Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/TSdQZeiJv87sxq_OJ-PJSQE8GTQ.roa
File:                     TSdQZeiJv87sxq_OJ-PJSQE8GTQ.roa (raw, json)
Hash identifier:          zeHI0YzPke/O83NDkRPiKpR8/sA4EMZWB7tgWAf8HNc=
Subject key identifier:   4D:27:50:65:E8:89:BF:CE:EC:C6:AF:CE:27:E3:C9:49:01:3C:19:34
Certificate issuer:       /CN=4b529a4d22faef23135d6eff8912266623c49255
Certificate serial:       019426D9F019B1F1FCE49312F43DDC7C57C3
Authority key identifier: 4B:52:9A:4D:22:FA:EF:23:13:5D:6E:FF:89:12:26:66:23:C4:92:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/TSdQZeiJv87sxq_OJ-PJSQE8GTQ.roa
Signing time:             Thu 02 Jan 2025 11:50:04 +0000
ROA not before:           Thu 02 Jan 2025 11:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21277
IP address blocks:        5.11.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/S1KaTSL67yMTXW7_iRImZiPEklU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/S1KaTSL67yMTXW7_iRImZiPEklU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 11:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:f0:19:b1:f1:fc:e4:93:12:f4:3d:dc:7c:57:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b529a4d22faef23135d6eff8912266623c49255
        Validity
            Not Before: Jan  2 11:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d275065e889bfceecc6afce27e3c949013c1934
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:95:df:31:b8:d5:ef:7a:1f:65:f7:7b:5d:27:
                    c4:ae:b4:c0:69:0c:e8:53:cc:7d:20:85:d8:af:ed:
                    71:26:99:9f:9f:71:27:88:ea:c6:59:34:f7:0d:63:
                    37:7d:1a:f2:97:1a:25:1b:f0:f4:6c:ae:70:e4:3a:
                    7b:24:d3:2e:f7:ff:47:e9:2a:40:95:9e:04:1e:ed:
                    aa:07:de:ae:e2:24:55:48:9a:ae:55:7b:51:9f:52:
                    45:1c:cd:78:cd:ce:76:6f:87:71:7c:ad:65:92:8d:
                    a8:7f:13:3e:36:c7:f6:51:29:85:ef:1c:6e:96:fc:
                    ea:00:d8:b8:f6:d9:0d:84:23:41:0e:37:c2:21:8e:
                    ec:4a:ca:25:01:37:05:32:2e:d3:d8:f8:1c:af:6b:
                    38:c5:71:1a:46:b5:20:23:f5:f4:ca:fd:8b:7e:4a:
                    22:52:27:c9:4d:ba:9f:9f:f0:03:14:17:24:d1:99:
                    7d:cf:ba:81:34:2c:c4:66:30:ed:31:0f:47:24:cc:
                    7e:85:08:10:6f:2e:e6:95:0e:cf:92:9e:9c:96:d4:
                    55:c8:68:10:7a:f9:ce:a4:2a:65:de:9e:fa:9b:94:
                    70:cb:45:7b:fa:8b:f2:a3:0e:be:2d:f8:95:d8:8b:
                    c7:35:de:4c:ea:4d:8a:2c:1d:a6:a7:d1:02:d1:3f:
                    5a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:27:50:65:E8:89:BF:CE:EC:C6:AF:CE:27:E3:C9:49:01:3C:19:34
            X509v3 Authority Key Identifier:
                keyid:4B:52:9A:4D:22:FA:EF:23:13:5D:6E:FF:89:12:26:66:23:C4:92:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/TSdQZeiJv87sxq_OJ-PJSQE8GTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/S1KaTSL67yMTXW7_iRImZiPEklU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.11.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:6f:79:42:41:42:79:14:a6:bc:ca:47:68:d9:94:fc:76:aa:
         dd:3b:55:c6:04:15:86:b8:2a:9c:8c:4b:6d:40:64:68:6a:bc:
         bc:5c:e7:1c:af:36:09:5f:9d:0b:b9:c8:80:e8:97:18:47:90:
         20:de:bd:f1:ab:15:c9:aa:d9:cf:a1:13:f4:c8:61:e7:97:33:
         7b:3e:b1:5d:56:6f:f4:fc:22:ec:da:10:3a:90:8f:08:8a:6c:
         bc:c6:e9:4f:59:be:dc:c1:a9:68:d9:34:68:bf:84:7f:a5:25:
         09:6e:cf:0a:a3:d1:3c:8e:a2:62:d2:a6:fb:45:2e:72:b7:dc:
         80:c1:27:fd:48:7e:e7:8f:39:69:fc:a2:e4:2d:a7:fb:6f:bb:
         95:80:d7:71:62:c4:01:3c:10:85:12:5d:6c:f7:f9:94:2a:45:
         2f:74:fb:c8:9d:4b:f2:51:04:45:31:96:f4:9b:21:03:98:d2:
         4c:29:41:07:c5:d8:b4:7d:c7:e2:01:92:cd:f6:77:5d:6e:cd:
         b6:2b:cd:bf:b8:a3:a1:e2:b2:31:cc:87:0d:6a:fa:bf:04:31:
         3d:ae:28:db:bd:9b:7f:3e:2b:cd:e6:7a:65:e7:0d:38:dc:c2:
         fe:1f:1b:0e:15:cc:79:5c:d7:6e:bd:77:f7:a1:a6:93:cc:3f:
         37:0d:4a:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2fAZsfH85JMS9D3cfFfDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNTI5YTRkMjJmYWVmMjMxMzVkNmVmZjg5MTIyNjY2MjNj
NDkyNTUwHhcNMjUwMTAyMTE1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDI3NTA2NWU4ODliZmNlZWNjNmFmY2UyN2UzYzk0OTAxM2MxOTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2pXfMbjV73ofZfd7XSfErrTAaQzo
U8x9IIXYr+1xJpmfn3EniOrGWTT3DWM3fRrylxolG/D0bK5w5Dp7JNMu9/9H6SpA
lZ4EHu2qB96u4iRVSJquVXtRn1JFHM14zc52b4dxfK1lko2ofxM+Nsf2USmF7xxu
lvzqANi49tkNhCNBDjfCIY7sSsolATcFMi7T2Pgcr2s4xXEaRrUgI/X0yv2Lfkoi
UifJTbqfn/ADFBck0Zl9z7qBNCzEZjDtMQ9HJMx+hQgQby7mlQ7Pkp6cltRVyGgQ
evnOpCpl3p76m5Rwy0V7+ovyow6+LfiV2IvHNd5M6k2KLB2mp9EC0T9aZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE0nUGXoib/O7MavzifjyUkBPBk0MB8GA1UdIwQY
MBaAFEtSmk0i+u8jE11u/4kSJmYjxJJVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzFLYVRTTDY3eU1UWFc3X2lSSW1aaVBFa2xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8xZDliMDUtZWM2MS00YzMzLWEwOTct
MzZhZTc2ZWU5ODNlLzEvVFNkUVplaUp2ODdzeHFfT0otUEpTUUU4R1RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8xZDliMDUtZWM2MS00YzMzLWEwOTctMzZhZTc2ZWU5ODNl
LzEvUzFLYVRTTDY3eU1UWFc3X2lSSW1aaVBFa2xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQsTMA0G
CSqGSIb3DQEBCwUAA4IBAQDAb3lCQUJ5FKa8ykdo2ZT8dqrdO1XGBBWGuCqcjEtt
QGRoary8XOccrzYJX50LuciA6JcYR5Ag3r3xqxXJqtnPoRP0yGHnlzN7PrFdVm/0
/CLs2hA6kI8Iimy8xulPWb7cwalo2TRov4R/pSUJbs8Ko9E8jqJi0qb7RS5yt9yA
wSf9SH7njzlp/KLkLaf7b7uVgNdxYsQBPBCFEl1s9/mUKkUvdPvInUvyUQRFMZb0
myEDmNJMKUEHxdi0fcfiAZLN9nddbs22K82/uKOh4rIxzIcNavq/BDE9rijbvZt/
PivN5npl5w043ML+HxsOFcx5XNduvXf3oaaTzD83DUo+
-----END CERTIFICATE-----