Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/901170-e606-4fd1-8504-7f0d07ba4af3/1/01cMKafhfNNXCAv0ZLDaXKVnD90.roa
File:                     01cMKafhfNNXCAv0ZLDaXKVnD90.roa (raw, json)
Hash identifier:          7j5di8TzxYSdPp0l09/rZsGlHxLb1EC9CT4INkl5xa8=
Subject key identifier:   D3:57:0C:29:A7:E1:7C:D3:57:08:0B:F4:64:B0:DA:5C:A5:67:0F:DD
Certificate issuer:       /CN=cd1f73345794ce4817ea99e8d8cfcea71bd78367
Certificate serial:       019078A1A7A55169C7892A44AEF2E4679187
Authority key identifier: CD:1F:73:34:57:94:CE:48:17:EA:99:E8:D8:CF:CE:A7:1B:D7:83:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zR9zNFeUzkgX6pno2M_OpxvXg2c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/901170-e606-4fd1-8504-7f0d07ba4af3/1/01cMKafhfNNXCAv0ZLDaXKVnD90.roa
Signing time:             Wed 03 Jul 2024 12:46:18 +0000
ROA not before:           Wed 03 Jul 2024 12:46:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        212.56.56.0/24 maxlen: 24
                          2a14:7640::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/901170-e606-4fd1-8504-7f0d07ba4af3/1/zR9zNFeUzkgX6pno2M_OpxvXg2c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/901170-e606-4fd1-8504-7f0d07ba4af3/1/zR9zNFeUzkgX6pno2M_OpxvXg2c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zR9zNFeUzkgX6pno2M_OpxvXg2c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 18:45:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:78:a1:a7:a5:51:69:c7:89:2a:44:ae:f2:e4:67:91:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd1f73345794ce4817ea99e8d8cfcea71bd78367
        Validity
            Not Before: Jul  3 12:46:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3570c29a7e17cd357080bf464b0da5ca5670fdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ba:64:e1:62:dd:d6:6f:23:cc:03:42:f2:3c:
                    54:0b:e7:40:26:bf:ca:32:8e:df:9d:54:61:66:27:
                    97:ce:70:37:ea:2c:86:97:61:9d:85:c8:f6:17:e1:
                    bf:db:9a:19:32:ac:87:52:1f:39:9f:4e:cb:a3:e7:
                    4d:f5:b7:03:63:1d:a3:5c:0f:ae:a9:fa:f4:00:92:
                    09:36:3a:4d:bc:7d:38:6e:a4:0b:1a:37:54:54:46:
                    40:9d:cc:35:0d:7b:27:4e:5e:2c:3f:22:07:c4:01:
                    74:79:05:8a:04:59:d8:ce:62:3f:bf:7d:7d:c0:83:
                    a8:ae:2f:2d:69:d1:f6:5a:d4:c5:c9:32:cc:2d:c1:
                    aa:51:77:2a:bb:df:c1:45:ad:56:b3:51:df:a3:df:
                    9d:ad:26:a3:14:fe:f4:4d:d8:ad:74:1a:fa:34:13:
                    ae:d1:28:71:12:a7:5e:31:04:71:4d:6e:dd:c3:9f:
                    e6:77:5d:ed:1d:ea:75:3d:97:95:74:96:4e:ce:10:
                    ff:b4:11:f6:23:18:73:44:ff:a5:d1:2a:d5:4e:9c:
                    11:16:7b:d4:be:e6:1f:6c:d9:4c:19:1c:cc:3b:1f:
                    3b:84:d8:4e:d7:77:c0:1d:db:1c:f8:5e:42:d0:a3:
                    77:9f:02:23:7a:67:1b:7f:f6:c7:90:93:8a:c6:dd:
                    c9:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:57:0C:29:A7:E1:7C:D3:57:08:0B:F4:64:B0:DA:5C:A5:67:0F:DD
            X509v3 Authority Key Identifier:
                keyid:CD:1F:73:34:57:94:CE:48:17:EA:99:E8:D8:CF:CE:A7:1B:D7:83:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zR9zNFeUzkgX6pno2M_OpxvXg2c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/901170-e606-4fd1-8504-7f0d07ba4af3/1/01cMKafhfNNXCAv0ZLDaXKVnD90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/901170-e606-4fd1-8504-7f0d07ba4af3/1/zR9zNFeUzkgX6pno2M_OpxvXg2c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.56.56.0/24
                IPv6:
                  2a14:7640::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:d2:b4:39:9b:13:28:12:87:f9:23:b9:01:28:fb:91:82:90:
         f5:ba:8a:a9:38:45:9b:48:96:90:72:74:bd:71:8f:f6:e1:31:
         8a:e7:bd:02:01:9d:37:46:98:d8:4e:98:dd:7a:1d:44:29:42:
         01:f7:4d:50:43:c9:d2:15:2a:35:f4:b0:1b:6a:82:d5:2a:c0:
         81:cc:31:dd:3e:1f:a8:02:c3:27:0b:fb:76:ce:21:73:00:2b:
         81:f4:98:a8:9b:cf:19:97:34:c2:41:f0:b9:9f:eb:ee:4c:fe:
         2f:f5:7f:3b:c0:ab:09:47:17:fe:87:b1:0f:1d:43:6e:64:a7:
         f6:40:5d:4f:de:76:b7:20:af:f8:37:64:94:92:32:0f:1e:01:
         c4:c4:58:2b:4a:f5:62:2d:3f:84:58:c7:4a:8e:e5:0c:ac:cc:
         a6:03:b5:f9:c5:14:55:c2:6e:31:21:30:28:56:b4:17:3e:70:
         d6:dd:3e:fd:fd:6f:e3:c3:32:61:e2:a3:80:87:b4:1e:da:ef:
         3e:03:dc:9e:07:8c:a8:94:e0:ff:d5:b2:6b:50:0b:59:56:88:
         ce:f9:b9:aa:81:66:9f:a8:e3:57:7d:86:9f:ee:28:6f:c6:a4:
         61:72:ed:59:e8:c4:a1:4d:02:b3:d0:b2:29:0b:a3:a4:04:e3:
         d8:f4:1e:2b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZB4oaelUWnHiSpErvLkZ5GHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMWY3MzM0NTc5NGNlNDgxN2VhOTllOGQ4Y2ZjZWE3MWJk
NzgzNjcwHhcNMjQwNzAzMTI0NjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzU3MGMyOWE3ZTE3Y2QzNTcwODBiZjQ2NGIwZGE1Y2E1NjcwZmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLpk4WLd1m8jzANC8jxUC+dAJr/K
Mo7fnVRhZieXznA36iyGl2Gdhcj2F+G/25oZMqyHUh85n07Lo+dN9bcDYx2jXA+u
qfr0AJIJNjpNvH04bqQLGjdUVEZAncw1DXsnTl4sPyIHxAF0eQWKBFnYzmI/v319
wIOori8tadH2WtTFyTLMLcGqUXcqu9/BRa1Ws1Hfo9+drSajFP70TditdBr6NBOu
0ShxEqdeMQRxTW7dw5/md13tHep1PZeVdJZOzhD/tBH2IxhzRP+l0SrVTpwRFnvU
vuYfbNlMGRzMOx87hNhO13fAHdsc+F5C0KN3nwIjemcbf/bHkJOKxt3J/wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNNXDCmn4XzTVwgL9GSw2lylZw/dMB8GA1UdIwQY
MBaAFM0fczRXlM5IF+qZ6NjPzqcb14NnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelI5ek5GZVV6a2dYNnBubzJNX09weHZYZzJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MDExNzAtZTYwNi00ZmQxLTg1MDQt
N2YwZDA3YmE0YWYzLzEvMDFjTUthZmhmTk5YQ0F2MFpMRGFYS1ZuRDkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MDExNzAtZTYwNi00ZmQxLTg1MDQtN2YwZDA3YmE0YWYz
LzEvelI5ek5GZVV6a2dYNnBubzJNX09weHZYZzJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA1Dg4MA8E
AgACMAkDBwAqFHZAAAAwDQYJKoZIhvcNAQELBQADggEBADrStDmbEygSh/kjuQEo
+5GCkPW6iqk4RZtIlpBydL1xj/bhMYrnvQIBnTdGmNhOmN16HUQpQgH3TVBDydIV
KjX0sBtqgtUqwIHMMd0+H6gCwycL+3bOIXMAK4H0mKibzxmXNMJB8Lmf6+5M/i/1
fzvAqwlHF/6HsQ8dQ25kp/ZAXU/edrcgr/g3ZJSSMg8eAcTEWCtK9WItP4RYx0qO
5QyszKYDtfnFFFXCbjEhMChWtBc+cNbdPv39b+PDMmHio4CHtB7a7z4D3J4HjKiU
4P/VsmtQC1lWiM75uaqBZp+o41d9hp/uKG/GpGFy7VnoxKFNArPQsikLo6QE49j0
His=
-----END CERTIFICATE-----