Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/a4f6e4-12e7-421f-aa31-4115bd508284/1/OdlTsdvxMV-Vsdy0Iwc4GMdXh4k.roa
File:                     OdlTsdvxMV-Vsdy0Iwc4GMdXh4k.roa (raw, json)
Hash identifier:          4Ct8PjZGYLUE3YWI4rp4iJnXrqZljT6jlWMzw9CIMxw=
Subject key identifier:   39:D9:53:B1:DB:F1:31:5F:95:B1:DC:B4:23:07:38:18:C7:57:87:89
Certificate issuer:       /CN=7650634c4e4177b91844b6dc0aeb73298d8b43fa
Certificate serial:       018E197FF94A182440B2A8F9D28320133996
Authority key identifier: 76:50:63:4C:4E:41:77:B9:18:44:B6:DC:0A:EB:73:29:8D:8B:43:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dlBjTE5Bd7kYRLbcCutzKY2LQ_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/a4f6e4-12e7-421f-aa31-4115bd508284/1/OdlTsdvxMV-Vsdy0Iwc4GMdXh4k.roa
Signing time:             Thu 07 Mar 2024 15:20:01 +0000
ROA not before:           Thu 07 Mar 2024 15:20:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51798
IP address blocks:        185.58.128.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/a4f6e4-12e7-421f-aa31-4115bd508284/1/dlBjTE5Bd7kYRLbcCutzKY2LQ_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/a4f6e4-12e7-421f-aa31-4115bd508284/1/dlBjTE5Bd7kYRLbcCutzKY2LQ_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dlBjTE5Bd7kYRLbcCutzKY2LQ_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:19:7f:f9:4a:18:24:40:b2:a8:f9:d2:83:20:13:39:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7650634c4e4177b91844b6dc0aeb73298d8b43fa
        Validity
            Not Before: Mar  7 15:20:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39d953b1dbf1315f95b1dcb423073818c7578789
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:28:9e:44:27:cc:6b:94:38:e5:ee:3f:d6:4e:
                    cd:20:10:4c:14:60:c1:ee:22:e9:ee:18:21:7a:ec:
                    52:28:54:72:0e:9f:4d:45:29:51:47:31:c5:5f:ce:
                    b5:9d:ed:9e:73:07:c0:6f:80:29:e2:87:a3:5d:25:
                    2d:c8:f3:c8:78:03:d2:d7:d3:d5:7d:4c:e1:af:e0:
                    89:b6:d4:1b:b2:c9:66:a5:89:a6:8a:40:45:fa:f7:
                    14:c2:d8:da:f6:44:12:b2:de:0a:d6:35:c0:d1:5b:
                    c2:d4:f7:42:74:9e:74:a4:cd:cc:a5:72:87:42:f8:
                    dd:ac:e6:53:03:17:ce:e4:aa:f2:56:af:d3:36:f5:
                    b8:de:a5:0f:82:3b:8a:5e:d8:ca:75:ea:5a:1c:44:
                    78:cd:f1:11:91:64:59:28:dc:4d:60:b9:29:ee:0d:
                    56:14:e7:8e:31:5f:84:83:77:9a:cf:a6:4a:4a:52:
                    cc:c3:df:32:19:79:1b:17:02:25:ac:d1:fc:09:97:
                    e5:2b:86:8b:d7:88:56:f4:9a:29:f3:e8:c9:18:fd:
                    9a:d8:c2:4a:29:eb:8b:a1:3e:cd:53:9f:99:08:6b:
                    84:fe:3e:d7:c7:ef:88:01:4e:0c:b8:c6:c9:9c:a1:
                    8c:5d:66:5b:fe:95:bc:27:a9:e0:2d:5a:b4:56:af:
                    d9:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:D9:53:B1:DB:F1:31:5F:95:B1:DC:B4:23:07:38:18:C7:57:87:89
            X509v3 Authority Key Identifier:
                keyid:76:50:63:4C:4E:41:77:B9:18:44:B6:DC:0A:EB:73:29:8D:8B:43:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dlBjTE5Bd7kYRLbcCutzKY2LQ_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/a4f6e4-12e7-421f-aa31-4115bd508284/1/OdlTsdvxMV-Vsdy0Iwc4GMdXh4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/a4f6e4-12e7-421f-aa31-4115bd508284/1/dlBjTE5Bd7kYRLbcCutzKY2LQ_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         49:82:d3:3c:f9:c5:10:4d:0e:1e:79:54:af:5b:35:e8:25:2a:
         72:f5:ac:f8:34:11:05:eb:7c:a5:de:c3:34:58:a9:5f:71:14:
         92:87:63:20:22:c2:d2:84:9c:14:bf:e2:dc:ad:4b:fd:3a:20:
         a2:1c:b9:f1:76:00:af:01:07:70:16:10:2b:f4:6d:a7:81:65:
         47:be:b4:35:1d:2f:29:28:bb:34:cb:e6:f4:09:f5:0d:cf:45:
         e5:e9:7f:ac:c0:b7:d6:e9:89:3c:91:3d:a7:b2:cd:6c:0c:3c:
         f5:38:35:3c:50:aa:2f:89:6c:3c:66:45:1c:9a:97:99:32:31:
         21:8d:52:cb:2e:8e:5d:d8:16:ae:85:2f:1a:4b:69:70:57:d1:
         0b:b9:17:4f:ab:99:87:97:1d:aa:7b:7e:82:6d:e5:a8:de:33:
         1a:40:e0:40:f1:dc:b0:6e:ec:54:94:c1:f4:be:c7:0d:63:90:
         6c:06:99:80:dc:98:ef:6c:f8:11:26:77:b1:cc:2f:dc:0b:ee:
         68:3e:86:da:55:16:2f:c4:dc:ec:cf:8d:a9:d1:6d:42:86:eb:
         c6:d2:73:8c:7b:35:68:81:6a:21:91:d9:d9:73:96:d3:02:24:
         15:74:7f:9c:87:6d:b0:b6:7f:d1:b9:33:c6:45:52:b0:69:cc:
         70:44:87:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4Zf/lKGCRAsqj50oMgEzmWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NTA2MzRjNGU0MTc3YjkxODQ0YjZkYzBhZWI3MzI5OGQ4
YjQzZmEwHhcNMjQwMzA3MTUyMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWQ5NTNiMWRiZjEzMTVmOTViMWRjYjQyMzA3MzgxOGM3NTc4Nzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSieRCfMa5Q45e4/1k7NIBBMFGDB
7iLp7hgheuxSKFRyDp9NRSlRRzHFX861ne2ecwfAb4Ap4oejXSUtyPPIeAPS19PV
fUzhr+CJttQbsslmpYmmikBF+vcUwtja9kQSst4K1jXA0VvC1PdCdJ50pM3MpXKH
QvjdrOZTAxfO5KryVq/TNvW43qUPgjuKXtjKdepaHER4zfERkWRZKNxNYLkp7g1W
FOeOMV+Eg3eaz6ZKSlLMw98yGXkbFwIlrNH8CZflK4aL14hW9Jop8+jJGP2a2MJK
KeuLoT7NU5+ZCGuE/j7Xx++IAU4MuMbJnKGMXWZb/pW8J6ngLVq0Vq/ZLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDnZU7Hb8TFflbHctCMHOBjHV4eJMB8GA1UdIwQY
MBaAFHZQY0xOQXe5GES23ArrcymNi0P6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGxCalRFNUJkN2tZUkxiY0N1dHpLWTJMUV9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9hNGY2ZTQtMTJlNy00MjFmLWFhMzEt
NDExNWJkNTA4Mjg0LzEvT2RsVHNkdnhNVi1Wc2R5MEl3YzRHTWRYaDRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9hNGY2ZTQtMTJlNy00MjFmLWFhMzEtNDExNWJkNTA4Mjg0
LzEvZGxCalRFNUJkN2tZUkxiY0N1dHpLWTJMUV9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuTqAMA0G
CSqGSIb3DQEBCwUAA4IBAQBJgtM8+cUQTQ4eeVSvWzXoJSpy9az4NBEF63yl3sM0
WKlfcRSSh2MgIsLShJwUv+LcrUv9OiCiHLnxdgCvAQdwFhAr9G2ngWVHvrQ1HS8p
KLs0y+b0CfUNz0Xl6X+swLfW6Yk8kT2nss1sDDz1ODU8UKoviWw8ZkUcmpeZMjEh
jVLLLo5d2BauhS8aS2lwV9ELuRdPq5mHlx2qe36CbeWo3jMaQOBA8dywbuxUlMH0
vscNY5BsBpmA3JjvbPgRJnexzC/cC+5oPobaVRYvxNzsz42p0W1ChuvG0nOMezVo
gWohkdnZc5bTAiQVdH+ch22wtn/RuTPGRVKwacxwRIeL
-----END CERTIFICATE-----