Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/3dde8d-bc09-47eb-8b5e-d9b72ed7cb4d/1/P1BkrAeQScgfG1fKK0n01ie_UdE.roa
File:                     P1BkrAeQScgfG1fKK0n01ie_UdE.roa (raw, json)
Hash identifier:          xrd3lFjr5hprEBSwZmI2HYcYMl7RXwUuNhB3QmiOFHQ=
Subject key identifier:   3F:50:64:AC:07:90:49:C8:1F:1B:57:CA:2B:49:F4:D6:27:BF:51:D1
Certificate issuer:       /CN=e79ef19c273deded19cef6b36839b3ceb01edefd
Certificate serial:       018CC86EFDCA86A43E970DADC1391979E652
Authority key identifier: E7:9E:F1:9C:27:3D:ED:ED:19:CE:F6:B3:68:39:B3:CE:B0:1E:DE:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/557xnCc97e0ZzvazaDmzzrAe3v0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/3dde8d-bc09-47eb-8b5e-d9b72ed7cb4d/1/P1BkrAeQScgfG1fKK0n01ie_UdE.roa
Signing time:             Tue 02 Jan 2024 04:29:26 +0000
ROA not before:           Tue 02 Jan 2024 04:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209232
IP address blocks:        2.56.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/3dde8d-bc09-47eb-8b5e-d9b72ed7cb4d/1/557xnCc97e0ZzvazaDmzzrAe3v0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/3dde8d-bc09-47eb-8b5e-d9b72ed7cb4d/1/557xnCc97e0ZzvazaDmzzrAe3v0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/557xnCc97e0ZzvazaDmzzrAe3v0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 07:02:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:fd:ca:86:a4:3e:97:0d:ad:c1:39:19:79:e6:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e79ef19c273deded19cef6b36839b3ceb01edefd
        Validity
            Not Before: Jan  2 04:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f5064ac079049c81f1b57ca2b49f4d627bf51d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:5a:b5:6a:e7:96:ce:c1:bc:84:3e:30:f3:96:
                    48:71:95:14:7b:94:55:5d:80:79:83:57:54:98:31:
                    3d:c2:a1:fd:ae:89:28:be:ce:bd:00:00:0d:49:ff:
                    3d:7b:ef:44:73:2d:ec:60:06:22:95:51:44:f0:8c:
                    27:62:38:76:64:13:6a:f8:c5:4f:f4:a4:b5:38:bf:
                    99:5f:a2:95:0e:5d:9a:35:41:17:66:e6:84:40:dd:
                    94:9d:83:c6:33:42:b0:8b:85:b9:4b:9f:b1:de:99:
                    1d:e8:fe:d5:ee:e4:e8:0c:d9:e8:dd:8e:1a:62:66:
                    06:dd:c0:b7:a6:4e:39:c0:6c:bd:f7:a2:d9:1c:9f:
                    5d:26:74:d6:9b:7c:48:20:1a:67:91:ba:8f:31:c5:
                    86:51:e0:88:4d:97:29:6d:1b:c6:31:63:72:8d:a7:
                    92:36:97:cf:b5:cb:be:0e:81:8a:f3:79:01:01:8d:
                    40:8a:f5:22:86:94:2e:4b:15:47:7c:56:aa:55:33:
                    db:f3:63:f3:ae:63:49:5c:5b:ed:03:4b:b8:5d:c1:
                    c8:10:cc:a5:e5:e7:89:c2:7b:00:9d:c0:22:0a:55:
                    e9:85:1f:fe:5c:31:97:45:f1:de:93:9d:b9:b7:a9:
                    ca:be:cd:65:e4:75:ce:bd:c6:d4:1d:69:e9:51:06:
                    72:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:50:64:AC:07:90:49:C8:1F:1B:57:CA:2B:49:F4:D6:27:BF:51:D1
            X509v3 Authority Key Identifier:
                keyid:E7:9E:F1:9C:27:3D:ED:ED:19:CE:F6:B3:68:39:B3:CE:B0:1E:DE:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/557xnCc97e0ZzvazaDmzzrAe3v0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3dde8d-bc09-47eb-8b5e-d9b72ed7cb4d/1/P1BkrAeQScgfG1fKK0n01ie_UdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3dde8d-bc09-47eb-8b5e-d9b72ed7cb4d/1/557xnCc97e0ZzvazaDmzzrAe3v0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:5d:b7:38:e3:13:1f:05:5b:c4:3d:09:dd:63:81:ac:ce:a3:
         e1:7e:f3:7a:0b:bd:7f:bc:bd:f2:21:a0:5e:bd:18:90:1a:f3:
         0a:13:28:84:8b:a7:65:7e:02:2b:ab:4b:4b:7c:8a:b6:13:12:
         b0:bf:68:7a:ce:85:0e:a4:25:75:d9:82:9c:b8:ac:11:9d:73:
         a3:e4:0f:17:cf:9f:7e:5b:a6:ba:e9:1b:38:23:f3:d8:f0:38:
         df:ba:cd:07:1b:59:73:27:3b:15:b8:59:bf:90:29:58:9a:14:
         ce:7b:2d:d0:67:f0:b8:0b:54:a1:d1:0b:bc:5d:e9:2e:e6:fa:
         a4:2f:3c:89:0d:37:4c:9c:60:24:44:24:6c:3b:a5:d4:cb:4a:
         2e:90:4f:b1:94:b7:dd:89:36:6b:61:fc:bc:2a:42:21:41:75:
         8a:5a:a1:af:65:c9:3a:a4:69:18:14:70:0f:82:aa:b7:3d:b2:
         9b:78:43:06:11:ff:5f:d7:b0:ee:3d:ff:37:f4:77:23:ca:c4:
         f3:4a:44:0f:d9:ce:23:db:20:b9:08:c2:44:ed:4d:10:46:df:
         f2:5f:48:43:b9:43:37:2f:e1:ec:12:bf:e1:08:bd:58:88:9c:
         9b:9e:18:db:e3:68:39:c8:c2:14:44:8b:0e:5d:8e:cb:c6:fe:
         24:21:01:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbv3KhqQ+lw2twTkZeeZSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3OWVmMTljMjczZGVkZWQxOWNlZjZiMzY4MzliM2NlYjAx
ZWRlZmQwHhcNMjQwMTAyMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjUwNjRhYzA3OTA0OWM4MWYxYjU3Y2EyYjQ5ZjRkNjI3YmY1MWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1q1aueWzsG8hD4w85ZIcZUUe5RV
XYB5g1dUmDE9wqH9rokovs69AAANSf89e+9Ecy3sYAYilVFE8IwnYjh2ZBNq+MVP
9KS1OL+ZX6KVDl2aNUEXZuaEQN2UnYPGM0Kwi4W5S5+x3pkd6P7V7uToDNno3Y4a
YmYG3cC3pk45wGy996LZHJ9dJnTWm3xIIBpnkbqPMcWGUeCITZcpbRvGMWNyjaeS
NpfPtcu+DoGK83kBAY1AivUihpQuSxVHfFaqVTPb82PzrmNJXFvtA0u4XcHIEMyl
5eeJwnsAncAiClXphR/+XDGXRfHek525t6nKvs1l5HXOvcbUHWnpUQZyTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9QZKwHkEnIHxtXyitJ9NYnv1HRMB8GA1UdIwQY
MBaAFOee8ZwnPe3tGc72s2g5s86wHt79MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTU3eG5DYzk3ZTBaenZhemFEbXp6ckFlM3YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8zZGRlOGQtYmMwOS00N2ViLThiNWUt
ZDliNzJlZDdjYjRkLzEvUDFCa3JBZVFTY2dmRzFmS0swbjAxaWVfVWRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8zZGRlOGQtYmMwOS00N2ViLThiNWUtZDliNzJlZDdjYjRk
LzEvNTU3eG5DYzk3ZTBaenZhemFEbXp6ckFlM3YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjiEMA0G
CSqGSIb3DQEBCwUAA4IBAQA8Xbc44xMfBVvEPQndY4GszqPhfvN6C71/vL3yIaBe
vRiQGvMKEyiEi6dlfgIrq0tLfIq2ExKwv2h6zoUOpCV12YKcuKwRnXOj5A8Xz59+
W6a66Rs4I/PY8Djfus0HG1lzJzsVuFm/kClYmhTOey3QZ/C4C1Sh0Qu8Xeku5vqk
LzyJDTdMnGAkRCRsO6XUy0oukE+xlLfdiTZrYfy8KkIhQXWKWqGvZck6pGkYFHAP
gqq3PbKbeEMGEf9f17DuPf839HcjysTzSkQP2c4j2yC5CMJE7U0QRt/yX0hDuUM3
L+HsEr/hCL1YiJybnhjb42g5yMIURIsOXY7Lxv4kIQH/
-----END CERTIFICATE-----