Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/_YciLAUMll_l6Ad-S-3jEr-WUP0.roa
File:                     _YciLAUMll_l6Ad-S-3jEr-WUP0.roa (raw, json)
Hash identifier:          YLNVgwBOiutPhe7HbfVw0eYS7E9cfJJEs9zT8+FOZFI=
Subject key identifier:   FD:87:22:2C:05:0C:96:5F:E5:E8:07:7E:4B:ED:E3:12:BF:96:50:FD
Certificate issuer:       /CN=4b529a4d22faef23135d6eff8912266623c49255
Certificate serial:       019426D9F1D38DE5FE540B879D820968483C
Authority key identifier: 4B:52:9A:4D:22:FA:EF:23:13:5D:6E:FF:89:12:26:66:23:C4:92:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/_YciLAUMll_l6Ad-S-3jEr-WUP0.roa
Signing time:             Thu 02 Jan 2025 11:50:04 +0000
ROA not before:           Thu 02 Jan 2025 11:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207701
IP address blocks:        5.11.31.0/24 maxlen: 24
                          2a01:7a8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/S1KaTSL67yMTXW7_iRImZiPEklU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/S1KaTSL67yMTXW7_iRImZiPEklU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 11:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:f1:d3:8d:e5:fe:54:0b:87:9d:82:09:68:48:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b529a4d22faef23135d6eff8912266623c49255
        Validity
            Not Before: Jan  2 11:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd87222c050c965fe5e8077e4bede312bf9650fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:db:38:ef:db:bb:76:e0:57:2b:39:c1:ee:50:
                    9e:84:6c:51:19:88:f7:41:c9:83:d5:c9:9a:be:4d:
                    f8:78:73:dc:de:87:fb:7e:3f:00:da:e7:16:9b:8a:
                    10:2b:6a:71:60:3c:12:ee:ec:09:d2:f6:8d:3a:8e:
                    c3:56:40:78:3d:43:84:ff:91:a9:88:6e:79:91:b9:
                    ec:4b:af:f1:3c:38:f1:43:b6:a1:50:42:3e:7c:2f:
                    00:21:d9:fb:b1:66:8a:92:66:7f:2d:36:84:db:55:
                    10:7b:f1:b0:0d:fc:6c:cc:97:e0:40:02:11:4b:06:
                    d9:15:38:9b:83:67:fb:52:9c:63:bd:b4:de:3d:3f:
                    1a:0f:73:99:bd:52:ca:ba:68:9e:da:cb:17:f4:c1:
                    b1:72:1b:29:36:59:27:9e:e3:ec:56:4a:07:41:73:
                    9d:40:41:68:70:cc:f1:53:fd:c3:76:6e:77:34:07:
                    b2:34:6e:c3:e4:d9:d9:e2:cf:65:4b:13:48:df:54:
                    c1:e4:c4:36:04:ef:ed:fc:b1:bd:8e:f1:ad:92:b8:
                    71:aa:ab:f4:b0:75:cc:f5:5a:be:51:9a:1e:c0:b6:
                    6a:c0:b6:ab:d0:1e:a4:53:5e:d3:fe:6a:cd:f5:f3:
                    7d:df:08:5f:3d:cf:75:f7:b4:f1:f7:76:55:13:87:
                    3e:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:87:22:2C:05:0C:96:5F:E5:E8:07:7E:4B:ED:E3:12:BF:96:50:FD
            X509v3 Authority Key Identifier:
                keyid:4B:52:9A:4D:22:FA:EF:23:13:5D:6E:FF:89:12:26:66:23:C4:92:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/_YciLAUMll_l6Ad-S-3jEr-WUP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/S1KaTSL67yMTXW7_iRImZiPEklU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.11.31.0/24
                IPv6:
                  2a01:7a8::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:61:19:bb:b6:9e:e6:96:41:f2:6c:18:86:c0:d0:94:33:9d:
         9d:42:7e:3e:3d:56:4e:b4:26:79:48:9e:fb:63:0a:b6:fd:e8:
         8a:24:52:be:ac:63:2e:66:93:0e:84:35:36:a8:b4:70:e6:e5:
         99:9e:3d:40:9c:d9:b6:34:e7:c7:b2:8c:80:1c:e9:a0:cb:57:
         61:ae:c0:25:16:1a:ff:a0:ef:3b:15:18:d1:6f:97:59:61:4b:
         6f:a7:52:15:0d:fd:c2:1a:00:12:e6:63:33:8f:90:3b:83:f0:
         01:72:0e:99:34:6d:fd:a7:b9:f6:e7:0a:f7:c8:b2:29:13:e2:
         cd:5f:04:bb:5b:55:66:72:83:f9:bb:00:10:07:de:ec:14:1c:
         ac:d2:5e:17:e1:55:ed:66:38:81:4d:57:ab:41:cd:10:a2:be:
         5c:d1:5a:f0:e3:98:a1:a0:8a:32:e8:63:87:78:be:c1:fd:37:
         45:8a:6f:81:f6:88:f9:3e:13:9c:ef:5b:16:dc:2b:23:15:32:
         12:fd:3f:ed:66:f4:78:70:38:e0:8c:fa:fc:2e:96:18:c9:21:
         27:b8:49:c2:ea:75:8a:a0:eb:fd:70:83:04:d4:6b:17:02:0f:
         68:d5:bf:e5:3c:6e:44:4d:76:23:24:78:35:82:90:4e:7b:2e:
         13:59:50:fc
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQm2fHTjeX+VAuHnYIJaEg8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNTI5YTRkMjJmYWVmMjMxMzVkNmVmZjg5MTIyNjY2MjNj
NDkyNTUwHhcNMjUwMTAyMTE1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDg3MjIyYzA1MGM5NjVmZTVlODA3N2U0YmVkZTMxMmJmOTY1MGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApds479u7duBXKznB7lCehGxRGYj3
QcmD1cmavk34eHPc3of7fj8A2ucWm4oQK2pxYDwS7uwJ0vaNOo7DVkB4PUOE/5Gp
iG55kbnsS6/xPDjxQ7ahUEI+fC8AIdn7sWaKkmZ/LTaE21UQe/GwDfxszJfgQAIR
SwbZFTibg2f7UpxjvbTePT8aD3OZvVLKumie2ssX9MGxchspNlknnuPsVkoHQXOd
QEFocMzxU/3Ddm53NAeyNG7D5NnZ4s9lSxNI31TB5MQ2BO/t/LG9jvGtkrhxqqv0
sHXM9Vq+UZoewLZqwLar0B6kU17T/mrN9fN93whfPc9197Tx93ZVE4c+ywIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFP2HIiwFDJZf5egHfkvt4xK/llD9MB8GA1UdIwQY
MBaAFEtSmk0i+u8jE11u/4kSJmYjxJJVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzFLYVRTTDY3eU1UWFc3X2lSSW1aaVBFa2xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8xZDliMDUtZWM2MS00YzMzLWEwOTct
MzZhZTc2ZWU5ODNlLzEvX1ljaUxBVU1sbF9sNkFkLVMtM2pFci1XVVAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8xZDliMDUtZWM2MS00YzMzLWEwOTctMzZhZTc2ZWU5ODNl
LzEvUzFLYVRTTDY3eU1UWFc3X2lSSW1aaVBFa2xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQABQsfMA8E
AgACMAkDBwAqAQeoAAAwDQYJKoZIhvcNAQELBQADggEBAAxhGbu2nuaWQfJsGIbA
0JQznZ1Cfj49Vk60JnlInvtjCrb96IokUr6sYy5mkw6ENTaotHDm5ZmePUCc2bY0
58eyjIAc6aDLV2GuwCUWGv+g7zsVGNFvl1lhS2+nUhUN/cIaABLmYzOPkDuD8AFy
Dpk0bf2nufbnCvfIsikT4s1fBLtbVWZyg/m7ABAH3uwUHKzSXhfhVe1mOIFNV6tB
zRCivlzRWvDjmKGgijLoY4d4vsH9N0WKb4H2iPk+E5zvWxbcKyMVMhL9P+1m9Hhw
OOCM+vwulhjJISe4ScLqdYqg6/1wgwTUaxcCD2jVv+U8bkRNdiMkeDWCkE57LhNZ
UPw=
-----END CERTIFICATE-----