Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/faa95f-3b32-41fe-abe3-c27c4a610bd3/1/56_PwdHelVbFLmWMRvNtUzZInFY.roa
File:                     56_PwdHelVbFLmWMRvNtUzZInFY.roa (raw, json)
Hash identifier:          GTxYqIBaf9+kg1mCgDSGsPYiuLfAa3DS0u+uPhxUFnI=
Subject key identifier:   E7:AF:CF:C1:D1:DE:95:56:C5:2E:65:8C:46:F3:6D:53:36:48:9C:56
Certificate issuer:       /CN=f01c8997a354bc7d4e5a60a9f42438a182fa998a
Certificate serial:       018CC64A406BB12BD54A8DA892F5BC76C73F
Authority key identifier: F0:1C:89:97:A3:54:BC:7D:4E:5A:60:A9:F4:24:38:A1:82:FA:99:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8ByJl6NUvH1OWmCp9CQ4oYL6mYo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/faa95f-3b32-41fe-abe3-c27c4a610bd3/1/56_PwdHelVbFLmWMRvNtUzZInFY.roa
Signing time:             Mon 01 Jan 2024 18:30:04 +0000
ROA not before:           Mon 01 Jan 2024 18:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44765
IP address blocks:        92.61.60.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/faa95f-3b32-41fe-abe3-c27c4a610bd3/1/8ByJl6NUvH1OWmCp9CQ4oYL6mYo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/faa95f-3b32-41fe-abe3-c27c4a610bd3/1/8ByJl6NUvH1OWmCp9CQ4oYL6mYo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8ByJl6NUvH1OWmCp9CQ4oYL6mYo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:40:6b:b1:2b:d5:4a:8d:a8:92:f5:bc:76:c7:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f01c8997a354bc7d4e5a60a9f42438a182fa998a
        Validity
            Not Before: Jan  1 18:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7afcfc1d1de9556c52e658c46f36d5336489c56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:30:c5:d9:49:20:86:50:dc:58:43:01:5b:18:
                    81:5a:d3:73:b6:34:2e:32:38:cc:0a:41:8f:07:1f:
                    f8:3e:bd:f8:b5:d5:ae:ee:08:63:69:4d:ca:6f:c3:
                    8b:c0:55:24:25:e2:4f:6a:b5:1d:2e:23:15:af:d0:
                    94:73:40:9f:1f:6f:fe:18:56:94:8b:57:92:75:dc:
                    4b:45:d6:d2:3a:cc:04:95:b1:73:d0:f6:78:ed:07:
                    ac:ec:cb:ba:ad:8a:59:71:a0:a9:ab:b0:2e:7a:99:
                    a6:bc:04:14:d3:9e:af:9d:e1:74:1f:cc:7a:08:9a:
                    33:f2:1c:14:a2:6a:04:63:c9:3c:59:4d:c3:99:cd:
                    8e:c6:8f:23:30:1d:ab:7a:8a:60:fd:ac:7b:56:56:
                    ca:9d:21:5a:55:f8:92:db:d8:51:fe:cf:81:2b:8e:
                    43:a9:49:3d:98:e0:8a:78:2a:64:c2:f5:ae:a8:67:
                    d7:e8:37:79:c9:62:94:40:83:72:34:73:dc:8e:32:
                    4d:ff:02:9d:19:b3:cc:06:aa:13:8a:b2:75:cd:e1:
                    94:90:a7:4a:e3:38:e8:60:04:d6:26:8c:de:fe:c7:
                    9b:b3:13:89:c1:85:2a:5c:94:d7:e3:f2:08:ca:b5:
                    15:e2:5b:df:81:22:9a:37:fb:99:cf:cb:35:40:3a:
                    fa:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:AF:CF:C1:D1:DE:95:56:C5:2E:65:8C:46:F3:6D:53:36:48:9C:56
            X509v3 Authority Key Identifier:
                keyid:F0:1C:89:97:A3:54:BC:7D:4E:5A:60:A9:F4:24:38:A1:82:FA:99:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8ByJl6NUvH1OWmCp9CQ4oYL6mYo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/faa95f-3b32-41fe-abe3-c27c4a610bd3/1/56_PwdHelVbFLmWMRvNtUzZInFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/faa95f-3b32-41fe-abe3-c27c4a610bd3/1/8ByJl6NUvH1OWmCp9CQ4oYL6mYo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.61.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:da:66:a9:3b:22:bf:29:d5:78:16:c4:76:a9:fb:70:70:30:
         fa:90:9e:83:2e:58:a0:b6:b9:c1:12:40:30:24:74:ad:9f:6f:
         2b:fe:99:e1:1a:83:a1:13:13:d1:d3:2b:c9:aa:c5:16:0d:e2:
         e1:a6:6a:be:ca:fe:f7:da:c7:07:1e:0b:20:a7:58:1f:0f:d9:
         aa:fd:cc:f6:cf:2a:2c:be:8f:5b:c2:31:1d:07:22:9b:ea:f6:
         f6:67:9e:31:38:80:fa:1a:1a:91:e1:2d:3b:5e:b1:49:f4:dc:
         50:b9:05:d5:a9:84:64:b9:5f:77:10:15:ed:18:26:d6:39:f4:
         bc:50:c6:e3:c9:a6:f6:85:8f:2a:12:03:1f:4a:e6:4c:e3:90:
         ba:47:86:36:99:62:4a:d0:38:0c:33:8a:9e:0c:de:7c:a1:67:
         76:bd:a5:89:47:f6:9d:78:89:04:12:08:e8:29:fa:ce:e1:dd:
         14:0d:e0:ac:6f:88:b5:78:bc:b0:2e:6c:46:ae:99:ff:94:d9:
         73:e1:81:94:13:34:15:35:30:36:f9:99:03:18:c9:17:21:51:
         33:e5:42:94:69:ca:c6:4e:e9:dd:89:68:f7:c2:53:c7:98:3a:
         a5:1b:e7:5d:01:c3:05:01:3a:a4:d1:f2:ea:7f:a0:8b:08:63:
         76:a2:eb:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSkBrsSvVSo2okvW8dsc/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMWM4OTk3YTM1NGJjN2Q0ZTVhNjBhOWY0MjQzOGExODJm
YTk5OGEwHhcNMjQwMTAxMTgzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2FmY2ZjMWQxZGU5NTU2YzUyZTY1OGM0NmYzNmQ1MzM2NDg5YzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDDF2UkghlDcWEMBWxiBWtNztjQu
MjjMCkGPBx/4Pr34tdWu7ghjaU3Kb8OLwFUkJeJParUdLiMVr9CUc0CfH2/+GFaU
i1eSddxLRdbSOswElbFz0PZ47Qes7Mu6rYpZcaCpq7AuepmmvAQU056vneF0H8x6
CJoz8hwUomoEY8k8WU3Dmc2Oxo8jMB2reopg/ax7VlbKnSFaVfiS29hR/s+BK45D
qUk9mOCKeCpkwvWuqGfX6Dd5yWKUQINyNHPcjjJN/wKdGbPMBqoTirJ1zeGUkKdK
4zjoYATWJoze/sebsxOJwYUqXJTX4/IIyrUV4lvfgSKaN/uZz8s1QDr6RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOevz8HR3pVWxS5ljEbzbVM2SJxWMB8GA1UdIwQY
MBaAFPAciZejVLx9TlpgqfQkOKGC+pmKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEJ5Smw2TlV2SDFPV21DcDlDUTRvWUw2bVlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9mYWE5NWYtM2IzMi00MWZlLWFiZTMt
YzI3YzRhNjEwYmQzLzEvNTZfUHdkSGVsVmJGTG1XTVJ2TnRVelpJbkZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9mYWE5NWYtM2IzMi00MWZlLWFiZTMtYzI3YzRhNjEwYmQz
LzEvOEJ5Smw2TlV2SDFPV21DcDlDUTRvWUw2bVlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXD08MA0G
CSqGSIb3DQEBCwUAA4IBAQBj2mapOyK/KdV4FsR2qftwcDD6kJ6DLligtrnBEkAw
JHStn28r/pnhGoOhExPR0yvJqsUWDeLhpmq+yv732scHHgsgp1gfD9mq/cz2zyos
vo9bwjEdByKb6vb2Z54xOID6GhqR4S07XrFJ9NxQuQXVqYRkuV93EBXtGCbWOfS8
UMbjyab2hY8qEgMfSuZM45C6R4Y2mWJK0DgMM4qeDN58oWd2vaWJR/adeIkEEgjo
KfrO4d0UDeCsb4i1eLywLmxGrpn/lNlz4YGUEzQVNTA2+ZkDGMkXIVEz5UKUacrG
TundiWj3wlPHmDqlG+ddAcMFATqk0fLqf6CLCGN2ouvy
-----END CERTIFICATE-----