Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS55720.roa
File:                     AS55720.roa (raw, json)
Hash identifier:          j6Byyg3cbzV1We4jXtIjyb6INyGOgthmSJk+IogGUlY=
Subject key identifier:   66:EE:DB:6D:11:23:01:5D:A0:95:58:1F:86:5A:B5:32:7D:25:EB:00
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       5ECC0B374EABA4304587B68BFBA5E6C8E62E29E9
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS55720.roa
Signing time:             Thu 11 Jul 2024 06:05:18 +0000
ROA not before:           Thu 11 Jul 2024 06:00:18 +0000
ROA not after:            Thu 10 Jul 2025 06:05:18 +0000
asID:                     55720
IP address blocks:        141.11.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:cc:0b:37:4e:ab:a4:30:45:87:b6:8b:fb:a5:e6:c8:e6:2e:29:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jul 11 06:00:18 2024 GMT
            Not After : Jul 10 06:05:18 2025 GMT
        Subject: CN=66EEDB6D1123015DA095581F865AB5327D25EB00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:a8:4c:82:cf:e0:29:8d:e1:fa:77:54:30:53:
                    61:28:42:6e:34:66:db:b2:db:76:0e:f5:87:46:cc:
                    a8:21:50:92:01:e5:d6:91:b0:09:19:54:61:f1:0a:
                    45:f3:be:52:ac:8e:02:25:73:d6:64:8e:cc:f9:fb:
                    e0:60:48:99:b8:48:52:c9:98:05:84:9f:5b:83:69:
                    84:29:b1:8e:04:91:df:6d:1a:b5:d3:e8:41:8a:9a:
                    c1:92:1c:23:f2:43:13:50:04:1e:df:04:43:80:71:
                    93:be:67:e1:11:6c:4b:de:d2:bf:60:ef:2c:ec:67:
                    6f:c9:42:a3:1c:fc:e8:2e:20:69:7f:2c:3f:8c:4e:
                    0b:53:3e:9a:7f:8e:65:59:ab:0c:e1:79:6f:72:91:
                    51:6c:2a:5a:e9:48:df:f1:c6:18:d8:81:7b:95:0f:
                    2a:d2:e6:1f:94:5e:10:c8:5f:30:3f:0e:08:e6:09:
                    90:e0:09:87:1c:4c:d2:30:b1:31:0b:51:26:31:b7:
                    ae:66:26:b8:48:35:35:fb:98:a8:f3:1f:83:b6:21:
                    dd:3f:5d:0f:f4:03:a7:66:5e:33:c9:53:67:49:f9:
                    0d:2f:71:88:b4:ea:4a:72:c8:e2:05:4b:02:9e:0a:
                    cb:38:40:d1:79:bf:0a:c9:2f:44:d9:e4:24:c5:cf:
                    10:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:EE:DB:6D:11:23:01:5D:A0:95:58:1F:86:5A:B5:32:7D:25:EB:00
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS55720.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:c6:1c:14:f2:67:ef:b3:2d:fe:43:4f:cf:0b:3b:e7:37:39:
         b6:e5:bb:ac:01:9d:6c:88:8e:c3:5b:b5:97:13:2f:02:c5:cc:
         55:49:ee:10:7c:a2:ae:13:05:a2:cd:c7:c4:53:cf:02:c6:f2:
         82:1b:c4:d2:68:f2:f7:d9:06:53:4a:d8:dc:6c:27:06:0b:91:
         52:a6:74:4f:4e:73:44:e9:57:37:3e:3e:1e:7f:a6:65:88:a8:
         94:35:22:1f:de:a8:80:f7:27:3b:2b:a1:bb:09:04:29:32:36:
         45:b6:ce:e2:2b:16:d3:aa:15:c1:d8:ba:3a:00:3f:ae:2c:c3:
         68:c3:59:e9:4b:40:db:07:b4:a1:be:84:cc:eb:e2:ab:22:64:
         15:e0:e8:80:14:16:d1:ab:d2:72:84:d4:f5:6a:69:9a:56:fd:
         a3:aa:bf:6f:76:d3:f5:0b:89:6e:c9:cb:7f:ed:4d:72:30:f3:
         72:e4:3b:51:b9:88:49:f6:3e:2a:66:68:43:24:d1:18:c2:0b:
         14:85:09:8a:b5:a8:81:90:10:8e:b6:7f:a7:90:5e:03:6a:50:
         6b:bf:19:b2:2d:1a:c7:f7:33:29:ea:f0:84:a2:67:93:c4:27:
         d3:d9:34:20:bd:3c:a2:27:a0:b6:64:3b:fe:12:b0:47:68:ca:
         ac:f0:57:8c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUXswLN06rpDBFh7aL+6XmyOYuKekwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDA3MTEwNjAwMThaFw0yNTA3MTAwNjA1MThaMDMxMTAvBgNV
BAMTKDY2RUVEQjZEMTEyMzAxNURBMDk1NTgxRjg2NUFCNTMyN0QyNUVCMDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOqEyCz+ApjeH6d1QwU2EoQm40
Ztuy23YO9YdGzKghUJIB5daRsAkZVGHxCkXzvlKsjgIlc9Zkjsz5++BgSJm4SFLJ
mAWEn1uDaYQpsY4Ekd9tGrXT6EGKmsGSHCPyQxNQBB7fBEOAcZO+Z+ERbEve0r9g
7yzsZ2/JQqMc/OguIGl/LD+MTgtTPpp/jmVZqwzheW9ykVFsKlrpSN/xxhjYgXuV
DyrS5h+UXhDIXzA/DgjmCZDgCYccTNIwsTELUSYxt65mJrhINTX7mKjzH4O2Id0/
XQ/0A6dmXjPJU2dJ+Q0vcYi06kpyyOIFSwKeCss4QNF5vwrJL0TZ5CTFzxD3AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUZu7bbREjAV2glVgfhlq1Mn0l6wAwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNTU3MjAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCxEw
DQYJKoZIhvcNAQELBQADggEBAC/GHBTyZ++zLf5DT88LO+c3Obblu6wBnWyIjsNb
tZcTLwLFzFVJ7hB8oq4TBaLNx8RTzwLG8oIbxNJo8vfZBlNK2NxsJwYLkVKmdE9O
c0TpVzc+Ph5/pmWIqJQ1Ih/eqID3JzsrobsJBCkyNkW2zuIrFtOqFcHYujoAP64s
w2jDWelLQNsHtKG+hMzr4qsiZBXg6IAUFtGr0nKE1PVqaZpW/aOqv2920/ULiW7J
y3/tTXIw83LkO1G5iEn2PipmaEMk0RjCCxSFCYq1qIGQEI62f6eQXgNqUGu/GbIt
Gsf3Mynq8ISiZ5PEJ9PZNCC9PKInoLZkO/4SsEdoyqzwV4w=
-----END CERTIFICATE-----