Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/56eaR_0rXdf4g32HIUg1gpDbVuw.roa
File:                     56eaR_0rXdf4g32HIUg1gpDbVuw.roa (raw, json)
Hash identifier:          2+63CODMKPLpoZyqko23C230bV9xv787U3dtKx0QEvc=
Subject key identifier:   E7:A7:9A:47:FD:2B:5D:D7:F8:83:7D:87:21:48:35:82:90:DB:56:EC
Certificate issuer:       /CN=44f885220f1719f5837cb5a36fa62f3f537e8e3f
Certificate serial:       018CC9BC647BFC167118451A9E2EA0D2636B
Authority key identifier: 44:F8:85:22:0F:17:19:F5:83:7C:B5:A3:6F:A6:2F:3F:53:7E:8E:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RPiFIg8XGfWDfLWjb6YvP1N-jj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/56eaR_0rXdf4g32HIUg1gpDbVuw.roa
Signing time:             Tue 02 Jan 2024 10:33:35 +0000
ROA not before:           Tue 02 Jan 2024 10:33:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44548
IP address blocks:        91.220.199.0/24 maxlen: 24
                          195.93.156.0/23 maxlen: 23
                          195.93.156.0/24 maxlen: 24
                          195.93.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/RPiFIg8XGfWDfLWjb6YvP1N-jj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/RPiFIg8XGfWDfLWjb6YvP1N-jj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RPiFIg8XGfWDfLWjb6YvP1N-jj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 07:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:64:7b:fc:16:71:18:45:1a:9e:2e:a0:d2:63:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44f885220f1719f5837cb5a36fa62f3f537e8e3f
        Validity
            Not Before: Jan  2 10:33:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7a79a47fd2b5dd7f8837d872148358290db56ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:63:14:4b:e5:12:8a:d4:a7:59:24:ed:09:0e:
                    6f:1d:7a:ca:5b:0f:1f:36:42:b7:54:a4:1c:02:7a:
                    90:e3:06:1d:49:f0:2c:d8:7f:43:58:ab:52:b1:d5:
                    1c:cb:39:6d:5a:5f:1d:d5:d1:d7:0c:3f:0c:2d:21:
                    cb:2e:b5:fc:73:69:a8:49:c6:4c:94:3a:aa:59:f5:
                    df:de:be:6c:12:b1:0f:79:e7:c2:36:1b:0e:b1:d9:
                    b0:94:b0:f7:7c:6a:0f:77:7e:9c:d4:8a:0d:4a:3d:
                    39:14:19:0c:3b:1a:de:9e:07:7f:5a:75:7a:db:3e:
                    53:70:52:fd:01:86:5c:dd:b6:58:e5:2b:84:4b:bf:
                    fe:de:15:3b:02:e5:e0:bb:1b:79:61:ef:ca:6f:b2:
                    4f:f6:e9:d8:24:81:3d:4b:b6:38:c6:a9:f0:ec:1b:
                    97:3f:54:42:32:01:1d:fb:94:a3:94:a3:8a:77:58:
                    b6:9b:13:07:2d:89:ef:bb:c7:62:d9:6e:79:86:e0:
                    ae:14:67:4a:32:fd:1d:02:96:c2:8c:b3:6f:21:36:
                    d9:78:47:41:f9:04:83:f7:7d:e3:2a:87:0d:44:95:
                    da:e2:f4:c9:b3:f1:a0:85:b5:e5:3d:e5:df:d8:46:
                    53:a8:6f:4d:ca:c3:68:a6:39:50:7d:c2:6a:34:71:
                    6d:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:A7:9A:47:FD:2B:5D:D7:F8:83:7D:87:21:48:35:82:90:DB:56:EC
            X509v3 Authority Key Identifier:
                keyid:44:F8:85:22:0F:17:19:F5:83:7C:B5:A3:6F:A6:2F:3F:53:7E:8E:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RPiFIg8XGfWDfLWjb6YvP1N-jj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/56eaR_0rXdf4g32HIUg1gpDbVuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/RPiFIg8XGfWDfLWjb6YvP1N-jj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.199.0/24
                  195.93.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:1e:cc:08:93:5c:88:70:7b:91:ba:fa:6a:97:2f:08:9f:32:
         f2:ad:11:59:6b:d5:58:93:41:2a:08:ad:21:5f:f4:d4:6a:6a:
         0a:fb:90:b0:cb:38:6b:c2:55:3c:30:95:d9:1e:60:a7:ea:39:
         ad:32:66:d9:61:bc:1b:6c:a2:56:2c:27:be:71:4b:8a:7e:d1:
         ed:ae:cb:ae:be:ea:3c:81:29:b0:41:cb:9d:4a:01:1d:3a:f4:
         e9:eb:28:95:dc:d3:99:1c:13:1a:67:90:e2:e5:08:d1:55:35:
         b8:88:d5:cf:81:5f:a4:59:c6:9a:da:51:d0:2d:77:4a:82:f2:
         73:5c:10:93:1d:34:ea:08:1b:7b:dd:88:e1:17:95:9e:a4:c3:
         be:e0:8a:64:fd:86:fd:e5:c0:dd:ab:52:66:d1:af:84:82:81:
         de:74:da:26:2e:20:7e:4d:36:27:48:76:6c:4a:74:24:9e:10:
         c3:b9:7a:60:6d:8e:c8:ac:b9:45:84:6c:ba:57:6d:50:15:1a:
         b4:c1:c4:65:67:36:c8:9f:df:e1:1d:71:86:cf:e9:9f:eb:38:
         32:05:fa:fd:c6:72:b4:5b:32:4a:98:ad:c0:76:7d:34:02:de:
         fa:71:e0:c0:85:00:dd:85:56:04:eb:16:e5:22:b8:7d:8f:9e:
         96:71:87:0b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvGR7/BZxGEUani6g0mNrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0Zjg4NTIyMGYxNzE5ZjU4MzdjYjVhMzZmYTYyZjNmNTM3
ZThlM2YwHhcNMjQwMTAyMTAzMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2E3OWE0N2ZkMmI1ZGQ3Zjg4MzdkODcyMTQ4MzU4MjkwZGI1NmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWMUS+USitSnWSTtCQ5vHXrKWw8f
NkK3VKQcAnqQ4wYdSfAs2H9DWKtSsdUcyzltWl8d1dHXDD8MLSHLLrX8c2moScZM
lDqqWfXf3r5sErEPeefCNhsOsdmwlLD3fGoPd36c1IoNSj05FBkMOxrengd/WnV6
2z5TcFL9AYZc3bZY5SuES7/+3hU7AuXguxt5Ye/Kb7JP9unYJIE9S7Y4xqnw7BuX
P1RCMgEd+5SjlKOKd1i2mxMHLYnvu8di2W55huCuFGdKMv0dApbCjLNvITbZeEdB
+QSD933jKocNRJXa4vTJs/GghbXlPeXf2EZTqG9NysNopjlQfcJqNHFt+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOenmkf9K13X+IN9hyFINYKQ21bsMB8GA1UdIwQY
MBaAFET4hSIPFxn1g3y1o2+mLz9Tfo4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlBpRklnOFhHZldEZkxXamI2WXZQMU4tamo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9iYWIxOTQtNWUyNC00ZWFkLThmNDkt
MzdlZDk5MTQzYWFlLzEvNTZlYVJfMHJYZGY0ZzMySElVZzFncERiVnV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9iYWIxOTQtNWUyNC00ZWFkLThmNDktMzdlZDk5MTQzYWFl
LzEvUlBpRklnOFhHZldEZkxXamI2WXZQMU4tamo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9zHAwQB
w12cMA0GCSqGSIb3DQEBCwUAA4IBAQAGHswIk1yIcHuRuvpqly8InzLyrRFZa9VY
k0EqCK0hX/TUamoK+5CwyzhrwlU8MJXZHmCn6jmtMmbZYbwbbKJWLCe+cUuKftHt
rsuuvuo8gSmwQcudSgEdOvTp6yiV3NOZHBMaZ5Di5QjRVTW4iNXPgV+kWcaa2lHQ
LXdKgvJzXBCTHTTqCBt73YjhF5WepMO+4Ipk/Yb95cDdq1Jm0a+EgoHedNomLiB+
TTYnSHZsSnQknhDDuXpgbY7IrLlFhGy6V21QFRq0wcRlZzbIn9/hHXGGz+mf6zgy
Bfr9xnK0WzJKmK3Adn00At76ceDAhQDdhVYE6xblIrh9j56WcYcL
-----END CERTIFICATE-----