Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/bCiizil2Ey8Pvh56RnqDgTk8X7Q.roa
File:                     bCiizil2Ey8Pvh56RnqDgTk8X7Q.roa (raw, json)
Hash identifier:          phspsqh/4y98JzmGzw3HpShtGGUJNNv7gxCq93gvxKo=
Subject key identifier:   6C:28:A2:CE:29:76:13:2F:0F:BE:1E:7A:46:7A:83:81:39:3C:5F:B4
Certificate issuer:       /CN=92bf6464ce6e19a4dcf8a32b27a2f1cbe1551055
Certificate serial:       019422FC35A891F172CCECB9A9B083D51FED
Authority key identifier: 92:BF:64:64:CE:6E:19:A4:DC:F8:A3:2B:27:A2:F1:CB:E1:55:10:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/bCiizil2Ey8Pvh56RnqDgTk8X7Q.roa
Signing time:             Wed 01 Jan 2025 17:49:01 +0000
ROA not before:           Wed 01 Jan 2025 17:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61191
IP address blocks:        5.56.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 17:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:35:a8:91:f1:72:cc:ec:b9:a9:b0:83:d5:1f:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92bf6464ce6e19a4dcf8a32b27a2f1cbe1551055
        Validity
            Not Before: Jan  1 17:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c28a2ce2976132f0fbe1e7a467a8381393c5fb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:bb:98:f7:d4:a9:11:93:be:9c:a9:2e:9a:fd:
                    63:2d:30:1f:ba:5c:a2:24:ca:8d:d6:33:07:eb:97:
                    04:38:1d:1a:00:b9:02:11:61:c3:38:32:26:f0:87:
                    12:61:54:e0:63:fd:c6:95:d2:ff:88:38:cf:fc:b9:
                    af:be:60:e2:7b:83:75:ef:99:5f:39:b7:9a:30:22:
                    dd:b6:a8:42:c7:e8:7d:a3:27:04:b7:47:3b:65:af:
                    95:3f:bc:e8:8d:14:c6:31:aa:83:28:fc:8d:00:97:
                    37:b0:dd:9f:66:dd:20:5b:e8:2b:b9:68:35:23:b0:
                    b7:71:b4:e4:b5:c2:08:99:c5:2c:e7:fd:68:28:e8:
                    cb:21:86:9d:08:44:4d:c7:c4:06:6d:66:ad:c9:e3:
                    c8:ff:ba:60:4e:14:1a:99:96:bd:c9:e8:2a:89:55:
                    ad:3d:81:5c:f8:a2:00:78:fb:e2:a6:2b:44:7b:98:
                    71:f4:c1:00:28:72:b1:98:a7:f5:5d:58:08:1c:36:
                    5f:8d:0d:94:95:f4:31:4a:b2:05:ca:1c:73:3b:7d:
                    f4:88:b0:ae:a1:91:a9:e5:ae:b3:a6:94:33:71:0a:
                    be:d1:72:6e:9b:fc:33:67:8b:42:0a:fe:49:df:a4:
                    9e:93:5e:97:58:d2:82:a3:8d:54:88:11:11:b9:e9:
                    41:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:28:A2:CE:29:76:13:2F:0F:BE:1E:7A:46:7A:83:81:39:3C:5F:B4
            X509v3 Authority Key Identifier:
                keyid:92:BF:64:64:CE:6E:19:A4:DC:F8:A3:2B:27:A2:F1:CB:E1:55:10:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/bCiizil2Ey8Pvh56RnqDgTk8X7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:96:73:01:72:31:3a:03:58:9d:a5:39:b6:e6:ff:69:72:02:
         32:0a:cb:19:e8:b9:03:ba:a1:68:b1:d6:b3:38:f6:c3:75:7e:
         89:d4:8e:40:9a:97:e1:9d:b3:ba:71:cb:bc:71:fa:fc:c8:17:
         19:e5:e1:3b:69:ef:a9:cf:78:ca:74:ea:20:ab:73:a4:76:3c:
         df:f3:96:2d:48:ba:1d:d1:70:00:36:50:82:57:f5:a2:0c:e8:
         74:d4:7c:07:ce:e4:4c:38:17:b9:a9:64:46:21:09:38:6c:7c:
         81:58:88:58:aa:44:73:e1:c2:93:30:67:94:df:35:36:52:07:
         50:09:42:34:ff:d7:d0:82:4d:8a:b3:68:bb:9a:5d:d3:17:d8:
         8e:ec:07:17:19:1a:dc:99:43:23:70:76:10:84:3b:06:92:30:
         94:69:96:7c:73:3a:15:57:dd:c4:a6:b9:40:e7:95:16:cf:50:
         6f:64:2e:30:f6:ee:a7:ec:e9:34:0f:f7:55:aa:17:6a:07:8a:
         68:3a:29:9b:46:f2:c0:22:2c:84:ac:a2:c8:4a:f7:1f:8f:cd:
         53:9c:9b:6c:13:63:e8:64:59:a9:fe:03:50:e4:91:18:27:ec:
         b0:56:c8:5f:6b:a2:58:9b:c4:de:bb:21:54:c1:88:8e:cf:4a:
         17:7f:28:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/DWokfFyzOy5qbCD1R/tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyYmY2NDY0Y2U2ZTE5YTRkY2Y4YTMyYjI3YTJmMWNiZTE1
NTEwNTUwHhcNMjUwMTAxMTc0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzI4YTJjZTI5NzYxMzJmMGZiZTFlN2E0NjdhODM4MTM5M2M1ZmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLuY99SpEZO+nKkumv1jLTAfulyi
JMqN1jMH65cEOB0aALkCEWHDODIm8IcSYVTgY/3GldL/iDjP/LmvvmDie4N175lf
ObeaMCLdtqhCx+h9oycEt0c7Za+VP7zojRTGMaqDKPyNAJc3sN2fZt0gW+gruWg1
I7C3cbTktcIImcUs5/1oKOjLIYadCERNx8QGbWatyePI/7pgThQamZa9yegqiVWt
PYFc+KIAePvipitEe5hx9MEAKHKxmKf1XVgIHDZfjQ2UlfQxSrIFyhxzO330iLCu
oZGp5a6zppQzcQq+0XJum/wzZ4tCCv5J36Sek16XWNKCo41UiBERuelBFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGwoos4pdhMvD74eekZ6g4E5PF+0MB8GA1UdIwQY
MBaAFJK/ZGTObhmk3PijKyei8cvhVRBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3I5a1pNNXVHYVRjLUtNcko2THh5LUZWRUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9mMWQ2OTctYmM4ZS00ZjE0LThiMzct
YjUzZTMwZTE0MTJhLzEvYkNpaXppbDJFeThQdmg1NlJucURnVGs4WDdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9mMWQ2OTctYmM4ZS00ZjE0LThiMzctYjUzZTMwZTE0MTJh
LzEva3I5a1pNNXVHYVRjLUtNcko2THh5LUZWRUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABTiGMA0G
CSqGSIb3DQEBCwUAA4IBAQCalnMBcjE6A1idpTm25v9pcgIyCssZ6LkDuqFosdaz
OPbDdX6J1I5AmpfhnbO6ccu8cfr8yBcZ5eE7ae+pz3jKdOogq3Okdjzf85YtSLod
0XAANlCCV/WiDOh01HwHzuRMOBe5qWRGIQk4bHyBWIhYqkRz4cKTMGeU3zU2UgdQ
CUI0/9fQgk2Ks2i7ml3TF9iO7AcXGRrcmUMjcHYQhDsGkjCUaZZ8czoVV93EprlA
55UWz1BvZC4w9u6n7Ok0D/dVqhdqB4poOimbRvLAIiyErKLISvcfj81TnJtsE2Po
ZFmp/gNQ5JEYJ+ywVshfa6JYm8TeuyFUwYiOz0oXfyjD
-----END CERTIFICATE-----