Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/w4bYXzgxSGsDYMHL2VcaO_idV_Y.roa
File:                     w4bYXzgxSGsDYMHL2VcaO_idV_Y.roa (raw, json)
Hash identifier:          Ut+sJ2LxictB4RiwZMkw2XCSF3Xwu+8NIygzsUARMqc=
Subject key identifier:   C3:86:D8:5F:38:31:48:6B:03:60:C1:CB:D9:57:1A:3B:F8:9D:57:F6
Certificate issuer:       /CN=beb12ce6a91030e27d5abad146df27bc2880652b
Certificate serial:       018CC72660C0912C39C5DE46F1F6079BD9BD
Authority key identifier: BE:B1:2C:E6:A9:10:30:E2:7D:5A:BA:D1:46:DF:27:BC:28:80:65:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/w4bYXzgxSGsDYMHL2VcaO_idV_Y.roa
Signing time:             Mon 01 Jan 2024 22:30:30 +0000
ROA not before:           Mon 01 Jan 2024 22:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        5.11.23.0/24 maxlen: 24
                          5.11.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:60:c0:91:2c:39:c5:de:46:f1:f6:07:9b:d9:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=beb12ce6a91030e27d5abad146df27bc2880652b
        Validity
            Not Before: Jan  1 22:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c386d85f3831486b0360c1cbd9571a3bf89d57f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:29:0a:da:4d:45:e8:8c:8c:4c:63:e8:09:f2:
                    6f:7f:11:b5:97:81:f4:3c:e1:33:21:f5:4d:87:f1:
                    b6:74:3e:fb:44:f5:2a:30:2f:21:83:c1:c4:82:fa:
                    25:0a:3b:7a:44:97:3e:38:59:dc:28:88:3d:45:35:
                    e1:e7:9e:71:9a:42:81:7a:16:ac:c0:c3:3f:5a:38:
                    31:23:b7:63:71:dd:e2:4f:44:0a:55:bc:1f:ce:db:
                    bf:40:f9:60:00:ed:8a:99:c1:ff:02:93:5a:64:b6:
                    72:b4:9c:bb:fc:4d:d2:28:49:e5:17:4b:4e:b5:97:
                    a1:2d:58:d4:ee:22:0c:38:ef:42:2f:1d:1d:07:a1:
                    7f:43:c0:85:e9:64:84:8a:0b:43:9f:98:c4:1e:b1:
                    34:d8:6e:2b:86:92:5c:99:99:d5:ce:00:b9:4b:b1:
                    a9:b8:e1:74:5f:64:f1:f8:14:5c:e8:cd:86:8f:28:
                    b8:79:26:2e:29:c5:16:37:71:e7:44:18:5d:41:ff:
                    5c:ae:1f:6d:cb:1b:4b:64:10:28:97:fe:e9:06:93:
                    89:06:f6:72:4d:9a:84:16:4f:39:f5:c8:65:2e:5b:
                    98:97:41:40:92:fb:02:dc:d9:66:7e:9c:09:fc:fe:
                    46:44:e5:2c:32:cc:fd:27:32:58:30:54:50:8b:23:
                    e0:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:86:D8:5F:38:31:48:6B:03:60:C1:CB:D9:57:1A:3B:F8:9D:57:F6
            X509v3 Authority Key Identifier:
                keyid:BE:B1:2C:E6:A9:10:30:E2:7D:5A:BA:D1:46:DF:27:BC:28:80:65:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/w4bYXzgxSGsDYMHL2VcaO_idV_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.11.20.0/24
                  5.11.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:2b:19:d2:3d:00:33:52:18:c4:d1:14:de:71:d9:e6:de:86:
         86:38:96:81:02:be:c4:99:db:99:16:c7:00:02:af:43:19:5e:
         36:66:aa:e0:7e:a5:bb:db:06:c5:6d:63:7d:43:8c:2c:69:1c:
         58:44:04:0d:29:11:08:c7:c9:0c:d5:3a:6d:f1:84:11:0c:38:
         3d:bc:6b:56:4a:c7:03:91:df:64:d7:ad:f7:1e:1a:96:ed:bb:
         e1:c0:57:74:b5:3b:a8:8e:81:0f:0d:98:93:dd:03:3d:8f:17:
         1d:d3:47:74:89:c2:07:ad:11:99:d0:1e:eb:d5:42:3f:30:1a:
         a6:19:61:54:c5:e3:88:52:85:90:4c:f8:23:b2:21:65:18:96:
         6b:c1:8f:17:bd:7a:7a:2d:b5:2d:89:d1:45:7b:28:df:c8:55:
         fe:f3:d3:f9:5a:aa:0d:20:0e:00:9d:9e:5d:e9:cf:92:18:8b:
         fd:49:e9:91:6c:1e:4e:2a:80:ce:dd:9a:ea:9d:eb:d8:58:51:
         40:ca:a0:ca:05:df:f1:31:f3:08:c6:97:d0:dd:e1:99:40:fe:
         f1:fe:7e:89:bc:51:64:c1:22:3f:09:69:f9:f8:e1:9a:b1:37:
         d2:eb:27:22:d0:33:3f:3e:59:95:02:b5:7a:fc:57:c0:8d:53:
         ba:5a:06:bd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJmDAkSw5xd5G8fYHm9m9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYjEyY2U2YTkxMDMwZTI3ZDVhYmFkMTQ2ZGYyN2JjMjg4
MDY1MmIwHhcNMjQwMTAxMjIzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzg2ZDg1ZjM4MzE0ODZiMDM2MGMxY2JkOTU3MWEzYmY4OWQ1N2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSkK2k1F6IyMTGPoCfJvfxG1l4H0
POEzIfVNh/G2dD77RPUqMC8hg8HEgvolCjt6RJc+OFncKIg9RTXh555xmkKBehas
wMM/WjgxI7djcd3iT0QKVbwfztu/QPlgAO2KmcH/ApNaZLZytJy7/E3SKEnlF0tO
tZehLVjU7iIMOO9CLx0dB6F/Q8CF6WSEigtDn5jEHrE02G4rhpJcmZnVzgC5S7Gp
uOF0X2Tx+BRc6M2Gjyi4eSYuKcUWN3HnRBhdQf9crh9tyxtLZBAol/7pBpOJBvZy
TZqEFk859chlLluYl0FAkvsC3NlmfpwJ/P5GROUsMsz9JzJYMFRQiyPgpwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMOG2F84MUhrA2DBy9lXGjv4nVf2MB8GA1UdIwQY
MBaAFL6xLOapEDDifVq60UbfJ7wogGUrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnJFczVxa1FNT0o5V3JyUlJ0OG52Q2lBWlNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC83NDk0MGEtZDlmYS00NTUyLWJlNWMt
YTdhZGU0MzRkNDUxLzEvdzRiWVh6Z3hTR3NEWU1ITDJWY2FPX2lkVl9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC83NDk0MGEtZDlmYS00NTUyLWJlNWMtYTdhZGU0MzRkNDUx
LzEvdnJFczVxa1FNT0o5V3JyUlJ0OG52Q2lBWlNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABQsUAwQA
BQsXMA0GCSqGSIb3DQEBCwUAA4IBAQCRKxnSPQAzUhjE0RTecdnm3oaGOJaBAr7E
mduZFscAAq9DGV42ZqrgfqW72wbFbWN9Q4wsaRxYRAQNKREIx8kM1Tpt8YQRDDg9
vGtWSscDkd9k1633HhqW7bvhwFd0tTuojoEPDZiT3QM9jxcd00d0icIHrRGZ0B7r
1UI/MBqmGWFUxeOIUoWQTPgjsiFlGJZrwY8XvXp6LbUtidFFeyjfyFX+89P5WqoN
IA4AnZ5d6c+SGIv9SemRbB5OKoDO3ZrqnevYWFFAyqDKBd/xMfMIxpfQ3eGZQP7x
/n6JvFFkwSI/CWn5+OGasTfS6yci0DM/PlmVArV6/FfAjVO6Wga9
-----END CERTIFICATE-----