Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/546c7e-d840-4e54-9223-534ebeef3389/1/56pCFITxTeWubaBvXkpHO5ZpIs0.roa
File:                     56pCFITxTeWubaBvXkpHO5ZpIs0.roa (raw, json)
Hash identifier:          6w7PA2/2BTTCkhaVFhM8G/FtOk7Ty3y/vJN/A1xL890=
Subject key identifier:   E7:AA:42:14:84:F1:4D:E5:AE:6D:A0:6F:5E:4A:47:3B:96:69:22:CD
Certificate issuer:       /CN=10eedc33aa442907189f0b3c563836951fb185bb
Certificate serial:       018CC348F0709F4666CB7359C2388D35F301
Authority key identifier: 10:EE:DC:33:AA:44:29:07:18:9F:0B:3C:56:38:36:95:1F:B1:85:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EO7cM6pEKQcYnws8Vjg2lR-xhbs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/546c7e-d840-4e54-9223-534ebeef3389/1/56pCFITxTeWubaBvXkpHO5ZpIs0.roa
Signing time:             Mon 01 Jan 2024 04:29:46 +0000
ROA not before:           Mon 01 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206370
IP address blocks:        185.165.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/546c7e-d840-4e54-9223-534ebeef3389/1/EO7cM6pEKQcYnws8Vjg2lR-xhbs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/546c7e-d840-4e54-9223-534ebeef3389/1/EO7cM6pEKQcYnws8Vjg2lR-xhbs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EO7cM6pEKQcYnws8Vjg2lR-xhbs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f0:70:9f:46:66:cb:73:59:c2:38:8d:35:f3:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10eedc33aa442907189f0b3c563836951fb185bb
        Validity
            Not Before: Jan  1 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7aa421484f14de5ae6da06f5e4a473b966922cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:8c:68:ec:33:10:78:c7:03:7c:31:58:37:61:
                    64:5a:de:58:61:b8:66:d3:0c:2a:83:9a:e3:19:00:
                    32:ae:7d:e0:ca:8d:b5:bf:48:a4:53:1d:78:2f:52:
                    16:5d:21:f1:fd:72:09:fc:2c:4e:2e:3b:12:50:18:
                    be:3c:8c:24:0f:4b:fd:ef:84:88:3f:e2:d4:65:79:
                    29:aa:48:12:a8:c0:82:75:b6:d8:3a:62:be:5a:21:
                    32:1d:39:7f:c5:f8:02:13:48:81:4e:37:f1:a8:66:
                    30:e6:ce:b3:54:82:cb:a3:5d:d2:b9:22:40:fa:89:
                    ec:e2:c5:ae:f3:c9:10:f3:aa:80:4e:fb:28:77:8c:
                    c0:97:50:23:73:9d:d5:2d:4f:75:bd:c5:16:21:db:
                    3f:3c:62:e9:d2:f1:ad:68:1a:2f:90:cf:0b:ca:65:
                    6a:84:8f:0f:79:81:d8:2b:f6:b6:91:fd:3c:f1:f1:
                    f0:d2:95:9a:81:53:99:d3:e3:31:4b:81:38:24:2c:
                    74:54:c8:b6:54:5d:88:af:eb:66:77:20:a2:5d:26:
                    a9:fc:a8:ea:0f:93:eb:c0:62:01:67:46:14:bd:07:
                    ad:55:6c:4c:f4:e5:fd:8b:8f:69:de:f6:f5:54:4e:
                    cc:c9:cc:ee:69:8b:b9:7c:20:61:d2:46:ac:dd:85:
                    03:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:AA:42:14:84:F1:4D:E5:AE:6D:A0:6F:5E:4A:47:3B:96:69:22:CD
            X509v3 Authority Key Identifier:
                keyid:10:EE:DC:33:AA:44:29:07:18:9F:0B:3C:56:38:36:95:1F:B1:85:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EO7cM6pEKQcYnws8Vjg2lR-xhbs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/546c7e-d840-4e54-9223-534ebeef3389/1/56pCFITxTeWubaBvXkpHO5ZpIs0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/546c7e-d840-4e54-9223-534ebeef3389/1/EO7cM6pEKQcYnws8Vjg2lR-xhbs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         dc:8b:fb:9e:be:ad:ab:f0:33:d9:77:90:ce:41:6c:51:16:b7:
         ff:94:40:d8:bd:60:96:08:70:54:84:fa:c9:ae:0b:66:02:6d:
         e4:ab:5e:49:00:ef:17:be:31:96:5b:cf:28:a0:50:af:4e:e3:
         30:61:33:7c:95:1b:8c:6d:2c:67:f8:65:02:60:0d:ab:1a:6d:
         07:00:31:30:fd:98:11:28:8b:8d:46:89:4f:72:2e:6b:0e:b9:
         e2:42:b8:b3:e2:3d:7b:5e:7a:86:0c:95:ad:63:b9:42:d7:c1:
         7a:a3:d2:1d:8d:70:91:83:84:87:32:97:9a:66:5c:cd:e8:69:
         9a:00:eb:0f:05:0c:1e:d0:73:cf:92:3e:a6:13:1b:79:84:6b:
         bb:19:85:dc:63:52:6f:ea:9b:bc:d4:c7:43:aa:c3:49:e0:f1:
         9d:73:1a:68:38:89:14:a8:11:b5:f9:1e:20:40:31:9a:4f:ee:
         ae:af:7e:db:09:0b:60:6f:c2:2b:df:10:64:0e:43:ff:55:fa:
         70:7d:7f:a6:c2:a5:8e:2a:6f:f8:a8:0a:88:02:19:12:4b:50:
         95:5a:67:91:56:84:bd:23:31:f5:35:fc:10:d7:11:b8:93:d8:
         a2:af:f5:03:85:b2:eb:4d:aa:af:25:e0:11:f9:40:d3:c9:3c:
         a7:46:ad:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPBwn0Zmy3NZwjiNNfMBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwZWVkYzMzYWE0NDI5MDcxODlmMGIzYzU2MzgzNjk1MWZi
MTg1YmIwHhcNMjQwMTAxMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2FhNDIxNDg0ZjE0ZGU1YWU2ZGEwNmY1ZTRhNDczYjk2NjkyMmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIxo7DMQeMcDfDFYN2FkWt5YYbhm
0wwqg5rjGQAyrn3gyo21v0ikUx14L1IWXSHx/XIJ/CxOLjsSUBi+PIwkD0v974SI
P+LUZXkpqkgSqMCCdbbYOmK+WiEyHTl/xfgCE0iBTjfxqGYw5s6zVILLo13SuSJA
+ons4sWu88kQ86qATvsod4zAl1Ajc53VLU91vcUWIds/PGLp0vGtaBovkM8LymVq
hI8PeYHYK/a2kf088fHw0pWagVOZ0+MxS4E4JCx0VMi2VF2Ir+tmdyCiXSap/Kjq
D5PrwGIBZ0YUvQetVWxM9OX9i49p3vb1VE7MyczuaYu5fCBh0kas3YUDRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOeqQhSE8U3lrm2gb15KRzuWaSLNMB8GA1UdIwQY
MBaAFBDu3DOqRCkHGJ8LPFY4NpUfsYW7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRU83Y002cEVLUWNZbndzOFZqZzJsUi14aGJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy81NDZjN2UtZDg0MC00ZTU0LTkyMjMt
NTM0ZWJlZWYzMzg5LzEvNTZwQ0ZJVHhUZVd1YmFCdlhrcEhPNVpwSXMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy81NDZjN2UtZDg0MC00ZTU0LTkyMjMtNTM0ZWJlZWYzMzg5
LzEvRU83Y002cEVLUWNZbndzOFZqZzJsUi14aGJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaXfMA0G
CSqGSIb3DQEBCwUAA4IBAQDci/uevq2r8DPZd5DOQWxRFrf/lEDYvWCWCHBUhPrJ
rgtmAm3kq15JAO8XvjGWW88ooFCvTuMwYTN8lRuMbSxn+GUCYA2rGm0HADEw/ZgR
KIuNRolPci5rDrniQriz4j17XnqGDJWtY7lC18F6o9IdjXCRg4SHMpeaZlzN6Gma
AOsPBQwe0HPPkj6mExt5hGu7GYXcY1Jv6pu81MdDqsNJ4PGdcxpoOIkUqBG1+R4g
QDGaT+6ur37bCQtgb8Ir3xBkDkP/VfpwfX+mwqWOKm/4qAqIAhkSS1CVWmeRVoS9
IzH1NfwQ1xG4k9iir/UDhbLrTaqvJeAR+UDTyTynRq2L
-----END CERTIFICATE-----