Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/7b308c-70cd-4f24-b610-7aba569658d5/1/V6FiIZUXD805lk03DEsxKVQuMsQ.roa
File:                     V6FiIZUXD805lk03DEsxKVQuMsQ.roa (raw, json)
Hash identifier:          GRzhk/Id80Nsoord4u+uHIC1PydDk5jIltoshdrBF2E=
Subject key identifier:   57:A1:62:21:95:17:0F:CD:39:96:4D:37:0C:4B:31:29:54:2E:32:C4
Certificate issuer:       /CN=a01012ec845500718cab76c9dd0af010890de26d
Certificate serial:       018CC64B2298AE8B33E63FC7FEC679B7B135
Authority key identifier: A0:10:12:EC:84:55:00:71:8C:AB:76:C9:DD:0A:F0:10:89:0D:E2:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oBAS7IRVAHGMq3bJ3QrwEIkN4m0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/7b308c-70cd-4f24-b610-7aba569658d5/1/V6FiIZUXD805lk03DEsxKVQuMsQ.roa
Signing time:             Mon 01 Jan 2024 18:31:01 +0000
ROA not before:           Mon 01 Jan 2024 18:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48286
IP address blocks:        185.241.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/7b308c-70cd-4f24-b610-7aba569658d5/1/oBAS7IRVAHGMq3bJ3QrwEIkN4m0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/7b308c-70cd-4f24-b610-7aba569658d5/1/oBAS7IRVAHGMq3bJ3QrwEIkN4m0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oBAS7IRVAHGMq3bJ3QrwEIkN4m0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:22:98:ae:8b:33:e6:3f:c7:fe:c6:79:b7:b1:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a01012ec845500718cab76c9dd0af010890de26d
        Validity
            Not Before: Jan  1 18:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57a1622195170fcd39964d370c4b3129542e32c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:2b:7e:3c:2e:fe:76:94:54:13:b2:91:d8:ac:
                    1c:dc:7c:2d:33:1e:58:a9:f4:65:4c:a3:a7:95:e0:
                    ec:53:67:f7:b4:8b:9b:86:ad:a4:8b:a4:b8:8b:ea:
                    80:2e:1c:1d:4f:43:e0:19:13:df:f8:fd:f5:43:01:
                    67:fc:fa:50:90:8c:26:d8:ec:06:e8:db:e1:19:37:
                    6b:06:72:a2:6c:9c:6d:33:5d:f5:9e:bd:44:bb:34:
                    a3:40:72:e5:2a:33:96:0b:52:ca:d4:1e:ea:65:b9:
                    64:03:4a:94:a0:01:51:77:96:7b:17:3d:0c:1d:16:
                    f1:e0:f5:9b:8f:c6:f1:6f:9d:ad:a7:75:ee:43:0d:
                    6c:89:51:45:e5:8e:af:29:91:a5:a5:5c:40:89:22:
                    92:52:8f:60:64:69:ec:b7:78:8f:ae:05:7e:09:9c:
                    a3:54:ac:6d:b2:9b:0a:77:21:73:fe:14:8a:29:07:
                    03:65:ca:7c:8d:c7:6e:22:24:49:d5:8a:47:58:31:
                    8a:a0:33:e2:dc:cd:5c:a2:f8:01:6a:14:3b:32:67:
                    a6:da:15:69:3e:32:06:95:5c:e8:b8:87:8a:61:80:
                    fc:92:5f:67:4d:d4:74:2f:a4:1a:dd:c6:09:72:75:
                    2a:4b:5a:31:3c:7c:02:49:5b:cb:96:67:18:e5:71:
                    10:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:A1:62:21:95:17:0F:CD:39:96:4D:37:0C:4B:31:29:54:2E:32:C4
            X509v3 Authority Key Identifier:
                keyid:A0:10:12:EC:84:55:00:71:8C:AB:76:C9:DD:0A:F0:10:89:0D:E2:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oBAS7IRVAHGMq3bJ3QrwEIkN4m0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/7b308c-70cd-4f24-b610-7aba569658d5/1/V6FiIZUXD805lk03DEsxKVQuMsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/7b308c-70cd-4f24-b610-7aba569658d5/1/oBAS7IRVAHGMq3bJ3QrwEIkN4m0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:4e:9d:d3:45:b5:cc:0f:0e:1e:67:d6:a0:93:5b:88:95:59:
         cb:21:05:c1:35:7b:86:d1:2a:14:1c:f1:fc:4c:09:b2:01:4f:
         29:68:ed:19:ca:46:8c:7d:57:7b:20:a6:a6:3b:7c:fe:43:65:
         04:78:f6:8a:0f:84:72:1a:89:23:bb:f3:f9:87:52:03:53:3f:
         23:f2:7f:fa:a1:6b:b4:49:72:92:4e:97:36:74:0b:75:e5:41:
         30:16:da:63:3e:b9:f4:a0:70:1d:0a:e8:08:48:44:cb:46:6f:
         38:1f:85:c3:18:55:e0:ec:1e:a3:4d:64:a4:61:42:94:9e:a7:
         75:92:d0:a6:39:0e:47:25:bb:bd:a7:05:b2:87:ef:46:1c:b0:
         8f:11:f8:68:0e:18:a1:8b:08:a9:52:bc:c7:0b:fe:cf:a8:45:
         5a:81:5d:39:67:73:a3:61:42:ce:b2:16:a4:50:c8:96:23:b6:
         ff:f1:20:bb:8e:f4:8f:2f:f8:34:0a:17:4d:75:79:cd:b2:fc:
         a8:65:2c:61:7b:98:aa:3e:66:64:cd:a7:fd:61:ec:9e:00:96:
         8a:f5:23:b5:a8:4d:73:80:bb:2e:24:f6:11:07:94:24:d6:8c:
         dc:d3:95:a8:6a:59:4e:19:e0:2a:ed:22:5c:d5:ec:d8:fb:68:
         84:16:2e:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSyKYrosz5j/H/sZ5t7E1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwMTAxMmVjODQ1NTAwNzE4Y2FiNzZjOWRkMGFmMDEwODkw
ZGUyNmQwHhcNMjQwMTAxMTgzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2ExNjIyMTk1MTcwZmNkMzk5NjRkMzcwYzRiMzEyOTU0MmUzMmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyt+PC7+dpRUE7KR2Kwc3HwtMx5Y
qfRlTKOnleDsU2f3tIubhq2ki6S4i+qALhwdT0PgGRPf+P31QwFn/PpQkIwm2OwG
6NvhGTdrBnKibJxtM131nr1EuzSjQHLlKjOWC1LK1B7qZblkA0qUoAFRd5Z7Fz0M
HRbx4PWbj8bxb52tp3XuQw1siVFF5Y6vKZGlpVxAiSKSUo9gZGnst3iPrgV+CZyj
VKxtspsKdyFz/hSKKQcDZcp8jcduIiRJ1YpHWDGKoDPi3M1covgBahQ7Mmem2hVp
PjIGlVzouIeKYYD8kl9nTdR0L6Qa3cYJcnUqS1oxPHwCSVvLlmcY5XEQZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFehYiGVFw/NOZZNNwxLMSlULjLEMB8GA1UdIwQY
MBaAFKAQEuyEVQBxjKt2yd0K8BCJDeJtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0JBUzdJUlZBSEdNcTNiSjNRcndFSWtONG0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS83YjMwOGMtNzBjZC00ZjI0LWI2MTAt
N2FiYTU2OTY1OGQ1LzEvVjZGaUlaVVhEODA1bGswM0RFc3hLVlF1TXNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS83YjMwOGMtNzBjZC00ZjI0LWI2MTAtN2FiYTU2OTY1OGQ1
LzEvb0JBUzdJUlZBSEdNcTNiSjNRcndFSWtONG0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufE4MA0G
CSqGSIb3DQEBCwUAA4IBAQBlTp3TRbXMDw4eZ9agk1uIlVnLIQXBNXuG0SoUHPH8
TAmyAU8paO0ZykaMfVd7IKamO3z+Q2UEePaKD4RyGokju/P5h1IDUz8j8n/6oWu0
SXKSTpc2dAt15UEwFtpjPrn0oHAdCugISETLRm84H4XDGFXg7B6jTWSkYUKUnqd1
ktCmOQ5HJbu9pwWyh+9GHLCPEfhoDhihiwipUrzHC/7PqEVagV05Z3OjYULOshak
UMiWI7b/8SC7jvSPL/g0ChdNdXnNsvyoZSxhe5iqPmZkzaf9YeyeAJaK9SO1qE1z
gLsuJPYRB5Qk1ozc05WoallOGeAq7SJc1ezY+2iEFi7d
-----END CERTIFICATE-----