Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/d3e9bd-446b-4116-8453-d467cc6e7d8f/1/V5Bw1xaIs9gJJG3FItQX7XO8MSw.roa
File:                     V5Bw1xaIs9gJJG3FItQX7XO8MSw.roa (raw, json)
Hash identifier:          BQYlOJNnavAP5tLNQ83Pzyz4xgbSXHbkqMTlXU7QOM4=
Subject key identifier:   57:90:70:D7:16:88:B3:D8:09:24:6D:C5:22:D4:17:ED:73:BC:31:2C
Certificate issuer:       /CN=077a0fb99e52ae4fa1d66faad93f42e6d07886a6
Certificate serial:       018CC94DD811DACD40AF6CD51468E0C9D805
Authority key identifier: 07:7A:0F:B9:9E:52:AE:4F:A1:D6:6F:AA:D9:3F:42:E6:D0:78:86:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B3oPuZ5Srk-h1m-q2T9C5tB4hqY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/d3e9bd-446b-4116-8453-d467cc6e7d8f/1/V5Bw1xaIs9gJJG3FItQX7XO8MSw.roa
Signing time:             Tue 02 Jan 2024 08:32:51 +0000
ROA not before:           Tue 02 Jan 2024 08:32:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59817
IP address blocks:        185.70.56.0/22 maxlen: 22
                          2a03:34a0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/d3e9bd-446b-4116-8453-d467cc6e7d8f/1/B3oPuZ5Srk-h1m-q2T9C5tB4hqY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/d3e9bd-446b-4116-8453-d467cc6e7d8f/1/B3oPuZ5Srk-h1m-q2T9C5tB4hqY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B3oPuZ5Srk-h1m-q2T9C5tB4hqY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:d8:11:da:cd:40:af:6c:d5:14:68:e0:c9:d8:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=077a0fb99e52ae4fa1d66faad93f42e6d07886a6
        Validity
            Not Before: Jan  2 08:32:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=579070d71688b3d809246dc522d417ed73bc312c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:99:5d:e9:ed:bb:45:7a:19:92:75:91:c7:39:
                    94:0d:d8:16:70:43:29:d4:6f:df:d7:7e:83:bf:5d:
                    30:a9:76:0e:e2:4f:d0:7d:b5:cd:96:ce:c2:ea:21:
                    98:dd:8c:cf:ec:97:dc:66:f6:20:d9:51:f8:86:3f:
                    59:4a:ea:97:8a:0c:7c:78:2a:78:2e:74:ac:45:81:
                    15:25:62:17:85:16:c2:28:70:4f:f4:31:69:2d:f1:
                    2e:89:20:d9:16:15:9b:56:78:d8:62:a7:03:eb:a4:
                    3a:20:00:7c:72:e3:35:3e:d8:dd:fc:e1:d0:89:51:
                    8d:21:1e:68:ce:a2:62:d0:cc:c5:d9:9f:24:4b:a4:
                    dd:74:b9:72:10:f7:4a:46:03:ef:4d:c9:94:94:fe:
                    d6:01:74:58:f0:80:17:10:07:f4:0f:9e:56:bb:89:
                    5b:8f:a4:3d:57:8e:23:c0:23:c0:af:51:2b:84:62:
                    1b:15:78:a1:5c:35:1b:0d:a1:6a:ed:12:c0:3b:e7:
                    8d:f8:25:96:42:fa:a3:7a:87:0d:bd:86:c3:a7:97:
                    e3:f8:9d:1b:d6:91:38:5e:49:e7:d3:5f:af:ab:64:
                    b6:bf:ca:8e:48:ca:1f:af:dc:33:55:49:a4:66:9c:
                    2d:1d:83:36:ab:17:fb:6e:62:28:4e:78:c1:c6:71:
                    6b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:90:70:D7:16:88:B3:D8:09:24:6D:C5:22:D4:17:ED:73:BC:31:2C
            X509v3 Authority Key Identifier:
                keyid:07:7A:0F:B9:9E:52:AE:4F:A1:D6:6F:AA:D9:3F:42:E6:D0:78:86:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B3oPuZ5Srk-h1m-q2T9C5tB4hqY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/d3e9bd-446b-4116-8453-d467cc6e7d8f/1/V5Bw1xaIs9gJJG3FItQX7XO8MSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/d3e9bd-446b-4116-8453-d467cc6e7d8f/1/B3oPuZ5Srk-h1m-q2T9C5tB4hqY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.70.56.0/22
                IPv6:
                  2a03:34a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:63:96:ae:81:68:c2:aa:cf:ad:be:d4:d7:a6:fa:bd:4f:0f:
         37:40:65:9d:09:9d:da:4c:c0:18:93:91:d5:75:b7:14:94:54:
         08:d8:26:d9:23:6c:8f:a4:b8:42:1d:59:aa:3c:17:58:d7:4c:
         73:71:f2:9f:e5:03:78:d8:9d:15:b5:12:0a:8b:80:ef:e2:59:
         74:e7:67:bf:19:c0:f8:c4:2e:e5:1f:2d:c0:1b:68:98:40:b8:
         ba:04:c9:47:96:9a:ba:1a:b7:17:fd:24:91:ad:61:33:95:b3:
         c8:48:fe:5e:56:20:7c:b7:b7:4d:7a:af:c1:3a:40:d0:bf:89:
         21:91:05:76:7e:0b:b7:37:ad:7e:f2:f1:9a:45:69:34:b2:7f:
         17:41:22:e1:8e:72:de:3c:61:24:92:88:ab:38:a8:a4:52:94:
         38:d2:ef:e9:a4:d3:b8:4c:50:36:6e:13:f8:38:61:7d:f1:0b:
         b9:29:18:ea:11:3e:73:2d:51:ba:ed:52:be:4e:72:a7:ba:94:
         42:90:9e:00:ed:18:45:76:7b:d2:32:89:5b:6b:2d:34:de:13:
         a3:01:4d:bd:4e:95:8b:b9:a8:a7:68:76:e7:d7:35:f5:e7:7a:
         32:a8:17:9f:2d:b2:7f:34:30:51:b5:19:65:6c:27:19:d2:fc:
         94:df:81:61
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTdgR2s1Ar2zVFGjgydgFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3N2EwZmI5OWU1MmFlNGZhMWQ2NmZhYWQ5M2Y0MmU2ZDA3
ODg2YTYwHhcNMjQwMTAyMDgzMjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzkwNzBkNzE2ODhiM2Q4MDkyNDZkYzUyMmQ0MTdlZDczYmMzMTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJld6e27RXoZknWRxzmUDdgWcEMp
1G/f136Dv10wqXYO4k/QfbXNls7C6iGY3YzP7JfcZvYg2VH4hj9ZSuqXigx8eCp4
LnSsRYEVJWIXhRbCKHBP9DFpLfEuiSDZFhWbVnjYYqcD66Q6IAB8cuM1Ptjd/OHQ
iVGNIR5ozqJi0MzF2Z8kS6TddLlyEPdKRgPvTcmUlP7WAXRY8IAXEAf0D55Wu4lb
j6Q9V44jwCPAr1ErhGIbFXihXDUbDaFq7RLAO+eN+CWWQvqjeocNvYbDp5fj+J0b
1pE4Xknn01+vq2S2v8qOSMofr9wzVUmkZpwtHYM2qxf7bmIoTnjBxnFr8wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFeQcNcWiLPYCSRtxSLUF+1zvDEsMB8GA1UdIwQY
MBaAFAd6D7meUq5PodZvqtk/QubQeIamMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjNvUHVaNVNyay1oMW0tcTJUOUM1dEI0aHFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9kM2U5YmQtNDQ2Yi00MTE2LTg0NTMt
ZDQ2N2NjNmU3ZDhmLzEvVjVCdzF4YUlzOWdKSkczRkl0UVg3WE84TVN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9kM2U5YmQtNDQ2Yi00MTE2LTg0NTMtZDQ2N2NjNmU3ZDhm
LzEvQjNvUHVaNVNyay1oMW0tcTJUOUM1dEI0aHFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUY4MA0E
AgACMAcDBQAqAzSgMA0GCSqGSIb3DQEBCwUAA4IBAQAGY5augWjCqs+tvtTXpvq9
Tw83QGWdCZ3aTMAYk5HVdbcUlFQI2CbZI2yPpLhCHVmqPBdY10xzcfKf5QN42J0V
tRIKi4Dv4ll052e/GcD4xC7lHy3AG2iYQLi6BMlHlpq6GrcX/SSRrWEzlbPISP5e
ViB8t7dNeq/BOkDQv4khkQV2fgu3N61+8vGaRWk0sn8XQSLhjnLePGEkkoirOKik
UpQ40u/ppNO4TFA2bhP4OGF98Qu5KRjqET5zLVG67VK+TnKnupRCkJ4A7RhFdnvS
Molbay003hOjAU29TpWLuainaHbn1zX153oyqBefLbJ/NDBRtRllbCcZ0vyU34Fh
-----END CERTIFICATE-----