Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/9ce8f5-fed2-47ea-83b3-8d13f7b3f142/1/5_4qOd1GTRdKd6DbyMT4VAzgn60.roa
File:                     5_4qOd1GTRdKd6DbyMT4VAzgn60.roa (raw, json)
Hash identifier:          Q449y6NU5T0NgahXGNO0aRD91GR+m9cfLNErlQRiyf0=
Subject key identifier:   E7:FE:2A:39:DD:46:4D:17:4A:77:A0:DB:C8:C4:F8:54:0C:E0:9F:AD
Certificate issuer:       /CN=05e1d07de6f128f469c4c3b3028adf8d4d37e2d9
Certificate serial:       019422FB6CF1EB1EBF7D63A997E1ECDB8ABB
Authority key identifier: 05:E1:D0:7D:E6:F1:28:F4:69:C4:C3:B3:02:8A:DF:8D:4D:37:E2:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BeHQfebxKPRpxMOzAorfjU034tk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/9ce8f5-fed2-47ea-83b3-8d13f7b3f142/1/5_4qOd1GTRdKd6DbyMT4VAzgn60.roa
Signing time:             Wed 01 Jan 2025 17:48:10 +0000
ROA not before:           Wed 01 Jan 2025 17:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48384
IP address blocks:        91.227.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/9ce8f5-fed2-47ea-83b3-8d13f7b3f142/1/BeHQfebxKPRpxMOzAorfjU034tk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/9ce8f5-fed2-47ea-83b3-8d13f7b3f142/1/BeHQfebxKPRpxMOzAorfjU034tk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BeHQfebxKPRpxMOzAorfjU034tk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 14:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:6c:f1:eb:1e:bf:7d:63:a9:97:e1:ec:db:8a:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05e1d07de6f128f469c4c3b3028adf8d4d37e2d9
        Validity
            Not Before: Jan  1 17:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7fe2a39dd464d174a77a0dbc8c4f8540ce09fad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:39:76:1d:eb:4a:27:1d:0a:0c:71:4b:bd:58:
                    ed:e3:05:97:e8:ee:73:1a:b6:47:ed:4f:4a:3c:80:
                    58:ba:67:b7:f1:6e:81:ac:1e:9d:b6:02:c8:a0:20:
                    0d:f9:b3:12:ed:e3:c5:4e:fa:e2:f8:49:c1:84:f0:
                    a9:91:25:6d:2a:60:7e:59:42:51:d9:54:39:d1:65:
                    40:3a:e9:f6:55:8b:3f:d2:40:1a:06:62:23:a0:ba:
                    79:95:e2:20:4c:d7:b1:49:94:49:aa:86:93:99:3a:
                    bd:9b:e7:0d:4d:cc:02:13:5a:f2:45:cf:ae:47:0d:
                    6b:02:05:7a:fa:8b:a3:dc:f2:5e:3d:f6:c9:6f:3e:
                    7f:0b:ae:ce:b7:42:3a:00:af:22:2f:1c:eb:e2:84:
                    da:85:e8:38:b7:33:42:46:33:63:23:3b:07:21:f1:
                    91:8c:21:1f:ec:bd:c0:e9:73:f1:c0:68:43:56:a9:
                    c4:e4:7d:63:5e:e0:6c:53:2e:da:93:6b:77:d5:37:
                    db:11:b4:ee:ed:93:68:34:d5:82:37:42:ec:e0:6e:
                    6a:e3:40:cc:c6:df:fa:b0:2b:5a:5c:36:e1:e7:9c:
                    a3:96:a6:8f:cb:48:10:f2:95:d2:9e:48:ca:55:f1:
                    ca:f4:cf:28:41:1f:08:ca:da:d1:a8:09:db:5b:10:
                    db:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:FE:2A:39:DD:46:4D:17:4A:77:A0:DB:C8:C4:F8:54:0C:E0:9F:AD
            X509v3 Authority Key Identifier:
                keyid:05:E1:D0:7D:E6:F1:28:F4:69:C4:C3:B3:02:8A:DF:8D:4D:37:E2:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BeHQfebxKPRpxMOzAorfjU034tk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/9ce8f5-fed2-47ea-83b3-8d13f7b3f142/1/5_4qOd1GTRdKd6DbyMT4VAzgn60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/9ce8f5-fed2-47ea-83b3-8d13f7b3f142/1/BeHQfebxKPRpxMOzAorfjU034tk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:bf:d5:84:54:89:b4:0e:85:5c:4c:dd:57:51:df:0f:96:df:
         0d:16:62:d9:b6:26:d8:7a:6c:f1:f5:d7:79:1f:86:17:5e:40:
         83:3c:ee:03:09:10:7b:24:d5:4e:ba:07:7d:84:2a:5e:90:68:
         bc:db:cb:38:c7:e1:b7:89:96:07:26:d6:31:dd:b4:d9:d2:0a:
         44:c9:c8:de:55:bd:bf:0f:99:4b:79:b7:d5:39:ac:d1:68:7a:
         1c:8a:b8:74:00:fb:3d:39:53:4b:39:2c:40:0b:32:17:b4:67:
         b3:76:35:c0:11:79:29:d7:6b:0d:84:32:a9:cc:7b:2c:02:7f:
         14:0f:77:e3:20:aa:0d:9d:e5:be:5c:30:e9:57:19:c7:4a:72:
         fc:77:a2:3f:46:47:54:8a:30:5d:00:8e:32:d1:42:54:81:c1:
         84:41:58:ea:cb:ca:96:97:0a:c8:49:05:0b:40:48:6b:29:d9:
         72:be:84:68:d3:5c:ce:c4:79:f0:6a:38:45:14:b2:fa:a1:fb:
         4d:16:99:5b:e4:c6:d1:8f:44:15:64:2e:c1:a8:2d:91:a9:00:
         a8:e6:52:5a:a0:0a:86:76:66:93:21:c6:4a:79:20:54:30:b6:
         b7:cc:97:36:3f:64:bc:a9:77:4f:bd:1c:ef:69:68:69:d3:63:
         37:d3:fc:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+2zx6x6/fWOpl+Hs24q7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZTFkMDdkZTZmMTI4ZjQ2OWM0YzNiMzAyOGFkZjhkNGQz
N2UyZDkwHhcNMjUwMTAxMTc0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2ZlMmEzOWRkNDY0ZDE3NGE3N2EwZGJjOGM0Zjg1NDBjZTA5ZmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Tl2HetKJx0KDHFLvVjt4wWX6O5z
GrZH7U9KPIBYume38W6BrB6dtgLIoCAN+bMS7ePFTvri+EnBhPCpkSVtKmB+WUJR
2VQ50WVAOun2VYs/0kAaBmIjoLp5leIgTNexSZRJqoaTmTq9m+cNTcwCE1ryRc+u
Rw1rAgV6+ouj3PJePfbJbz5/C67Ot0I6AK8iLxzr4oTaheg4tzNCRjNjIzsHIfGR
jCEf7L3A6XPxwGhDVqnE5H1jXuBsUy7ak2t31TfbEbTu7ZNoNNWCN0Ls4G5q40DM
xt/6sCtaXDbh55yjlqaPy0gQ8pXSnkjKVfHK9M8oQR8IytrRqAnbWxDbQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOf+KjndRk0XSneg28jE+FQM4J+tMB8GA1UdIwQY
MBaAFAXh0H3m8Sj0acTDswKK341NN+LZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmVIUWZlYnhLUFJweE1PekFvcmZqVTAzNHRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi85Y2U4ZjUtZmVkMi00N2VhLTgzYjMt
OGQxM2Y3YjNmMTQyLzEvNV80cU9kMUdUUmRLZDZEYnlNVDRWQXpnbjYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi85Y2U4ZjUtZmVkMi00N2VhLTgzYjMtOGQxM2Y3YjNmMTQy
LzEvQmVIUWZlYnhLUFJweE1PekFvcmZqVTAzNHRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+M3MA0G
CSqGSIb3DQEBCwUAA4IBAQBAv9WEVIm0DoVcTN1XUd8Plt8NFmLZtibYemzx9dd5
H4YXXkCDPO4DCRB7JNVOugd9hCpekGi828s4x+G3iZYHJtYx3bTZ0gpEycjeVb2/
D5lLebfVOazRaHocirh0APs9OVNLOSxACzIXtGezdjXAEXkp12sNhDKpzHssAn8U
D3fjIKoNneW+XDDpVxnHSnL8d6I/RkdUijBdAI4y0UJUgcGEQVjqy8qWlwrISQUL
QEhrKdlyvoRo01zOxHnwajhFFLL6oftNFplb5MbRj0QVZC7BqC2RqQCo5lJaoAqG
dmaTIcZKeSBUMLa3zJc2P2S8qXdPvRzvaWhp02M30/xd
-----END CERTIFICATE-----