Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/e11dad-208e-47cc-bf6e-bc513a98b9be/1/56Pnvhi9gRjSiehF4vZmxYO4bFY.roa
File:                     56Pnvhi9gRjSiehF4vZmxYO4bFY.roa (raw, json)
Hash identifier:          4CHkYWp/QuUsLOE0xGPz6heZ+gpO7kwewArPMyKLbJk=
Subject key identifier:   E7:A3:E7:BE:18:BD:81:18:D2:89:E8:45:E2:F6:66:C5:83:B8:6C:56
Certificate issuer:       /CN=5f0df0c8e5d1b23538beb5eccc3ab12865df7eaa
Certificate serial:       018CC56EC63C079A693CA4828BE57397AFC7
Authority key identifier: 5F:0D:F0:C8:E5:D1:B2:35:38:BE:B5:EC:CC:3A:B1:28:65:DF:7E:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xw3wyOXRsjU4vrXszDqxKGXffqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/e11dad-208e-47cc-bf6e-bc513a98b9be/1/56Pnvhi9gRjSiehF4vZmxYO4bFY.roa
Signing time:             Mon 01 Jan 2024 14:30:20 +0000
ROA not before:           Mon 01 Jan 2024 14:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204572
IP address blocks:        45.143.124.0/22 maxlen: 22
                          2a0e:e3c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/e11dad-208e-47cc-bf6e-bc513a98b9be/1/Xw3wyOXRsjU4vrXszDqxKGXffqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/e11dad-208e-47cc-bf6e-bc513a98b9be/1/Xw3wyOXRsjU4vrXszDqxKGXffqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xw3wyOXRsjU4vrXszDqxKGXffqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:c6:3c:07:9a:69:3c:a4:82:8b:e5:73:97:af:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f0df0c8e5d1b23538beb5eccc3ab12865df7eaa
        Validity
            Not Before: Jan  1 14:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7a3e7be18bd8118d289e845e2f666c583b86c56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:6b:00:ec:4c:fe:03:a8:58:19:be:7a:d1:32:
                    09:85:76:40:23:94:4c:f1:3b:60:95:14:64:27:f5:
                    36:da:8c:57:7e:44:df:db:cc:fe:06:1a:e4:15:aa:
                    13:ad:95:4a:23:de:0b:2c:d1:46:77:c5:06:18:05:
                    2b:c4:c3:c9:0a:ce:b3:67:72:78:50:d2:dc:8c:30:
                    2c:37:b5:b3:3a:84:f5:b2:86:92:7a:5e:ce:db:b1:
                    08:11:78:f6:9f:a8:cf:62:37:a3:3a:98:37:ba:89:
                    c6:33:7b:c2:07:f5:ff:c3:06:cb:37:df:bf:3c:7e:
                    40:6c:da:0c:38:9b:00:c8:15:4f:13:cf:28:de:39:
                    9b:c5:ef:e7:e2:82:7d:d4:9b:c6:20:6c:cb:c5:11:
                    16:e6:b1:c7:cb:c5:81:fc:36:d9:16:76:23:ad:6e:
                    c9:86:dd:f2:c7:7f:6a:d7:cd:73:fd:31:87:a3:a8:
                    67:4f:5f:08:ed:a6:bd:4a:e5:b3:b7:f8:e8:d1:3b:
                    e4:97:84:eb:05:08:4c:72:70:81:fd:23:b0:d2:3c:
                    62:3e:9e:9a:80:15:41:41:25:86:a3:be:9d:e2:4a:
                    83:de:d0:7e:ba:1b:22:57:a0:8d:9b:30:38:98:49:
                    7f:58:23:3a:ad:b2:ba:1d:5e:fa:ab:0f:f0:18:9c:
                    ef:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:A3:E7:BE:18:BD:81:18:D2:89:E8:45:E2:F6:66:C5:83:B8:6C:56
            X509v3 Authority Key Identifier:
                keyid:5F:0D:F0:C8:E5:D1:B2:35:38:BE:B5:EC:CC:3A:B1:28:65:DF:7E:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xw3wyOXRsjU4vrXszDqxKGXffqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/e11dad-208e-47cc-bf6e-bc513a98b9be/1/56Pnvhi9gRjSiehF4vZmxYO4bFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/e11dad-208e-47cc-bf6e-bc513a98b9be/1/Xw3wyOXRsjU4vrXszDqxKGXffqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.124.0/22
                IPv6:
                  2a0e:e3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1d:09:15:5c:54:09:d4:f7:0a:1d:06:a0:44:8c:5a:6e:40:b3:
         9b:0e:42:17:5a:80:9e:e9:0f:72:f9:d9:c3:7b:27:f4:7d:a7:
         14:1e:85:10:61:0c:d0:bf:b6:08:62:95:a4:04:49:d4:2a:ed:
         0d:a6:cf:42:64:59:6d:78:f0:3e:e4:f7:94:f3:54:4d:08:0a:
         a1:44:56:b2:74:00:40:dc:87:c0:ee:d0:8a:a8:24:a2:74:11:
         5c:93:69:04:6e:c0:c3:fe:77:ac:af:40:07:a6:7f:8f:a5:af:
         30:e2:b2:a6:b1:81:63:9e:00:cd:f7:eb:b3:27:35:fb:58:5c:
         04:28:b7:12:5e:4a:5c:53:e8:2e:de:32:bf:38:02:3c:5e:7a:
         41:7f:9a:25:fe:c5:0e:f3:4f:8d:1a:de:83:27:03:1c:78:ff:
         75:e1:8b:b2:ce:e4:09:eb:fd:ef:6b:fc:18:9d:14:c0:c7:d4:
         a9:99:0b:20:c2:d7:26:ea:db:2d:bc:74:69:6a:59:ee:c2:2f:
         b9:b6:cc:57:e8:06:1c:ac:8f:db:2a:35:81:ba:24:00:6c:e4:
         77:ab:20:36:34:2d:e1:5f:5c:6c:c5:94:05:3e:41:6e:a8:25:
         88:2b:0b:c6:d6:86:db:c6:40:ef:06:af:b6:42:62:30:d4:ec:
         87:97:c2:1d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbsY8B5ppPKSCi+Vzl6/HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMGRmMGM4ZTVkMWIyMzUzOGJlYjVlY2NjM2FiMTI4NjVk
ZjdlYWEwHhcNMjQwMTAxMTQzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2EzZTdiZTE4YmQ4MTE4ZDI4OWU4NDVlMmY2NjZjNTgzYjg2YzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWsA7Ez+A6hYGb560TIJhXZAI5RM
8TtglRRkJ/U22oxXfkTf28z+BhrkFaoTrZVKI94LLNFGd8UGGAUrxMPJCs6zZ3J4
UNLcjDAsN7WzOoT1soaSel7O27EIEXj2n6jPYjejOpg3uonGM3vCB/X/wwbLN9+/
PH5AbNoMOJsAyBVPE88o3jmbxe/n4oJ91JvGIGzLxREW5rHHy8WB/DbZFnYjrW7J
ht3yx39q181z/TGHo6hnT18I7aa9SuWzt/jo0Tvkl4TrBQhMcnCB/SOw0jxiPp6a
gBVBQSWGo76d4kqD3tB+uhsiV6CNmzA4mEl/WCM6rbK6HV76qw/wGJzvwwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOej574YvYEY0onoReL2ZsWDuGxWMB8GA1UdIwQY
MBaAFF8N8Mjl0bI1OL617Mw6sShl336qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHczd3lPWFJzalU0dnJYc3pEcXhLR1hmZnFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9lMTFkYWQtMjA4ZS00N2NjLWJmNmUt
YmM1MTNhOThiOWJlLzEvNTZQbnZoaTlnUmpTaWVoRjR2Wm14WU80YkZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9lMTFkYWQtMjA4ZS00N2NjLWJmNmUtYmM1MTNhOThiOWJl
LzEvWHczd3lPWFJzalU0dnJYc3pEcXhLR1hmZnFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLY98MA0E
AgACMAcDBQMqDuPAMA0GCSqGSIb3DQEBCwUAA4IBAQAdCRVcVAnU9wodBqBEjFpu
QLObDkIXWoCe6Q9y+dnDeyf0facUHoUQYQzQv7YIYpWkBEnUKu0Nps9CZFltePA+
5PeU81RNCAqhRFaydABA3IfA7tCKqCSidBFck2kEbsDD/nesr0AHpn+Ppa8w4rKm
sYFjngDN9+uzJzX7WFwEKLcSXkpcU+gu3jK/OAI8XnpBf5ol/sUO80+NGt6DJwMc
eP914YuyzuQJ6/3va/wYnRTAx9SpmQsgwtcm6tstvHRpalnuwi+5tsxX6AYcrI/b
KjWBuiQAbOR3qyA2NC3hX1xsxZQFPkFuqCWIKwvG1obbxkDvBq+2QmIw1OyHl8Id
-----END CERTIFICATE-----