Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/d93153-4609-4672-85b4-974fd239b0ed/1/0bRTFvXO6mgvFJNMPPAe-WZ8rcU.roa
File:                     0bRTFvXO6mgvFJNMPPAe-WZ8rcU.roa (raw, json)
Hash identifier:          NfV0o3GnF/eEx880CikGM95Ii4ywSOxOntb21DQCays=
Subject key identifier:   D1:B4:53:16:F5:CE:EA:68:2F:14:93:4C:3C:F0:1E:F9:66:7C:AD:C5
Certificate issuer:       /CN=05c81c8097437cd179f319183c0282ea6cd1ca51
Certificate serial:       018ECE0D5FF6E063DD9B8020933BE8292AE0
Authority key identifier: 05:C8:1C:80:97:43:7C:D1:79:F3:19:18:3C:02:82:EA:6C:D1:CA:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BcgcgJdDfNF58xkYPAKC6mzRylE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/d93153-4609-4672-85b4-974fd239b0ed/1/0bRTFvXO6mgvFJNMPPAe-WZ8rcU.roa
Signing time:             Thu 11 Apr 2024 16:46:06 +0000
ROA not before:           Thu 11 Apr 2024 16:46:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58006
IP address blocks:        91.247.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/d93153-4609-4672-85b4-974fd239b0ed/1/BcgcgJdDfNF58xkYPAKC6mzRylE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/d93153-4609-4672-85b4-974fd239b0ed/1/BcgcgJdDfNF58xkYPAKC6mzRylE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BcgcgJdDfNF58xkYPAKC6mzRylE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ce:0d:5f:f6:e0:63:dd:9b:80:20:93:3b:e8:29:2a:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05c81c8097437cd179f319183c0282ea6cd1ca51
        Validity
            Not Before: Apr 11 16:46:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1b45316f5ceea682f14934c3cf01ef9667cadc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7e:fa:d0:c9:96:84:a1:23:62:23:61:9c:95:
                    16:d7:4f:2c:5f:5b:bd:85:0a:dd:2a:0b:ae:b8:0e:
                    4d:3c:9a:5f:51:c5:66:06:b2:98:aa:63:ac:f9:46:
                    27:fd:3a:cd:4e:d0:15:85:a2:a3:7a:1a:fb:30:c7:
                    90:2d:4d:b0:41:01:e0:4f:1b:fb:dd:91:28:4e:bb:
                    67:5d:e1:a5:b5:bc:06:b2:8a:62:37:1e:c8:0e:53:
                    d9:63:2c:9c:96:3c:61:95:ce:de:20:d3:6f:9d:0c:
                    17:07:38:41:50:ff:2d:ed:28:62:ac:a1:2e:6a:52:
                    3e:6a:f5:8a:63:32:95:f4:58:06:4f:01:a3:b2:f9:
                    38:f4:bd:40:2b:50:54:16:62:cb:de:15:24:a8:37:
                    ef:17:18:b5:6c:98:ce:22:1f:ac:c2:a5:5f:71:07:
                    2d:0b:65:17:88:ab:4d:f3:24:36:a4:4f:77:c1:b8:
                    4f:4e:c3:e8:c4:35:2c:e1:82:8d:67:f2:fa:88:e3:
                    e5:4d:b1:cb:88:a5:e8:b2:3e:b2:7a:08:cd:3d:46:
                    a6:38:92:d2:fb:b2:ed:56:9f:07:43:83:d6:ec:04:
                    ed:24:77:d5:95:13:91:38:9a:92:b0:05:08:5a:4c:
                    79:00:cb:8b:9e:b6:e6:d9:b9:f2:ec:9a:c8:61:2c:
                    26:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:B4:53:16:F5:CE:EA:68:2F:14:93:4C:3C:F0:1E:F9:66:7C:AD:C5
            X509v3 Authority Key Identifier:
                keyid:05:C8:1C:80:97:43:7C:D1:79:F3:19:18:3C:02:82:EA:6C:D1:CA:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BcgcgJdDfNF58xkYPAKC6mzRylE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/d93153-4609-4672-85b4-974fd239b0ed/1/0bRTFvXO6mgvFJNMPPAe-WZ8rcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/d93153-4609-4672-85b4-974fd239b0ed/1/BcgcgJdDfNF58xkYPAKC6mzRylE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.247.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:ab:65:68:f1:7a:39:11:99:dc:20:63:12:31:96:21:74:94:
         13:87:81:65:cc:79:15:db:84:6a:58:e7:34:98:3a:66:83:ab:
         ad:fb:91:cb:6a:59:f1:50:50:c1:a3:5f:04:47:15:6c:9d:f5:
         ca:19:d3:2d:0d:71:0e:9a:f2:a1:f7:fd:0d:e6:26:54:76:a5:
         1f:5f:33:eb:b4:84:eb:10:ae:e7:59:32:72:1a:b9:96:ac:63:
         e1:cd:42:9c:97:17:58:f7:5e:89:ea:50:fb:56:dc:48:14:d7:
         1e:17:d8:6f:38:fe:e4:7c:1f:a5:a3:e6:4b:de:96:ae:3f:4c:
         07:4e:3e:06:e3:fa:7a:58:86:cd:93:e2:50:ef:79:c3:c9:6d:
         79:64:ff:a3:dd:f6:f8:d3:63:fd:38:52:f5:2c:c7:4b:29:c9:
         b6:f0:46:a1:69:b7:18:da:e7:d0:a8:f2:59:95:4f:28:9e:5b:
         73:fd:28:b7:5a:0a:e2:ab:c2:78:d0:01:67:14:de:3f:c4:56:
         82:96:79:b8:2d:2f:f2:86:e5:00:4c:b7:d8:36:f8:3d:2a:76:
         37:81:ba:97:ae:cc:9d:a2:a8:7b:c0:61:62:be:c0:3a:78:3a:
         51:23:e5:c4:dd:28:60:93:43:bf:ee:2e:db:39:2a:2e:f4:e0:
         83:34:ec:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7ODV/24GPdm4AgkzvoKSrgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YzgxYzgwOTc0MzdjZDE3OWYzMTkxODNjMDI4MmVhNmNk
MWNhNTEwHhcNMjQwNDExMTY0NjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWI0NTMxNmY1Y2VlYTY4MmYxNDkzNGMzY2YwMWVmOTY2N2NhZGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArX760MmWhKEjYiNhnJUW108sX1u9
hQrdKguuuA5NPJpfUcVmBrKYqmOs+UYn/TrNTtAVhaKjehr7MMeQLU2wQQHgTxv7
3ZEoTrtnXeGltbwGsopiNx7IDlPZYyycljxhlc7eINNvnQwXBzhBUP8t7ShirKEu
alI+avWKYzKV9FgGTwGjsvk49L1AK1BUFmLL3hUkqDfvFxi1bJjOIh+swqVfcQct
C2UXiKtN8yQ2pE93wbhPTsPoxDUs4YKNZ/L6iOPlTbHLiKXosj6yegjNPUamOJLS
+7LtVp8HQ4PW7ATtJHfVlROROJqSsAUIWkx5AMuLnrbm2bny7JrIYSwmjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNG0Uxb1zupoLxSTTDzwHvlmfK3FMB8GA1UdIwQY
MBaAFAXIHICXQ3zRefMZGDwCgups0cpRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmNnY2dKZERmTkY1OHhrWVBBS0M2bXpSeWxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9kOTMxNTMtNDYwOS00NjcyLTg1YjQt
OTc0ZmQyMzliMGVkLzEvMGJSVEZ2WE82bWd2RkpOTVBQQWUtV1o4cmNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9kOTMxNTMtNDYwOS00NjcyLTg1YjQtOTc0ZmQyMzliMGVk
LzEvQmNnY2dKZERmTkY1OHhrWVBBS0M2bXpSeWxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/ebMA0G
CSqGSIb3DQEBCwUAA4IBAQAiq2Vo8Xo5EZncIGMSMZYhdJQTh4FlzHkV24RqWOc0
mDpmg6ut+5HLalnxUFDBo18ERxVsnfXKGdMtDXEOmvKh9/0N5iZUdqUfXzPrtITr
EK7nWTJyGrmWrGPhzUKclxdY916J6lD7VtxIFNceF9hvOP7kfB+lo+ZL3pauP0wH
Tj4G4/p6WIbNk+JQ73nDyW15ZP+j3fb402P9OFL1LMdLKcm28EahabcY2ufQqPJZ
lU8onltz/Si3Wgriq8J40AFnFN4/xFaClnm4LS/yhuUATLfYNvg9KnY3gbqXrsyd
oqh7wGFivsA6eDpRI+XE3Shgk0O/7i7bOSou9OCDNOxs
-----END CERTIFICATE-----