Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/P56mP0m2ffeK_9dcRq1QHuFdYfI.roa
File:                     P56mP0m2ffeK_9dcRq1QHuFdYfI.roa (raw, json)
Hash identifier:          uFZlt+vJKZr4DQBP0glMYOEKOOr5IpePsQu5iolyTTw=
Subject key identifier:   3F:9E:A6:3F:49:B6:7D:F7:8A:FF:D7:5C:46:AD:50:1E:E1:5D:61:F2
Certificate issuer:       /CN=95b30111b0b720a209f788c8b90f60380b465c2e
Certificate serial:       018CC26CF626E2477F9FB02D774BD41806F9
Authority key identifier: 95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/P56mP0m2ffeK_9dcRq1QHuFdYfI.roa
Signing time:             Mon 01 Jan 2024 00:29:29 +0000
ROA not before:           Mon 01 Jan 2024 00:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48624
IP address blocks:        176.56.80.0/22 maxlen: 22
                          176.56.88.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 06:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f6:26:e2:47:7f:9f:b0:2d:77:4b:d4:18:06:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95b30111b0b720a209f788c8b90f60380b465c2e
        Validity
            Not Before: Jan  1 00:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f9ea63f49b67df78affd75c46ad501ee15d61f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ad:3c:83:63:da:7b:45:89:bc:7a:b7:b6:9c:
                    85:58:41:0f:08:7e:80:29:f4:ac:1b:3b:31:9b:07:
                    72:02:5d:36:33:5e:64:d4:ae:6f:27:30:53:40:f6:
                    a8:6e:32:24:db:98:d4:4c:64:59:1e:88:9a:2a:1c:
                    90:8b:ec:e0:f0:31:82:58:3b:2a:db:42:2c:fa:90:
                    b8:67:54:d4:8f:ab:ac:e2:58:db:c3:56:5a:fb:91:
                    d8:c8:02:46:5f:e8:e2:56:75:f1:3b:cb:bc:f6:a0:
                    d5:d6:14:8e:53:da:29:79:c3:67:a2:e6:0b:23:e9:
                    a3:a9:d5:aa:37:bd:65:27:9a:e6:66:60:66:b4:f0:
                    95:ce:12:54:96:db:79:55:ad:5d:03:7e:5a:44:bb:
                    57:cb:47:c2:db:30:4d:59:91:03:99:11:29:f3:6f:
                    b2:d9:f8:22:b8:2e:68:ba:16:31:e8:bc:d6:72:7d:
                    86:78:0c:92:df:53:5d:c1:53:f0:b6:ba:6b:ba:5f:
                    f8:4f:de:fd:d1:d3:0d:de:42:a3:82:4a:38:25:48:
                    a5:ec:82:22:11:3b:2b:8e:f1:c8:10:51:35:f8:db:
                    a2:6c:80:56:f1:ef:8d:b5:e5:b3:d2:5e:1e:1c:50:
                    cc:a2:14:49:55:29:a9:70:4e:21:f4:dd:41:97:1e:
                    79:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:9E:A6:3F:49:B6:7D:F7:8A:FF:D7:5C:46:AD:50:1E:E1:5D:61:F2
            X509v3 Authority Key Identifier:
                keyid:95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/P56mP0m2ffeK_9dcRq1QHuFdYfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.56.80.0/22
                  176.56.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c6:72:08:0b:61:5a:f6:5a:4d:39:32:a5:af:ec:26:8a:8d:32:
         df:d6:f4:bb:8b:d5:d3:5c:9a:2b:1b:87:81:18:05:a7:2a:d3:
         4f:e4:4a:9d:5e:54:fd:0d:d3:e1:cf:65:2e:d5:6f:f1:2b:80:
         88:8f:66:b3:26:f3:55:cc:35:35:b8:2d:2c:c1:29:20:a8:50:
         dd:70:7a:26:8e:73:59:a6:b5:b9:45:f8:ee:83:54:0d:c8:61:
         25:50:b9:2f:e8:39:cc:cc:a1:66:c2:a9:38:54:48:70:98:b9:
         a8:57:fb:46:e2:c8:1e:cb:f3:78:22:83:76:41:79:d6:4c:54:
         c2:cb:83:91:9b:a8:ee:8d:0a:33:3a:e6:27:4f:16:c4:6d:9d:
         88:f3:3e:02:9b:46:0e:d5:fb:2d:9c:cc:aa:4c:ac:37:e3:1f:
         16:47:eb:08:8c:0d:1e:1a:7c:89:e4:f5:5b:55:34:dd:ab:87:
         80:6b:72:c4:be:c2:4a:56:35:1a:53:7f:a2:1b:4f:58:f5:06:
         67:88:f6:96:96:e8:d1:8a:dd:78:c1:19:b1:82:1c:32:c4:85:
         70:c5:fe:a9:e1:83:b5:cf:33:e9:17:1c:a5:b3:ed:be:b8:2c:
         21:4c:99:d4:56:e1:12:b4:81:9c:bc:53:bd:e3:b5:7b:ee:1c:
         88:47:7b:c3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbPYm4kd/n7Atd0vUGAb5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1YjMwMTExYjBiNzIwYTIwOWY3ODhjOGI5MGY2MDM4MGI0
NjVjMmUwHhcNMjQwMTAxMDAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjllYTYzZjQ5YjY3ZGY3OGFmZmQ3NWM0NmFkNTAxZWUxNWQ2MWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuK08g2Pae0WJvHq3tpyFWEEPCH6A
KfSsGzsxmwdyAl02M15k1K5vJzBTQPaobjIk25jUTGRZHoiaKhyQi+zg8DGCWDsq
20Is+pC4Z1TUj6us4ljbw1Za+5HYyAJGX+jiVnXxO8u89qDV1hSOU9opecNnouYL
I+mjqdWqN71lJ5rmZmBmtPCVzhJUltt5Va1dA35aRLtXy0fC2zBNWZEDmREp82+y
2fgiuC5ouhYx6LzWcn2GeAyS31NdwVPwtrprul/4T9790dMN3kKjgko4JUil7IIi
ETsrjvHIEFE1+NuibIBW8e+NteWz0l4eHFDMohRJVSmpcE4h9N1Blx55hQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD+epj9Jtn33iv/XXEatUB7hXWHyMB8GA1UdIwQY
MBaAFJWzARGwtyCiCfeIyLkPYDgLRlwuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmIt
OTE2NDZiZjAxNTNkLzEvUDU2bVAwbTJmZmVLXzlkY1JxMVFIdUZkWWZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmItOTE2NDZiZjAxNTNk
LzEvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCsDhQAwQC
sDhYMA0GCSqGSIb3DQEBCwUAA4IBAQDGcggLYVr2Wk05MqWv7CaKjTLf1vS7i9XT
XJorG4eBGAWnKtNP5EqdXlT9DdPhz2Uu1W/xK4CIj2azJvNVzDU1uC0swSkgqFDd
cHomjnNZprW5Rfjug1QNyGElULkv6DnMzKFmwqk4VEhwmLmoV/tG4sgey/N4IoN2
QXnWTFTCy4ORm6jujQozOuYnTxbEbZ2I8z4Cm0YO1fstnMyqTKw34x8WR+sIjA0e
GnyJ5PVbVTTdq4eAa3LEvsJKVjUaU3+iG09Y9QZniPaWlujRit14wRmxghwyxIVw
xf6p4YO1zzPpFxyls+2+uCwhTJnUVuEStIGcvFO947V77hyIR3vD
-----END CERTIFICATE-----