Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/PuPogvFsvb1-Ku8K9vGjE7xJTQc.roa
File:                     PuPogvFsvb1-Ku8K9vGjE7xJTQc.roa (raw, json)
Hash identifier:          IdPNuca/JgfztdKWfhnlM5kccncl5TuQas2GKcFIrBE=
Subject key identifier:   3E:E3:E8:82:F1:6C:BD:BD:7E:2A:EF:0A:F6:F1:A3:13:BC:49:4D:07
Certificate issuer:       /CN=92bf6464ce6e19a4dcf8a32b27a2f1cbe1551055
Certificate serial:       018F75440FAF27639CBCD00D88BBED9B4DF6
Authority key identifier: 92:BF:64:64:CE:6E:19:A4:DC:F8:A3:2B:27:A2:F1:CB:E1:55:10:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/PuPogvFsvb1-Ku8K9vGjE7xJTQc.roa
Signing time:             Tue 14 May 2024 04:02:25 +0000
ROA not before:           Tue 14 May 2024 04:02:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50673
IP address blocks:        5.56.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:75:44:0f:af:27:63:9c:bc:d0:0d:88:bb:ed:9b:4d:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92bf6464ce6e19a4dcf8a32b27a2f1cbe1551055
        Validity
            Not Before: May 14 04:02:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ee3e882f16cbdbd7e2aef0af6f1a313bc494d07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:88:d5:22:dd:63:b7:80:ee:3a:22:16:85:7a:
                    d5:e2:87:b3:38:6b:04:6b:7c:0b:e4:50:cb:b8:e1:
                    ed:7c:7f:1b:da:59:95:33:2c:56:09:83:28:ef:ba:
                    49:54:84:ff:3a:72:74:ed:9b:0c:a5:a1:d8:07:f4:
                    c0:f3:34:84:26:5f:82:18:70:ac:2a:52:e9:dc:52:
                    4a:39:81:02:f4:91:f4:0b:74:b8:68:60:1b:d3:fc:
                    26:ec:e6:94:eb:10:43:13:5a:b2:ed:9d:5a:be:bf:
                    08:3b:0f:1b:a9:6b:63:73:0d:63:df:3b:65:7c:dd:
                    1c:b1:49:cd:7e:3c:2d:a0:c4:49:f1:60:e0:9b:ca:
                    db:31:78:40:ae:38:a8:41:07:0b:a2:b3:ec:c7:6b:
                    47:9c:6a:fe:4c:ba:1d:9e:5a:c2:a3:d9:15:b1:af:
                    e2:4c:a4:ee:0e:b6:aa:a2:b1:6b:88:32:e1:47:7d:
                    2b:d1:40:95:9d:c6:99:8d:ef:1c:dd:08:cd:e7:99:
                    f4:6e:77:03:4c:ad:56:58:ae:39:f0:b5:98:f6:e6:
                    68:e0:b4:12:18:40:3a:c1:ce:04:ef:20:c2:76:ec:
                    11:25:3a:56:85:37:44:00:a9:cc:13:53:6f:2a:21:
                    3e:9d:be:d1:21:1d:e2:cb:b1:9c:88:07:e2:8f:e9:
                    fa:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:E3:E8:82:F1:6C:BD:BD:7E:2A:EF:0A:F6:F1:A3:13:BC:49:4D:07
            X509v3 Authority Key Identifier:
                keyid:92:BF:64:64:CE:6E:19:A4:DC:F8:A3:2B:27:A2:F1:CB:E1:55:10:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/PuPogvFsvb1-Ku8K9vGjE7xJTQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:23:38:93:9b:0f:d6:5c:02:9c:67:bb:c9:9a:76:95:3b:be:
         11:9a:cc:3e:b0:2d:63:63:48:29:a8:9b:b2:ec:9c:68:08:00:
         70:1c:c1:3f:07:a8:cd:ef:5d:6b:0e:cb:2c:d5:4b:e0:d8:4b:
         e6:b4:82:93:9a:4f:32:90:c0:68:68:63:1f:df:34:aa:62:79:
         71:df:62:e8:c2:05:e9:39:5c:4e:e3:d2:11:10:0e:1f:3a:88:
         d2:e8:bb:1d:21:e2:10:56:e5:0f:1d:b7:7c:16:91:38:87:e4:
         f0:7d:3b:a4:37:84:1f:dc:cd:59:43:9b:5e:64:92:26:b5:99:
         83:b3:65:21:c4:58:0f:0a:44:91:51:cd:0c:f8:a9:91:4b:83:
         75:cc:70:a2:2e:ec:d3:70:27:6f:1b:5b:30:d0:61:ea:94:e7:
         65:95:4b:8c:8e:89:a2:e8:09:ad:8d:3c:08:07:02:a5:e8:92:
         e4:20:99:f3:6b:25:2e:e9:61:cc:50:56:4a:1d:54:01:cb:be:
         19:3a:2c:eb:f8:b0:45:25:f9:d9:22:f5:4a:37:16:44:ae:99:
         12:71:b7:f6:12:43:05:57:b0:18:ae:13:2f:58:19:e6:7e:4a:
         ae:74:bd:10:e6:aa:5b:30:c5:96:34:78:af:9d:d0:2e:6c:d7:
         b9:d9:5a:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY91RA+vJ2OcvNANiLvtm032MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyYmY2NDY0Y2U2ZTE5YTRkY2Y4YTMyYjI3YTJmMWNiZTE1
NTEwNTUwHhcNMjQwNTE0MDQwMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWUzZTg4MmYxNmNiZGJkN2UyYWVmMGFmNmYxYTMxM2JjNDk0ZDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YjVIt1jt4DuOiIWhXrV4oezOGsE
a3wL5FDLuOHtfH8b2lmVMyxWCYMo77pJVIT/OnJ07ZsMpaHYB/TA8zSEJl+CGHCs
KlLp3FJKOYEC9JH0C3S4aGAb0/wm7OaU6xBDE1qy7Z1avr8IOw8bqWtjcw1j3ztl
fN0csUnNfjwtoMRJ8WDgm8rbMXhArjioQQcLorPsx2tHnGr+TLodnlrCo9kVsa/i
TKTuDraqorFriDLhR30r0UCVncaZje8c3QjN55n0bncDTK1WWK458LWY9uZo4LQS
GEA6wc4E7yDCduwRJTpWhTdEAKnME1NvKiE+nb7RIR3iy7GciAfij+n6mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD7j6ILxbL29firvCvbxoxO8SU0HMB8GA1UdIwQY
MBaAFJK/ZGTObhmk3PijKyei8cvhVRBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3I5a1pNNXVHYVRjLUtNcko2THh5LUZWRUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9mMWQ2OTctYmM4ZS00ZjE0LThiMzct
YjUzZTMwZTE0MTJhLzEvUHVQb2d2RnN2YjEtS3U4Szl2R2pFN3hKVFFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9mMWQ2OTctYmM4ZS00ZjE0LThiMzctYjUzZTMwZTE0MTJh
LzEva3I5a1pNNXVHYVRjLUtNcko2THh5LUZWRUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABTiFMA0G
CSqGSIb3DQEBCwUAA4IBAQBPIziTmw/WXAKcZ7vJmnaVO74Rmsw+sC1jY0gpqJuy
7JxoCABwHME/B6jN711rDsss1Uvg2EvmtIKTmk8ykMBoaGMf3zSqYnlx32LowgXp
OVxO49IREA4fOojS6LsdIeIQVuUPHbd8FpE4h+TwfTukN4Qf3M1ZQ5teZJImtZmD
s2UhxFgPCkSRUc0M+KmRS4N1zHCiLuzTcCdvG1sw0GHqlOdllUuMjomi6AmtjTwI
BwKl6JLkIJnzayUu6WHMUFZKHVQBy74ZOizr+LBFJfnZIvVKNxZErpkScbf2EkMF
V7AYrhMvWBnmfkqudL0Q5qpbMMWWNHivndAubNe52VoK
-----END CERTIFICATE-----