9:2d:e1:0e:4e:ea:85:
                    40:61:8c:05:d9:36:33:5f:45:f9:1c:e2:91:b2:55:
                    c9:96:74:40:6e:7d:a2:e3:ff:26:59:b8:db:9f:4e:
                    58:35:6c:22:97:d9:da:cc:3c:bc:70:ba:2b:ff:94:
                    bd:38:57:dc:0d:96:26:d1:73:8c:2f:c9:d3:77:d7:
                    b5:67:f4:c0:42:e9:e9:a7:62:8f:61:32:38:b1:5a:
                    23:fd:1a:e8:93:20:90:a5:fa:bb:36:08:47:6a:70:
                    2d:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:2E:97:52:CF:66:65:35:93:2D:6B:37:A2:F0:F2:88:4E:92:77:F2
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/wi6XUs9mZTWTLWs3ovDyiE6Sd_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.136.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:68:6a:d1:57:da:72:d7:de:e3:ff:2e:3c:e1:d7:54:69:89:
         58:39:6e:a4:3a:ab:40:cb:70:8c:80:8f:3d:5e:49:b0:55:5c:
         86:48:da:2f:83:be:69:78:32:9b:d0:77:47:e6:fe:2b:9b:a9:
         9f:1e:99:f8:9b:a2:6b:8a:e2:42:20:c8:89:ac:01:c6:84:d3:
         b1:a2:2d:35:31:1f:04:72:6e:5c:15:c1:72:11:7c:15:01:a8:
         19:11:10:f7:f0:e8:77:5f:5d:11:6a:d1:51:2a:b5:b9:e8:2e:
         c0:44:e3:e2:e7:36:24:98:28:b1:d3:33:ae:ac:b8:0e:f1:c5:
         c0:8e:4c:3f:86:17:35:76:f5:2b:41:06:06:00:c3:1f:df:3d:
         a8:3e:91:90:91:5f:ca:9d:0a:26:e5:28:22:d7:63:05:aa:11:
         e7:fa:bf:83:50:86:6a:da:06:92:b9:8e:4d:e8:f0:e7:d3:f2:
         0b:d0:f2:4b:23:ae:2d:0d:72:67:bd:b2:46:a6:4d:30:f0:0a:
         94:fb:3c:32:91:6b:88:53:aa:5b:2f:e7:88:97:c0:32:75:16:
         30:63:19:7f:2d:72:1d:5b:86:37:65:b5:64:47:71:75:f6:8b:
         43:4c:30:51:e7:48:05:bd:36:66:7b:6e:dc:d7:fd:69:6a:47:
         5d:69:e3:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhshQnVYslko/njmjPmNl9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjUwMTAxMTE0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjJlOTc1MmNmNjY2NTM1OTMyZDZiMzdhMmYwZjI4ODRlOTI3N2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumIsNBEv8ALcd2jqNtRkSSBmpuCJ
9RGFU1IrKQTB95tFXygjd3GgkR6VCCg+iYVEvNkmK0jiabEqDFfcRPCODLix/SNe
bXhbyaSkE3xigMtJpAscf82oVPTNNpA8GK9PY7Gvw6uU5ch1Yu3/oHYKONnH7BAH
rb8ph14eMshAm8/dlVQKRdSK0RcCmZBPKPAOuj7tsP5fPzPt0ZExo8kt4Q5O6oVA
YYwF2TYzX0X5HOKRslXJlnRAbn2i4/8mWbjbn05YNWwil9nazDy8cLor/5S9OFfc
DZYm0XOML8nTd9e1Z/TAQunpp2KPYTI4sVoj/RrokyCQpfq7NghHanAt4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMIul1LPZmU1ky1rN6Lw8ohOknfyMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvd2k2WFVzOW1aVFdUTFdzM292RHlpRTZTZF9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw4h0MA0G
CSqGSIb3DQEBCwUAA4IBAQASaGrRV9py197j/y484ddUaYlYOW6kOqtAy3CMgI89
XkmwVVyGSNovg75peDKb0HdH5v4rm6mfHpn4m6JriuJCIMiJrAHGhNOxoi01MR8E
cm5cFcFyEXwVAagZERD38Oh3X10RatFRKrW56C7AROPi5zYkmCix0zOurLgO8cXA
jkw/hhc1dvUrQQYGAMMf3z2oPpGQkV/KnQom5Sgi12MFqhHn+r+DUIZq2gaSuY5N
6PDn0/IL0PJLI64tDXJnvbJGpk0w8AqU+zwykWuIU6pbL+eIl8AydRYwYxl/LXId
W4Y3ZbVkR3F19otDTDBR50gFvTZme27c1/1pakddaeNk
-----END CERTIFICATE-----