Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/8trwTS6zWWIc2CXU2a9uB3EK1CE.roa
File:                     8trwTS6zWWIc2CXU2a9uB3EK1CE.roa (raw, json)
Hash identifier:          cB6Sm/NTvhdg/vAHTGU6288+fVcpUIfblu8fCuXy72c=
Subject key identifier:   F2:DA:F0:4D:2E:B3:59:62:1C:D8:25:D4:D9:AF:6E:07:71:0A:D4:21
Certificate issuer:       /CN=b75a0566d0b63a1f862d83458e4f2ea6fd8f7d21
Certificate serial:       019421B19099EF37649EE8A70FBBB6DDB2F3
Authority key identifier: B7:5A:05:66:D0:B6:3A:1F:86:2D:83:45:8E:4F:2E:A6:FD:8F:7D:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t1oFZtC2Oh-GLYNFjk8upv2PfSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/8trwTS6zWWIc2CXU2a9uB3EK1CE.roa
Signing time:             Wed 01 Jan 2025 11:47:52 +0000
ROA not before:           Wed 01 Jan 2025 11:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12390
IP address blocks:        185.199.56.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/t1oFZtC2Oh-GLYNFjk8upv2PfSE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/t1oFZtC2Oh-GLYNFjk8upv2PfSE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t1oFZtC2Oh-GLYNFjk8upv2PfSE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 08:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:90:99:ef:37:64:9e:e8:a7:0f:bb:b6:dd:b2:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b75a0566d0b63a1f862d83458e4f2ea6fd8f7d21
        Validity
            Not Before: Jan  1 11:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f2daf04d2eb359621cd825d4d9af6e07710ad421
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:42:b5:ad:13:3e:e0:e2:4f:a6:b4:29:72:9d:
                    87:ef:38:15:d3:a3:36:c7:59:8f:af:df:e9:1c:64:
                    8d:3d:f8:44:b3:6e:43:03:bf:46:df:84:b3:07:af:
                    97:0c:0b:07:dc:04:ae:50:7b:a7:8a:97:c5:0f:2e:
                    0e:6e:06:d9:47:02:28:d3:d5:c8:f7:25:cd:db:cd:
                    bc:6d:d4:96:89:0e:75:d9:3a:a7:db:d3:6a:24:de:
                    53:5e:1e:9c:66:bf:a1:66:bf:ef:24:7c:dc:ad:17:
                    cb:46:30:cd:5f:c9:20:24:9a:90:61:e4:5a:2f:be:
                    3a:21:a0:fd:e0:03:07:dc:20:76:2a:72:45:ab:83:
                    c5:54:98:54:c2:02:da:09:9b:16:13:cd:13:79:4c:
                    96:43:fb:c0:38:57:69:20:de:a3:cd:b1:60:f9:58:
                    af:a7:59:75:b6:88:10:2b:5f:bc:3e:c7:eb:02:35:
                    be:d9:a3:32:62:f2:1b:c3:99:0e:e1:9a:87:19:78:
                    2f:7f:43:5f:91:cd:07:87:7b:99:19:92:24:10:45:
                    78:0c:2e:67:65:5a:35:64:c8:ce:4a:1f:19:35:0a:
                    ca:a0:16:fc:79:72:e2:a9:9b:30:01:ce:40:82:a9:
                    aa:c3:29:74:d1:ac:dd:82:f3:14:3c:d6:ba:63:a2:
                    b0:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:DA:F0:4D:2E:B3:59:62:1C:D8:25:D4:D9:AF:6E:07:71:0A:D4:21
            X509v3 Authority Key Identifier:
                keyid:B7:5A:05:66:D0:B6:3A:1F:86:2D:83:45:8E:4F:2E:A6:FD:8F:7D:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t1oFZtC2Oh-GLYNFjk8upv2PfSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/8trwTS6zWWIc2CXU2a9uB3EK1CE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/t1oFZtC2Oh-GLYNFjk8upv2PfSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:ea:31:7f:2e:80:a0:e5:b9:3f:c7:f3:51:7a:f5:b3:1d:e7:
         2d:01:ef:01:f7:c9:55:f5:9a:07:b5:9c:c6:6a:86:0e:7c:ab:
         95:5d:fe:67:6f:ba:23:88:81:f1:fd:bf:35:0f:d3:c4:bf:f5:
         30:a9:ea:d8:f6:35:82:41:b2:3e:5b:47:be:62:c2:a5:17:28:
         6e:94:5a:15:04:39:42:3b:27:f6:68:8f:3c:d3:42:98:d7:b0:
         64:5b:11:b8:7c:a3:e7:ef:d5:69:c0:a7:f2:0e:db:e9:6f:b6:
         4f:2d:7a:07:5a:68:4c:20:fc:51:37:e0:0a:8d:7a:f9:de:2c:
         00:94:b2:df:88:98:83:fb:0a:36:17:6b:ef:8f:f1:3e:23:d6:
         d1:2c:a6:90:80:3c:9e:04:4e:3d:58:c4:63:22:a5:36:15:e3:
         e1:a1:1b:ef:81:b9:06:42:ca:6b:22:2d:4a:be:cf:52:e9:9a:
         73:b6:de:4d:03:04:91:cd:51:4d:1e:1a:59:93:7d:4f:4e:4d:
         82:00:f4:6b:54:30:a8:cf:2f:c6:fb:b1:2c:31:55:59:a7:22:
         94:a0:05:c1:64:aa:d2:87:f5:34:9c:18:67:33:76:b8:8b:b5:
         68:0e:25:1d:f6:1d:c8:fc:3c:81:38:04:5d:bf:b0:d6:ae:a9:
         14:7d:01:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsZCZ7zdknuinD7u23bLzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NWEwNTY2ZDBiNjNhMWY4NjJkODM0NThlNGYyZWE2ZmQ4
ZjdkMjEwHhcNMjUwMTAxMTE0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmRhZjA0ZDJlYjM1OTYyMWNkODI1ZDRkOWFmNmUwNzcxMGFkNDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEK1rRM+4OJPprQpcp2H7zgV06M2
x1mPr9/pHGSNPfhEs25DA79G34SzB6+XDAsH3ASuUHunipfFDy4ObgbZRwIo09XI
9yXN2828bdSWiQ512Tqn29NqJN5TXh6cZr+hZr/vJHzcrRfLRjDNX8kgJJqQYeRa
L746IaD94AMH3CB2KnJFq4PFVJhUwgLaCZsWE80TeUyWQ/vAOFdpIN6jzbFg+Viv
p1l1togQK1+8PsfrAjW+2aMyYvIbw5kO4ZqHGXgvf0Nfkc0Hh3uZGZIkEEV4DC5n
ZVo1ZMjOSh8ZNQrKoBb8eXLiqZswAc5Agqmqwyl00azdgvMUPNa6Y6KwHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPLa8E0us1liHNgl1NmvbgdxCtQhMB8GA1UdIwQY
MBaAFLdaBWbQtjofhi2DRY5PLqb9j30hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDFvRlp0QzJPaC1HTFlORmprOHVwdjJQZlNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi8xMDM1NzAtMWNmNi00MmFjLTgxZDQt
ODNmNjAxYzNmYjU5LzEvOHRyd1RTNnpXV0ljMkNYVTJhOXVCM0VLMUNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi8xMDM1NzAtMWNmNi00MmFjLTgxZDQtODNmNjAxYzNmYjU5
LzEvdDFvRlp0QzJPaC1HTFlORmprOHVwdjJQZlNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucc4MA0G
CSqGSIb3DQEBCwUAA4IBAQCJ6jF/LoCg5bk/x/NRevWzHectAe8B98lV9ZoHtZzG
aoYOfKuVXf5nb7ojiIHx/b81D9PEv/UwqerY9jWCQbI+W0e+YsKlFyhulFoVBDlC
Oyf2aI8800KY17BkWxG4fKPn79VpwKfyDtvpb7ZPLXoHWmhMIPxRN+AKjXr53iwA
lLLfiJiD+wo2F2vvj/E+I9bRLKaQgDyeBE49WMRjIqU2FePhoRvvgbkGQsprIi1K
vs9S6Zpztt5NAwSRzVFNHhpZk31PTk2CAPRrVDCozy/G+7EsMVVZpyKUoAXBZKrS
h/U0nBhnM3a4i7VoDiUd9h3I/DyBOARdv7DWrqkUfQEd
-----END CERTIFICATE-----