Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/r56Ny3zXT0sX1XY1AAOzEo05FUI.roa
File:                     r56Ny3zXT0sX1XY1AAOzEo05FUI.roa (raw, json)
Hash identifier:          41ZhEZGGDHduPIQaOtKlIDtzlfA9kNoRfe4hb37oiXs=
Subject key identifier:   AF:9E:8D:CB:7C:D7:4F:4B:17:D5:76:35:00:03:B3:12:8D:39:15:42
Certificate issuer:       /CN=bfb097a36c2325d1031ff4091ba00a86459d4288
Certificate serial:       018CC6B941018E3D3F7C795729FE8DA0587F
Authority key identifier: BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/r56Ny3zXT0sX1XY1AAOzEo05FUI.roa
Signing time:             Mon 01 Jan 2024 20:31:18 +0000
ROA not before:           Mon 01 Jan 2024 20:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212910
IP address blocks:        193.226.198.0/24 maxlen: 24
                          193.226.210.0/23 maxlen: 23
                          193.226.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:41:01:8e:3d:3f:7c:79:57:29:fe:8d:a0:58:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb097a36c2325d1031ff4091ba00a86459d4288
        Validity
            Not Before: Jan  1 20:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af9e8dcb7cd74f4b17d576350003b3128d391542
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:43:9a:a5:51:53:70:24:a3:c1:06:41:6f:9b:
                    c8:0f:db:3c:0d:18:eb:11:d3:64:5f:b0:61:e3:0f:
                    6a:4b:d3:fd:6e:be:7e:6a:40:55:98:b3:e5:2b:67:
                    41:d3:85:dd:99:d7:a1:d4:4b:9b:3c:b0:89:8f:5e:
                    fa:f3:6d:49:45:f0:7c:c6:3c:a6:eb:78:6f:89:d9:
                    9a:2c:b1:e1:0c:6c:d0:8a:bb:01:f3:b1:80:13:3a:
                    f8:30:58:71:f2:09:ec:59:f4:20:7e:f3:fd:5e:88:
                    f5:28:c4:0a:02:12:e0:c3:88:b8:c7:e9:0f:4a:29:
                    cc:5f:22:5d:7d:36:5a:ef:a8:0c:cd:28:a9:ba:82:
                    34:fe:b9:d4:d4:ea:b5:d1:c0:f4:ce:76:99:47:4b:
                    ad:57:51:b1:48:ce:05:45:24:5b:5f:61:eb:bc:0c:
                    1b:d6:28:db:d2:dd:d9:c1:6f:35:bf:cb:d7:ab:a3:
                    2a:a4:1d:01:60:bd:29:f6:62:37:3e:1d:fd:0b:91:
                    d6:24:b1:9c:ea:ce:09:05:ca:00:60:a9:39:8d:8b:
                    e9:e9:21:16:df:ed:08:7e:06:52:da:e3:4b:1a:46:
                    3e:f2:9d:e0:0b:40:7f:58:d7:95:25:4c:67:9c:fc:
                    c1:f7:45:7b:82:6e:de:77:f4:fa:ed:8d:71:55:02:
                    33:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:9E:8D:CB:7C:D7:4F:4B:17:D5:76:35:00:03:B3:12:8D:39:15:42
            X509v3 Authority Key Identifier:
                keyid:BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/r56Ny3zXT0sX1XY1AAOzEo05FUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.226.198.0/24
                  193.226.210.0/23
                  193.226.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:08:7a:7e:0f:7f:c3:84:e6:e9:68:d7:2d:8e:22:1f:e2:d1:
         4d:d7:eb:83:b4:12:ad:3a:44:22:8e:23:d0:d7:c8:e6:01:fd:
         28:ed:e5:4e:37:2e:7a:bb:bb:f3:91:1b:86:51:e6:68:86:52:
         25:06:f7:e1:15:ac:51:f6:41:51:1c:1e:05:b0:3b:b1:2e:30:
         86:f9:d2:27:64:d9:15:aa:db:73:78:23:16:a5:11:c8:6c:86:
         84:28:72:33:d4:e4:04:81:cb:ee:57:7c:90:a0:03:ca:4c:d3:
         73:b0:ac:71:22:b6:6e:52:57:ae:ba:50:59:6a:2b:d7:cd:0d:
         f0:98:b1:f6:91:19:b1:89:4e:70:7e:cd:15:c6:b7:7a:28:bb:
         01:8e:12:71:09:f7:76:76:0a:7f:3f:b7:66:c0:4f:5f:26:a7:
         09:0e:48:2b:65:82:98:a1:a0:09:65:b6:b1:be:94:d3:8a:dc:
         62:48:17:0b:2f:03:30:14:90:c8:5d:e7:a7:0e:f7:ec:f4:c5:
         4f:a4:97:9b:df:ab:77:25:cf:b8:43:2c:72:75:e5:57:3b:48:
         cc:ba:4b:8b:5c:69:c3:a5:fe:44:dc:9b:03:09:f9:00:a4:29:
         44:98:58:e5:88:7c:86:a8:53:5b:0a:47:aa:22:87:82:fb:f5:
         29:16:b8:c1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGuUEBjj0/fHlXKf6NoFh/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjA5N2EzNmMyMzI1ZDEwMzFmZjQwOTFiYTAwYTg2NDU5
ZDQyODgwHhcNMjQwMTAxMjAzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjllOGRjYjdjZDc0ZjRiMTdkNTc2MzUwMDAzYjMxMjhkMzkxNTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUOapVFTcCSjwQZBb5vID9s8DRjr
EdNkX7Bh4w9qS9P9br5+akBVmLPlK2dB04Xdmdeh1EubPLCJj176821JRfB8xjym
63hvidmaLLHhDGzQirsB87GAEzr4MFhx8gnsWfQgfvP9Xoj1KMQKAhLgw4i4x+kP
SinMXyJdfTZa76gMzSipuoI0/rnU1Oq10cD0znaZR0utV1GxSM4FRSRbX2HrvAwb
1ijb0t3ZwW81v8vXq6MqpB0BYL0p9mI3Ph39C5HWJLGc6s4JBcoAYKk5jYvp6SEW
3+0IfgZS2uNLGkY+8p3gC0B/WNeVJUxnnPzB90V7gm7ed/T67Y1xVQIz6wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFK+ejct8109LF9V2NQADsxKNORVCMB8GA1UdIwQY
MBaAFL+wl6NsIyXRAx/0CRugCoZFnUKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2It
ZWNjNDliZGMyYWQ4LzEvcjU2TnkzelhUMHNYMVhZMUFBT3pFbzA1RlVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2ItZWNjNDliZGMyYWQ4
LzEvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAweLGAwQB
weLSAwQAweLYMA0GCSqGSIb3DQEBCwUAA4IBAQBZCHp+D3/DhObpaNctjiIf4tFN
1+uDtBKtOkQijiPQ18jmAf0o7eVONy56u7vzkRuGUeZohlIlBvfhFaxR9kFRHB4F
sDuxLjCG+dInZNkVqttzeCMWpRHIbIaEKHIz1OQEgcvuV3yQoAPKTNNzsKxxIrZu
UleuulBZaivXzQ3wmLH2kRmxiU5wfs0Vxrd6KLsBjhJxCfd2dgp/P7dmwE9fJqcJ
DkgrZYKYoaAJZbaxvpTTitxiSBcLLwMwFJDIXeenDvfs9MVPpJeb36t3Jc+4Qyxy
deVXO0jMukuLXGnDpf5E3JsDCfkApClEmFjliHyGqFNbCkeqIoeC+/UpFrjB
-----END CERTIFICATE-----