Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/d493cc-3254-4d95-bdee-1a23e15f3b84/1/N-sGtHWUcJ8IV8hXgz3ja5hxN2Y.roa
File:                     N-sGtHWUcJ8IV8hXgz3ja5hxN2Y.roa (raw, json)
Hash identifier:          ompp9JnE/tt3r2p7XF7IgrI3M5LEcc0jJRvkC2AHd+s=
Subject key identifier:   37:EB:06:B4:75:94:70:9F:08:57:C8:57:83:3D:E3:6B:98:71:37:66
Certificate issuer:       /CN=b56458576ba23921dd792dc0052f8f82867d627b
Certificate serial:       018CC94C11625B417D6A07B6CED6C4763916
Authority key identifier: B5:64:58:57:6B:A2:39:21:DD:79:2D:C0:05:2F:8F:82:86:7D:62:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tWRYV2uiOSHdeS3ABS-PgoZ9Yns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/d493cc-3254-4d95-bdee-1a23e15f3b84/1/N-sGtHWUcJ8IV8hXgz3ja5hxN2Y.roa
Signing time:             Tue 02 Jan 2024 08:30:54 +0000
ROA not before:           Tue 02 Jan 2024 08:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56509
IP address blocks:        185.217.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/d493cc-3254-4d95-bdee-1a23e15f3b84/1/tWRYV2uiOSHdeS3ABS-PgoZ9Yns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/d493cc-3254-4d95-bdee-1a23e15f3b84/1/tWRYV2uiOSHdeS3ABS-PgoZ9Yns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tWRYV2uiOSHdeS3ABS-PgoZ9Yns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:11:62:5b:41:7d:6a:07:b6:ce:d6:c4:76:39:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b56458576ba23921dd792dc0052f8f82867d627b
        Validity
            Not Before: Jan  2 08:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37eb06b47594709f0857c857833de36b98713766
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:da:01:cd:25:08:b6:c2:f7:02:4a:ee:a0:42:
                    9c:be:b3:2f:14:18:80:a5:f2:39:69:51:72:cf:ba:
                    55:8e:36:28:f8:57:44:a2:c9:2f:a6:1b:95:05:83:
                    0c:2c:3a:8f:a3:44:b1:6b:a2:8b:1a:f9:a6:2f:3b:
                    4e:da:2b:83:77:5c:b0:33:f7:4e:b8:a5:03:98:66:
                    6b:27:26:26:36:87:18:38:93:07:ac:36:c7:66:c0:
                    e3:61:11:c4:7d:da:3b:a9:d8:cf:97:4f:03:7f:31:
                    a1:8e:c1:3c:23:cb:35:dd:26:73:4b:73:ae:6c:2b:
                    42:36:d3:b5:88:af:4d:f4:31:24:b7:fe:b2:75:6a:
                    01:48:64:93:1d:ff:1c:e0:91:3d:37:6f:91:b4:5c:
                    f5:c3:ce:dd:45:31:42:60:16:22:b9:69:e8:73:3d:
                    61:88:d3:79:cf:0d:d0:f4:8a:b1:84:a3:6f:97:94:
                    b3:5e:0d:30:02:02:48:62:57:0d:f3:32:10:ac:79:
                    65:af:48:e1:9b:4c:b2:8d:57:91:22:d4:5f:ad:d6:
                    ac:df:52:a4:b0:fa:88:88:3d:14:44:35:42:17:67:
                    f7:eb:f6:ce:6f:f1:a7:ce:0c:ea:22:93:b5:61:64:
                    ac:cc:50:1a:2d:42:3e:5c:7b:4c:8c:1c:b8:25:1a:
                    6f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:EB:06:B4:75:94:70:9F:08:57:C8:57:83:3D:E3:6B:98:71:37:66
            X509v3 Authority Key Identifier:
                keyid:B5:64:58:57:6B:A2:39:21:DD:79:2D:C0:05:2F:8F:82:86:7D:62:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tWRYV2uiOSHdeS3ABS-PgoZ9Yns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/d493cc-3254-4d95-bdee-1a23e15f3b84/1/N-sGtHWUcJ8IV8hXgz3ja5hxN2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/d493cc-3254-4d95-bdee-1a23e15f3b84/1/tWRYV2uiOSHdeS3ABS-PgoZ9Yns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:8e:54:e8:22:88:8e:9a:8d:3b:9b:8a:68:1a:ac:8c:58:34:
         40:0a:a1:1e:c5:19:8b:76:7f:f4:03:62:12:4a:fc:c2:b5:fe:
         83:ff:96:2b:80:de:90:92:e3:35:81:33:c9:18:e3:06:23:e2:
         ba:f4:9d:d8:c3:ec:95:ba:b6:9d:62:36:a1:8e:15:ff:f8:31:
         9a:f6:14:3e:8f:89:80:28:ac:ba:a7:57:4d:0d:c9:bd:c0:1d:
         51:6a:ea:3c:b6:5d:40:b8:7e:e8:46:11:4d:af:66:18:3d:17:
         d2:f5:57:a0:ed:70:72:e6:aa:3b:a4:06:bb:dd:5a:f2:90:99:
         7a:02:9c:4c:b3:71:75:18:2f:7e:95:71:98:e0:32:9b:a3:a0:
         58:6a:a9:c4:9c:ac:de:b2:13:45:d5:fb:7e:b1:82:42:9c:d9:
         06:ed:75:24:93:c8:e4:03:89:e7:bd:41:53:ea:b0:6d:1d:df:
         33:d0:62:95:65:c9:51:7e:45:c5:27:56:6f:0c:b6:24:f7:d2:
         1a:e2:fc:c7:0e:b9:f9:ec:e0:d5:3c:70:86:ed:89:d9:fa:d4:
         78:6b:74:3d:0a:49:d0:03:b3:98:85:92:a7:f4:b3:7a:93:13:
         cd:ee:e6:46:bd:39:9a:ba:d5:dc:86:1c:fa:5b:c4:18:31:f9:
         f5:82:02:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTBFiW0F9age2ztbEdjkWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NjQ1ODU3NmJhMjM5MjFkZDc5MmRjMDA1MmY4ZjgyODY3
ZDYyN2IwHhcNMjQwMTAyMDgzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2ViMDZiNDc1OTQ3MDlmMDg1N2M4NTc4MzNkZTM2Yjk4NzEzNzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9oBzSUItsL3AkruoEKcvrMvFBiA
pfI5aVFyz7pVjjYo+FdEoskvphuVBYMMLDqPo0Sxa6KLGvmmLztO2iuDd1ywM/dO
uKUDmGZrJyYmNocYOJMHrDbHZsDjYRHEfdo7qdjPl08DfzGhjsE8I8s13SZzS3Ou
bCtCNtO1iK9N9DEkt/6ydWoBSGSTHf8c4JE9N2+RtFz1w87dRTFCYBYiuWnocz1h
iNN5zw3Q9IqxhKNvl5SzXg0wAgJIYlcN8zIQrHllr0jhm0yyjVeRItRfrdas31Kk
sPqIiD0URDVCF2f36/bOb/GnzgzqIpO1YWSszFAaLUI+XHtMjBy4JRpvBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDfrBrR1lHCfCFfIV4M942uYcTdmMB8GA1UdIwQY
MBaAFLVkWFdrojkh3XktwAUvj4KGfWJ7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFdSWVYydWlPU0hkZVMzQUJTLVBnb1o5WW5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9kNDkzY2MtMzI1NC00ZDk1LWJkZWUt
MWEyM2UxNWYzYjg0LzEvTi1zR3RIV1VjSjhJVjhoWGd6M2phNWh4TjJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9kNDkzY2MtMzI1NC00ZDk1LWJkZWUtMWEyM2UxNWYzYjg0
LzEvdFdSWVYydWlPU0hkZVMzQUJTLVBnb1o5WW5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudmkMA0G
CSqGSIb3DQEBCwUAA4IBAQCnjlToIoiOmo07m4poGqyMWDRACqEexRmLdn/0A2IS
SvzCtf6D/5YrgN6QkuM1gTPJGOMGI+K69J3Yw+yVuradYjahjhX/+DGa9hQ+j4mA
KKy6p1dNDcm9wB1Rauo8tl1AuH7oRhFNr2YYPRfS9Veg7XBy5qo7pAa73VrykJl6
ApxMs3F1GC9+lXGY4DKbo6BYaqnEnKzeshNF1ft+sYJCnNkG7XUkk8jkA4nnvUFT
6rBtHd8z0GKVZclRfkXFJ1ZvDLYk99Ia4vzHDrn57ODVPHCG7YnZ+tR4a3Q9CknQ
A7OYhZKn9LN6kxPN7uZGvTmautXchhz6W8QYMfn1ggJz
-----END CERTIFICATE-----