Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/iDAGd27G8SAHXo9lFu146jFry40.roa
File:                     iDAGd27G8SAHXo9lFu146jFry40.roa (raw, json)
Hash identifier:          XXi2MTf6vUF2zhj+1i8o+AiOpLDP1OEUnb81FPwUZrE=
Subject key identifier:   88:30:06:77:6E:C6:F1:20:07:5E:8F:65:16:ED:78:EA:31:6B:CB:8D
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E1361E681DA3E495CABEAE2B583D9
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/iDAGd27G8SAHXo9lFu146jFry40.roa
Signing time:             Mon 01 Jan 2024 14:29:34 +0000
ROA not before:           Mon 01 Jan 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56989
IP address blocks:        91.109.160.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:13:61:e6:81:da:3e:49:5c:ab:ea:e2:b5:83:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=883006776ec6f120075e8f6516ed78ea316bcb8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:66:1b:14:b2:73:c7:16:bb:59:e3:f9:75:24:
                    32:a1:02:60:fb:fd:97:a2:4b:30:a9:14:0e:ec:36:
                    ba:3b:1a:94:8b:42:2f:c1:e0:c1:7a:99:9d:6a:e3:
                    24:2d:d6:58:7b:df:5f:5e:09:6d:9e:8f:8d:7c:9d:
                    b6:b5:65:87:77:55:83:3b:e8:d7:68:67:86:fa:93:
                    cc:3c:a4:43:03:7e:f8:1d:99:f2:e6:a9:c0:29:5e:
                    9a:34:2e:99:91:09:eb:91:4a:4b:bc:14:d0:19:e2:
                    38:bb:f5:39:a1:18:19:81:3d:6a:45:3f:40:31:cc:
                    4e:0a:1c:e1:c1:29:02:5c:57:a2:b3:e0:90:99:84:
                    22:c7:41:63:32:60:0d:88:2b:6f:84:9a:7e:be:7b:
                    3a:06:64:3a:df:de:6d:ae:d5:95:dc:91:b0:7a:ee:
                    73:3d:15:da:79:53:e1:36:ee:19:64:be:11:71:1c:
                    34:4e:41:2c:0b:62:13:b8:d4:72:f4:03:69:9c:b0:
                    bc:be:b9:bb:05:6b:d8:36:3d:85:dd:35:0e:fe:d1:
                    44:a7:63:d2:ba:b3:34:68:b7:f8:e1:bb:73:c6:d8:
                    2e:2b:56:41:67:04:2a:27:f9:2e:ec:55:f5:56:ea:
                    e9:51:05:ca:00:28:fe:28:c4:2c:36:c3:66:a6:93:
                    74:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:30:06:77:6E:C6:F1:20:07:5E:8F:65:16:ED:78:EA:31:6B:CB:8D
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/iDAGd27G8SAHXo9lFu146jFry40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.109.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         82:35:13:d1:74:a2:e4:3d:f0:e0:b0:b3:d0:bf:c6:c3:bc:fa:
         dc:7a:09:b8:aa:f5:af:53:dd:f5:c1:15:f8:48:3c:2c:dd:5d:
         25:79:92:cc:8a:ae:af:f3:48:fd:19:00:15:70:c0:8e:6f:55:
         7b:bd:4f:86:2a:c1:ba:71:85:83:88:2f:f3:b4:fd:5e:e6:79:
         a4:3c:31:0c:13:b0:c8:14:5a:07:b0:91:4c:b2:fd:68:05:be:
         68:43:30:5e:b3:57:ba:db:60:01:c1:70:6e:cf:b1:a7:56:38:
         06:6f:92:db:a6:b2:bb:35:c5:7f:ac:eb:83:a9:f9:ad:3b:6a:
         dc:e4:e9:5c:d0:69:67:29:29:5f:dc:ce:c7:e5:13:70:d4:5f:
         50:61:72:7e:65:15:93:9b:20:43:c8:85:f6:fa:c6:0b:22:55:
         f2:bf:ef:45:bf:30:c9:df:55:b1:5b:fa:aa:3c:36:ef:76:25:
         2d:de:02:69:4b:47:cd:f3:5b:ff:31:94:d0:ed:6d:f4:89:5d:
         4d:5f:0c:8b:3d:4f:30:3e:b9:42:50:f5:15:3b:00:2c:a9:83:
         dc:bc:89:a0:e9:61:9c:55:54:98:78:29:c0:33:b3:5e:02:17:
         9b:a2:c0:3c:2a:d8:64:ba:e4:89:a3:eb:75:59:f4:c0:74:c4:
         94:20:44:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhNh5oHaPklcq+ritYPZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODMwMDY3NzZlYzZmMTIwMDc1ZThmNjUxNmVkNzhlYTMxNmJjYjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2YbFLJzxxa7WeP5dSQyoQJg+/2X
okswqRQO7Da6OxqUi0IvweDBepmdauMkLdZYe99fXgltno+NfJ22tWWHd1WDO+jX
aGeG+pPMPKRDA374HZny5qnAKV6aNC6ZkQnrkUpLvBTQGeI4u/U5oRgZgT1qRT9A
McxOChzhwSkCXFeis+CQmYQix0FjMmANiCtvhJp+vns6BmQ6395trtWV3JGweu5z
PRXaeVPhNu4ZZL4RcRw0TkEsC2ITuNRy9ANpnLC8vrm7BWvYNj2F3TUO/tFEp2PS
urM0aLf44btzxtguK1ZBZwQqJ/ku7FX1VurpUQXKACj+KMQsNsNmppN0EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIgwBnduxvEgB16PZRbteOoxa8uNMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvaURBR2QyN0c4U0FIWG85bEZ1MTQ2akZyeTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDW22gMA0G
CSqGSIb3DQEBCwUAA4IBAQCCNRPRdKLkPfDgsLPQv8bDvPrcegm4qvWvU931wRX4
SDws3V0leZLMiq6v80j9GQAVcMCOb1V7vU+GKsG6cYWDiC/ztP1e5nmkPDEME7DI
FFoHsJFMsv1oBb5oQzBes1e622ABwXBuz7GnVjgGb5LbprK7NcV/rOuDqfmtO2rc
5Olc0GlnKSlf3M7H5RNw1F9QYXJ+ZRWTmyBDyIX2+sYLIlXyv+9FvzDJ31WxW/qq
PDbvdiUt3gJpS0fN81v/MZTQ7W30iV1NXwyLPU8wPrlCUPUVOwAsqYPcvImg6WGc
VVSYeCnAM7NeAhebosA8KthkuuSJo+t1WfTAdMSUIESi
-----END CERTIFICATE-----