Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/99oVUw4qBHCoVD1Y64NqQbkrYEQ.roa
File:                     99oVUw4qBHCoVD1Y64NqQbkrYEQ.roa (raw, json)
Hash identifier:          ukusrWOlIceexNZf1bi3hZIoFJNvt4ChkRTpLtAJphw=
Subject key identifier:   F7:DA:15:53:0E:2A:04:70:A8:54:3D:58:EB:83:6A:41:B9:2B:60:44
Certificate issuer:       /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial:       018CC86F223E19A4130C126C2D7F32681CD8
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/99oVUw4qBHCoVD1Y64NqQbkrYEQ.roa
Signing time:             Tue 02 Jan 2024 04:29:35 +0000
ROA not before:           Tue 02 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34977
IP address blocks:        5.23.12.0/24 maxlen: 24
                          5.23.12.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 14:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:22:3e:19:a4:13:0c:12:6c:2d:7f:32:68:1c:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
        Validity
            Not Before: Jan  2 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7da15530e2a0470a8543d58eb836a41b92b6044
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:71:c6:4b:c4:c2:33:cc:da:8d:64:20:7a:98:
                    d3:d9:d5:b5:49:b9:2d:0f:28:2e:26:47:5c:34:4d:
                    e2:83:6d:60:11:18:00:58:cf:e5:b7:4e:9a:d7:21:
                    52:ac:d3:31:3d:a4:e6:6e:67:f5:63:a7:77:d5:e3:
                    cd:b5:25:56:68:ba:28:ea:ce:8c:1d:07:b6:e2:b3:
                    f7:3c:c0:d0:6b:a1:00:17:b1:82:9a:42:30:28:17:
                    e4:db:0f:32:b7:cc:93:ed:a0:ba:3b:82:51:f7:9b:
                    b8:3c:a0:b7:2e:fd:ce:3d:d4:ec:dd:18:d2:a0:65:
                    76:d2:c3:fb:51:c5:19:64:b6:d9:f3:51:72:b5:3a:
                    b8:fe:34:4f:90:b9:a7:42:7d:e5:ed:15:90:6b:7e:
                    1d:48:39:19:82:18:b1:d4:e3:c9:e4:04:09:01:66:
                    f9:5a:6c:0d:22:da:69:b9:74:03:33:0f:50:b5:77:
                    5a:8e:a1:07:b1:dd:1e:cd:d9:6a:7c:ff:c0:4e:7a:
                    f2:9a:53:d3:0e:d2:48:bb:bb:eb:72:c4:35:95:40:
                    99:71:d5:16:00:5d:39:68:69:0a:1c:f6:3a:e6:f0:
                    75:db:3e:be:83:76:5f:23:1d:13:3c:fd:17:23:d1:
                    e9:2f:49:c4:af:bf:28:72:64:69:80:46:6d:8a:99:
                    32:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:DA:15:53:0E:2A:04:70:A8:54:3D:58:EB:83:6A:41:B9:2B:60:44
            X509v3 Authority Key Identifier:
                keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/99oVUw4qBHCoVD1Y64NqQbkrYEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.23.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         e5:81:59:bb:73:3c:10:6e:84:b8:f7:ec:89:7a:c2:2b:d0:b4:
         33:a5:18:38:41:54:8f:3f:c2:df:d2:a7:48:b3:f7:30:2d:cf:
         88:f2:90:5b:77:2e:95:b4:62:ba:e0:cb:68:12:22:38:9d:b3:
         0f:f5:11:fa:da:39:7f:00:4f:f5:30:10:4d:bc:7c:80:04:7c:
         57:55:d7:d8:74:35:57:eb:86:d8:3a:8b:3a:6b:46:9f:15:d3:
         8f:c7:34:09:9f:89:5c:ef:23:89:c7:11:24:05:a6:8c:66:59:
         7a:f5:40:73:b4:f7:4b:85:8e:07:12:2d:ed:53:7b:88:c1:d1:
         1c:82:4a:12:0b:fa:7c:c4:d8:e2:5d:85:96:1d:46:8d:a5:ad:
         5f:ca:ff:b6:b1:aa:bd:c4:07:e6:f1:33:96:a7:f1:ff:7f:af:
         0f:98:36:1b:ee:3c:30:f5:10:ef:4d:c7:ed:38:34:92:43:89:
         0f:eb:6a:68:79:34:d8:d4:21:9d:f9:2e:62:45:19:40:54:87:
         fe:56:5f:5a:63:1b:75:57:40:ee:b4:28:83:f4:c4:49:c0:89:
         12:d2:59:2e:fd:c7:5d:50:ec:34:92:c1:59:d1:ae:0f:a0:4f:
         f4:5e:9a:b6:1b:a4:8b:ca:c4:77:a7:d3:a6:80:47:05:e9:c4:
         80:61:2b:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbyI+GaQTDBJsLX8yaBzYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjQwMTAyMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2RhMTU1MzBlMmEwNDcwYTg1NDNkNThlYjgzNmE0MWI5MmI2MDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXHGS8TCM8zajWQgepjT2dW1Sbkt
DyguJkdcNE3ig21gERgAWM/lt06a1yFSrNMxPaTmbmf1Y6d31ePNtSVWaLoo6s6M
HQe24rP3PMDQa6EAF7GCmkIwKBfk2w8yt8yT7aC6O4JR95u4PKC3Lv3OPdTs3RjS
oGV20sP7UcUZZLbZ81FytTq4/jRPkLmnQn3l7RWQa34dSDkZghix1OPJ5AQJAWb5
WmwNItppuXQDMw9QtXdajqEHsd0ezdlqfP/ATnrymlPTDtJIu7vrcsQ1lUCZcdUW
AF05aGkKHPY65vB12z6+g3ZfIx0TPP0XI9HpL0nEr78ocmRpgEZtipky1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPfaFVMOKgRwqFQ9WOuDakG5K2BEMB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvOTlvVlV3NHFCSENvVkQxWTY0TnFRYmtyWUVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBRcMMA0G
CSqGSIb3DQEBCwUAA4IBAQDlgVm7czwQboS49+yJesIr0LQzpRg4QVSPP8Lf0qdI
s/cwLc+I8pBbdy6VtGK64MtoEiI4nbMP9RH62jl/AE/1MBBNvHyABHxXVdfYdDVX
64bYOos6a0afFdOPxzQJn4lc7yOJxxEkBaaMZll69UBztPdLhY4HEi3tU3uIwdEc
gkoSC/p8xNjiXYWWHUaNpa1fyv+2saq9xAfm8TOWp/H/f68PmDYb7jww9RDvTcft
ODSSQ4kP62poeTTY1CGd+S5iRRlAVIf+Vl9aYxt1V0DutCiD9MRJwIkS0lku/cdd
UOw0ksFZ0a4PoE/0Xpq2G6SLysR3p9OmgEcF6cSAYSvU
-----END CERTIFICATE-----