Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/5af6ba-cec9-414c-b766-c015a9d4f8ef/1/_I1GzOSQP61necJJ0ohwBHx-YwY.roa
File:                     _I1GzOSQP61necJJ0ohwBHx-YwY.roa (raw, json)
Hash identifier:          sgd+1gyQCGyONoit8EcgoUsgQMplto10fNFNFHDpH+0=
Subject key identifier:   FC:8D:46:CC:E4:90:3F:AD:67:79:C2:49:D2:88:70:04:7C:7E:63:06
Certificate issuer:       /CN=656e407a6b99c0f052932cc777ff0de9b3a1974e
Certificate serial:       018CC94E064846D264E675DD2EDDAA7B79C5
Authority key identifier: 65:6E:40:7A:6B:99:C0:F0:52:93:2C:C7:77:FF:0D:E9:B3:A1:97:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZW5AemuZwPBSkyzHd_8N6bOhl04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/5af6ba-cec9-414c-b766-c015a9d4f8ef/1/_I1GzOSQP61necJJ0ohwBHx-YwY.roa
Signing time:             Tue 02 Jan 2024 08:33:02 +0000
ROA not before:           Tue 02 Jan 2024 08:33:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41847
IP address blocks:        185.187.56.0/22 maxlen: 24
                          2a0b:9780::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/5af6ba-cec9-414c-b766-c015a9d4f8ef/1/ZW5AemuZwPBSkyzHd_8N6bOhl04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/5af6ba-cec9-414c-b766-c015a9d4f8ef/1/ZW5AemuZwPBSkyzHd_8N6bOhl04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZW5AemuZwPBSkyzHd_8N6bOhl04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:06:48:46:d2:64:e6:75:dd:2e:dd:aa:7b:79:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=656e407a6b99c0f052932cc777ff0de9b3a1974e
        Validity
            Not Before: Jan  2 08:33:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc8d46cce4903fad6779c249d28870047c7e6306
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c4:28:dd:7f:16:3f:7d:6b:f9:17:08:f0:e9:
                    89:5f:2d:f4:20:2f:58:ba:ec:05:1b:5b:4a:64:e8:
                    39:c5:73:d6:60:b9:ae:ea:4b:77:a6:b0:f1:af:f4:
                    78:c2:2b:36:89:70:17:bb:45:b2:18:09:ef:49:99:
                    55:ec:04:44:5a:62:14:9a:83:40:69:67:04:27:e5:
                    93:39:d2:f4:cb:2e:c9:a9:92:93:e5:cb:6f:01:7a:
                    ed:ae:d1:58:67:83:db:f4:61:93:9f:66:95:ae:02:
                    16:4c:42:18:f8:bc:49:35:8d:0c:45:0d:28:67:2c:
                    65:c2:d3:77:48:b8:77:4f:e9:8f:95:07:ef:73:3c:
                    fb:a4:23:57:1f:86:0f:93:3e:e7:14:81:03:a8:88:
                    b9:60:bd:a2:2b:ff:85:b1:25:bf:28:aa:8d:f9:ca:
                    c0:56:a4:85:1d:cb:66:be:87:d3:0f:76:c3:42:72:
                    a3:04:75:19:7f:c9:dd:c6:a3:a8:de:17:13:12:6e:
                    71:ee:c9:51:c9:cc:a4:35:60:25:92:a1:12:d2:ab:
                    07:9d:99:bd:72:b6:34:52:a9:96:fa:a3:c7:fb:41:
                    65:5f:3d:6c:66:f4:92:eb:c0:93:bc:7f:39:5a:f9:
                    a8:d3:52:34:66:eb:5d:46:84:d6:74:a9:28:9c:65:
                    c8:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:8D:46:CC:E4:90:3F:AD:67:79:C2:49:D2:88:70:04:7C:7E:63:06
            X509v3 Authority Key Identifier:
                keyid:65:6E:40:7A:6B:99:C0:F0:52:93:2C:C7:77:FF:0D:E9:B3:A1:97:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZW5AemuZwPBSkyzHd_8N6bOhl04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5af6ba-cec9-414c-b766-c015a9d4f8ef/1/_I1GzOSQP61necJJ0ohwBHx-YwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5af6ba-cec9-414c-b766-c015a9d4f8ef/1/ZW5AemuZwPBSkyzHd_8N6bOhl04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.56.0/22
                IPv6:
                  2a0b:9780::/29

    Signature Algorithm: sha256WithRSAEncryption
         af:b6:ee:41:cf:38:02:75:18:87:ea:6d:dd:09:51:5c:4f:27:
         8f:59:b8:52:6d:ad:81:c0:45:ce:05:4a:77:ff:b6:4e:84:11:
         17:d8:b0:7c:ea:19:1f:af:e5:01:ec:b8:16:2f:c1:f5:08:8e:
         d6:fe:92:6e:61:69:30:ed:bd:ce:9c:9e:f3:99:80:59:80:99:
         bd:2a:03:7a:5b:fb:22:ce:1d:85:78:3b:e4:8c:e4:51:90:23:
         ea:43:03:83:64:09:5a:c3:3b:30:0e:97:e9:8c:fd:91:51:d1:
         48:4b:bc:4d:a3:60:99:a7:7e:39:68:64:d6:59:4d:a6:cc:85:
         7a:95:9c:4a:15:50:0a:c2:eb:db:5a:45:d5:25:1a:96:79:5a:
         e5:da:bb:43:02:95:85:a3:05:34:ad:22:06:9c:b1:b5:28:3c:
         d9:7f:ab:db:65:62:19:be:02:fb:56:49:14:cc:84:95:d5:50:
         28:a2:b2:82:18:b7:3c:f1:2e:37:cd:bb:31:fb:e6:3a:08:f9:
         18:8c:32:bb:f3:21:34:22:c2:5a:5a:d8:1f:e0:f4:da:ae:ee:
         e0:3f:60:2f:62:c6:7f:d0:4d:12:90:69:a7:ce:e6:15:07:a5:
         dc:d8:b4:e0:59:eb:03:c0:27:a2:cc:22:97:93:db:c1:45:5d:
         b7:1c:28:7d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTgZIRtJk5nXdLt2qe3nFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NmU0MDdhNmI5OWMwZjA1MjkzMmNjNzc3ZmYwZGU5YjNh
MTk3NGUwHhcNMjQwMTAyMDgzMzAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzhkNDZjY2U0OTAzZmFkNjc3OWMyNDlkMjg4NzAwNDdjN2U2MzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMQo3X8WP31r+RcI8OmJXy30IC9Y
uuwFG1tKZOg5xXPWYLmu6kt3prDxr/R4wis2iXAXu0WyGAnvSZlV7AREWmIUmoNA
aWcEJ+WTOdL0yy7JqZKT5ctvAXrtrtFYZ4Pb9GGTn2aVrgIWTEIY+LxJNY0MRQ0o
ZyxlwtN3SLh3T+mPlQfvczz7pCNXH4YPkz7nFIEDqIi5YL2iK/+FsSW/KKqN+crA
VqSFHctmvofTD3bDQnKjBHUZf8ndxqOo3hcTEm5x7slRycykNWAlkqES0qsHnZm9
crY0UqmW+qPH+0FlXz1sZvSS68CTvH85Wvmo01I0ZutdRoTWdKkonGXI8wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPyNRszkkD+tZ3nCSdKIcAR8fmMGMB8GA1UdIwQY
MBaAFGVuQHprmcDwUpMsx3f/DemzoZdOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlc1QWVtdVp3UEJTa3l6SGRfOE42Yk9obDA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81YWY2YmEtY2VjOS00MTRjLWI3NjYt
YzAxNWE5ZDRmOGVmLzEvX0kxR3pPU1FQNjFuZWNKSjBvaHdCSHgtWXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81YWY2YmEtY2VjOS00MTRjLWI3NjYtYzAxNWE5ZDRmOGVm
LzEvWlc1QWVtdVp3UEJTa3l6SGRfOE42Yk9obDA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubs4MA0E
AgACMAcDBQMqC5eAMA0GCSqGSIb3DQEBCwUAA4IBAQCvtu5BzzgCdRiH6m3dCVFc
TyePWbhSba2BwEXOBUp3/7ZOhBEX2LB86hkfr+UB7LgWL8H1CI7W/pJuYWkw7b3O
nJ7zmYBZgJm9KgN6W/sizh2FeDvkjORRkCPqQwODZAlawzswDpfpjP2RUdFIS7xN
o2CZp345aGTWWU2mzIV6lZxKFVAKwuvbWkXVJRqWeVrl2rtDApWFowU0rSIGnLG1
KDzZf6vbZWIZvgL7VkkUzISV1VAoorKCGLc88S43zbsx++Y6CPkYjDK78yE0IsJa
Wtgf4PTaru7gP2AvYsZ/0E0SkGmnzuYVB6Xc2LTgWesDwCeizCKXk9vBRV23HCh9
-----END CERTIFICATE-----