Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/5oY8J0M-94sxAMM7ug-9Tjsykhc.roa
File:                     5oY8J0M-94sxAMM7ug-9Tjsykhc.roa (raw, json)
Hash identifier:          s/26IjleiawX75pPMV30118lv12JRzF8I6U2MtFbAFU=
Subject key identifier:   E6:86:3C:27:43:3E:F7:8B:31:00:C3:3B:BA:0F:BD:4E:3B:32:92:17
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       0192B9D5EAE5E9B9631885A234916C58F94E
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/5oY8J0M-94sxAMM7ug-9Tjsykhc.roa
Signing time:             Wed 23 Oct 2024 14:44:17 +0000
ROA not before:           Wed 23 Oct 2024 14:44:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207691
IP address blocks:        185.43.56.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b9:d5:ea:e5:e9:b9:63:18:85:a2:34:91:6c:58:f9:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Oct 23 14:44:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6863c27433ef78b3100c33bba0fbd4e3b329217
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:c7:9f:9f:ec:c4:3a:8b:a4:fd:3e:eb:02:e2:
                    23:a8:7c:45:27:e5:6a:f3:0f:0b:90:32:b2:82:48:
                    ff:36:30:9d:5a:53:7f:10:09:0b:0d:b0:84:24:83:
                    96:00:34:25:83:7c:b8:cc:fd:1b:66:19:86:7e:16:
                    b9:ea:36:79:dc:3e:49:38:b2:fe:e8:ed:45:6a:f5:
                    6b:95:a9:95:2a:7f:12:35:27:48:52:1f:36:f2:0b:
                    eb:d6:1f:1f:5b:75:3a:95:c6:53:bd:db:e1:54:6f:
                    94:06:0a:c8:24:e7:5d:a7:5f:a4:31:9e:04:48:16:
                    c9:cc:61:38:37:56:9f:34:f0:2b:3b:0f:7b:b7:17:
                    be:09:da:33:f7:39:29:bc:de:01:a9:b6:6c:12:eb:
                    10:04:d1:96:11:22:ed:35:16:61:08:5e:09:3d:17:
                    06:be:bb:ba:58:95:35:44:64:52:48:af:11:4b:69:
                    cb:16:f3:06:c1:80:be:21:ac:21:0f:76:a7:fe:34:
                    34:e1:c2:3f:da:47:13:3e:1a:0a:b2:92:8a:e2:a9:
                    6b:24:b6:85:56:72:a2:de:03:8a:76:79:77:63:d1:
                    63:f5:8a:fa:ed:29:47:fb:37:5b:89:4d:1d:0a:ba:
                    4c:61:c7:da:ff:d1:f0:e8:d9:22:60:57:ea:15:f0:
                    d0:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:86:3C:27:43:3E:F7:8B:31:00:C3:3B:BA:0F:BD:4E:3B:32:92:17
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/5oY8J0M-94sxAMM7ug-9Tjsykhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c9:06:0a:7c:16:e7:98:68:07:18:7d:4e:b6:d9:36:3e:76:b8:
         33:7b:4d:8a:1f:2a:8c:38:61:d9:07:6e:e4:1b:72:4c:e4:29:
         aa:46:f9:4a:5e:74:3e:6c:ad:78:8c:4a:25:fb:ab:b2:ce:c8:
         81:7e:00:00:9f:8d:34:bc:01:7b:0a:8c:2c:aa:a0:7d:77:35:
         07:1a:2c:47:17:17:1a:82:18:f0:36:a0:c4:9d:d4:54:ae:30:
         21:86:aa:84:a2:bf:d9:69:66:bb:e0:00:e2:dc:94:3f:54:6e:
         56:de:52:e9:10:3b:5e:3d:eb:a4:f8:95:fd:54:c3:0c:49:fa:
         5c:4f:1f:92:b4:e6:c9:09:c9:a6:46:99:92:8f:fd:b7:b8:22:
         b5:47:bf:42:9d:fc:c4:a5:5f:87:67:f8:91:15:90:6a:af:07:
         a3:7b:5c:a1:80:02:52:bf:0f:6f:a9:7d:81:b4:ed:27:ef:7f:
         cc:58:a3:f5:72:30:3f:8f:b6:dd:b3:d9:00:0c:e4:ca:a8:b3:
         11:64:fe:a0:a9:a8:8b:27:ac:33:d3:f8:c9:a9:2c:79:e4:be:
         b0:d2:f6:c3:1c:86:19:11:55:75:bd:96:f0:0c:79:a6:6d:86:
         ba:d0:62:6b:dc:1a:27:85:21:63:19:f0:4e:6d:10:ab:26:a5:
         e6:0b:6a:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK51erl6bljGIWiNJFsWPlOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQxMDIzMTQ0NDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjg2M2MyNzQzM2VmNzhiMzEwMGMzM2JiYTBmYmQ0ZTNiMzI5MjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMefn+zEOouk/T7rAuIjqHxFJ+Vq
8w8LkDKygkj/NjCdWlN/EAkLDbCEJIOWADQlg3y4zP0bZhmGfha56jZ53D5JOLL+
6O1FavVrlamVKn8SNSdIUh828gvr1h8fW3U6lcZTvdvhVG+UBgrIJOddp1+kMZ4E
SBbJzGE4N1afNPArOw97txe+Cdoz9zkpvN4BqbZsEusQBNGWESLtNRZhCF4JPRcG
vru6WJU1RGRSSK8RS2nLFvMGwYC+IawhD3an/jQ04cI/2kcTPhoKspKK4qlrJLaF
VnKi3gOKdnl3Y9Fj9Yr67SlH+zdbiU0dCrpMYcfa/9Hw6NkiYFfqFfDQUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOaGPCdDPveLMQDDO7oPvU47MpIXMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvNW9ZOEowTS05NHN4QU1NN3VnLTlUanN5a2hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSs4MA0G
CSqGSIb3DQEBCwUAA4IBAQDJBgp8FueYaAcYfU622TY+drgze02KHyqMOGHZB27k
G3JM5CmqRvlKXnQ+bK14jEol+6uyzsiBfgAAn400vAF7CowsqqB9dzUHGixHFxca
ghjwNqDEndRUrjAhhqqEor/ZaWa74ADi3JQ/VG5W3lLpEDtePeuk+JX9VMMMSfpc
Tx+StObJCcmmRpmSj/23uCK1R79CnfzEpV+HZ/iRFZBqrweje1yhgAJSvw9vqX2B
tO0n73/MWKP1cjA/j7bds9kADOTKqLMRZP6gqaiLJ6wz0/jJqSx55L6w0vbDHIYZ
EVV1vZbwDHmmbYa60GJr3BonhSFjGfBObRCrJqXmC2pV
-----END CERTIFICATE-----