Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/qCQlj61mt1xKyVpFaOjqCTD6hNQ.roa
File:                     qCQlj61mt1xKyVpFaOjqCTD6hNQ.roa (raw, json)
Hash identifier:          yVZZmIfcbmzwszWU+H2KZF4S5Ik7LQ8B6Wjxgt//tAY=
Subject key identifier:   A8:24:25:8F:AD:66:B7:5C:4A:C9:5A:45:68:E8:EA:09:30:FA:84:D4
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018EC7A17B34D2D1AEFBB3156DB6A00F69B1
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/qCQlj61mt1xKyVpFaOjqCTD6hNQ.roa
Signing time:             Wed 10 Apr 2024 10:50:32 +0000
ROA not before:           Wed 10 Apr 2024 10:50:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34664
IP address blocks:        5.8.56.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c7:a1:7b:34:d2:d1:ae:fb:b3:15:6d:b6:a0:0f:69:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Apr 10 10:50:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a824258fad66b75c4ac95a4568e8ea0930fa84d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:81:cf:e2:fb:d6:0f:b4:2b:e0:e7:6f:10:8f:
                    25:ca:2f:5a:62:9a:6d:52:de:de:5f:36:5e:b8:44:
                    c0:5e:79:bd:f7:92:89:3b:76:a2:c8:3d:4f:c2:74:
                    6a:77:5b:e5:fb:c7:b9:61:79:b2:78:82:b9:c0:85:
                    c5:4e:1d:87:3d:ed:53:17:a8:74:ba:97:92:dc:5a:
                    ec:77:aa:81:b7:62:3e:94:52:e3:67:2a:4e:dc:b6:
                    c0:5a:7f:96:a4:a1:31:61:7f:6c:a8:f1:cf:61:2e:
                    a6:06:ab:f3:c1:25:aa:3d:9b:8f:5b:ed:b2:35:2c:
                    89:7b:b8:64:47:99:52:45:3c:6d:ce:27:70:36:b1:
                    23:09:f5:72:de:59:62:f1:b8:b6:38:e3:f8:e7:7c:
                    35:c2:f2:8c:5d:d1:fd:8b:64:f3:74:e9:36:d1:9c:
                    a2:5d:c3:8f:a0:54:47:41:64:88:ca:28:74:4a:40:
                    07:9d:8e:2f:0d:1f:a5:70:99:56:bb:bb:4a:f6:26:
                    f5:fd:a0:96:0d:5a:cd:d4:bc:e5:91:a6:b2:b7:a3:
                    ab:96:b8:e0:fb:a0:95:d2:e2:66:e0:38:f4:b8:d5:
                    99:35:c0:62:05:ab:eb:53:ae:d5:ce:26:17:17:a9:
                    d9:52:ec:b8:64:84:b2:2a:86:66:9c:37:0a:0f:d6:
                    96:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:24:25:8F:AD:66:B7:5C:4A:C9:5A:45:68:E8:EA:09:30:FA:84:D4
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/qCQlj61mt1xKyVpFaOjqCTD6hNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:ec:ed:2a:43:f0:51:df:2b:1a:9a:7e:ac:55:87:a1:e4:6a:
         b3:f5:b3:5f:c7:d2:b5:36:05:e6:26:de:fe:e3:d2:14:c4:b5:
         07:a9:f0:e4:90:5e:8b:ea:6e:b0:a8:b2:87:4e:c2:fb:22:84:
         96:0f:af:a5:89:b0:2f:2e:50:6e:82:b6:a4:a1:16:e0:74:8b:
         06:b1:22:f4:ac:67:99:c7:57:0a:22:44:2e:6d:62:37:0a:6c:
         64:c4:82:32:9a:e6:93:d2:15:61:fc:80:2d:87:b2:d8:77:31:
         22:54:6b:1b:12:b5:b3:c3:39:6e:aa:59:7a:66:1c:9d:a0:4c:
         a2:53:b2:c1:b0:2b:b3:1a:76:c2:3c:43:3e:10:35:db:7d:0d:
         f7:6f:f5:b9:3b:2a:33:b7:37:11:07:87:3b:32:ac:ec:33:a9:
         cc:7a:d8:1e:c8:b8:9c:fe:5e:68:6d:85:0a:05:01:2d:19:71:
         a1:13:a1:9a:cf:81:5d:6c:71:a1:4b:6a:e6:8b:27:71:17:4b:
         c2:be:93:96:f0:de:4d:77:17:5e:27:c9:4c:2b:d1:51:ec:76:
         c6:4b:0a:ee:d0:83:52:f0:56:5f:b1:09:91:9b:ca:c5:63:7f:
         11:94:27:b6:c9:69:9e:3d:2f:2d:74:95:e9:46:76:c8:c4:41:
         2d:fe:c4:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7HoXs00tGu+7MVbbagD2mxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwNDEwMTA1MDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODI0MjU4ZmFkNjZiNzVjNGFjOTVhNDU2OGU4ZWEwOTMwZmE4NGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoHP4vvWD7Qr4OdvEI8lyi9aYppt
Ut7eXzZeuETAXnm995KJO3aiyD1PwnRqd1vl+8e5YXmyeIK5wIXFTh2HPe1TF6h0
upeS3Frsd6qBt2I+lFLjZypO3LbAWn+WpKExYX9sqPHPYS6mBqvzwSWqPZuPW+2y
NSyJe7hkR5lSRTxtzidwNrEjCfVy3lli8bi2OOP453w1wvKMXdH9i2TzdOk20Zyi
XcOPoFRHQWSIyih0SkAHnY4vDR+lcJlWu7tK9ib1/aCWDVrN1Lzlkaayt6Orlrjg
+6CV0uJm4Dj0uNWZNcBiBavrU67VziYXF6nZUuy4ZISyKoZmnDcKD9aWbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKgkJY+tZrdcSslaRWjo6gkw+oTUMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvcUNRbGo2MW10MXhLeVZwRmFPanFDVEQ2aE5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBQg4MA0G
CSqGSIb3DQEBCwUAA4IBAQAi7O0qQ/BR3ysamn6sVYeh5Gqz9bNfx9K1NgXmJt7+
49IUxLUHqfDkkF6L6m6wqLKHTsL7IoSWD6+libAvLlBugrakoRbgdIsGsSL0rGeZ
x1cKIkQubWI3CmxkxIIymuaT0hVh/IAth7LYdzEiVGsbErWzwzluqll6ZhydoEyi
U7LBsCuzGnbCPEM+EDXbfQ33b/W5OyoztzcRB4c7MqzsM6nMetgeyLic/l5obYUK
BQEtGXGhE6Gaz4FdbHGhS2rmiydxF0vCvpOW8N5NdxdeJ8lMK9FR7HbGSwru0INS
8FZfsQmRm8rFY38RlCe2yWmePS8tdJXpRnbIxEEt/sQg
-----END CERTIFICATE-----