Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/eiFZQnQ6-3pj7EE5dde5H5phbUk.roa
File:                     eiFZQnQ6-3pj7EE5dde5H5phbUk.roa (raw, json)
Hash identifier:          vbSznmrNgVADNKBzVSeh0jfqyuaTzTDXf/WuguSGs6M=
Subject key identifier:   7A:21:59:42:74:3A:FB:7A:63:EC:41:39:75:D7:B9:1F:9A:61:6D:49
Certificate issuer:       /CN=bcce590711ae7fcb016eeb7376b0a7fc7661cb13
Certificate serial:       018CC801CFCBD53DD975C7ABDD45D08A97B5
Authority key identifier: BC:CE:59:07:11:AE:7F:CB:01:6E:EB:73:76:B0:A7:FC:76:61:CB:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/eiFZQnQ6-3pj7EE5dde5H5phbUk.roa
Signing time:             Tue 02 Jan 2024 02:30:11 +0000
ROA not before:           Tue 02 Jan 2024 02:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        185.34.56.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:03:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:cf:cb:d5:3d:d9:75:c7:ab:dd:45:d0:8a:97:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcce590711ae7fcb016eeb7376b0a7fc7661cb13
        Validity
            Not Before: Jan  2 02:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a215942743afb7a63ec413975d7b91f9a616d49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:5c:47:be:c8:8b:6c:56:24:73:c2:fa:2d:2f:
                    6d:ac:9b:f3:7e:6e:9b:cc:30:e4:ee:ce:62:e2:5c:
                    40:57:bc:fa:56:d5:b7:41:b3:fd:76:29:a6:96:b2:
                    5e:53:52:ff:c8:cd:34:72:70:c3:5b:6e:a9:00:dc:
                    69:d3:23:1e:53:e6:29:77:29:e2:83:55:6f:bf:f4:
                    00:43:96:a7:b6:b9:b2:e4:26:0e:14:7d:b7:0e:85:
                    f1:3d:a8:ea:ba:78:78:de:c6:52:30:5e:d0:5c:11:
                    59:cd:22:47:b3:aa:aa:94:23:c3:84:0e:c0:86:8a:
                    1d:83:19:86:13:c4:c6:7f:61:9f:24:6b:94:59:9b:
                    48:f6:b7:07:7c:0e:f7:95:c6:c3:2c:3b:5a:b1:2a:
                    fd:87:ff:dc:63:7d:76:14:9e:64:f4:0c:0f:0c:77:
                    6b:d9:e0:b6:aa:f8:e7:f9:34:0f:0c:8e:2f:73:45:
                    98:40:98:72:37:d3:a1:c7:2b:ca:80:26:fe:ed:3a:
                    44:71:db:9a:95:d3:b7:be:39:17:c4:25:db:17:f8:
                    74:6a:2b:f0:ea:27:6c:ac:89:d9:5f:a1:24:21:76:
                    94:de:01:22:ad:30:ee:1c:e9:90:bc:b8:b6:c6:0c:
                    02:8b:f0:79:1d:8b:2e:1c:0a:ec:e6:bf:a7:62:e0:
                    a8:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:21:59:42:74:3A:FB:7A:63:EC:41:39:75:D7:B9:1F:9A:61:6D:49
            X509v3 Authority Key Identifier:
                keyid:BC:CE:59:07:11:AE:7F:CB:01:6E:EB:73:76:B0:A7:FC:76:61:CB:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/eiFZQnQ6-3pj7EE5dde5H5phbUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:b3:fb:ee:bc:f6:87:1a:0f:1b:7d:45:50:1a:ef:7c:f4:6b:
         f9:69:3c:52:77:ae:3d:bb:39:6d:aa:f9:bb:fd:2e:0c:74:08:
         81:ea:4e:5b:a3:ae:50:aa:1d:3a:7d:25:44:50:c3:b0:fb:32:
         37:bc:1f:56:1a:37:e9:95:39:2c:75:2d:66:85:8e:f2:c8:8f:
         cd:86:e7:17:54:c5:e0:99:70:14:ae:a4:56:32:cf:30:2f:c1:
         11:fa:3b:29:de:37:f3:b3:4b:96:32:10:5d:f4:4f:bc:70:c6:
         fe:bb:58:39:07:2e:c3:b1:41:14:5b:18:28:13:63:87:32:01:
         e1:bc:15:87:01:67:89:e5:a4:6f:88:07:d9:57:09:67:b7:53:
         f0:8a:59:2a:57:62:db:3d:76:cc:aa:5a:ba:29:84:60:42:62:
         72:aa:17:0c:f9:cf:18:17:0e:15:3e:60:aa:d3:25:f2:13:fc:
         ba:22:d2:71:88:92:4f:65:eb:ec:7d:ff:48:5a:0c:cb:69:93:
         2a:07:43:2c:93:98:1e:aa:bc:ea:c5:9c:98:33:a4:71:92:52:
         41:8f:c0:49:fd:12:2e:95:08:c9:fe:7e:70:45:c4:f4:ad:77:
         54:02:07:3c:f0:88:2f:52:3c:c0:df:ed:4c:62:98:06:74:38:
         15:d3:70:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAc/L1T3Zdcer3UXQipe1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjY2U1OTA3MTFhZTdmY2IwMTZlZWI3Mzc2YjBhN2ZjNzY2
MWNiMTMwHhcNMjQwMTAyMDIzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTIxNTk0Mjc0M2FmYjdhNjNlYzQxMzk3NWQ3YjkxZjlhNjE2ZDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAllxHvsiLbFYkc8L6LS9trJvzfm6b
zDDk7s5i4lxAV7z6VtW3QbP9dimmlrJeU1L/yM00cnDDW26pANxp0yMeU+Ypdyni
g1Vvv/QAQ5antrmy5CYOFH23DoXxPajqunh43sZSMF7QXBFZzSJHs6qqlCPDhA7A
hoodgxmGE8TGf2GfJGuUWZtI9rcHfA73lcbDLDtasSr9h//cY312FJ5k9AwPDHdr
2eC2qvjn+TQPDI4vc0WYQJhyN9OhxyvKgCb+7TpEcdualdO3vjkXxCXbF/h0aivw
6idsrInZX6EkIXaU3gEirTDuHOmQvLi2xgwCi/B5HYsuHArs5r+nYuCoGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHohWUJ0Ovt6Y+xBOXXXuR+aYW1JMB8GA1UdIwQY
MBaAFLzOWQcRrn/LAW7rc3awp/x2YcsTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdk01WkJ4R3VmOHNCYnV0emRyQ25fSFpoeXhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9hYzZiOTEtZWRhZi00NDg2LTkzNGUt
MDVkYjQ5N2FjNDU1LzEvZWlGWlFuUTYtM3BqN0VFNWRkZTVINXBoYlVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9hYzZiOTEtZWRhZi00NDg2LTkzNGUtMDVkYjQ5N2FjNDU1
LzEvdk01WkJ4R3VmOHNCYnV0emRyQ25fSFpoeXhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSI4MA0G
CSqGSIb3DQEBCwUAA4IBAQCbs/vuvPaHGg8bfUVQGu989Gv5aTxSd649uzltqvm7
/S4MdAiB6k5bo65Qqh06fSVEUMOw+zI3vB9WGjfplTksdS1mhY7yyI/NhucXVMXg
mXAUrqRWMs8wL8ER+jsp3jfzs0uWMhBd9E+8cMb+u1g5By7DsUEUWxgoE2OHMgHh
vBWHAWeJ5aRviAfZVwlnt1PwilkqV2LbPXbMqlq6KYRgQmJyqhcM+c8YFw4VPmCq
0yXyE/y6ItJxiJJPZevsff9IWgzLaZMqB0Msk5geqrzqxZyYM6RxklJBj8BJ/RIu
lQjJ/n5wRcT0rXdUAgc88IgvUjzA3+1MYpgGdDgV03AF
-----END CERTIFICATE-----