Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/0a0078-648f-4360-94c7-0d6dcb0ecfcf/1/zBQLlk6R8SMqXeJs9KlWAq-2zWs.roa
File:                     zBQLlk6R8SMqXeJs9KlWAq-2zWs.roa (raw, json)
Hash identifier:          H5Z9T6mivR2DyTqTRYiFtEvpcqAnMQHqnVNqaL10pMs=
Subject key identifier:   CC:14:0B:96:4E:91:F1:23:2A:5D:E2:6C:F4:A9:56:02:AF:B6:CD:6B
Certificate issuer:       /CN=403c7e85de49d7924ce50d3d6a9e52e9e9c2e312
Certificate serial:       0194258F3143DAFAD171B2CC99EA15A82392
Authority key identifier: 40:3C:7E:85:DE:49:D7:92:4C:E5:0D:3D:6A:9E:52:E9:E9:C2:E3:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QDx-hd5J15JM5Q09ap5S6enC4xI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/0a0078-648f-4360-94c7-0d6dcb0ecfcf/1/zBQLlk6R8SMqXeJs9KlWAq-2zWs.roa
Signing time:             Thu 02 Jan 2025 05:48:48 +0000
ROA not before:           Thu 02 Jan 2025 05:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58150
IP address blocks:        185.56.0.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/0a0078-648f-4360-94c7-0d6dcb0ecfcf/1/QDx-hd5J15JM5Q09ap5S6enC4xI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/0a0078-648f-4360-94c7-0d6dcb0ecfcf/1/QDx-hd5J15JM5Q09ap5S6enC4xI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QDx-hd5J15JM5Q09ap5S6enC4xI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 17:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:31:43:da:fa:d1:71:b2:cc:99:ea:15:a8:23:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=403c7e85de49d7924ce50d3d6a9e52e9e9c2e312
        Validity
            Not Before: Jan  2 05:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc140b964e91f1232a5de26cf4a95602afb6cd6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:2f:b4:e5:72:89:dd:19:68:85:80:d3:de:28:
                    3a:19:4f:ae:28:05:a3:ae:9d:1c:50:cc:cf:1a:81:
                    dd:92:8b:8b:a0:02:1c:e2:0b:ad:1f:89:4a:21:1d:
                    66:2e:16:cb:90:89:a6:40:32:3f:b4:ce:89:ac:3d:
                    8a:ce:e0:9d:39:d1:96:cf:12:12:4d:8c:4d:2e:97:
                    63:c2:b4:33:4f:21:a1:4d:05:83:4a:bb:4c:0b:a5:
                    e3:1d:33:7c:74:53:94:6c:64:54:a8:d1:32:cc:bc:
                    4b:67:ac:da:31:69:2c:e8:7f:70:d8:1a:1b:0a:67:
                    cf:00:ec:05:5d:f4:fe:15:a2:3c:c3:90:53:3c:c9:
                    85:f0:ee:8c:8f:33:42:03:86:6c:40:ae:74:29:3c:
                    2b:54:a0:38:c1:ef:cf:12:a1:12:b8:e4:05:6a:b7:
                    8c:f9:18:61:c0:71:3f:49:9d:62:45:40:d2:ba:89:
                    b6:c2:76:70:71:0d:68:cc:de:a0:d4:f0:36:45:bd:
                    53:a3:8c:88:40:86:a3:42:cf:a2:ff:a4:a1:7f:ef:
                    5c:e1:6a:a8:4d:5f:56:0a:dc:c4:24:45:f2:88:75:
                    ca:a0:43:8c:c8:0a:27:dd:bd:f7:21:a8:bf:5f:72:
                    70:c0:f0:29:d0:e6:fc:16:a6:08:e4:db:22:e2:4c:
                    b7:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:14:0B:96:4E:91:F1:23:2A:5D:E2:6C:F4:A9:56:02:AF:B6:CD:6B
            X509v3 Authority Key Identifier:
                keyid:40:3C:7E:85:DE:49:D7:92:4C:E5:0D:3D:6A:9E:52:E9:E9:C2:E3:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QDx-hd5J15JM5Q09ap5S6enC4xI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/0a0078-648f-4360-94c7-0d6dcb0ecfcf/1/zBQLlk6R8SMqXeJs9KlWAq-2zWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/0a0078-648f-4360-94c7-0d6dcb0ecfcf/1/QDx-hd5J15JM5Q09ap5S6enC4xI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:3e:4e:8f:ae:1c:d1:f8:22:2e:96:af:e9:43:01:8e:82:37:
         59:e3:1a:0a:bb:e4:f0:4a:59:99:32:10:7e:c0:e8:63:06:84:
         5b:4a:71:f3:88:f1:00:46:1b:41:d7:22:01:23:74:e2:b7:ec:
         6a:b3:e1:9b:6b:10:34:5d:82:10:40:a1:5d:de:2c:83:8d:eb:
         b9:7b:47:6d:d4:18:9f:8b:ef:31:fc:2d:27:3b:4a:e0:09:75:
         e9:2e:3c:0d:cf:a4:fc:32:99:21:5e:86:da:d0:85:9f:2c:b4:
         ef:2d:d7:0a:77:9d:e8:51:9c:dc:16:c6:3a:cd:c8:d0:ab:54:
         99:bc:fa:d5:17:1d:c3:37:f0:0d:0e:fa:b1:88:8c:c2:4d:ca:
         e6:70:4d:91:fa:a4:de:ea:d4:fd:f1:24:51:2d:2e:f3:62:e1:
         5b:a1:a1:0e:52:76:7a:85:51:56:9b:4a:70:ec:3f:30:88:03:
         9d:bf:96:42:e0:8a:cc:a7:14:40:b6:cd:e5:4b:c0:50:f7:c6:
         90:63:70:2c:39:29:24:50:2a:4d:9b:18:01:ae:2b:53:3f:61:
         1e:47:ba:25:ec:2d:e3:d7:3b:20:7d:05:24:b3:99:5e:ea:1a:
         ce:11:e6:2b:90:4e:7a:8b:50:df:8b:76:bb:01:6c:66:ae:03:
         b6:dd:92:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljzFD2vrRcbLMmeoVqCOSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwM2M3ZTg1ZGU0OWQ3OTI0Y2U1MGQzZDZhOWU1MmU5ZTlj
MmUzMTIwHhcNMjUwMTAyMDU0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzE0MGI5NjRlOTFmMTIzMmE1ZGUyNmNmNGE5NTYwMmFmYjZjZDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoS+05XKJ3RlohYDT3ig6GU+uKAWj
rp0cUMzPGoHdkouLoAIc4gutH4lKIR1mLhbLkImmQDI/tM6JrD2KzuCdOdGWzxIS
TYxNLpdjwrQzTyGhTQWDSrtMC6XjHTN8dFOUbGRUqNEyzLxLZ6zaMWks6H9w2Bob
CmfPAOwFXfT+FaI8w5BTPMmF8O6MjzNCA4ZsQK50KTwrVKA4we/PEqESuOQFareM
+RhhwHE/SZ1iRUDSuom2wnZwcQ1ozN6g1PA2Rb1To4yIQIajQs+i/6Shf+9c4Wqo
TV9WCtzEJEXyiHXKoEOMyAon3b33Iai/X3JwwPAp0Ob8FqYI5Nsi4ky3owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMwUC5ZOkfEjKl3ibPSpVgKvts1rMB8GA1UdIwQY
MBaAFEA8foXeSdeSTOUNPWqeUunpwuMSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUR4LWhkNUoxNUpNNVEwOWFwNVM2ZW5DNHhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8wYTAwNzgtNjQ4Zi00MzYwLTk0Yzct
MGQ2ZGNiMGVjZmNmLzEvekJRTGxrNlI4U01xWGVKczlLbFdBcS0yeldzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8wYTAwNzgtNjQ4Zi00MzYwLTk0YzctMGQ2ZGNiMGVjZmNm
LzEvUUR4LWhkNUoxNUpNNVEwOWFwNVM2ZW5DNHhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTgAMA0G
CSqGSIb3DQEBCwUAA4IBAQAkPk6PrhzR+CIulq/pQwGOgjdZ4xoKu+TwSlmZMhB+
wOhjBoRbSnHziPEARhtB1yIBI3Tit+xqs+GbaxA0XYIQQKFd3iyDjeu5e0dt1Bif
i+8x/C0nO0rgCXXpLjwNz6T8MpkhXoba0IWfLLTvLdcKd53oUZzcFsY6zcjQq1SZ
vPrVFx3DN/ANDvqxiIzCTcrmcE2R+qTe6tT98SRRLS7zYuFboaEOUnZ6hVFWm0pw
7D8wiAOdv5ZC4IrMpxRAts3lS8BQ98aQY3AsOSkkUCpNmxgBritTP2EeR7ol7C3j
1zsgfQUks5le6hrOEeYrkE56i1Dfi3a7AWxmrgO23ZI2
-----END CERTIFICATE-----