Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/D4-_NyM3vwkXYlu-mJ9EwymWROo.roa
File:                     D4-_NyM3vwkXYlu-mJ9EwymWROo.roa (raw, json)
Hash identifier:          jmfn8sb8ov8NeJ0KfbubQ1wvTdk/ufMjoTE9s0yWgsE=
Subject key identifier:   0F:8F:BF:37:23:37:BF:09:17:62:5B:BE:98:9F:44:C3:29:96:44:EA
Certificate issuer:       /CN=bcce590711ae7fcb016eeb7376b0a7fc7661cb13
Certificate serial:       01942144625898320C60F4C49C446758399F
Authority key identifier: BC:CE:59:07:11:AE:7F:CB:01:6E:EB:73:76:B0:A7:FC:76:61:CB:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/D4-_NyM3vwkXYlu-mJ9EwymWROo.roa
Signing time:             Wed 01 Jan 2025 09:48:37 +0000
ROA not before:           Wed 01 Jan 2025 09:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3356
IP address blocks:        185.34.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 14:35:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:62:58:98:32:0c:60:f4:c4:9c:44:67:58:39:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcce590711ae7fcb016eeb7376b0a7fc7661cb13
        Validity
            Not Before: Jan  1 09:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f8fbf372337bf0917625bbe989f44c3299644ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:98:9c:63:2f:b9:0c:88:a0:59:ab:ee:3b:ef:
                    0c:e2:fb:39:6a:18:fd:e9:41:29:36:ab:32:2e:2e:
                    71:a6:05:c1:31:13:62:8f:fc:89:1a:f2:78:54:32:
                    ea:c7:0e:e4:15:1a:6b:8a:4e:78:58:d6:e1:37:94:
                    d3:f1:43:49:b5:33:09:19:f2:e5:e9:9c:c7:2f:0d:
                    51:57:74:78:33:c6:40:f9:6c:60:0b:49:1a:52:07:
                    46:a0:00:b8:f2:2b:b4:28:1b:78:7a:84:37:cc:b0:
                    56:0d:15:95:04:2b:9b:66:6d:53:e4:c3:f3:fb:e2:
                    f6:1a:e6:45:2d:f2:f3:a0:46:66:6d:c4:85:4f:c2:
                    55:b7:5d:85:ed:b8:e3:4a:cd:7f:aa:01:20:21:bc:
                    ae:b0:20:66:43:59:40:5c:69:67:1a:70:71:76:c6:
                    01:4a:52:70:35:5f:65:6f:13:64:11:f4:72:58:80:
                    04:04:6d:38:cc:e7:9a:bb:1e:94:4e:01:0c:ea:22:
                    07:33:12:68:5a:5c:be:c0:e5:8a:5d:64:7a:ab:9e:
                    c4:f2:26:c5:c4:63:00:27:af:6b:01:56:20:81:0d:
                    1c:fc:10:65:06:49:39:35:ea:99:44:42:82:b7:e2:
                    49:23:38:ff:17:92:d9:e9:db:9a:a7:bd:77:b4:59:
                    35:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:8F:BF:37:23:37:BF:09:17:62:5B:BE:98:9F:44:C3:29:96:44:EA
            X509v3 Authority Key Identifier:
                keyid:BC:CE:59:07:11:AE:7F:CB:01:6E:EB:73:76:B0:A7:FC:76:61:CB:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/D4-_NyM3vwkXYlu-mJ9EwymWROo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:25:e8:28:67:f9:59:c7:15:73:8d:cb:60:18:5f:43:b0:46:
         1f:46:01:d7:0d:e4:ce:84:11:7b:75:1d:d6:68:a5:59:40:d9:
         ad:f1:e2:40:af:32:42:6e:c8:53:73:42:3d:8c:e5:de:27:c8:
         49:a5:66:91:3c:0e:23:b9:21:c8:34:04:a2:ca:34:f6:35:43:
         30:5b:d6:ac:8f:e1:7f:0c:a3:5a:71:2a:33:20:30:58:45:83:
         e5:ff:0f:33:7f:14:63:f0:9d:eb:10:3e:9b:da:44:1c:40:ec:
         4f:f5:40:63:aa:12:e8:a4:10:fb:2c:21:28:8a:b3:f4:23:cd:
         f2:b5:ba:ba:09:98:54:d9:6e:3f:e0:5d:5f:d0:ef:09:10:1f:
         b2:26:11:60:8b:5c:af:c2:fb:82:c9:4c:b1:74:74:40:25:48:
         aa:97:2a:86:05:58:f7:12:db:f7:92:06:11:ef:74:ac:c3:4c:
         65:5c:70:44:22:f5:01:38:bf:a0:e6:04:a3:1f:84:63:bf:25:
         be:00:bc:ac:1d:9d:0b:30:ce:01:6e:ce:42:8b:d7:ed:c4:2a:
         6c:01:04:c6:35:10:28:a3:20:ba:74:93:c1:6a:63:55:7d:76:
         93:f5:62:7d:4b:7e:77:70:7a:83:67:e8:95:d8:b3:26:01:52:
         1c:4d:9d:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRGJYmDIMYPTEnERnWDmfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjY2U1OTA3MTFhZTdmY2IwMTZlZWI3Mzc2YjBhN2ZjNzY2
MWNiMTMwHhcNMjUwMTAxMDk0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjhmYmYzNzIzMzdiZjA5MTc2MjViYmU5ODlmNDRjMzI5OTY0NGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZicYy+5DIigWavuO+8M4vs5ahj9
6UEpNqsyLi5xpgXBMRNij/yJGvJ4VDLqxw7kFRprik54WNbhN5TT8UNJtTMJGfLl
6ZzHLw1RV3R4M8ZA+WxgC0kaUgdGoAC48iu0KBt4eoQ3zLBWDRWVBCubZm1T5MPz
++L2GuZFLfLzoEZmbcSFT8JVt12F7bjjSs1/qgEgIbyusCBmQ1lAXGlnGnBxdsYB
SlJwNV9lbxNkEfRyWIAEBG04zOeaux6UTgEM6iIHMxJoWly+wOWKXWR6q57E8ibF
xGMAJ69rAVYggQ0c/BBlBkk5NeqZREKCt+JJIzj/F5LZ6duap713tFk10QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+PvzcjN78JF2JbvpifRMMplkTqMB8GA1UdIwQY
MBaAFLzOWQcRrn/LAW7rc3awp/x2YcsTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdk01WkJ4R3VmOHNCYnV0emRyQ25fSFpoeXhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9hYzZiOTEtZWRhZi00NDg2LTkzNGUt
MDVkYjQ5N2FjNDU1LzEvRDQtX055TTN2d2tYWWx1LW1KOUV3eW1XUk9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9hYzZiOTEtZWRhZi00NDg2LTkzNGUtMDVkYjQ5N2FjNDU1
LzEvdk01WkJ4R3VmOHNCYnV0emRyQ25fSFpoeXhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSI4MA0G
CSqGSIb3DQEBCwUAA4IBAQBAJegoZ/lZxxVzjctgGF9DsEYfRgHXDeTOhBF7dR3W
aKVZQNmt8eJArzJCbshTc0I9jOXeJ8hJpWaRPA4juSHINASiyjT2NUMwW9asj+F/
DKNacSozIDBYRYPl/w8zfxRj8J3rED6b2kQcQOxP9UBjqhLopBD7LCEoirP0I83y
tbq6CZhU2W4/4F1f0O8JEB+yJhFgi1yvwvuCyUyxdHRAJUiqlyqGBVj3Etv3kgYR
73Ssw0xlXHBEIvUBOL+g5gSjH4RjvyW+ALysHZ0LMM4Bbs5Ci9ftxCpsAQTGNRAo
oyC6dJPBamNVfXaT9WJ9S353cHqDZ+iV2LMmAVIcTZ0U
-----END CERTIFICATE-----