Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/9e0f5e-8141-43c9-8f44-33ebab24bbb3/1/bX64W_nw3K7UOxSGi1PH7E2A9Do.roa
File:                     bX64W_nw3K7UOxSGi1PH7E2A9Do.roa (raw, json)
Hash identifier:          TbYYcmiTvHbWnJltsj7xN2uxBGGy53ILLrI80ioCBg4=
Subject key identifier:   6D:7E:B8:5B:F9:F0:DC:AE:D4:3B:14:86:8B:53:C7:EC:4D:80:F4:3A
Certificate issuer:       /CN=bb7d379c04f8175b35ef673d76c68e44c70e833f
Certificate serial:       018CC8DEADD3557A99BF1F1DF867FFB04826
Authority key identifier: BB:7D:37:9C:04:F8:17:5B:35:EF:67:3D:76:C6:8E:44:C7:0E:83:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u303nAT4F1s172c9dsaORMcOgz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/9e0f5e-8141-43c9-8f44-33ebab24bbb3/1/bX64W_nw3K7UOxSGi1PH7E2A9Do.roa
Signing time:             Tue 02 Jan 2024 06:31:25 +0000
ROA not before:           Tue 02 Jan 2024 06:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35336
IP address blocks:        2.56.40.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/9e0f5e-8141-43c9-8f44-33ebab24bbb3/1/u303nAT4F1s172c9dsaORMcOgz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/9e0f5e-8141-43c9-8f44-33ebab24bbb3/1/u303nAT4F1s172c9dsaORMcOgz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u303nAT4F1s172c9dsaORMcOgz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ad:d3:55:7a:99:bf:1f:1d:f8:67:ff:b0:48:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb7d379c04f8175b35ef673d76c68e44c70e833f
        Validity
            Not Before: Jan  2 06:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d7eb85bf9f0dcaed43b14868b53c7ec4d80f43a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:cf:d8:43:e7:e2:49:c0:e3:5f:87:6a:cf:09:
                    70:ea:59:e0:5e:3f:56:e5:51:82:29:ef:5d:47:6b:
                    ba:89:3c:d6:92:09:e1:06:27:5c:2e:77:37:58:0c:
                    cc:8a:cf:d0:d7:1c:e4:5b:bd:e6:ce:23:bf:6d:56:
                    49:ab:6c:da:94:2b:07:3c:67:da:dd:db:62:fe:96:
                    e8:c1:5f:8f:e3:c6:55:a7:d3:7f:8c:96:20:19:af:
                    91:7f:54:27:6c:3c:83:df:4a:95:40:24:df:ca:48:
                    63:80:ef:79:f4:68:d5:5c:37:cf:46:ab:3e:38:88:
                    df:aa:44:8f:da:81:4f:e5:b5:3b:6c:88:41:47:64:
                    3a:78:b2:80:9e:14:24:d5:f3:09:c6:8b:87:50:2b:
                    96:e2:06:75:70:67:8d:49:23:05:72:55:40:eb:f5:
                    7c:a1:fa:01:6e:1f:91:e1:09:45:04:64:81:dd:7c:
                    4d:aa:a6:38:0c:2c:ee:9b:74:3d:6d:00:b9:d0:d1:
                    df:bd:6a:11:a4:5b:22:7a:9b:5f:5e:41:98:8a:15:
                    b4:25:b3:27:9c:08:88:8b:a5:42:60:91:dc:e8:81:
                    c2:fc:d8:7b:52:39:f1:db:4c:6c:ad:c5:f8:88:c3:
                    8f:6f:56:6a:44:47:3f:13:7a:57:b1:8b:ca:bf:c5:
                    fb:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:7E:B8:5B:F9:F0:DC:AE:D4:3B:14:86:8B:53:C7:EC:4D:80:F4:3A
            X509v3 Authority Key Identifier:
                keyid:BB:7D:37:9C:04:F8:17:5B:35:EF:67:3D:76:C6:8E:44:C7:0E:83:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u303nAT4F1s172c9dsaORMcOgz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/9e0f5e-8141-43c9-8f44-33ebab24bbb3/1/bX64W_nw3K7UOxSGi1PH7E2A9Do.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/9e0f5e-8141-43c9-8f44-33ebab24bbb3/1/u303nAT4F1s172c9dsaORMcOgz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:4f:7a:67:7f:e0:3f:f4:e1:d4:c2:1b:a7:b9:d9:5a:8b:bd:
         ff:45:11:b0:4c:e5:ef:41:5b:9c:bf:c1:4b:90:4d:d3:70:0f:
         3e:5d:0a:87:51:ac:6a:53:41:44:7c:52:22:0f:1d:a4:23:60:
         38:3a:b9:f9:5b:3c:8a:d0:60:42:46:21:aa:66:5c:62:65:4d:
         cd:fc:78:96:bc:b6:4e:41:96:b3:f8:f0:48:88:ae:24:7f:77:
         9e:82:66:c9:a1:69:85:78:f9:90:2e:63:51:c6:db:2b:4b:71:
         8f:de:21:25:2f:ca:47:c4:34:3b:84:7a:c5:b7:22:a3:0a:58:
         26:c5:45:95:80:ff:74:9f:75:ba:9a:29:a6:e7:bb:04:d3:c1:
         0c:83:51:f5:ee:47:ad:80:7e:23:8b:a1:18:fa:dd:dd:bb:85:
         4b:aa:98:67:32:90:d8:0a:bd:d3:76:ff:b6:72:4f:1b:ea:d2:
         9d:77:89:0b:ad:55:71:6e:c3:f9:6e:3b:fd:c2:70:ae:f7:1b:
         26:cd:b7:f0:8c:fd:8d:8d:36:ca:fc:d2:d9:2c:d7:27:2b:7b:
         65:32:6f:12:4f:ad:e0:a5:da:68:49:ff:ce:f2:02:84:ba:a2:
         73:f6:36:70:60:57:0c:fb:98:f5:58:21:bf:d9:65:83:94:6a:
         fa:08:a3:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3q3TVXqZvx8d+Gf/sEgmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiN2QzNzljMDRmODE3NWIzNWVmNjczZDc2YzY4ZTQ0Yzcw
ZTgzM2YwHhcNMjQwMTAyMDYzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDdlYjg1YmY5ZjBkY2FlZDQzYjE0ODY4YjUzYzdlYzRkODBmNDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAic/YQ+fiScDjX4dqzwlw6lngXj9W
5VGCKe9dR2u6iTzWkgnhBidcLnc3WAzMis/Q1xzkW73mziO/bVZJq2zalCsHPGfa
3dti/pbowV+P48ZVp9N/jJYgGa+Rf1QnbDyD30qVQCTfykhjgO959GjVXDfPRqs+
OIjfqkSP2oFP5bU7bIhBR2Q6eLKAnhQk1fMJxouHUCuW4gZ1cGeNSSMFclVA6/V8
ofoBbh+R4QlFBGSB3XxNqqY4DCzum3Q9bQC50NHfvWoRpFsieptfXkGYihW0JbMn
nAiIi6VCYJHc6IHC/Nh7Ujnx20xsrcX4iMOPb1ZqREc/E3pXsYvKv8X7cQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG1+uFv58Nyu1DsUhotTx+xNgPQ6MB8GA1UdIwQY
MBaAFLt9N5wE+BdbNe9nPXbGjkTHDoM/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTMwM25BVDRGMXMxNzJjOWRzYU9STWNPZ3o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy85ZTBmNWUtODE0MS00M2M5LThmNDQt
MzNlYmFiMjRiYmIzLzEvYlg2NFdfbnczSzdVT3hTR2kxUEg3RTJBOURvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy85ZTBmNWUtODE0MS00M2M5LThmNDQtMzNlYmFiMjRiYmIz
LzEvdTMwM25BVDRGMXMxNzJjOWRzYU9STWNPZ3o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAjgoMA0G
CSqGSIb3DQEBCwUAA4IBAQAiT3pnf+A/9OHUwhunudlai73/RRGwTOXvQVucv8FL
kE3TcA8+XQqHUaxqU0FEfFIiDx2kI2A4Orn5WzyK0GBCRiGqZlxiZU3N/HiWvLZO
QZaz+PBIiK4kf3eegmbJoWmFePmQLmNRxtsrS3GP3iElL8pHxDQ7hHrFtyKjClgm
xUWVgP90n3W6mimm57sE08EMg1H17ketgH4ji6EY+t3du4VLqphnMpDYCr3Tdv+2
ck8b6tKdd4kLrVVxbsP5bjv9wnCu9xsmzbfwjP2NjTbK/NLZLNcnK3tlMm8ST63g
pdpoSf/O8gKEuqJz9jZwYFcM+5j1WCG/2WWDlGr6CKNp
-----END CERTIFICATE-----