Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/29xNZ7O7-aG1JhjrHt_7fdA9BzM.roa
File:                     29xNZ7O7-aG1JhjrHt_7fdA9BzM.roa (raw, json)
Hash identifier:          dr0oagGxX98zkYTRp7hRtcB0gKt/7gLcdj5CQhwbtXg=
Subject key identifier:   DB:DC:4D:67:B3:BB:F9:A1:B5:26:18:EB:1E:DF:FB:7D:D0:3D:07:33
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       018E382548940B1E9E294AA8E7B4933ACD64
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/29xNZ7O7-aG1JhjrHt_7fdA9BzM.roa
Signing time:             Wed 13 Mar 2024 14:09:11 +0000
ROA not before:           Wed 13 Mar 2024 14:09:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202423
IP address blocks:        5.44.43.0/24 maxlen: 24
                          5.44.45.0/24 maxlen: 24
                          89.191.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 20:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:38:25:48:94:0b:1e:9e:29:4a:a8:e7:b4:93:3a:cd:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Mar 13 14:09:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbdc4d67b3bbf9a1b52618eb1edffb7dd03d0733
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:63:b1:0d:0d:9d:5a:d2:57:f3:eb:5d:cc:ff:
                    cf:86:df:b1:e5:47:b4:65:7e:fb:83:2f:c7:99:82:
                    cc:78:e6:f8:b0:a7:32:76:31:65:bb:46:21:cd:50:
                    d5:dc:79:7f:8a:f2:51:36:65:3e:55:00:8f:db:3c:
                    0e:0e:7f:db:d6:1c:0c:6d:53:f7:a8:4e:0a:72:8a:
                    73:c3:ae:ce:e5:e9:94:76:a5:04:49:f5:c1:c4:b1:
                    fe:a1:17:20:d0:84:44:e4:91:18:55:42:b8:9a:ab:
                    9b:8f:a2:cb:f6:53:21:4c:a7:7d:2a:b3:3a:ae:62:
                    85:0b:c0:59:87:7c:f2:b1:0f:8d:04:57:d3:ba:4c:
                    8d:3a:62:b0:c8:85:42:d0:75:2a:3f:fe:d4:83:64:
                    c2:4d:c7:8e:ae:54:59:4d:14:05:9e:68:74:aa:5b:
                    14:ce:0e:db:a9:f9:e6:e2:15:ef:95:8a:20:65:22:
                    fa:9d:35:d5:b3:e5:6f:a9:4a:0e:af:00:4e:a6:3c:
                    b8:af:f1:cf:b8:f1:58:f1:b1:c6:a7:06:4f:44:a2:
                    35:b2:47:f3:cf:2c:3f:bf:76:c0:ef:1a:a4:91:42:
                    25:b7:d7:81:eb:25:c8:5b:75:8b:d6:8d:6d:03:99:
                    b5:05:49:db:33:78:92:19:7f:64:03:c2:ab:2a:86:
                    85:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:DC:4D:67:B3:BB:F9:A1:B5:26:18:EB:1E:DF:FB:7D:D0:3D:07:33
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/29xNZ7O7-aG1JhjrHt_7fdA9BzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.43.0/24
                  5.44.45.0/24
                  89.191.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:13:31:9f:2f:67:8c:5d:05:d4:27:48:56:1a:70:81:c2:75:
         8c:ad:1d:cc:d1:aa:cb:51:b9:63:47:a0:71:3d:fc:65:3b:5f:
         64:5f:fb:e2:be:56:00:0e:74:b2:5e:08:6a:5d:58:8e:f6:5f:
         d2:d3:4b:e4:d6:82:d6:c2:85:7e:7f:15:c2:72:11:ba:86:17:
         c6:31:8f:bf:88:98:27:da:c5:7a:22:bc:2f:61:e7:db:2f:ae:
         e1:b1:8d:26:9b:b7:01:d0:5e:2e:90:35:9a:a4:df:8b:d1:d6:
         c0:08:4a:77:93:23:c7:f0:f5:d7:24:d2:b5:26:6b:d7:a7:5c:
         66:a3:03:3d:68:e8:ac:68:c2:5c:d1:dd:7c:8d:d4:d1:f6:23:
         8f:99:32:37:eb:8a:fa:c4:58:14:fe:07:f6:d0:dc:bf:e6:92:
         ec:2f:f1:6b:97:b1:0c:58:4e:cd:55:9a:93:08:c2:0a:eb:a1:
         81:16:a9:e0:c3:f7:42:57:b6:b4:57:c2:01:d8:f3:81:dd:9d:
         72:a2:58:b4:94:78:c3:ca:8b:60:89:67:3b:c2:9b:3c:ef:a0:
         7d:5e:af:68:bc:5a:3c:e1:34:47:10:6b:d9:89:0a:3f:fc:42:
         b1:b9:e3:fc:79:a3:6c:44:60:a5:5b:6f:d4:b5:04:1f:a3:0d:
         0f:ea:7e:b2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY44JUiUCx6eKUqo57STOs1kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjQwMzEzMTQwOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmRjNGQ2N2IzYmJmOWExYjUyNjE4ZWIxZWRmZmI3ZGQwM2QwNzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGOxDQ2dWtJX8+tdzP/Pht+x5Ue0
ZX77gy/HmYLMeOb4sKcydjFlu0YhzVDV3Hl/ivJRNmU+VQCP2zwODn/b1hwMbVP3
qE4Kcopzw67O5emUdqUESfXBxLH+oRcg0IRE5JEYVUK4mqubj6LL9lMhTKd9KrM6
rmKFC8BZh3zysQ+NBFfTukyNOmKwyIVC0HUqP/7Ug2TCTceOrlRZTRQFnmh0qlsU
zg7bqfnm4hXvlYogZSL6nTXVs+VvqUoOrwBOpjy4r/HPuPFY8bHGpwZPRKI1skfz
zyw/v3bA7xqkkUIlt9eB6yXIW3WL1o1tA5m1BUnbM3iSGX9kA8KrKoaF9wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNvcTWezu/mhtSYY6x7f+33QPQczMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvMjl4Tlo3TzctYUcxSmhqckh0XzdmZEE5QnpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABSwrAwQA
BSwtAwQAWb/nMA0GCSqGSIb3DQEBCwUAA4IBAQBUEzGfL2eMXQXUJ0hWGnCBwnWM
rR3M0arLUbljR6BxPfxlO19kX/vivlYADnSyXghqXViO9l/S00vk1oLWwoV+fxXC
chG6hhfGMY+/iJgn2sV6IrwvYefbL67hsY0mm7cB0F4ukDWapN+L0dbACEp3kyPH
8PXXJNK1JmvXp1xmowM9aOisaMJc0d18jdTR9iOPmTI364r6xFgU/gf20Ny/5pLs
L/Frl7EMWE7NVZqTCMIK66GBFqngw/dCV7a0V8IB2POB3Z1yoli0lHjDyotgiWc7
wps876B9Xq9ovFo84TRHEGvZiQo//EKxueP8eaNsRGClW2/UtQQfow0P6n6y
-----END CERTIFICATE-----