Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/5f5a60-9026-4b66-baaa-de640d012065/1/sOy5DvYA4xnYnvh7D1J8hb1vWCk.roa
File:                     sOy5DvYA4xnYnvh7D1J8hb1vWCk.roa (raw, json)
Hash identifier:          WA8bAzS8ARamVBgjCT3zSC4Et47QeIhiWLhUC34iCs0=
Subject key identifier:   B0:EC:B9:0E:F6:00:E3:19:D8:9E:F8:7B:0F:52:7C:85:BD:6F:58:29
Certificate issuer:       /CN=a71cc0d58b16adbbf7fa5c2fdbc3659f9c73c7ba
Certificate serial:       018CC42561EAB9C2BFB3C20CC16928911ADC
Authority key identifier: A7:1C:C0:D5:8B:16:AD:BB:F7:FA:5C:2F:DB:C3:65:9F:9C:73:C7:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pxzA1YsWrbv3-lwv28Nln5xzx7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/5f5a60-9026-4b66-baaa-de640d012065/1/sOy5DvYA4xnYnvh7D1J8hb1vWCk.roa
Signing time:             Mon 01 Jan 2024 08:30:33 +0000
ROA not before:           Mon 01 Jan 2024 08:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41075
IP address blocks:        5.56.32.0/24 maxlen: 24
                          5.56.39.0/24 maxlen: 24
                          2a01:47c1::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/5f5a60-9026-4b66-baaa-de640d012065/1/pxzA1YsWrbv3-lwv28Nln5xzx7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/5f5a60-9026-4b66-baaa-de640d012065/1/pxzA1YsWrbv3-lwv28Nln5xzx7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pxzA1YsWrbv3-lwv28Nln5xzx7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:61:ea:b9:c2:bf:b3:c2:0c:c1:69:28:91:1a:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a71cc0d58b16adbbf7fa5c2fdbc3659f9c73c7ba
        Validity
            Not Before: Jan  1 08:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0ecb90ef600e319d89ef87b0f527c85bd6f5829
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:27:8c:a9:04:0f:43:af:a9:02:9f:b5:99:30:
                    f5:f7:71:9b:a4:a8:3f:29:28:e0:5e:24:e6:81:3e:
                    d5:e2:11:9d:6d:a0:cc:e0:e0:bf:42:39:19:67:a7:
                    ea:83:4e:2a:9b:04:c4:07:ec:2b:69:28:c4:4a:8d:
                    aa:ec:f8:da:db:24:db:03:4c:06:e5:5c:5c:fb:03:
                    b4:0f:84:96:a2:ae:65:d7:f4:5b:4e:19:9e:fc:74:
                    fb:94:61:a3:28:d2:9a:ca:08:aa:73:11:8d:3a:3c:
                    a3:fb:6d:de:7e:da:c3:83:da:08:17:26:1f:2d:5e:
                    9a:97:cf:72:6a:0f:2a:1b:e4:72:80:f1:33:31:04:
                    02:66:42:19:d9:ad:de:49:91:d7:86:42:c9:aa:52:
                    b3:28:27:08:d9:62:59:f7:22:38:e7:43:fa:57:88:
                    7b:df:fb:c5:36:68:57:74:3d:ba:25:8a:41:f2:d8:
                    3c:28:6a:3a:e0:61:61:67:dd:77:c1:13:74:6f:16:
                    93:a3:98:4f:b3:ef:91:d0:1b:3d:b5:aa:85:51:1f:
                    a3:ea:f8:1b:96:89:44:a5:21:5a:2f:69:df:cd:ba:
                    d5:a6:3a:9a:bc:54:f0:4b:da:2a:06:79:97:32:6d:
                    57:c9:48:b5:b5:16:82:2b:7c:c9:2c:34:27:23:c7:
                    82:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:EC:B9:0E:F6:00:E3:19:D8:9E:F8:7B:0F:52:7C:85:BD:6F:58:29
            X509v3 Authority Key Identifier:
                keyid:A7:1C:C0:D5:8B:16:AD:BB:F7:FA:5C:2F:DB:C3:65:9F:9C:73:C7:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pxzA1YsWrbv3-lwv28Nln5xzx7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/5f5a60-9026-4b66-baaa-de640d012065/1/sOy5DvYA4xnYnvh7D1J8hb1vWCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/5f5a60-9026-4b66-baaa-de640d012065/1/pxzA1YsWrbv3-lwv28Nln5xzx7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.32.0/24
                  5.56.39.0/24
                IPv6:
                  2a01:47c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:66:6a:79:90:19:58:03:8c:b5:33:82:24:71:7c:41:af:93:
         ed:b6:08:ba:97:1b:e8:d5:6b:c3:48:90:9c:1e:f3:aa:11:e9:
         16:30:65:a6:ad:9f:fa:33:12:4a:0c:43:17:71:d5:48:5a:90:
         89:de:ca:15:85:c0:ae:96:1f:f2:7f:ff:56:43:78:de:4b:e9:
         f4:a5:f7:e7:59:49:75:96:9a:ee:f8:85:09:08:f0:ef:ea:1b:
         20:35:35:b2:07:e4:ff:3a:7a:eb:22:46:b5:83:58:76:b8:bb:
         f7:a0:19:2e:a3:53:50:a6:e2:fc:0c:3b:65:bc:34:a2:a7:ca:
         be:bb:bb:e4:11:a3:e2:2c:47:45:47:77:b2:c4:01:f7:b9:c3:
         5d:a2:85:b9:69:6d:82:17:f9:83:65:5c:c0:a8:f4:5e:84:71:
         a5:06:2a:ab:ef:d5:e7:25:37:52:48:08:cc:f6:c1:e9:36:ef:
         e8:82:e0:11:c8:7e:e2:9a:e2:97:b1:f7:96:78:54:47:54:69:
         c4:12:32:ec:29:5f:61:a2:97:00:99:28:53:36:b4:c9:cc:91:
         85:7d:65:9a:e3:3e:79:54:7a:6d:35:42:8d:51:c8:9b:94:b4:
         4a:85:fe:6e:55:e3:76:35:d0:0a:6a:4f:75:d2:7f:40:17:10:
         fa:64:08:7d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEJWHqucK/s8IMwWkokRrcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3MWNjMGQ1OGIxNmFkYmJmN2ZhNWMyZmRiYzM2NTlmOWM3
M2M3YmEwHhcNMjQwMTAxMDgzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGVjYjkwZWY2MDBlMzE5ZDg5ZWY4N2IwZjUyN2M4NWJkNmY1ODI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgSeMqQQPQ6+pAp+1mTD193GbpKg/
KSjgXiTmgT7V4hGdbaDM4OC/QjkZZ6fqg04qmwTEB+wraSjESo2q7Pja2yTbA0wG
5Vxc+wO0D4SWoq5l1/RbThme/HT7lGGjKNKaygiqcxGNOjyj+23eftrDg9oIFyYf
LV6al89yag8qG+RygPEzMQQCZkIZ2a3eSZHXhkLJqlKzKCcI2WJZ9yI450P6V4h7
3/vFNmhXdD26JYpB8tg8KGo64GFhZ913wRN0bxaTo5hPs++R0Bs9taqFUR+j6vgb
lolEpSFaL2nfzbrVpjqavFTwS9oqBnmXMm1XyUi1tRaCK3zJLDQnI8eC6wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLDsuQ72AOMZ2J74ew9SfIW9b1gpMB8GA1UdIwQY
MBaAFKccwNWLFq279/pcL9vDZZ+cc8e6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHh6QTFZc1dyYnYzLWx3djI4TmxuNXh6eDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS81ZjVhNjAtOTAyNi00YjY2LWJhYWEt
ZGU2NDBkMDEyMDY1LzEvc095NUR2WUE0eG5ZbnZoN0QxSjhoYjF2V0NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS81ZjVhNjAtOTAyNi00YjY2LWJhYWEtZGU2NDBkMDEyMDY1
LzEvcHh6QTFZc1dyYnYzLWx3djI4TmxuNXh6eDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQABTggAwQA
BTgnMA0EAgACMAcDBQAqAUfBMA0GCSqGSIb3DQEBCwUAA4IBAQBqZmp5kBlYA4y1
M4IkcXxBr5Pttgi6lxvo1WvDSJCcHvOqEekWMGWmrZ/6MxJKDEMXcdVIWpCJ3soV
hcCulh/yf/9WQ3jeS+n0pffnWUl1lpru+IUJCPDv6hsgNTWyB+T/OnrrIka1g1h2
uLv3oBkuo1NQpuL8DDtlvDSip8q+u7vkEaPiLEdFR3eyxAH3ucNdooW5aW2CF/mD
ZVzAqPRehHGlBiqr79XnJTdSSAjM9sHpNu/oguARyH7imuKXsfeWeFRHVGnEEjLs
KV9hopcAmShTNrTJzJGFfWWa4z55VHptNUKNUciblLRKhf5uVeN2NdAKak910n9A
FxD6ZAh9
-----END CERTIFICATE-----