Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/9ce8f5-fed2-47ea-83b3-8d13f7b3f142/1/DA-nG2qYoNaaAXsMEsfrN5Ia7fI.roa
File:                     DA-nG2qYoNaaAXsMEsfrN5Ia7fI.roa (raw, json)
Hash identifier:          luCtxZU9xLle1nqx6VdPadkV42KLEpL+a14SwEQG4UQ=
Subject key identifier:   0C:0F:A7:1B:6A:98:A0:D6:9A:01:7B:0C:12:C7:EB:37:92:1A:ED:F2
Certificate issuer:       /CN=05e1d07de6f128f469c4c3b3028adf8d4d37e2d9
Certificate serial:       018CC86F4431398C53885C7AB043E6FB7823
Authority key identifier: 05:E1:D0:7D:E6:F1:28:F4:69:C4:C3:B3:02:8A:DF:8D:4D:37:E2:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BeHQfebxKPRpxMOzAorfjU034tk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/9ce8f5-fed2-47ea-83b3-8d13f7b3f142/1/DA-nG2qYoNaaAXsMEsfrN5Ia7fI.roa
Signing time:             Tue 02 Jan 2024 04:29:44 +0000
ROA not before:           Tue 02 Jan 2024 04:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48384
IP address blocks:        91.227.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/9ce8f5-fed2-47ea-83b3-8d13f7b3f142/1/BeHQfebxKPRpxMOzAorfjU034tk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/9ce8f5-fed2-47ea-83b3-8d13f7b3f142/1/BeHQfebxKPRpxMOzAorfjU034tk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BeHQfebxKPRpxMOzAorfjU034tk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:02:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:44:31:39:8c:53:88:5c:7a:b0:43:e6:fb:78:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05e1d07de6f128f469c4c3b3028adf8d4d37e2d9
        Validity
            Not Before: Jan  2 04:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c0fa71b6a98a0d69a017b0c12c7eb37921aedf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:0b:07:96:98:e6:3d:c1:1e:a6:15:f0:3e:c2:
                    6c:c8:19:92:af:ac:59:ec:dd:8d:f5:c3:f3:d6:92:
                    ba:ad:d9:c0:f5:36:c9:23:90:0c:e8:aa:39:b2:5b:
                    45:c1:31:3f:aa:16:a2:2a:ff:5d:0b:f9:53:49:f2:
                    05:b6:1f:5f:93:2d:22:45:89:03:e7:af:6a:db:f4:
                    31:da:0f:c7:55:cd:9c:1a:47:4d:1a:25:c8:c2:05:
                    1a:e4:7c:f2:10:68:fd:c3:c8:e4:3b:86:36:71:71:
                    bb:f4:a1:ef:d1:a4:3d:1f:f4:f3:dd:13:0b:e4:71:
                    98:e6:4b:18:7e:ca:a5:ed:8e:a6:d8:15:f7:9d:a0:
                    eb:08:3a:1e:84:70:ac:ce:0e:ef:33:af:fe:4d:64:
                    de:35:6d:2c:e4:41:c5:02:d9:dd:e5:3c:c2:e5:e5:
                    c9:c6:65:fe:f3:6c:5d:e6:ce:e4:0b:a6:aa:bd:0c:
                    44:4a:63:a3:17:b2:df:4e:f2:8f:70:e3:f4:37:49:
                    cb:af:7d:e8:f8:f8:d5:f9:6b:a6:5d:96:b7:3a:e3:
                    6c:7d:3c:85:ca:dc:88:fa:30:5d:c6:64:a7:2f:d5:
                    82:c7:6f:47:2e:b3:50:90:d2:53:24:f6:c7:75:ac:
                    06:7e:0d:63:80:6c:09:f5:ac:83:b5:ff:ff:b5:4f:
                    10:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:0F:A7:1B:6A:98:A0:D6:9A:01:7B:0C:12:C7:EB:37:92:1A:ED:F2
            X509v3 Authority Key Identifier:
                keyid:05:E1:D0:7D:E6:F1:28:F4:69:C4:C3:B3:02:8A:DF:8D:4D:37:E2:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BeHQfebxKPRpxMOzAorfjU034tk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/9ce8f5-fed2-47ea-83b3-8d13f7b3f142/1/DA-nG2qYoNaaAXsMEsfrN5Ia7fI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/9ce8f5-fed2-47ea-83b3-8d13f7b3f142/1/BeHQfebxKPRpxMOzAorfjU034tk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:b5:50:c7:48:c7:e1:4c:79:d2:72:d9:bd:9d:53:4e:1d:ec:
         54:15:9a:e0:c3:34:e3:b9:2e:ae:f9:14:2b:60:c5:87:f6:cf:
         95:6f:d6:06:94:6f:e3:45:8b:31:82:f8:39:25:e2:05:b9:13:
         af:c8:28:35:32:b8:17:8b:82:ba:70:fe:31:bc:75:be:11:29:
         c8:5b:ad:4e:b0:6d:54:f4:33:d6:d6:5b:ef:bf:79:f7:b2:3f:
         c0:c0:2d:13:18:50:94:66:14:2c:6e:a1:74:2f:f9:1c:a7:cc:
         35:cf:e1:5b:d5:40:47:62:d8:99:b6:32:52:a0:af:8c:f7:af:
         2d:61:6f:3c:a9:7e:5f:d9:26:18:fa:65:fb:8b:1b:64:cd:b7:
         d0:23:bf:d8:ee:21:7d:a6:fc:be:4d:23:fe:a1:44:d6:23:a3:
         68:22:90:70:12:27:b2:77:a3:1a:a8:d2:9c:c8:6a:50:e8:4e:
         05:80:a8:15:ee:a3:ec:10:1c:02:50:70:ea:fd:ad:75:99:44:
         58:b9:b7:79:60:f1:41:63:3f:8f:e5:c6:a7:79:93:46:07:4d:
         7e:2c:25:92:ac:b4:2f:29:09:61:ef:1c:c2:4e:d2:08:61:12:
         33:64:a0:f5:f8:6e:7a:f3:ab:73:2f:3c:9c:80:3a:59:6e:04:
         e7:24:a4:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb0QxOYxTiFx6sEPm+3gjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZTFkMDdkZTZmMTI4ZjQ2OWM0YzNiMzAyOGFkZjhkNGQz
N2UyZDkwHhcNMjQwMTAyMDQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzBmYTcxYjZhOThhMGQ2OWEwMTdiMGMxMmM3ZWIzNzkyMWFlZGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAsHlpjmPcEephXwPsJsyBmSr6xZ
7N2N9cPz1pK6rdnA9TbJI5AM6Ko5sltFwTE/qhaiKv9dC/lTSfIFth9fky0iRYkD
569q2/Qx2g/HVc2cGkdNGiXIwgUa5HzyEGj9w8jkO4Y2cXG79KHv0aQ9H/Tz3RML
5HGY5ksYfsql7Y6m2BX3naDrCDoehHCszg7vM6/+TWTeNW0s5EHFAtnd5TzC5eXJ
xmX+82xd5s7kC6aqvQxESmOjF7LfTvKPcOP0N0nLr33o+PjV+WumXZa3OuNsfTyF
ytyI+jBdxmSnL9WCx29HLrNQkNJTJPbHdawGfg1jgGwJ9ayDtf//tU8QAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAwPpxtqmKDWmgF7DBLH6zeSGu3yMB8GA1UdIwQY
MBaAFAXh0H3m8Sj0acTDswKK341NN+LZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmVIUWZlYnhLUFJweE1PekFvcmZqVTAzNHRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi85Y2U4ZjUtZmVkMi00N2VhLTgzYjMt
OGQxM2Y3YjNmMTQyLzEvREEtbkcycVlvTmFhQVhzTUVzZnJONUlhN2ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi85Y2U4ZjUtZmVkMi00N2VhLTgzYjMtOGQxM2Y3YjNmMTQy
LzEvQmVIUWZlYnhLUFJweE1PekFvcmZqVTAzNHRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+M3MA0G
CSqGSIb3DQEBCwUAA4IBAQCRtVDHSMfhTHnSctm9nVNOHexUFZrgwzTjuS6u+RQr
YMWH9s+Vb9YGlG/jRYsxgvg5JeIFuROvyCg1MrgXi4K6cP4xvHW+ESnIW61OsG1U
9DPW1lvvv3n3sj/AwC0TGFCUZhQsbqF0L/kcp8w1z+Fb1UBHYtiZtjJSoK+M968t
YW88qX5f2SYY+mX7ixtkzbfQI7/Y7iF9pvy+TSP+oUTWI6NoIpBwEieyd6MaqNKc
yGpQ6E4FgKgV7qPsEBwCUHDq/a11mURYubd5YPFBYz+P5caneZNGB01+LCWSrLQv
KQlh7xzCTtIIYRIzZKD1+G5686tzLzycgDpZbgTnJKTf
-----END CERTIFICATE-----