Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/iIS7f0TYsrBUmBGb7N_Eoc8hyEY.roa
File:                     iIS7f0TYsrBUmBGb7N_Eoc8hyEY.roa (raw, json)
Hash identifier:          51ySSXU+gQMsJJd0lwzZFjCyKpY8rXSp50W8MyZfWCg=
Subject key identifier:   88:84:BB:7F:44:D8:B2:B0:54:98:11:9B:EC:DF:C4:A1:CF:21:C8:46
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       018EC86B6C52E816EE47F6940B818E339A47
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/iIS7f0TYsrBUmBGb7N_Eoc8hyEY.roa
Signing time:             Wed 10 Apr 2024 14:31:07 +0000
ROA not before:           Wed 10 Apr 2024 14:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396356
IP address blocks:        212.46.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c8:6b:6c:52:e8:16:ee:47:f6:94:0b:81:8e:33:9a:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Apr 10 14:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8884bb7f44d8b2b05498119becdfc4a1cf21c846
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:6f:ef:7c:9a:10:a0:fe:95:2a:18:29:2e:6f:
                    8c:53:d6:52:a8:eb:bb:69:e2:09:4f:fb:3e:d3:c1:
                    40:ac:7a:dc:6d:ac:de:ef:5f:bd:2a:2f:cd:41:1b:
                    2c:95:f1:22:4b:02:f2:e6:a0:84:bf:89:a3:de:a6:
                    fb:13:df:15:f6:31:b8:af:d5:a2:9b:32:15:bc:14:
                    2d:b4:2f:7b:95:8b:df:41:71:90:2a:00:eb:06:02:
                    b9:b1:37:3a:c2:2e:4a:4d:27:25:57:7b:47:25:90:
                    59:7e:41:fd:6c:ff:af:d3:0e:ca:ef:50:68:1e:73:
                    1c:70:67:2b:6b:1c:30:85:7d:18:9c:d8:24:af:d3:
                    81:3d:f2:8e:1a:3d:45:0b:ca:6e:5d:2d:96:b4:8f:
                    5d:88:60:d9:80:c8:4e:39:73:b4:55:04:29:b1:bf:
                    9f:0e:6f:36:e4:17:55:23:05:ed:61:28:60:4e:66:
                    50:cf:b4:7b:48:7f:b9:35:8b:c8:c3:9c:9e:b7:28:
                    5d:f6:cd:94:b2:39:09:e2:fb:ba:8a:27:e4:50:ff:
                    4e:17:4f:13:83:2b:0f:b0:22:ba:d7:99:61:fe:b4:
                    ca:3b:32:f9:85:91:a0:5b:c0:0f:76:7e:9d:72:e4:
                    3a:2d:68:13:73:85:fc:7f:34:50:96:86:bf:f8:9d:
                    e2:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:84:BB:7F:44:D8:B2:B0:54:98:11:9B:EC:DF:C4:A1:CF:21:C8:46
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/iIS7f0TYsrBUmBGb7N_Eoc8hyEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.46.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:87:79:aa:ff:07:48:c1:e9:39:35:7f:7a:ab:4a:14:7e:45:
         0d:d1:f0:89:60:93:a1:e0:79:ad:23:c9:49:ec:28:22:42:69:
         cd:f1:88:e0:d7:65:90:9f:84:d9:d6:50:3c:a7:17:6c:6e:ac:
         55:d9:af:31:07:ce:d1:b3:9a:59:52:8a:31:26:70:41:ea:6c:
         4a:08:50:56:96:7b:98:aa:6b:e1:83:89:11:9e:96:b6:c8:f2:
         5d:fd:ce:bc:9d:9d:f4:97:32:99:10:74:05:67:1c:e2:a8:a2:
         ef:20:62:94:0e:9d:7a:ec:9f:ab:b9:08:b4:21:ac:8e:d0:0a:
         a1:db:be:ce:ae:24:1e:87:4d:c6:a0:c3:42:cc:3f:5d:57:39:
         f4:5b:94:69:1e:05:81:50:91:be:4a:64:ba:20:8b:64:87:ae:
         87:46:ae:bd:8e:de:c6:ae:43:7d:5e:67:83:64:be:5b:9e:d2:
         c9:82:8d:ed:91:9e:11:83:f2:2d:1b:b3:f5:dc:3f:38:a3:9e:
         79:a3:36:8a:5a:54:1c:7a:f4:6e:fe:45:5e:f2:68:6e:96:ba:
         70:b7:f2:a1:7a:25:7c:bb:e4:d9:da:53:04:2d:3c:4a:3c:6c:
         c0:d7:c0:bc:ec:0c:97:d4:ab:38:0e:8f:e0:da:87:6d:54:09:
         d1:30:22:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7Ia2xS6BbuR/aUC4GOM5pHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjQwNDEwMTQzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODg0YmI3ZjQ0ZDhiMmIwNTQ5ODExOWJlY2RmYzRhMWNmMjFjODQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApm/vfJoQoP6VKhgpLm+MU9ZSqOu7
aeIJT/s+08FArHrcbaze71+9Ki/NQRsslfEiSwLy5qCEv4mj3qb7E98V9jG4r9Wi
mzIVvBQttC97lYvfQXGQKgDrBgK5sTc6wi5KTSclV3tHJZBZfkH9bP+v0w7K71Bo
HnMccGcraxwwhX0YnNgkr9OBPfKOGj1FC8puXS2WtI9diGDZgMhOOXO0VQQpsb+f
Dm825BdVIwXtYShgTmZQz7R7SH+5NYvIw5yetyhd9s2UsjkJ4vu6iifkUP9OF08T
gysPsCK615lh/rTKOzL5hZGgW8APdn6dcuQ6LWgTc4X8fzRQloa/+J3imwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIiEu39E2LKwVJgRm+zfxKHPIchGMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvaUlTN2YwVFlzckJVbUJHYjdOX0VvYzhoeUVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1C4hMA0G
CSqGSIb3DQEBCwUAA4IBAQB4h3mq/wdIwek5NX96q0oUfkUN0fCJYJOh4HmtI8lJ
7CgiQmnN8Yjg12WQn4TZ1lA8pxdsbqxV2a8xB87Rs5pZUooxJnBB6mxKCFBWlnuY
qmvhg4kRnpa2yPJd/c68nZ30lzKZEHQFZxziqKLvIGKUDp167J+ruQi0IayO0Aqh
277OriQeh03GoMNCzD9dVzn0W5RpHgWBUJG+SmS6IItkh66HRq69jt7GrkN9XmeD
ZL5bntLJgo3tkZ4Rg/ItG7P13D84o555ozaKWlQcevRu/kVe8mhulrpwt/KheiV8
u+TZ2lMELTxKPGzA18C87AyX1Ks4Do/g2odtVAnRMCI/
-----END CERTIFICATE-----