Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/424947-1c6a-48e9-b289-f23c5a531823/1/oBS3-lZP2Q3tilv8crVHAGmD68A.roa
File:                     oBS3-lZP2Q3tilv8crVHAGmD68A.roa (raw, json)
Hash identifier:          tm2C5CN1AfN18rAff6l9lZkxh5r69jWjXFyTjlNjtYo=
Subject key identifier:   A0:14:B7:FA:56:4F:D9:0D:ED:8A:5B:FC:72:B5:47:00:69:83:EB:C0
Certificate issuer:       /CN=ca5220e53e4f81ca258ccfea187280280f5f621a
Certificate serial:       018CC871355BA9EF7BAD232AE27E31B58850
Authority key identifier: CA:52:20:E5:3E:4F:81:CA:25:8C:CF:EA:18:72:80:28:0F:5F:62:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ylIg5T5PgcoljM_qGHKAKA9fYho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/424947-1c6a-48e9-b289-f23c5a531823/1/oBS3-lZP2Q3tilv8crVHAGmD68A.roa
Signing time:             Tue 02 Jan 2024 04:31:51 +0000
ROA not before:           Tue 02 Jan 2024 04:31:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8560
IP address blocks:        185.5.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/424947-1c6a-48e9-b289-f23c5a531823/1/ylIg5T5PgcoljM_qGHKAKA9fYho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/424947-1c6a-48e9-b289-f23c5a531823/1/ylIg5T5PgcoljM_qGHKAKA9fYho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ylIg5T5PgcoljM_qGHKAKA9fYho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:35:5b:a9:ef:7b:ad:23:2a:e2:7e:31:b5:88:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca5220e53e4f81ca258ccfea187280280f5f621a
        Validity
            Not Before: Jan  2 04:31:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a014b7fa564fd90ded8a5bfc72b547006983ebc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:01:53:ef:a1:81:ff:59:fc:c6:8d:a5:73:14:
                    f9:9a:2c:05:5f:bc:c6:ce:fd:38:2c:99:c1:8b:2c:
                    1c:3d:f9:2e:a6:e1:34:60:21:c5:10:c5:91:1b:dc:
                    c9:fe:44:5c:6b:0a:5b:1b:6c:cb:89:1b:a0:fd:b5:
                    0e:c3:0f:4b:ef:ab:83:d8:a6:88:1a:f6:a8:7f:e4:
                    92:ce:4e:5b:0e:84:05:48:85:d7:a8:4a:c0:7e:d4:
                    32:04:cf:2d:8d:0c:df:96:d5:e5:5d:0b:6f:8c:e5:
                    50:61:2d:cf:4f:d4:e8:a3:71:03:24:e4:37:25:c3:
                    12:50:94:ef:8f:7d:23:f1:fb:67:e6:62:bf:c0:0f:
                    6c:9b:dc:d5:0e:1e:57:aa:3e:11:65:e0:67:91:0e:
                    ce:00:51:47:06:e5:48:be:fb:92:bc:17:08:f4:fd:
                    a7:18:09:d8:3c:11:05:1d:bd:92:1b:47:1a:ce:e5:
                    ad:5c:63:9e:88:7c:77:ec:8b:80:62:71:ad:a9:60:
                    b7:e6:ec:06:7a:5f:19:eb:97:27:c4:1f:fa:46:8f:
                    8f:82:d5:ad:45:7c:a2:c5:63:98:13:6c:88:ab:d1:
                    30:92:b9:0d:37:80:7d:78:31:57:dc:4a:3e:57:79:
                    44:7b:f1:13:d8:76:73:4f:d1:26:fe:5a:15:3c:93:
                    76:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:14:B7:FA:56:4F:D9:0D:ED:8A:5B:FC:72:B5:47:00:69:83:EB:C0
            X509v3 Authority Key Identifier:
                keyid:CA:52:20:E5:3E:4F:81:CA:25:8C:CF:EA:18:72:80:28:0F:5F:62:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ylIg5T5PgcoljM_qGHKAKA9fYho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/424947-1c6a-48e9-b289-f23c5a531823/1/oBS3-lZP2Q3tilv8crVHAGmD68A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/424947-1c6a-48e9-b289-f23c5a531823/1/ylIg5T5PgcoljM_qGHKAKA9fYho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:09:31:af:d0:04:f9:03:0a:17:d5:c4:f7:21:99:8a:c5:1f:
         83:55:3b:1a:29:d8:16:bc:0b:b2:cb:23:73:b9:38:cc:2e:73:
         0b:b9:d2:0e:73:29:2e:cf:d7:45:b8:2e:ee:7d:8c:fd:26:3d:
         88:5a:21:64:b2:69:a8:d0:64:1a:5d:21:5c:ff:ae:4f:1b:de:
         fe:82:f8:e4:8b:5a:46:b0:87:41:d7:7e:f4:7f:57:0e:50:e4:
         1f:e1:b5:bb:f8:27:46:53:a2:b5:06:4d:73:c3:57:47:22:2a:
         80:51:50:3d:58:d8:65:f2:db:48:aa:5c:92:1c:cf:e8:e3:b0:
         b4:68:a0:c5:cf:a0:6d:f5:c8:c6:78:ef:9a:7c:0f:f5:1f:12:
         93:e5:7d:57:96:c4:81:49:f0:c2:2b:7d:90:d8:e8:f0:a4:5c:
         9e:c7:dc:45:7a:4b:3c:14:cc:6b:6d:d9:f9:88:9c:3f:e2:10:
         53:c7:7e:c1:dc:18:26:c9:b2:54:3b:a2:60:d1:6a:ff:95:b6:
         7e:39:e7:1f:42:32:52:02:3d:b5:fd:fb:11:51:2e:78:69:9a:
         e5:1f:ef:28:31:12:90:87:8a:75:07:71:38:ac:9a:09:41:23:
         c5:ef:68:61:bb:75:6f:0e:62:cd:ac:35:f1:ff:2f:fb:b5:9f:
         e2:67:be:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcTVbqe97rSMq4n4xtYhQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNTIyMGU1M2U0ZjgxY2EyNThjY2ZlYTE4NzI4MDI4MGY1
ZjYyMWEwHhcNMjQwMTAyMDQzMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDE0YjdmYTU2NGZkOTBkZWQ4YTViZmM3MmI1NDcwMDY5ODNlYmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAFT76GB/1n8xo2lcxT5miwFX7zG
zv04LJnBiywcPfkupuE0YCHFEMWRG9zJ/kRcawpbG2zLiRug/bUOww9L76uD2KaI
Gvaof+SSzk5bDoQFSIXXqErAftQyBM8tjQzfltXlXQtvjOVQYS3PT9Too3EDJOQ3
JcMSUJTvj30j8ftn5mK/wA9sm9zVDh5Xqj4RZeBnkQ7OAFFHBuVIvvuSvBcI9P2n
GAnYPBEFHb2SG0cazuWtXGOeiHx37IuAYnGtqWC35uwGel8Z65cnxB/6Ro+PgtWt
RXyixWOYE2yIq9EwkrkNN4B9eDFX3Eo+V3lEe/ET2HZzT9Em/loVPJN2WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKAUt/pWT9kN7Ypb/HK1RwBpg+vAMB8GA1UdIwQY
MBaAFMpSIOU+T4HKJYzP6hhygCgPX2IaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWxJZzVUNVBnY29sak1fcUdIS0FLQTlmWWhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny80MjQ5NDctMWM2YS00OGU5LWIyODkt
ZjIzYzVhNTMxODIzLzEvb0JTMy1sWlAyUTN0aWx2OGNyVkhBR21ENjhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny80MjQ5NDctMWM2YS00OGU5LWIyODktZjIzYzVhNTMxODIz
LzEveWxJZzVUNVBnY29sak1fcUdIS0FLQTlmWWhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQUaMA0G
CSqGSIb3DQEBCwUAA4IBAQASCTGv0AT5AwoX1cT3IZmKxR+DVTsaKdgWvAuyyyNz
uTjMLnMLudIOcykuz9dFuC7ufYz9Jj2IWiFksmmo0GQaXSFc/65PG97+gvjki1pG
sIdB1370f1cOUOQf4bW7+CdGU6K1Bk1zw1dHIiqAUVA9WNhl8ttIqlySHM/o47C0
aKDFz6Bt9cjGeO+afA/1HxKT5X1XlsSBSfDCK32Q2OjwpFyex9xFeks8FMxrbdn5
iJw/4hBTx37B3BgmybJUO6Jg0Wr/lbZ+OecfQjJSAj21/fsRUS54aZrlH+8oMRKQ
h4p1B3E4rJoJQSPF72hhu3VvDmLNrDXx/y/7tZ/iZ75m
-----END CERTIFICATE-----