Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/b9117c-51c5-4af8-bbef-f5d8ab7c15f0/1/NczFXLGJ9iJzBU18QRi8tHQrTc4.roa
File:                     NczFXLGJ9iJzBU18QRi8tHQrTc4.roa (raw, json)
Hash identifier:          qoAQTaQkuqrgY9J546ePXMulmNQW6+EmJLNB6oRUl5k=
Subject key identifier:   35:CC:C5:5C:B1:89:F6:22:73:05:4D:7C:41:18:BC:B4:74:2B:4D:CE
Certificate issuer:       /CN=39027738f978feda24a9d87b0cb8bb9aa7af540d
Certificate serial:       019073186B5262B7A2B51B3B8F39677B9424
Authority key identifier: 39:02:77:38:F9:78:FE:DA:24:A9:D8:7B:0C:B8:BB:9A:A7:AF:54:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OQJ3OPl4_tokqdh7DLi7mqevVA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/b9117c-51c5-4af8-bbef-f5d8ab7c15f0/1/NczFXLGJ9iJzBU18QRi8tHQrTc4.roa
Signing time:             Tue 02 Jul 2024 10:58:18 +0000
ROA not before:           Tue 02 Jul 2024 10:58:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58233
IP address blocks:        5.56.160.0/21 maxlen: 21
                          5.56.160.0/22 maxlen: 22
                          5.56.164.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/b9117c-51c5-4af8-bbef-f5d8ab7c15f0/1/OQJ3OPl4_tokqdh7DLi7mqevVA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/b9117c-51c5-4af8-bbef-f5d8ab7c15f0/1/OQJ3OPl4_tokqdh7DLi7mqevVA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OQJ3OPl4_tokqdh7DLi7mqevVA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 04:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:73:18:6b:52:62:b7:a2:b5:1b:3b:8f:39:67:7b:94:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39027738f978feda24a9d87b0cb8bb9aa7af540d
        Validity
            Not Before: Jul  2 10:58:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35ccc55cb189f62273054d7c4118bcb4742b4dce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:7f:b6:93:c1:48:81:87:1f:43:78:ef:e6:e8:
                    4b:b6:ee:2d:8b:de:9d:16:e2:ff:c1:50:1e:5b:11:
                    d5:ca:e7:e6:72:1c:12:41:b7:0e:d5:f3:e8:3a:d3:
                    b3:8e:7b:2d:ee:98:16:24:86:dc:3e:de:c6:31:21:
                    aa:60:bf:7c:c6:9c:6b:c1:d9:36:07:6d:e3:06:e3:
                    49:98:61:6f:53:34:a2:3d:5d:67:f0:77:7b:6f:e0:
                    a4:7f:16:69:ad:bc:3b:3d:87:3c:1b:c9:96:8b:b7:
                    3c:67:d2:f4:b7:ae:dc:8e:de:11:0a:2e:5e:ee:68:
                    0b:f1:e8:6a:9d:2f:05:5b:db:10:bb:d0:68:91:57:
                    39:d8:42:29:1f:87:9d:b3:4f:5a:f5:87:13:2b:a4:
                    27:8f:22:6e:85:91:07:e8:d1:77:00:b9:c0:62:eb:
                    67:10:70:fe:04:7d:1a:8c:c5:0d:8e:32:95:0b:57:
                    49:a6:ef:60:ca:e6:63:80:1b:ff:cb:d8:52:5e:54:
                    bd:b2:52:4b:21:9c:ea:c7:ed:9c:80:bc:52:c7:51:
                    1d:6a:d7:22:02:e2:01:f9:f1:04:25:d9:17:5f:17:
                    91:6d:15:c3:a8:ce:f8:6d:36:ba:52:b3:9f:e8:2b:
                    41:95:a3:c2:c0:a3:97:ec:a5:fe:55:c2:86:42:0b:
                    6a:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:CC:C5:5C:B1:89:F6:22:73:05:4D:7C:41:18:BC:B4:74:2B:4D:CE
            X509v3 Authority Key Identifier:
                keyid:39:02:77:38:F9:78:FE:DA:24:A9:D8:7B:0C:B8:BB:9A:A7:AF:54:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OQJ3OPl4_tokqdh7DLi7mqevVA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b9117c-51c5-4af8-bbef-f5d8ab7c15f0/1/NczFXLGJ9iJzBU18QRi8tHQrTc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b9117c-51c5-4af8-bbef-f5d8ab7c15f0/1/OQJ3OPl4_tokqdh7DLi7mqevVA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         13:61:4a:47:cb:bb:57:06:bc:71:47:c6:45:8a:57:9d:65:b4:
         46:06:f4:b8:5f:86:de:37:3a:c6:06:00:ab:2f:e7:f4:ba:08:
         bb:19:f2:75:3b:30:5a:8a:87:1b:96:c7:4e:51:7a:45:e7:40:
         26:da:00:f5:71:b3:0f:24:9e:a3:c1:9e:0e:2d:db:51:c0:00:
         fa:6d:c5:27:fe:28:70:15:5a:fd:38:f5:57:f9:94:79:7e:e5:
         a5:25:a4:ac:28:2b:12:4e:3d:50:2d:b4:44:fe:da:b4:38:e5:
         25:22:34:28:ff:65:7a:1d:28:8e:7d:f2:ee:c6:9a:98:89:94:
         37:76:a2:4b:d1:7e:7c:52:9f:65:39:b2:24:41:50:52:da:75:
         0a:14:12:dd:7c:b9:5e:4c:c0:38:b5:9f:80:cb:f5:c0:2d:67:
         b4:41:e5:e8:72:95:3b:9a:1d:12:2b:99:d1:32:1f:20:12:bf:
         20:25:c2:cc:e6:c4:94:d6:b6:ba:96:6e:26:e8:ea:08:cb:f4:
         bd:b3:a8:85:c7:ff:b4:96:69:c2:1a:c1:c5:bf:fd:ce:75:b1:
         27:92:b1:01:d4:77:34:bf:34:59:63:36:56:dd:d2:df:19:44:
         30:5c:7b:39:3b:3a:c5:d1:3f:96:68:8f:4b:d9:86:5e:d9:bf:
         67:aa:4d:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBzGGtSYreitRs7jzlne5QkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MDI3NzM4Zjk3OGZlZGEyNGE5ZDg3YjBjYjhiYjlhYTdh
ZjU0MGQwHhcNMjQwNzAyMTA1ODE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWNjYzU1Y2IxODlmNjIyNzMwNTRkN2M0MTE4YmNiNDc0MmI0ZGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAon+2k8FIgYcfQ3jv5uhLtu4ti96d
FuL/wVAeWxHVyufmchwSQbcO1fPoOtOzjnst7pgWJIbcPt7GMSGqYL98xpxrwdk2
B23jBuNJmGFvUzSiPV1n8Hd7b+CkfxZprbw7PYc8G8mWi7c8Z9L0t67cjt4RCi5e
7mgL8ehqnS8FW9sQu9BokVc52EIpH4eds09a9YcTK6QnjyJuhZEH6NF3ALnAYutn
EHD+BH0ajMUNjjKVC1dJpu9gyuZjgBv/y9hSXlS9slJLIZzqx+2cgLxSx1Edatci
AuIB+fEEJdkXXxeRbRXDqM74bTa6UrOf6CtBlaPCwKOX7KX+VcKGQgtq1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDXMxVyxifYicwVNfEEYvLR0K03OMB8GA1UdIwQY
MBaAFDkCdzj5eP7aJKnYewy4u5qnr1QNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1FKM09QbDRfdG9rcWRoN0RMaTdtcWV2VkEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9iOTExN2MtNTFjNS00YWY4LWJiZWYt
ZjVkOGFiN2MxNWYwLzEvTmN6RlhMR0o5aUp6QlUxOFFSaTh0SFFyVGM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9iOTExN2MtNTFjNS00YWY4LWJiZWYtZjVkOGFiN2MxNWYw
LzEvT1FKM09QbDRfdG9rcWRoN0RMaTdtcWV2VkEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBTigMA0G
CSqGSIb3DQEBCwUAA4IBAQATYUpHy7tXBrxxR8ZFiledZbRGBvS4X4beNzrGBgCr
L+f0ugi7GfJ1OzBaiocblsdOUXpF50Am2gD1cbMPJJ6jwZ4OLdtRwAD6bcUn/ihw
FVr9OPVX+ZR5fuWlJaSsKCsSTj1QLbRE/tq0OOUlIjQo/2V6HSiOffLuxpqYiZQ3
dqJL0X58Up9lObIkQVBS2nUKFBLdfLleTMA4tZ+Ay/XALWe0QeXocpU7mh0SK5nR
Mh8gEr8gJcLM5sSU1ra6lm4m6OoIy/S9s6iFx/+0lmnCGsHFv/3OdbEnkrEB1Hc0
vzRZYzZW3dLfGUQwXHs5OzrF0T+WaI9L2YZe2b9nqk3d
-----END CERTIFICATE-----