Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/8CQBrrS-j-1B9miXerZBPWN0E04.roa
File:                     8CQBrrS-j-1B9miXerZBPWN0E04.roa (raw, json)
Hash identifier:          IgNUgLrU9w4bfwtQNbKEOfHSLgwVWsWrNB10KO3X8Qc=
Subject key identifier:   F0:24:01:AE:B4:BE:8F:ED:41:F6:68:97:7A:B6:41:3D:63:74:13:4E
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019422FBB81D0D587B14FD749DD47B486DD3
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/8CQBrrS-j-1B9miXerZBPWN0E04.roa
Signing time:             Wed 01 Jan 2025 17:48:29 +0000
ROA not before:           Wed 01 Jan 2025 17:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62816
IP address blocks:        2.56.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:b8:1d:0d:58:7b:14:fd:74:9d:d4:7b:48:6d:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  1 17:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f02401aeb4be8fed41f668977ab6413d6374134e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c1:48:8c:8a:65:38:cc:4f:21:65:1b:de:d4:
                    ed:e0:85:76:23:81:18:e2:12:d5:3d:e5:50:68:bf:
                    32:52:b4:e8:67:3a:88:3d:71:ba:ed:d9:16:cd:b1:
                    36:c5:1e:12:f5:08:01:fc:82:b1:4c:25:d6:6d:58:
                    f6:f3:2d:9f:98:2b:2f:c2:23:06:c5:5d:5a:5f:03:
                    8f:70:03:02:37:18:d7:7b:93:78:7f:6b:79:f2:b5:
                    6c:df:4b:af:bc:af:56:1d:75:b4:7b:b0:a0:e1:ba:
                    7b:63:6c:cb:c4:60:69:58:98:1f:ff:c9:97:02:d1:
                    95:60:51:fa:84:97:f9:cb:63:0b:6b:76:3f:9c:a7:
                    68:6b:82:5c:93:3d:cf:2f:c3:03:f9:9a:12:dd:a4:
                    48:c8:59:bb:cd:2e:ee:9b:c5:57:63:e0:ae:01:6c:
                    ab:02:f1:dd:03:75:78:2a:d9:71:de:c6:fc:fe:16:
                    2f:7d:36:ce:75:89:64:cf:6d:64:c3:2c:bf:13:c4:
                    a9:a1:b8:db:33:98:86:d9:94:5a:5d:84:cb:bf:c7:
                    76:0b:3e:02:48:d3:0f:ee:92:fc:03:35:3b:ab:07:
                    00:73:e5:5b:84:02:4d:28:be:3b:3d:50:18:2d:d6:
                    94:9e:d0:89:4f:44:33:09:44:70:d0:29:b4:7d:fc:
                    f2:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:24:01:AE:B4:BE:8F:ED:41:F6:68:97:7A:B6:41:3D:63:74:13:4E
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/8CQBrrS-j-1B9miXerZBPWN0E04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:12:01:29:3f:4f:99:b1:4d:6f:f5:90:b2:e0:88:b3:46:6b:
         0d:73:77:46:c0:51:ff:99:e5:7c:03:2d:53:c6:7d:e3:cc:9d:
         f6:ad:66:cd:27:96:84:17:6f:4e:3f:fe:43:94:e5:57:a7:70:
         50:36:8d:71:dc:46:90:7d:ed:c3:da:65:14:76:5c:e2:40:8f:
         56:b3:c2:bc:d0:4d:bd:aa:bd:d5:69:39:82:82:58:d3:cd:77:
         c8:71:62:fa:47:ba:6b:05:1e:ff:a2:43:d3:cf:5c:1a:eb:41:
         f8:44:e2:4b:69:a2:e6:f6:1e:e4:e2:41:95:92:18:49:49:6d:
         70:a7:eb:ec:39:f6:3d:10:30:e6:54:0d:56:99:95:49:bc:10:
         4a:60:ac:57:18:e8:47:1b:d7:06:43:c6:ed:5c:56:8b:49:f3:
         56:a1:c4:b1:6f:84:e6:8d:b2:38:f6:af:63:10:1d:35:a6:2d:
         3c:75:5f:8f:ed:60:5f:be:ac:b8:58:18:68:f7:68:c5:65:f4:
         ae:e1:8a:c8:4f:f1:1b:17:25:d5:f8:34:4b:29:51:c9:7c:5e:
         a5:fc:fd:d4:ec:01:5b:2e:d9:6f:4a:f9:75:d0:ee:f7:d6:57:
         43:12:3c:44:03:95:f1:90:f9:fc:f5:87:a8:5f:43:fd:b6:34:
         3c:6e:0d:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+7gdDVh7FP10ndR7SG3TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwMTAxMTc0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDI0MDFhZWI0YmU4ZmVkNDFmNjY4OTc3YWI2NDEzZDYzNzQxMzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMFIjIplOMxPIWUb3tTt4IV2I4EY
4hLVPeVQaL8yUrToZzqIPXG67dkWzbE2xR4S9QgB/IKxTCXWbVj28y2fmCsvwiMG
xV1aXwOPcAMCNxjXe5N4f2t58rVs30uvvK9WHXW0e7Cg4bp7Y2zLxGBpWJgf/8mX
AtGVYFH6hJf5y2MLa3Y/nKdoa4Jckz3PL8MD+ZoS3aRIyFm7zS7um8VXY+CuAWyr
AvHdA3V4Ktlx3sb8/hYvfTbOdYlkz21kwyy/E8SpobjbM5iG2ZRaXYTLv8d2Cz4C
SNMP7pL8AzU7qwcAc+VbhAJNKL47PVAYLdaUntCJT0QzCURw0Cm0ffzydQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPAkAa60vo/tQfZol3q2QT1jdBNOMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvOENRQnJyUy1qLTFCOW1pWGVyWkJQV04wRTA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjhuMA0G
CSqGSIb3DQEBCwUAA4IBAQBXEgEpP0+ZsU1v9ZCy4IizRmsNc3dGwFH/meV8Ay1T
xn3jzJ32rWbNJ5aEF29OP/5DlOVXp3BQNo1x3EaQfe3D2mUUdlziQI9Ws8K80E29
qr3VaTmCgljTzXfIcWL6R7prBR7/okPTz1wa60H4ROJLaaLm9h7k4kGVkhhJSW1w
p+vsOfY9EDDmVA1WmZVJvBBKYKxXGOhHG9cGQ8btXFaLSfNWocSxb4TmjbI49q9j
EB01pi08dV+P7WBfvqy4WBho92jFZfSu4YrIT/EbFyXV+DRLKVHJfF6l/P3U7AFb
LtlvSvl10O731ldDEjxEA5XxkPn89YeoX0P9tjQ8bg1u
-----END CERTIFICATE-----