Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/df38da-75cd-4e21-ad38-f2a2a5d5045e/1/56pHoeRTi1SZHeq4DkyZ3Ke__tU.roa
File:                     56pHoeRTi1SZHeq4DkyZ3Ke__tU.roa (raw, json)
Hash identifier:          8uhTOc3SJYTNs8S5e8qs9pUaxm+OWLxhWb0f6v6dNAQ=
Subject key identifier:   E7:AA:47:A1:E4:53:8B:54:99:1D:EA:B8:0E:4C:99:DC:A7:BF:FE:D5
Certificate issuer:       /CN=c1c26bb574b89b8c1866f8474bb1cb003264ec20
Certificate serial:       018CC3494CC6B39C2642FC68B8CFA02FC0C8
Authority key identifier: C1:C2:6B:B5:74:B8:9B:8C:18:66:F8:47:4B:B1:CB:00:32:64:EC:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wcJrtXS4m4wYZvhHS7HLADJk7CA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/df38da-75cd-4e21-ad38-f2a2a5d5045e/1/56pHoeRTi1SZHeq4DkyZ3Ke__tU.roa
Signing time:             Mon 01 Jan 2024 04:30:10 +0000
ROA not before:           Mon 01 Jan 2024 04:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     147183
IP address blocks:        2a0c:4a01:c40::/44 maxlen: 44
                          2a0c:4a01:c30::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/df38da-75cd-4e21-ad38-f2a2a5d5045e/1/wcJrtXS4m4wYZvhHS7HLADJk7CA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/df38da-75cd-4e21-ad38-f2a2a5d5045e/1/wcJrtXS4m4wYZvhHS7HLADJk7CA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wcJrtXS4m4wYZvhHS7HLADJk7CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:4c:c6:b3:9c:26:42:fc:68:b8:cf:a0:2f:c0:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1c26bb574b89b8c1866f8474bb1cb003264ec20
        Validity
            Not Before: Jan  1 04:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7aa47a1e4538b54991deab80e4c99dca7bffed5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:cc:f6:e6:e6:25:b2:8e:e1:aa:a5:3b:09:3f:
                    2d:f2:05:b6:80:be:a6:12:83:54:d3:35:8f:fc:06:
                    f9:de:64:ca:a3:59:94:36:48:0a:76:e7:3c:75:5f:
                    da:6c:68:ab:3d:fe:37:a9:10:04:02:af:82:b3:31:
                    0d:36:0d:03:c2:39:81:12:61:be:5b:7e:d8:89:ba:
                    0b:19:6a:fc:bb:68:c0:e5:02:03:4f:7a:68:0a:b4:
                    f5:18:4e:f7:d5:d2:36:97:66:e9:17:4a:45:d0:bd:
                    7b:7b:86:ec:ee:77:2c:ec:46:9f:76:a2:2a:67:ec:
                    19:c0:47:93:34:d6:49:f9:a4:bc:aa:72:e7:69:9b:
                    d4:86:db:c9:68:01:0f:b1:da:68:1f:73:43:0b:2a:
                    2d:30:fc:3d:fc:b2:ec:81:85:0d:fa:19:28:c0:4f:
                    49:e1:f0:b6:f9:57:68:4e:16:20:e0:a9:18:1b:b3:
                    a9:44:bc:3a:43:63:9d:1d:44:43:d0:e5:c4:b4:bf:
                    94:f4:9a:6d:7f:fa:4b:b9:3a:c3:f7:93:80:b2:0d:
                    9d:bc:87:8f:37:a0:3a:3d:82:27:f8:6d:4d:61:53:
                    a6:17:2d:5d:71:bb:68:b2:fd:1a:a2:f0:40:e4:ed:
                    fe:f7:15:a0:09:4b:cb:d6:08:61:14:e2:ac:53:83:
                    04:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:AA:47:A1:E4:53:8B:54:99:1D:EA:B8:0E:4C:99:DC:A7:BF:FE:D5
            X509v3 Authority Key Identifier:
                keyid:C1:C2:6B:B5:74:B8:9B:8C:18:66:F8:47:4B:B1:CB:00:32:64:EC:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wcJrtXS4m4wYZvhHS7HLADJk7CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/df38da-75cd-4e21-ad38-f2a2a5d5045e/1/56pHoeRTi1SZHeq4DkyZ3Ke__tU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/df38da-75cd-4e21-ad38-f2a2a5d5045e/1/wcJrtXS4m4wYZvhHS7HLADJk7CA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:4a01:c30::-2a0c:4a01:c4f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         08:d7:cd:e8:8b:99:7e:16:3e:07:6e:cd:cf:92:97:4b:54:ac:
         8b:ee:28:a5:2f:0a:aa:c3:67:dc:db:70:f7:9b:c6:10:a4:a9:
         5d:0d:89:93:23:72:26:59:13:18:03:a7:bb:a8:b3:59:39:e3:
         d8:b3:d5:84:63:af:dd:75:54:e5:71:2e:f6:82:84:ef:04:6e:
         a7:cf:91:5c:24:b0:3d:d1:0b:24:b4:b7:31:d7:e3:14:2c:1a:
         a3:fc:cb:84:ff:62:48:a9:d3:05:83:7a:a6:91:6f:66:e5:67:
         57:fe:08:8f:a8:43:a6:05:38:26:ce:89:73:3a:35:0d:f5:6e:
         45:32:72:2f:91:52:7d:02:9d:d2:41:be:a5:f5:f2:52:ae:66:
         a5:be:42:cf:ce:db:84:8e:45:dd:26:91:fc:92:07:31:b3:0a:
         29:f1:f3:a5:02:5f:22:78:6b:dc:7f:40:05:da:af:a1:4c:87:
         d5:a2:5f:88:a1:75:38:b3:c7:13:aa:f0:2d:87:11:87:d6:fd:
         0a:c6:57:74:a1:45:3f:8a:b3:0e:55:ad:94:be:8e:97:ad:4f:
         5b:a4:52:c5:db:50:9b:4d:ab:d1:e1:95:5b:23:74:06:c4:d3:
         15:a5:12:ef:04:e4:24:a5:35:b8:64:4f:dd:b6:44:b1:3a:04:
         90:54:f9:cf
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzDSUzGs5wmQvxouM+gL8DIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYzI2YmI1NzRiODliOGMxODY2Zjg0NzRiYjFjYjAwMzI2
NGVjMjAwHhcNMjQwMTAxMDQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2FhNDdhMWU0NTM4YjU0OTkxZGVhYjgwZTRjOTlkY2E3YmZmZWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsz25uYlso7hqqU7CT8t8gW2gL6m
EoNU0zWP/Ab53mTKo1mUNkgKduc8dV/abGirPf43qRAEAq+CszENNg0DwjmBEmG+
W37YiboLGWr8u2jA5QIDT3poCrT1GE731dI2l2bpF0pF0L17e4bs7ncs7EafdqIq
Z+wZwEeTNNZJ+aS8qnLnaZvUhtvJaAEPsdpoH3NDCyotMPw9/LLsgYUN+hkowE9J
4fC2+VdoThYg4KkYG7OpRLw6Q2OdHURD0OXEtL+U9Jptf/pLuTrD95OAsg2dvIeP
N6A6PYIn+G1NYVOmFy1dcbtosv0aovBA5O3+9xWgCUvL1ghhFOKsU4MEGwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOeqR6HkU4tUmR3quA5Mmdynv/7VMB8GA1UdIwQY
MBaAFMHCa7V0uJuMGGb4R0uxywAyZOwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2NKcnRYUzRtNHdZWnZoSFM3SExBREprN0NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kZjM4ZGEtNzVjZC00ZTIxLWFkMzgt
ZjJhMmE1ZDUwNDVlLzEvNTZwSG9lUlRpMVNaSGVxNERreVozS2VfX3RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kZjM4ZGEtNzVjZC00ZTIxLWFkMzgtZjJhMmE1ZDUwNDVl
LzEvd2NKcnRYUzRtNHdZWnZoSFM3SExBREprN0NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwQqDEoB
DDADBwQqDEoBDEAwDQYJKoZIhvcNAQELBQADggEBAAjXzeiLmX4WPgduzc+Sl0tU
rIvuKKUvCqrDZ9zbcPebxhCkqV0NiZMjciZZExgDp7uos1k549iz1YRjr911VOVx
LvaChO8EbqfPkVwksD3RCyS0tzHX4xQsGqP8y4T/Ykip0wWDeqaRb2blZ1f+CI+o
Q6YFOCbOiXM6NQ31bkUyci+RUn0CndJBvqX18lKuZqW+Qs/O24SORd0mkfySBzGz
Cinx86UCXyJ4a9x/QAXar6FMh9WiX4ihdTizxxOq8C2HEYfW/QrGV3ShRT+Ksw5V
rZS+jpetT1ukUsXbUJtNq9HhlVsjdAbE0xWlEu8E5CSlNbhkT922RLE6BJBU+c8=
-----END CERTIFICATE-----