Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/sky/0/326131343a333030313a3a2f33322d3438203d3e20393435.roa
File:                     326131343a333030313a3a2f33322d3438203d3e20393435.roa (raw, json)
Hash identifier:          EEvW/8xSR2wDh3GrgvdKFUJVXbxXbwJ3byOBK0p4kVU=
Subject key identifier:   9B:24:B5:88:FD:0D:4E:62:23:81:0F:6B:03:F6:CB:9B:2B:D3:98:28
Certificate issuer:       /CN=56f176b165faa7f81131464da76a5803dd5556cf
Certificate serial:       706F2D07AB641DB27AC39C694FD4E22EDF17A64B
Authority key identifier: 56:F1:76:B1:65:FA:A7:F8:11:31:46:4D:A7:6A:58:03:DD:55:56:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VvF2sWX6p_gRMUZNp2pYA91VVs8.cer
Subject info access:      rsync://rpki.co/repo/sky/0/326131343a333030313a3a2f33322d3438203d3e20393435.roa
Signing time:             Thu 30 Nov 2023 09:04:17 +0000
ROA not before:           Thu 30 Nov 2023 08:59:17 +0000
ROA not after:            Thu 28 Nov 2024 09:04:17 +0000
asID:                     945
IP address blocks:        2a14:3001::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/sky/0/56F176B165FAA7F81131464DA76A5803DD5556CF.crl
                          rsync://rpki.co/repo/sky/0/56F176B165FAA7F81131464DA76A5803DD5556CF.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VvF2sWX6p_gRMUZNp2pYA91VVs8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:6f:2d:07:ab:64:1d:b2:7a:c3:9c:69:4f:d4:e2:2e:df:17:a6:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56f176b165faa7f81131464da76a5803dd5556cf
        Validity
            Not Before: Nov 30 08:59:17 2023 GMT
            Not After : Nov 28 09:04:17 2024 GMT
        Subject: CN=9B24B588FD0D4E6223810F6B03F6CB9B2BD39828
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:f3:e8:b8:98:93:e2:a6:3a:f3:0f:5e:46:da:
                    53:dd:63:6d:7b:6b:d7:2e:8a:55:7d:20:48:3e:62:
                    ea:12:00:b8:17:76:7d:a7:21:28:8a:91:30:df:03:
                    d5:72:5f:5d:16:a4:c2:26:53:10:9b:b3:de:73:25:
                    34:6b:33:55:81:64:62:d5:c3:c5:24:92:8b:07:d6:
                    14:9c:82:a8:b6:d1:51:fc:84:b1:40:7d:83:8a:30:
                    02:be:c6:82:c6:b0:08:90:9c:59:eb:46:ca:73:df:
                    07:9a:80:ad:d4:56:f8:0c:45:5c:58:3a:7c:e2:a3:
                    b1:b8:8f:6e:da:21:24:16:7f:b1:f6:57:4e:20:b3:
                    af:b3:b3:5b:19:4f:e8:af:4b:ce:7a:30:69:f0:9f:
                    84:72:db:33:e2:d8:39:ed:c4:96:25:ed:18:a0:a3:
                    c0:8b:32:ae:34:c4:16:82:34:55:a4:a8:5a:33:55:
                    46:75:f3:43:d5:61:cc:ac:e5:8b:53:d5:af:3a:c2:
                    d0:c2:03:b9:ca:0a:68:e3:9d:1f:b1:f2:a6:71:e3:
                    3e:32:bb:65:16:7b:6f:2c:0f:e3:5b:4b:eb:07:90:
                    d4:a0:b6:b7:9e:af:c1:b0:97:2f:68:b7:21:d7:54:
                    4a:b3:b4:9b:ed:ed:f8:14:d1:ae:0f:d9:12:13:e8:
                    d4:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:24:B5:88:FD:0D:4E:62:23:81:0F:6B:03:F6:CB:9B:2B:D3:98:28
            X509v3 Authority Key Identifier:
                keyid:56:F1:76:B1:65:FA:A7:F8:11:31:46:4D:A7:6A:58:03:DD:55:56:CF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/sky/0/56F176B165FAA7F81131464DA76A5803DD5556CF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VvF2sWX6p_gRMUZNp2pYA91VVs8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/sky/0/326131343a333030313a3a2f33322d3438203d3e20393435.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:3001::/32

    Signature Algorithm: sha256WithRSAEncryption
         56:eb:2b:49:df:84:b1:de:c3:83:bd:1a:eb:47:a4:e7:7e:34:
         77:48:6b:f3:7e:d7:2a:41:ec:99:5c:66:e4:81:4f:e7:d1:2a:
         7c:27:2a:53:40:88:04:a3:c0:55:62:8e:ad:8e:e7:af:5f:c6:
         12:56:58:c9:14:6a:fc:6e:dc:e9:69:ab:97:75:af:52:20:64:
         80:32:53:f6:06:60:de:28:f6:68:1e:ec:45:62:23:e5:40:31:
         58:6a:e7:5f:2d:3a:09:4f:d6:23:34:5e:64:f1:7d:8f:d8:05:
         84:b5:29:06:41:29:0c:06:6d:d8:91:86:50:cf:79:84:86:47:
         f4:4e:8c:98:4e:36:1e:62:0e:86:ca:4c:a9:b9:3d:19:6b:a8:
         a4:d0:b7:fe:38:5e:67:09:ef:eb:d9:a2:8c:4c:31:6b:36:10:
         7d:2d:ad:6d:4b:82:e5:ba:fa:76:fc:77:bb:3f:c8:7e:41:34:
         3c:6f:35:7a:65:bf:cc:3b:92:82:b9:ab:ee:64:b3:0a:1c:68:
         02:21:e0:31:de:ac:8c:46:e5:ea:fe:3d:41:75:1d:cc:12:ea:
         39:da:7e:0b:c2:da:fd:83:bf:c0:95:88:03:44:73:6f:fe:22:
         bc:88:08:1b:b1:68:21:9a:72:21:0b:97:c6:15:f3:f4:3f:44:
         36:d2:52:86
-----BEGIN CERTIFICATE-----
MIIEszCCA5ugAwIBAgIUcG8tB6tkHbJ6w5xpT9TiLt8XpkswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNTZmMTc2YjE2NWZhYTdmODExMzE0NjRkYTc2YTU4MDNk
ZDU1NTZjZjAeFw0yMzExMzAwODU5MTdaFw0yNDExMjgwOTA0MTdaMDMxMTAvBgNV
BAMTKDlCMjRCNTg4RkQwRDRFNjIyMzgxMEY2QjAzRjZDQjlCMkJEMzk4MjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDf8+i4mJPipjrzD15G2lPdY217
a9cuilV9IEg+YuoSALgXdn2nISiKkTDfA9VyX10WpMImUxCbs95zJTRrM1WBZGLV
w8UkkosH1hScgqi20VH8hLFAfYOKMAK+xoLGsAiQnFnrRspz3weagK3UVvgMRVxY
Onzio7G4j27aISQWf7H2V04gs6+zs1sZT+ivS856MGnwn4Ry2zPi2DntxJYl7Rig
o8CLMq40xBaCNFWkqFozVUZ180PVYcys5YtT1a86wtDCA7nKCmjjnR+x8qZx4z4y
u2UWe28sD+NbS+sHkNSgtreer8Gwly9otyHXVEqztJvt7fgU0a4P2RIT6NTTAgMB
AAGjggG9MIIBuTAdBgNVHQ4EFgQUmyS1iP0NTmIjgQ9rA/bLmyvTmCgwHwYDVR0j
BBgwFoAUVvF2sWX6p/gRMUZNp2pYA91VVs8wDgYDVR0PAQH/BAQDAgeAMFgGA1Ud
HwRRME8wTaBLoEmGR3JzeW5jOi8vcnBraS5jby9yZXBvL3NreS8wLzU2RjE3NkIx
NjVGQUE3RjgxMTMxNDY0REE3NkE1ODAzREQ1NTU2Q0YuY3JsMGQGCCsGAQUFBwEB
BFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9WdkYyc1dYNnBfZ1JNVVpOcDJwWUE5MVZWczguY2VyMGsGCCsG
AQUFBwELBF8wXTBbBggrBgEFBQcwC4ZPcnN5bmM6Ly9ycGtpLmNvL3JlcG8vc2t5
LzAvMzI2MTMxMzQzYTMzMzAzMDMxM2EzYTJmMzMzMjJkMzQzODIwM2QzZTIwMzkz
NDM1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/
BBEwDzANBAIAAjAHAwUAKhQwATANBgkqhkiG9w0BAQsFAAOCAQEAVusrSd+Esd7D
g70a60ek5340d0hr837XKkHsmVxm5IFP59EqfCcqU0CIBKPAVWKOrY7nr1/GElZY
yRRq/G7c6Wmrl3WvUiBkgDJT9gZg3ij2aB7sRWIj5UAxWGrnXy06CU/WIzReZPF9
j9gFhLUpBkEpDAZt2JGGUM95hIZH9E6MmE42HmIOhspMqbk9GWuopNC3/jheZwnv
69mijEwxazYQfS2tbUuC5br6dvx3uz/IfkE0PG81emW/zDuSgrmr7mSzChxoAiHg
Md6sjEbl6v49QXUdzBLqOdp+C8La/YO/wJWIA0Rzb/4ivIgIG7FoIZpyIQuXxhXz
9D9ENtJShg==
-----END CERTIFICATE-----