Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/d7c5d1-6c1c-4f2c-b123-93e2ac9593dc/1/50mgL_DE2avMT4OACaL8yK-M0DI.roa
File:                     50mgL_DE2avMT4OACaL8yK-M0DI.roa (raw, json)
Hash identifier:          dNvZf7DhG9XzQ5f79bRAkZ0AANoA3CAg/4TdgXMcjh8=
Subject key identifier:   E7:49:A0:2F:F0:C4:D9:AB:CC:4F:83:80:09:A2:FC:C8:AF:8C:D0:32
Certificate issuer:       /CN=56af20a60aefacf39fd56a743d1a99534c4850bc
Certificate serial:       018CC94D2367E7C33D4BB720C4FE0550D948
Authority key identifier: 56:AF:20:A6:0A:EF:AC:F3:9F:D5:6A:74:3D:1A:99:53:4C:48:50:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vq8gpgrvrPOf1Wp0PRqZU0xIULw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/d7c5d1-6c1c-4f2c-b123-93e2ac9593dc/1/50mgL_DE2avMT4OACaL8yK-M0DI.roa
Signing time:             Tue 02 Jan 2024 08:32:04 +0000
ROA not before:           Tue 02 Jan 2024 08:32:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208372
IP address blocks:        45.142.56.0/22 maxlen: 22
                          2a0e:d640::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/d7c5d1-6c1c-4f2c-b123-93e2ac9593dc/1/Vq8gpgrvrPOf1Wp0PRqZU0xIULw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/d7c5d1-6c1c-4f2c-b123-93e2ac9593dc/1/Vq8gpgrvrPOf1Wp0PRqZU0xIULw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vq8gpgrvrPOf1Wp0PRqZU0xIULw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:23:67:e7:c3:3d:4b:b7:20:c4:fe:05:50:d9:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56af20a60aefacf39fd56a743d1a99534c4850bc
        Validity
            Not Before: Jan  2 08:32:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e749a02ff0c4d9abcc4f838009a2fcc8af8cd032
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:8f:a4:ef:89:81:1e:a6:6c:7e:97:fd:70:a5:
                    cb:e9:7e:36:9a:a2:70:c2:36:fc:57:8e:50:0b:41:
                    51:6e:7c:45:3e:72:7f:58:97:3b:b0:bc:b0:6c:e6:
                    31:bc:eb:35:5d:a8:f2:bc:67:32:57:4f:f9:a6:9e:
                    dc:e7:d8:de:9b:2c:2a:80:67:44:f1:b7:11:a0:99:
                    86:ec:53:fc:05:d9:0f:73:47:1a:d1:fd:c2:48:5b:
                    2b:ef:c8:dd:4e:f8:7e:35:29:4e:8e:23:d2:4d:85:
                    f9:9b:35:9f:38:7d:ef:31:39:a3:82:8a:13:b0:24:
                    5b:ff:a0:01:d3:d2:c5:8d:8b:bc:e8:95:37:16:4e:
                    ed:7d:4a:86:85:f0:86:29:f1:98:22:38:d3:e7:15:
                    6b:38:a5:7d:fe:d1:e6:7a:f1:df:44:cb:19:3f:60:
                    8e:b6:e4:b2:53:17:c8:33:47:25:3e:d3:28:db:26:
                    77:15:99:05:2d:be:c3:c8:ee:08:c9:9e:20:c5:63:
                    a9:47:62:9b:7d:cc:c0:09:fd:e9:16:bc:83:d9:3b:
                    e9:8a:8d:7a:92:b7:95:36:ef:1a:c3:80:3d:04:3a:
                    6a:08:0f:99:72:01:94:e8:f9:68:e8:48:c2:1a:3c:
                    d1:ab:d8:65:31:f2:de:0b:b0:de:91:2f:67:66:5b:
                    37:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:49:A0:2F:F0:C4:D9:AB:CC:4F:83:80:09:A2:FC:C8:AF:8C:D0:32
            X509v3 Authority Key Identifier:
                keyid:56:AF:20:A6:0A:EF:AC:F3:9F:D5:6A:74:3D:1A:99:53:4C:48:50:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vq8gpgrvrPOf1Wp0PRqZU0xIULw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/d7c5d1-6c1c-4f2c-b123-93e2ac9593dc/1/50mgL_DE2avMT4OACaL8yK-M0DI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/d7c5d1-6c1c-4f2c-b123-93e2ac9593dc/1/Vq8gpgrvrPOf1Wp0PRqZU0xIULw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.56.0/22
                IPv6:
                  2a0e:d640::/29

    Signature Algorithm: sha256WithRSAEncryption
         54:26:f7:bf:47:a0:c7:a3:3e:71:c3:3f:cf:f2:fb:f0:29:f9:
         c1:38:21:9d:a4:2d:79:56:6a:4c:0e:03:e2:95:3c:c3:57:36:
         67:ee:79:2d:61:73:58:80:d3:fe:2c:4a:5e:6d:fd:03:9d:c5:
         81:6b:2f:76:1e:5b:46:fa:70:73:2c:ab:56:c1:63:12:92:16:
         ea:f9:d8:94:00:0d:43:fa:fa:fa:7b:10:f4:e9:6e:91:45:b7:
         bc:ed:e9:25:95:ab:28:8f:cc:5d:62:f7:83:67:8a:9b:8e:28:
         37:01:e2:24:bd:b3:c5:ca:45:36:2f:e4:a6:cf:1f:0a:50:b1:
         aa:fe:2b:aa:9f:f7:8f:5f:84:90:75:d1:de:9e:75:74:4d:57:
         bb:3d:e0:b5:7b:43:40:a8:ac:6b:f1:54:ac:53:22:eb:7d:d4:
         23:d1:af:c6:3f:ca:37:b9:e1:a9:39:45:96:23:cf:6a:e8:9f:
         c6:bf:62:e8:6e:e1:2e:f7:79:d8:6c:ab:43:5b:d7:4c:6c:59:
         41:2a:d8:68:0b:9a:99:5f:f1:3a:bf:bc:c5:e0:73:6c:e5:f3:
         d4:a3:f7:14:e0:a4:70:64:fa:ae:5b:aa:5d:0f:5f:e7:7a:33:
         7b:7e:c3:38:e6:22:64:84:22:88:ca:c6:61:de:6c:8d:da:90:
         9f:28:cd:5f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTSNn58M9S7cgxP4FUNlIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2YWYyMGE2MGFlZmFjZjM5ZmQ1NmE3NDNkMWE5OTUzNGM0
ODUwYmMwHhcNMjQwMTAyMDgzMjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzQ5YTAyZmYwYzRkOWFiY2M0ZjgzODAwOWEyZmNjOGFmOGNkMDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAio+k74mBHqZsfpf9cKXL6X42mqJw
wjb8V45QC0FRbnxFPnJ/WJc7sLywbOYxvOs1XajyvGcyV0/5pp7c59jemywqgGdE
8bcRoJmG7FP8BdkPc0ca0f3CSFsr78jdTvh+NSlOjiPSTYX5mzWfOH3vMTmjgooT
sCRb/6AB09LFjYu86JU3Fk7tfUqGhfCGKfGYIjjT5xVrOKV9/tHmevHfRMsZP2CO
tuSyUxfIM0clPtMo2yZ3FZkFLb7DyO4IyZ4gxWOpR2KbfczACf3pFryD2Tvpio16
kreVNu8aw4A9BDpqCA+ZcgGU6Plo6EjCGjzRq9hlMfLeC7DekS9nZls3qwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOdJoC/wxNmrzE+DgAmi/MivjNAyMB8GA1UdIwQY
MBaAFFavIKYK76zzn9VqdD0amVNMSFC8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnE4Z3BncnZyUE9mMVdwMFBScVpVMHhJVUx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9kN2M1ZDEtNmMxYy00ZjJjLWIxMjMt
OTNlMmFjOTU5M2RjLzEvNTBtZ0xfREUyYXZNVDRPQUNhTDh5Sy1NMERJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9kN2M1ZDEtNmMxYy00ZjJjLWIxMjMtOTNlMmFjOTU5M2Rj
LzEvVnE4Z3BncnZyUE9mMVdwMFBScVpVMHhJVUx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLY44MA0E
AgACMAcDBQMqDtZAMA0GCSqGSIb3DQEBCwUAA4IBAQBUJve/R6DHoz5xwz/P8vvw
KfnBOCGdpC15VmpMDgPilTzDVzZn7nktYXNYgNP+LEpebf0DncWBay92HltG+nBz
LKtWwWMSkhbq+diUAA1D+vr6exD06W6RRbe87ekllasoj8xdYveDZ4qbjig3AeIk
vbPFykU2L+Smzx8KULGq/iuqn/ePX4SQddHennV0TVe7PeC1e0NAqKxr8VSsUyLr
fdQj0a/GP8o3ueGpOUWWI89q6J/Gv2LobuEu93nYbKtDW9dMbFlBKthoC5qZX/E6
v7zF4HNs5fPUo/cU4KRwZPquW6pdD1/nejN7fsM45iJkhCKIysZh3myN2pCfKM1f
-----END CERTIFICATE-----