Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/o56-xbCEnLsH6EdcMKB8jX6PHGk.roa
File:                     o56-xbCEnLsH6EdcMKB8jX6PHGk.roa (raw, json)
Hash identifier:          aGvZQcL6KBWzikqZTJd1lTqnDEJbaFhlB4ZOi0CoBss=
Subject key identifier:   A3:9E:BE:C5:B0:84:9C:BB:07:E8:47:5C:30:A0:7C:8D:7E:8F:1C:69
Certificate issuer:       /CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
Certificate serial:       018CC56E08578E295E948251A07144A98B61
Authority key identifier: 09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/o56-xbCEnLsH6EdcMKB8jX6PHGk.roa
Signing time:             Mon 01 Jan 2024 14:29:31 +0000
ROA not before:           Mon 01 Jan 2024 14:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5089
IP address blocks:        80.93.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:08:57:8e:29:5e:94:82:51:a0:71:44:a9:8b:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
        Validity
            Not Before: Jan  1 14:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a39ebec5b0849cbb07e8475c30a07c8d7e8f1c69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:8e:a0:bd:62:0a:f3:41:9b:83:8e:f0:e9:32:
                    6e:9d:5c:8f:d0:7b:1e:40:03:84:d4:0a:5e:fd:7e:
                    1b:57:41:aa:0c:70:55:a9:76:9e:9a:93:71:36:bc:
                    31:aa:47:e2:01:98:57:8a:44:3d:98:a5:36:75:19:
                    04:df:48:d1:d5:f8:af:e4:5e:cf:16:79:14:14:3e:
                    f1:b8:a9:bd:ab:78:5c:20:25:65:f4:84:57:97:67:
                    52:9f:94:41:ab:79:e1:13:29:36:23:0f:38:8c:c7:
                    7f:b4:99:0f:ab:f8:ab:1e:91:45:51:f9:6f:e5:98:
                    0a:47:1b:1c:8c:e1:b4:85:40:55:83:ef:c3:0d:cb:
                    d4:b6:70:78:f3:6d:17:0e:86:82:be:84:c4:de:a7:
                    31:73:5e:d3:4f:1e:30:68:3f:f9:dc:f9:d5:ce:e2:
                    a8:50:e1:9a:6f:0f:96:83:a2:bd:a6:b8:7a:84:c4:
                    ef:ad:84:7e:b6:34:0e:3a:85:fd:ca:8a:7e:7d:b9:
                    48:e3:54:bb:d7:9b:6a:7c:f5:3c:5e:37:67:eb:e7:
                    ed:a5:b5:8f:2d:13:22:55:a7:36:41:1e:f6:3e:30:
                    81:44:90:0e:07:04:1d:ca:c5:04:c5:6a:03:69:57:
                    ee:7c:82:74:30:b3:21:39:df:23:92:9b:17:4d:de:
                    71:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:9E:BE:C5:B0:84:9C:BB:07:E8:47:5C:30:A0:7C:8D:7E:8F:1C:69
            X509v3 Authority Key Identifier:
                keyid:09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/o56-xbCEnLsH6EdcMKB8jX6PHGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.93.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:c6:1f:18:cf:16:ec:e7:eb:12:21:ef:e6:19:f6:5e:49:e0:
         49:24:19:ff:1f:60:08:7f:b8:f5:15:15:63:bc:d0:80:56:a6:
         68:0e:cd:aa:1d:54:3d:2c:ac:88:fc:e6:05:97:6c:f9:d8:f8:
         00:0c:dc:c9:6b:a4:a4:d6:2b:4a:cc:d0:fe:13:db:49:d7:3d:
         65:c0:c2:c6:e2:f3:fd:1c:75:79:bb:61:91:7e:1d:3a:3c:71:
         91:c3:1c:07:9c:8f:0d:c3:aa:f6:61:69:46:a0:b2:79:20:f3:
         d8:dd:18:e8:20:50:32:42:bf:1b:e5:b1:e2:f4:64:9c:6d:3e:
         16:4e:be:2d:61:e0:06:54:aa:0f:4f:7b:4f:ee:e7:29:d7:67:
         cc:82:0a:00:a8:d7:22:24:bf:53:a6:07:88:34:f9:a1:e9:ab:
         a5:de:cf:8d:b5:f8:ed:5d:56:29:63:7c:22:2e:e9:eb:71:64:
         78:8f:a3:3f:fc:38:d5:3f:72:af:7e:72:ef:e0:5c:02:2e:50:
         8b:9d:1a:ad:4d:6f:b0:14:49:4f:ea:8a:13:6f:21:d5:84:e3:
         23:12:7e:22:83:c1:60:06:43:d6:90:73:9c:ef:cd:55:61:6c:
         f8:91:fc:85:8e:d2:cc:db:6b:bd:fe:a2:5f:81:dd:4b:61:cc:
         e4:19:e2:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbghXjilelIJRoHFEqYthMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OGY3YmEzNGJjNjU2N2JkMzYxNmQ1NzRmNzI4NWRkNzU1
NmRiZmQwHhcNMjQwMTAxMTQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzllYmVjNWIwODQ5Y2JiMDdlODQ3NWMzMGEwN2M4ZDdlOGYxYzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA346gvWIK80Gbg47w6TJunVyP0Hse
QAOE1Ape/X4bV0GqDHBVqXaempNxNrwxqkfiAZhXikQ9mKU2dRkE30jR1fiv5F7P
FnkUFD7xuKm9q3hcICVl9IRXl2dSn5RBq3nhEyk2Iw84jMd/tJkPq/irHpFFUflv
5ZgKRxscjOG0hUBVg+/DDcvUtnB4820XDoaCvoTE3qcxc17TTx4waD/53PnVzuKo
UOGabw+Wg6K9prh6hMTvrYR+tjQOOoX9yop+fblI41S715tqfPU8Xjdn6+ftpbWP
LRMiVac2QR72PjCBRJAOBwQdysUExWoDaVfufIJ0MLMhOd8jkpsXTd5x/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKOevsWwhJy7B+hHXDCgfI1+jxxpMB8GA1UdIwQY
MBaAFAmPe6NLxlZ702FtV09yhd11Vtv9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMt
ZTIxNjZhZDc0ZTNmLzEvbzU2LXhiQ0VuTHNINkVkY01LQjhqWDZQSEdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMtZTIxNjZhZDc0ZTNm
LzEvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUF3IMA0G
CSqGSIb3DQEBCwUAA4IBAQA0xh8Yzxbs5+sSIe/mGfZeSeBJJBn/H2AIf7j1FRVj
vNCAVqZoDs2qHVQ9LKyI/OYFl2z52PgADNzJa6Sk1itKzND+E9tJ1z1lwMLG4vP9
HHV5u2GRfh06PHGRwxwHnI8Nw6r2YWlGoLJ5IPPY3RjoIFAyQr8b5bHi9GScbT4W
Tr4tYeAGVKoPT3tP7ucp12fMggoAqNciJL9TpgeINPmh6aul3s+NtfjtXVYpY3wi
LunrcWR4j6M//DjVP3KvfnLv4FwCLlCLnRqtTW+wFElP6ooTbyHVhOMjEn4ig8Fg
BkPWkHOc781VYWz4kfyFjtLM22u9/qJfgd1LYczkGeJA
-----END CERTIFICATE-----