Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/19d3cd-6610-43f0-83eb-70a1af51dfbe/1/CL5IzUu5rXzcS85Dp4_C9TzxsQU.roa
File:                     CL5IzUu5rXzcS85Dp4_C9TzxsQU.roa (raw, json)
Hash identifier:          EFh1Z+NIZ6R6ljKJneEpDsiq9dFejhB5Pir9JnyeQCY=
Subject key identifier:   08:BE:48:CD:4B:B9:AD:7C:DC:4B:CE:43:A7:8F:C2:F5:3C:F1:B1:05
Certificate issuer:       /CN=09e2af08cf6e12e2304fb3bdec64cfbcedaa8522
Certificate serial:       018CC2DAF7F9A26376EAF8FAFC48C940EB5D
Authority key identifier: 09:E2:AF:08:CF:6E:12:E2:30:4F:B3:BD:EC:64:CF:BC:ED:AA:85:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CeKvCM9uEuIwT7O97GTPvO2qhSI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/19d3cd-6610-43f0-83eb-70a1af51dfbe/1/CL5IzUu5rXzcS85Dp4_C9TzxsQU.roa
Signing time:             Mon 01 Jan 2024 02:29:39 +0000
ROA not before:           Mon 01 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56443
IP address blocks:        185.105.58.0/24 maxlen: 24
                          185.128.132.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/19d3cd-6610-43f0-83eb-70a1af51dfbe/1/CeKvCM9uEuIwT7O97GTPvO2qhSI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/19d3cd-6610-43f0-83eb-70a1af51dfbe/1/CeKvCM9uEuIwT7O97GTPvO2qhSI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CeKvCM9uEuIwT7O97GTPvO2qhSI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 10:01:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f7:f9:a2:63:76:ea:f8:fa:fc:48:c9:40:eb:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09e2af08cf6e12e2304fb3bdec64cfbcedaa8522
        Validity
            Not Before: Jan  1 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08be48cd4bb9ad7cdc4bce43a78fc2f53cf1b105
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:27:86:54:a7:20:14:b6:98:52:ef:d3:1f:db:
                    30:90:03:b6:b3:3b:c2:b2:b5:20:06:45:ed:af:be:
                    19:53:fc:fe:0f:0d:7c:70:ff:5d:a6:bf:94:ee:3e:
                    9d:dd:6d:74:b8:3d:14:fd:97:a0:35:cd:90:b9:c7:
                    b0:78:ef:3c:f1:26:33:e9:b3:e0:74:84:f7:4f:e6:
                    d7:ff:26:d8:70:a4:ab:d4:93:ec:42:9f:4c:96:45:
                    e3:d6:b3:50:a5:bd:f9:9f:3a:57:95:a5:fc:34:ae:
                    2d:5b:e1:57:23:e7:9f:86:13:14:18:f7:8b:a6:0e:
                    e3:3f:5a:65:69:72:2b:5b:dc:29:e1:06:92:a6:f5:
                    d6:03:1b:a6:7b:90:9a:a0:d4:12:25:f0:3c:81:27:
                    89:28:bc:0f:47:bc:90:48:23:d0:96:b3:40:39:53:
                    bb:78:a3:33:cf:d6:c2:cd:38:42:da:4a:81:0d:6c:
                    ab:6b:73:84:c5:34:30:a5:d6:9b:69:fe:4c:a0:1b:
                    c3:95:3d:9d:12:b1:b1:06:b4:01:52:38:e8:80:4d:
                    c2:29:cf:2f:97:53:87:a8:d2:fe:2e:27:55:51:9a:
                    fb:a8:ab:e6:8c:7b:cb:54:3d:0e:68:09:08:c7:0e:
                    21:72:24:3b:d7:78:a7:e0:fb:8d:c7:b0:5f:c1:f7:
                    e3:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:BE:48:CD:4B:B9:AD:7C:DC:4B:CE:43:A7:8F:C2:F5:3C:F1:B1:05
            X509v3 Authority Key Identifier:
                keyid:09:E2:AF:08:CF:6E:12:E2:30:4F:B3:BD:EC:64:CF:BC:ED:AA:85:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CeKvCM9uEuIwT7O97GTPvO2qhSI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/19d3cd-6610-43f0-83eb-70a1af51dfbe/1/CL5IzUu5rXzcS85Dp4_C9TzxsQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/19d3cd-6610-43f0-83eb-70a1af51dfbe/1/CeKvCM9uEuIwT7O97GTPvO2qhSI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.58.0/24
                  185.128.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ab:4a:a9:06:b8:ac:69:bd:41:e1:76:98:48:fc:09:fd:7a:bb:
         75:85:14:95:6c:82:05:70:a7:f8:d6:d6:c5:ad:f0:9f:21:4f:
         80:a1:83:86:00:89:51:7b:d1:46:d0:b8:b9:80:fa:1d:23:3e:
         b8:fb:97:e8:f2:40:af:66:83:cd:f0:41:fc:24:58:25:1a:fc:
         4c:a4:aa:a1:c9:f2:18:d9:71:41:0f:27:15:c2:37:5d:a4:e0:
         f8:3b:fe:7c:69:54:01:a5:91:be:8a:c9:2f:ed:cb:7d:e5:43:
         e2:12:85:b7:fc:b0:9c:b1:9a:ce:1a:48:3f:b1:c8:93:b9:83:
         41:10:99:8e:86:68:8a:5d:df:db:12:8a:37:c2:e0:b4:08:d8:
         8b:23:47:e6:66:44:45:c5:cb:9c:73:3e:0f:3b:5b:4a:68:83:
         be:3f:89:d8:1c:08:96:18:90:ef:c0:30:a2:58:4f:74:29:ac:
         c4:64:22:4e:06:d8:2b:bf:d1:53:05:32:ed:78:53:ad:9d:ed:
         4f:ac:86:29:3e:75:0f:59:bf:f3:e5:86:3a:fc:8e:8d:74:19:
         d5:6c:5f:d6:32:b4:d2:41:16:8a:47:a5:28:5d:8e:97:0d:68:
         8f:f6:bf:4b:ad:5f:7f:0c:57:12:31:43:8f:58:46:45:a0:49:
         61:04:ca:c0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2vf5omN26vj6/EjJQOtdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZTJhZjA4Y2Y2ZTEyZTIzMDRmYjNiZGVjNjRjZmJjZWRh
YTg1MjIwHhcNMjQwMTAxMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGJlNDhjZDRiYjlhZDdjZGM0YmNlNDNhNzhmYzJmNTNjZjFiMTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzieGVKcgFLaYUu/TH9swkAO2szvC
srUgBkXtr74ZU/z+Dw18cP9dpr+U7j6d3W10uD0U/ZegNc2QuceweO888SYz6bPg
dIT3T+bX/ybYcKSr1JPsQp9MlkXj1rNQpb35nzpXlaX8NK4tW+FXI+efhhMUGPeL
pg7jP1plaXIrW9wp4QaSpvXWAxume5CaoNQSJfA8gSeJKLwPR7yQSCPQlrNAOVO7
eKMzz9bCzThC2kqBDWyra3OExTQwpdabaf5MoBvDlT2dErGxBrQBUjjogE3CKc8v
l1OHqNL+LidVUZr7qKvmjHvLVD0OaAkIxw4hciQ713in4PuNx7Bfwffj9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAi+SM1Lua183EvOQ6ePwvU88bEFMB8GA1UdIwQY
MBaAFAnirwjPbhLiME+zvexkz7ztqoUiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2VLdkNNOXVFdUl3VDdPOTdHVFB2TzJxaFNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8xOWQzY2QtNjYxMC00M2YwLTgzZWIt
NzBhMWFmNTFkZmJlLzEvQ0w1SXpVdTVyWHpjUzg1RHA0X0M5VHp4c1FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8xOWQzY2QtNjYxMC00M2YwLTgzZWItNzBhMWFmNTFkZmJl
LzEvQ2VLdkNNOXVFdUl3VDdPOTdHVFB2TzJxaFNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuWk6AwQB
uYCEMA0GCSqGSIb3DQEBCwUAA4IBAQCrSqkGuKxpvUHhdphI/An9ert1hRSVbIIF
cKf41tbFrfCfIU+AoYOGAIlRe9FG0Li5gPodIz64+5fo8kCvZoPN8EH8JFglGvxM
pKqhyfIY2XFBDycVwjddpOD4O/58aVQBpZG+iskv7ct95UPiEoW3/LCcsZrOGkg/
sciTuYNBEJmOhmiKXd/bEoo3wuC0CNiLI0fmZkRFxcuccz4PO1tKaIO+P4nYHAiW
GJDvwDCiWE90KazEZCJOBtgrv9FTBTLteFOtne1PrIYpPnUPWb/z5YY6/I6NdBnV
bF/WMrTSQRaKR6UoXY6XDWiP9r9LrV9/DFcSMUOPWEZFoElhBMrA
-----END CERTIFICATE-----