Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/56jzZNc14vwrhAO55fnfh2IZ9Co.roa
File:                     56jzZNc14vwrhAO55fnfh2IZ9Co.roa (raw, json)
Hash identifier:          QCT92PDHViOhduXvYc6qDVBSjLClh9HioLvnXCLmsrs=
Subject key identifier:   E7:A8:F3:64:D7:35:E2:FC:2B:84:03:B9:E5:F9:DF:87:62:19:F4:2A
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E096553148EE1651C146AA22D7581
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/56jzZNc14vwrhAO55fnfh2IZ9Co.roa
Signing time:             Mon 01 Jan 2024 14:29:32 +0000
ROA not before:           Mon 01 Jan 2024 14:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50509
IP address blocks:        5.188.236.0/23 maxlen: 23
                          146.185.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:09:65:53:14:8e:e1:65:1c:14:6a:a2:2d:75:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7a8f364d735e2fc2b8403b9e5f9df876219f42a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:93:72:cd:7b:68:cd:80:de:08:b8:4b:41:71:
                    e6:31:12:da:60:b8:21:ad:64:43:66:87:65:ab:c6:
                    4d:7e:8c:16:18:bf:94:d3:48:70:3d:63:a7:a6:fd:
                    97:f8:4c:d6:27:b8:27:66:ce:c5:4e:a4:24:f1:22:
                    3f:c9:23:3f:da:43:9e:bb:9a:c3:d2:24:f2:6e:80:
                    fb:9a:80:3f:d5:58:a5:46:8d:ea:5c:41:5a:06:80:
                    a0:a3:8b:a3:29:d9:56:28:0c:04:a7:72:48:5a:24:
                    ec:ff:9b:78:a4:3b:d7:ec:76:f6:0a:bf:1a:55:50:
                    54:e2:fd:d9:fc:c6:1b:3c:bf:fb:e5:15:54:12:26:
                    56:7a:07:a7:f8:ed:f4:e2:0d:99:05:14:73:bf:68:
                    34:2f:6f:eb:74:0b:18:9a:fb:90:7c:c1:0e:8b:88:
                    e6:d1:5e:b2:e0:3f:61:44:dd:c4:1f:c6:a5:d9:a8:
                    d3:00:60:60:df:25:2b:fd:1a:9b:80:fa:80:c6:9f:
                    68:66:56:d3:41:8f:bd:4c:63:78:5b:46:14:78:dd:
                    8c:62:36:4a:f3:e8:30:e2:1c:7e:03:e0:4a:ad:12:
                    be:2b:f3:c2:ef:df:93:bb:80:ee:08:b3:8e:0f:86:
                    f6:a1:35:38:7e:5d:34:95:d0:a4:87:f4:ab:94:50:
                    f8:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:A8:F3:64:D7:35:E2:FC:2B:84:03:B9:E5:F9:DF:87:62:19:F4:2A
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/56jzZNc14vwrhAO55fnfh2IZ9Co.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.236.0/23
                  146.185.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:9e:d2:91:bf:ad:2e:ff:8c:f2:9b:b8:1c:ed:69:82:9f:ab:
         8a:19:2e:fa:3d:4e:d7:da:c6:db:00:51:98:b3:ef:4c:96:8e:
         ae:a7:93:84:81:9b:71:df:92:4c:46:80:7e:94:13:b1:3b:54:
         a5:8c:e4:dd:ad:d2:29:6a:bd:dd:85:22:1c:46:be:d1:e4:eb:
         31:b2:c6:ea:17:c7:ff:c8:28:e4:c4:4a:42:3d:28:9e:f4:70:
         52:05:cf:f8:0c:39:3a:8b:bf:cb:1d:b7:ac:ab:a3:a7:ba:3c:
         c6:dd:b4:3b:d8:1f:05:54:0e:98:5d:a0:c6:c4:c3:bd:98:a7:
         57:ff:52:ea:9c:12:5d:af:be:24:0e:e8:88:4e:8d:81:26:7f:
         53:06:b3:a2:75:a5:19:89:e0:5a:cc:90:ca:41:49:6d:24:88:
         86:49:59:44:ad:1e:65:89:21:19:c3:94:27:a1:5e:a3:3a:19:
         3b:1e:bb:de:7a:30:2d:29:6e:80:64:20:36:a0:89:ea:65:ec:
         f7:17:82:58:b9:fc:88:eb:1d:c1:32:bb:01:47:ea:93:8d:e2:
         69:d9:80:5a:e2:8b:98:c9:0b:27:03:e8:bb:8b:85:2a:58:f6:
         21:dd:2d:b0:17:57:b1:ad:84:19:d0:12:38:0f:5c:d1:9c:51:
         75:2f:ae:ab
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbgllUxSO4WUcFGqiLXWBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2E4ZjM2NGQ3MzVlMmZjMmI4NDAzYjllNWY5ZGY4NzYyMTlmNDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipNyzXtozYDeCLhLQXHmMRLaYLgh
rWRDZodlq8ZNfowWGL+U00hwPWOnpv2X+EzWJ7gnZs7FTqQk8SI/ySM/2kOeu5rD
0iTyboD7moA/1VilRo3qXEFaBoCgo4ujKdlWKAwEp3JIWiTs/5t4pDvX7Hb2Cr8a
VVBU4v3Z/MYbPL/75RVUEiZWegen+O304g2ZBRRzv2g0L2/rdAsYmvuQfMEOi4jm
0V6y4D9hRN3EH8al2ajTAGBg3yUr/RqbgPqAxp9oZlbTQY+9TGN4W0YUeN2MYjZK
8+gw4hx+A+BKrRK+K/PC79+Tu4DuCLOOD4b2oTU4fl00ldCkh/SrlFD4FwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOeo82TXNeL8K4QDueX534diGfQqMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvNTZqelpOYzE0dndyaEFPNTVmbmZoMklaOUNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBBbzsAwQA
krneMA0GCSqGSIb3DQEBCwUAA4IBAQCwntKRv60u/4zym7gc7WmCn6uKGS76PU7X
2sbbAFGYs+9Mlo6up5OEgZtx35JMRoB+lBOxO1SljOTdrdIpar3dhSIcRr7R5Osx
ssbqF8f/yCjkxEpCPSie9HBSBc/4DDk6i7/LHbesq6OnujzG3bQ72B8FVA6YXaDG
xMO9mKdX/1LqnBJdr74kDuiITo2BJn9TBrOidaUZieBazJDKQUltJIiGSVlErR5l
iSEZw5QnoV6jOhk7HrveejAtKW6AZCA2oInqZez3F4JYufyI6x3BMrsBR+qTjeJp
2YBa4ouYyQsnA+i7i4UqWPYh3S2wF1exrYQZ0BI4D1zRnFF1L66r
-----END CERTIFICATE-----