Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/yq8XJf1EXX5VoT5pi_yRoX_xIGk.roa
File:                     yq8XJf1EXX5VoT5pi_yRoX_xIGk.roa (raw, json)
Hash identifier:          yUdDY/S2BePqk6W6Q0EjUJ3out7VYyH3gM3yPSeRf7Y=
Subject key identifier:   CA:AF:17:25:FD:44:5D:7E:55:A1:3E:69:8B:FC:91:A1:7F:F1:20:69
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019421B22E943F9A4B98B33B9547430B0AB7
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/yq8XJf1EXX5VoT5pi_yRoX_xIGk.roa
Signing time:             Wed 01 Jan 2025 11:48:33 +0000
ROA not before:           Wed 01 Jan 2025 11:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204412
IP address blocks:        195.136.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:2e:94:3f:9a:4b:98:b3:3b:95:47:43:0b:0a:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 11:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=caaf1725fd445d7e55a13e698bfc91a17ff12069
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:55:f5:dd:de:dc:b7:02:1d:d7:09:c6:e5:2c:
                    fc:c1:b9:45:ef:4e:9a:36:74:2e:f1:a3:94:54:f7:
                    d7:dd:0e:b0:3e:91:b7:1c:01:50:03:b5:06:4b:f3:
                    c7:0f:b6:54:ad:2b:49:e6:5d:92:13:ca:91:87:de:
                    86:1a:2d:3b:76:53:a7:7b:3a:cd:76:d2:db:52:2f:
                    96:99:44:3b:f8:3f:d9:04:60:7d:85:02:21:7a:4c:
                    a9:fe:36:f9:7b:8d:18:2d:47:39:19:b4:2e:38:c9:
                    8f:ea:20:53:81:11:aa:d9:6a:87:c6:ba:e0:86:f1:
                    04:f6:8c:02:62:f0:bf:c8:b4:41:80:d9:9a:d4:4f:
                    bf:34:48:6c:4c:02:91:42:21:90:49:6a:e1:bb:13:
                    9d:ac:61:9b:35:b1:f6:b9:0a:3d:4c:25:60:9f:47:
                    d5:78:2c:0b:dc:ab:43:ae:d6:c0:11:d7:b5:2e:5d:
                    06:8e:91:c0:ac:08:03:89:0a:14:ed:f8:22:73:93:
                    be:94:27:9b:90:79:78:19:24:ee:fa:c4:db:2b:11:
                    d9:0c:b2:65:41:04:19:97:0a:47:64:83:35:ec:f9:
                    df:54:bb:0e:30:bf:4c:3a:aa:46:4e:34:64:99:bb:
                    8e:02:12:56:bb:35:77:67:29:a5:a8:5e:11:7a:2a:
                    aa:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:AF:17:25:FD:44:5D:7E:55:A1:3E:69:8B:FC:91:A1:7F:F1:20:69
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/yq8XJf1EXX5VoT5pi_yRoX_xIGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.136.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:fc:27:11:18:ff:f4:17:13:f9:96:b9:1b:14:5c:4d:68:a9:
         46:a6:98:16:1d:41:97:c1:93:27:be:75:1f:e6:83:1b:4a:36:
         26:4a:94:80:75:ce:00:99:f6:29:d7:3e:1e:62:2e:d5:78:16:
         a4:94:5c:13:f7:91:5b:97:b7:76:28:1e:6c:83:78:fd:52:1e:
         30:8b:56:92:db:e4:41:76:b1:38:25:8d:6a:ae:0f:50:60:55:
         05:84:f7:7c:ef:38:53:80:11:89:68:88:e5:18:56:8a:0f:6e:
         ea:5d:b0:18:b7:51:ca:56:cb:86:c4:79:05:e6:9e:b4:ba:65:
         07:74:e1:bd:2c:5a:fa:66:63:c7:54:2e:80:fb:d7:30:a9:95:
         b2:db:3c:78:87:87:25:9a:28:8a:fe:33:2d:73:d4:d1:5a:b8:
         27:49:2a:45:94:12:d2:e5:5f:da:8e:50:10:bf:45:59:1c:5e:
         48:09:22:eb:c3:56:92:8e:da:d1:8c:91:8a:aa:7a:a3:20:aa:
         3c:a8:64:64:1c:67:15:51:ad:45:52:3e:74:49:b3:c3:33:08:
         b5:be:c5:47:02:59:5b:3a:bb:d8:ef:5c:05:0f:65:fa:02:86:
         6e:e0:2b:30:63:97:83:b7:c4:ee:23:82:4e:51:66:e6:e2:e4:
         15:bb:cf:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsi6UP5pLmLM7lUdDCwq3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjUwMTAxMTE0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWFmMTcyNWZkNDQ1ZDdlNTVhMTNlNjk4YmZjOTFhMTdmZjEyMDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1X13d7ctwId1wnG5Sz8wblF706a
NnQu8aOUVPfX3Q6wPpG3HAFQA7UGS/PHD7ZUrStJ5l2SE8qRh96GGi07dlOnezrN
dtLbUi+WmUQ7+D/ZBGB9hQIhekyp/jb5e40YLUc5GbQuOMmP6iBTgRGq2WqHxrrg
hvEE9owCYvC/yLRBgNma1E+/NEhsTAKRQiGQSWrhuxOdrGGbNbH2uQo9TCVgn0fV
eCwL3KtDrtbAEde1Ll0GjpHArAgDiQoU7fgic5O+lCebkHl4GSTu+sTbKxHZDLJl
QQQZlwpHZIM17PnfVLsOML9MOqpGTjRkmbuOAhJWuzV3ZymlqF4ReiqqHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMqvFyX9RF1+VaE+aYv8kaF/8SBpMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEveXE4WEpmMUVYWDVWb1Q1cGlfeVJvWF94SUdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4h5MA0G
CSqGSIb3DQEBCwUAA4IBAQBQ/CcRGP/0FxP5lrkbFFxNaKlGppgWHUGXwZMnvnUf
5oMbSjYmSpSAdc4AmfYp1z4eYi7VeBaklFwT95Fbl7d2KB5sg3j9Uh4wi1aS2+RB
drE4JY1qrg9QYFUFhPd87zhTgBGJaIjlGFaKD27qXbAYt1HKVsuGxHkF5p60umUH
dOG9LFr6ZmPHVC6A+9cwqZWy2zx4h4clmiiK/jMtc9TRWrgnSSpFlBLS5V/ajlAQ
v0VZHF5ICSLrw1aSjtrRjJGKqnqjIKo8qGRkHGcVUa1FUj50SbPDMwi1vsVHAllb
OrvY71wFD2X6AoZu4CswY5eDt8TuI4JOUWbm4uQVu8+W
-----END CERTIFICATE-----