Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/OdftwAas8D7uyk5dOWI7xRXAdis.roa
File:                     OdftwAas8D7uyk5dOWI7xRXAdis.roa (raw, json)
Hash identifier:          4mpa9EnDa/MNOB8QVYCFRHiziN42BKj07wCkliCE6Mg=
Subject key identifier:   39:D7:ED:C0:06:AC:F0:3E:EE:CA:4E:5D:39:62:3B:C5:15:C0:76:2B
Certificate issuer:       /CN=4b529a4d22faef23135d6eff8912266623c49255
Certificate serial:       018CC86F1183750C61AE5979090E8211D77C
Authority key identifier: 4B:52:9A:4D:22:FA:EF:23:13:5D:6E:FF:89:12:26:66:23:C4:92:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/OdftwAas8D7uyk5dOWI7xRXAdis.roa
Signing time:             Tue 02 Jan 2024 04:29:31 +0000
ROA not before:           Tue 02 Jan 2024 04:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207734
IP address blocks:        5.11.26.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/S1KaTSL67yMTXW7_iRImZiPEklU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/S1KaTSL67yMTXW7_iRImZiPEklU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:11:83:75:0c:61:ae:59:79:09:0e:82:11:d7:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b529a4d22faef23135d6eff8912266623c49255
        Validity
            Not Before: Jan  2 04:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39d7edc006acf03eeeca4e5d39623bc515c0762b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:32:9f:74:49:d1:f6:72:d0:13:2c:c7:b8:98:
                    f7:f9:fa:43:10:34:ee:43:07:86:9e:e6:3e:ce:5a:
                    b7:67:6e:5b:63:ff:03:e0:d0:d9:d6:ed:87:b9:97:
                    a9:6a:1a:eb:27:12:d0:d6:54:1e:90:21:bd:21:43:
                    6d:d9:49:11:0e:8f:95:10:df:c2:47:66:b7:df:b9:
                    40:d0:ce:25:f5:25:a0:91:9d:1d:6c:11:6f:7e:4a:
                    37:f0:8f:a2:e9:2a:d9:a1:30:3c:a9:f3:10:25:6d:
                    37:4e:f9:32:cc:81:7c:67:78:3c:f2:ad:7c:37:15:
                    52:d2:d3:b9:50:7b:0d:4a:25:d2:91:0e:91:16:06:
                    82:b3:dd:82:24:70:71:3e:8a:14:46:d4:dd:68:92:
                    ac:63:ce:84:01:4f:de:32:b0:0c:9e:c3:a8:60:b8:
                    8a:ac:e4:b9:25:97:b0:1d:f0:99:57:21:8a:dc:60:
                    b3:f4:86:c4:d1:ee:f0:37:e3:3c:5d:c3:1f:9f:1b:
                    e8:0a:05:e1:4a:b4:6d:34:5c:2a:2d:0f:42:8f:42:
                    8b:7d:b8:42:3f:ce:4e:00:02:61:b0:f9:a6:fb:7d:
                    d6:5a:b6:d5:eb:02:fd:d2:27:1c:2f:00:de:d3:9b:
                    3a:e3:68:75:2a:5f:38:67:de:2b:03:2a:49:27:b6:
                    40:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:D7:ED:C0:06:AC:F0:3E:EE:CA:4E:5D:39:62:3B:C5:15:C0:76:2B
            X509v3 Authority Key Identifier:
                keyid:4B:52:9A:4D:22:FA:EF:23:13:5D:6E:FF:89:12:26:66:23:C4:92:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/OdftwAas8D7uyk5dOWI7xRXAdis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/S1KaTSL67yMTXW7_iRImZiPEklU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.11.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:50:f2:a7:49:ca:af:b2:af:57:90:e9:52:dd:5a:45:6e:68:
         a0:bb:f7:12:41:70:33:59:6d:d6:3c:55:98:6e:b7:97:1c:7a:
         bc:f8:44:f7:ca:ad:fe:00:b0:4e:0e:04:c7:b2:71:2a:15:a3:
         03:10:74:af:f1:ed:23:41:f7:11:5c:2d:76:aa:72:cc:23:0c:
         72:6b:d2:94:9d:be:26:1a:87:c8:34:ff:d4:2b:b1:35:94:dd:
         1e:02:2b:46:99:e1:7c:f1:63:93:3e:27:e1:98:e6:d6:23:a7:
         74:0c:0a:ad:7a:12:73:c4:f6:05:ad:08:59:fa:04:2f:7f:2c:
         31:ef:34:7b:a0:a3:8e:91:5e:82:61:b9:7f:02:b7:08:19:a6:
         b9:d9:15:15:04:f2:6c:ab:45:9f:c3:ff:d2:5e:42:0f:74:80:
         3d:1e:f3:ab:ba:7c:79:14:c2:2b:83:22:bf:47:46:75:0d:3a:
         2b:3c:74:17:10:03:64:39:ba:45:b5:2e:39:37:9d:88:65:c3:
         29:11:5e:c8:e4:a0:00:36:9c:60:5e:20:97:78:77:20:6b:65:
         1b:c6:c3:f8:33:65:a1:31:a6:56:cd:e7:5b:3d:1b:90:ac:ea:
         09:df:b2:fb:51:65:d1:49:9e:55:3d:f6:7b:39:c1:39:6c:5f:
         a5:39:02:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbxGDdQxhrll5CQ6CEdd8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNTI5YTRkMjJmYWVmMjMxMzVkNmVmZjg5MTIyNjY2MjNj
NDkyNTUwHhcNMjQwMTAyMDQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWQ3ZWRjMDA2YWNmMDNlZWVjYTRlNWQzOTYyM2JjNTE1YzA3NjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjKfdEnR9nLQEyzHuJj3+fpDEDTu
QweGnuY+zlq3Z25bY/8D4NDZ1u2HuZepahrrJxLQ1lQekCG9IUNt2UkRDo+VEN/C
R2a337lA0M4l9SWgkZ0dbBFvfko38I+i6SrZoTA8qfMQJW03TvkyzIF8Z3g88q18
NxVS0tO5UHsNSiXSkQ6RFgaCs92CJHBxPooURtTdaJKsY86EAU/eMrAMnsOoYLiK
rOS5JZewHfCZVyGK3GCz9IbE0e7wN+M8XcMfnxvoCgXhSrRtNFwqLQ9Cj0KLfbhC
P85OAAJhsPmm+33WWrbV6wL90iccLwDe05s642h1Kl84Z94rAypJJ7ZAiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDnX7cAGrPA+7spOXTliO8UVwHYrMB8GA1UdIwQY
MBaAFEtSmk0i+u8jE11u/4kSJmYjxJJVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzFLYVRTTDY3eU1UWFc3X2lSSW1aaVBFa2xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8xZDliMDUtZWM2MS00YzMzLWEwOTct
MzZhZTc2ZWU5ODNlLzEvT2RmdHdBYXM4RDd1eWs1ZE9XSTd4UlhBZGlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8xZDliMDUtZWM2MS00YzMzLWEwOTctMzZhZTc2ZWU5ODNl
LzEvUzFLYVRTTDY3eU1UWFc3X2lSSW1aaVBFa2xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBQsaMA0G
CSqGSIb3DQEBCwUAA4IBAQCZUPKnScqvsq9XkOlS3VpFbmigu/cSQXAzWW3WPFWY
breXHHq8+ET3yq3+ALBODgTHsnEqFaMDEHSv8e0jQfcRXC12qnLMIwxya9KUnb4m
GofINP/UK7E1lN0eAitGmeF88WOTPifhmObWI6d0DAqtehJzxPYFrQhZ+gQvfywx
7zR7oKOOkV6CYbl/ArcIGaa52RUVBPJsq0Wfw//SXkIPdIA9HvOrunx5FMIrgyK/
R0Z1DTorPHQXEANkObpFtS45N52IZcMpEV7I5KAANpxgXiCXeHcga2UbxsP4M2Wh
MaZWzedbPRuQrOoJ37L7UWXRSZ5VPfZ7OcE5bF+lOQIM
-----END CERTIFICATE-----