Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/bf3eca-171f-401c-9b5d-ccc4f1e00990/1/ChC595SFRthJDeaQj53vKQ2wXFg.roa
File:                     ChC595SFRthJDeaQj53vKQ2wXFg.roa (raw, json)
Hash identifier:          PdP5rkPENoILROd8RILmlWlsFahtNPshBSyMIMU+o+8=
Subject key identifier:   0A:10:B9:F7:94:85:46:D8:49:0D:E6:90:8F:9D:EF:29:0D:B0:5C:58
Certificate issuer:       /CN=2c727d09fbb19a7f985d751a20311c1bad4b071f
Certificate serial:       018CC86F510D8442EEE4EA9463822D88DDE2
Authority key identifier: 2C:72:7D:09:FB:B1:9A:7F:98:5D:75:1A:20:31:1C:1B:AD:4B:07:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LHJ9Cfuxmn-YXXUaIDEcG61LBx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/bf3eca-171f-401c-9b5d-ccc4f1e00990/1/ChC595SFRthJDeaQj53vKQ2wXFg.roa
Signing time:             Tue 02 Jan 2024 04:29:47 +0000
ROA not before:           Tue 02 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202598
IP address blocks:        185.156.56.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/bf3eca-171f-401c-9b5d-ccc4f1e00990/1/LHJ9Cfuxmn-YXXUaIDEcG61LBx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/bf3eca-171f-401c-9b5d-ccc4f1e00990/1/LHJ9Cfuxmn-YXXUaIDEcG61LBx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LHJ9Cfuxmn-YXXUaIDEcG61LBx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:51:0d:84:42:ee:e4:ea:94:63:82:2d:88:dd:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c727d09fbb19a7f985d751a20311c1bad4b071f
        Validity
            Not Before: Jan  2 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a10b9f7948546d8490de6908f9def290db05c58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0c:eb:0b:f9:72:0f:c5:84:67:e5:68:bf:67:
                    08:9d:28:95:a4:14:23:ce:ce:df:56:31:10:cf:01:
                    c3:dc:7c:7b:60:1f:23:d4:83:cf:93:c3:bc:0f:ca:
                    97:32:ee:2b:05:fc:53:f6:fc:4d:11:71:43:e7:b0:
                    07:21:bd:16:45:29:e4:4e:74:c3:89:b5:92:a7:56:
                    52:12:8e:bd:d1:a9:b2:6a:40:71:8b:ba:ca:bd:8e:
                    da:65:79:60:64:78:68:78:d8:e3:47:ad:1a:d1:1f:
                    cc:fe:75:ce:aa:de:82:ef:39:b9:78:35:1f:a4:fe:
                    b8:e5:ec:99:5a:b2:89:2b:fb:70:71:b5:87:97:6d:
                    34:63:23:0f:47:bf:04:c5:41:17:79:9a:0a:09:3d:
                    2c:9d:30:c9:a1:3f:73:9a:3a:38:42:b9:73:44:57:
                    97:46:86:65:ab:b6:d5:97:06:84:d4:26:0b:02:b4:
                    f9:8e:70:3e:c2:ea:09:43:07:69:99:22:ee:7c:f7:
                    3c:a0:0d:e3:09:99:17:4d:db:93:c7:7c:d9:59:dc:
                    b2:ba:08:bb:98:ed:c3:de:5d:c6:61:8d:fe:92:bc:
                    c5:fa:61:b0:4e:c0:0e:55:c9:02:36:dd:55:45:f6:
                    d4:e1:70:dd:d2:3a:5e:f7:79:4d:e7:6f:7d:0f:78:
                    a4:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:10:B9:F7:94:85:46:D8:49:0D:E6:90:8F:9D:EF:29:0D:B0:5C:58
            X509v3 Authority Key Identifier:
                keyid:2C:72:7D:09:FB:B1:9A:7F:98:5D:75:1A:20:31:1C:1B:AD:4B:07:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHJ9Cfuxmn-YXXUaIDEcG61LBx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/bf3eca-171f-401c-9b5d-ccc4f1e00990/1/ChC595SFRthJDeaQj53vKQ2wXFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/bf3eca-171f-401c-9b5d-ccc4f1e00990/1/LHJ9Cfuxmn-YXXUaIDEcG61LBx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:bb:a0:60:61:c8:15:c5:64:1a:82:37:51:20:4a:db:ef:5a:
         52:16:b6:5f:0a:a3:a7:ce:1b:c3:eb:6c:ed:e8:12:b9:9e:0c:
         f8:df:5c:22:73:cc:96:68:42:c4:e9:e8:f0:52:25:dd:49:e9:
         84:ed:d8:e7:8c:c2:13:50:32:fb:e4:cc:9c:33:01:2b:c3:e9:
         92:fd:82:45:24:97:f6:a3:cd:d7:28:53:29:63:2a:3f:91:39:
         bd:68:a0:11:2a:c9:c8:37:03:00:e9:e1:84:2b:6c:a8:db:64:
         bd:06:2b:82:c5:0c:ec:17:68:1f:9a:d6:c4:d2:e7:53:3a:43:
         a1:52:43:3b:2a:6d:d0:39:af:87:ce:6d:77:ed:0a:09:ed:98:
         2c:e3:48:4f:52:28:05:d0:69:c9:3b:01:f7:7b:1c:d9:b8:63:
         dc:19:45:cf:4b:46:7d:98:1a:78:0e:0c:21:d6:d6:18:61:84:
         8f:d7:79:20:67:3d:6b:94:b1:07:60:3f:ea:92:f3:37:9b:16:
         52:2d:6c:19:d8:71:61:1f:dc:71:93:f0:ce:20:13:73:a5:7d:
         15:81:4c:73:d1:a7:b3:ec:60:45:e6:a5:70:7a:2a:7b:e4:63:
         26:cf:8e:67:39:b3:80:32:01:6a:70:11:70:e1:48:a6:30:1f:
         7d:37:fc:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb1ENhELu5OqUY4ItiN3iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzI3ZDA5ZmJiMTlhN2Y5ODVkNzUxYTIwMzExYzFiYWQ0
YjA3MWYwHhcNMjQwMTAyMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTEwYjlmNzk0ODU0NmQ4NDkwZGU2OTA4ZjlkZWYyOTBkYjA1YzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwzrC/lyD8WEZ+Vov2cInSiVpBQj
zs7fVjEQzwHD3Hx7YB8j1IPPk8O8D8qXMu4rBfxT9vxNEXFD57AHIb0WRSnkTnTD
ibWSp1ZSEo690amyakBxi7rKvY7aZXlgZHhoeNjjR60a0R/M/nXOqt6C7zm5eDUf
pP645eyZWrKJK/twcbWHl200YyMPR78ExUEXeZoKCT0snTDJoT9zmjo4QrlzRFeX
RoZlq7bVlwaE1CYLArT5jnA+wuoJQwdpmSLufPc8oA3jCZkXTduTx3zZWdyyugi7
mO3D3l3GYY3+krzF+mGwTsAOVckCNt1VRfbU4XDd0jpe93lN5299D3ikhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAoQufeUhUbYSQ3mkI+d7ykNsFxYMB8GA1UdIwQY
MBaAFCxyfQn7sZp/mF11GiAxHButSwcfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhKOUNmdXhtbi1ZWFhVYUlERWNHNjFMQng4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy9iZjNlY2EtMTcxZi00MDFjLTliNWQt
Y2NjNGYxZTAwOTkwLzEvQ2hDNTk1U0ZSdGhKRGVhUWo1M3ZLUTJ3WEZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy9iZjNlY2EtMTcxZi00MDFjLTliNWQtY2NjNGYxZTAwOTkw
LzEvTEhKOUNmdXhtbi1ZWFhVYUlERWNHNjFMQng4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZw4MA0G
CSqGSIb3DQEBCwUAA4IBAQAWu6BgYcgVxWQagjdRIErb71pSFrZfCqOnzhvD62zt
6BK5ngz431wic8yWaELE6ejwUiXdSemE7djnjMITUDL75MycMwErw+mS/YJFJJf2
o83XKFMpYyo/kTm9aKARKsnINwMA6eGEK2yo22S9BiuCxQzsF2gfmtbE0udTOkOh
UkM7Km3QOa+Hzm137QoJ7Zgs40hPUigF0GnJOwH3exzZuGPcGUXPS0Z9mBp4Dgwh
1tYYYYSP13kgZz1rlLEHYD/qkvM3mxZSLWwZ2HFhH9xxk/DOIBNzpX0VgUxz0aez
7GBF5qVweip75GMmz45nObOAMgFqcBFw4UimMB99N/wX
-----END CERTIFICATE-----