Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/979d20-2ff2-4f92-9c27-d6092a9fbe6c/1/RfAA1xaR3Se-RvvvQKJJ2gMoa-w.roa
File:                     RfAA1xaR3Se-RvvvQKJJ2gMoa-w.roa (raw, json)
Hash identifier:          ZjUwK6nsqDf3RG0U3GrfbUxp0iL0zaNbRBEGccx3Ch0=
Subject key identifier:   45:F0:00:D7:16:91:DD:27:BE:46:FB:EF:40:A2:49:DA:03:28:6B:EC
Certificate issuer:       /CN=2e5c571bf9bfa7e21bc7e339f9b8eebe06133711
Certificate serial:       019424B2CC416A743B02CD48C2DCF4F74E9D
Authority key identifier: 2E:5C:57:1B:F9:BF:A7:E2:1B:C7:E3:39:F9:B8:EE:BE:06:13:37:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LlxXG_m_p-Ibx-M5-bjuvgYTNxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/979d20-2ff2-4f92-9c27-d6092a9fbe6c/1/RfAA1xaR3Se-RvvvQKJJ2gMoa-w.roa
Signing time:             Thu 02 Jan 2025 01:48:05 +0000
ROA not before:           Thu 02 Jan 2025 01:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3303
IP address blocks:        194.147.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/979d20-2ff2-4f92-9c27-d6092a9fbe6c/1/LlxXG_m_p-Ibx-M5-bjuvgYTNxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/979d20-2ff2-4f92-9c27-d6092a9fbe6c/1/LlxXG_m_p-Ibx-M5-bjuvgYTNxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LlxXG_m_p-Ibx-M5-bjuvgYTNxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 13:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:cc:41:6a:74:3b:02:cd:48:c2:dc:f4:f7:4e:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e5c571bf9bfa7e21bc7e339f9b8eebe06133711
        Validity
            Not Before: Jan  2 01:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45f000d71691dd27be46fbef40a249da03286bec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:5e:1c:8d:87:11:4c:d6:ba:df:27:29:2c:23:
                    87:df:55:dc:a2:f0:d2:51:c8:0e:c4:1c:70:9d:31:
                    4e:24:13:d8:2d:4d:a0:52:e3:9f:52:56:6f:b9:42:
                    09:c5:f6:66:4e:82:a6:cd:ea:a8:f3:e8:ae:f2:3e:
                    ce:c2:47:5d:09:c8:82:49:00:9e:89:7c:78:85:36:
                    71:dd:8f:ba:6c:cc:b0:70:6d:9c:09:67:23:08:dd:
                    98:1f:a3:e6:48:6c:e1:44:3a:6d:0a:68:5f:cd:ad:
                    08:e1:b9:ad:3e:34:17:72:d0:fb:c7:05:e5:09:cd:
                    d0:25:cc:a8:c7:1d:0c:36:93:e0:48:2e:c3:4c:ec:
                    d9:b2:0e:3a:b2:9b:2d:62:ad:64:e4:6e:ad:ea:95:
                    c9:14:8a:34:5c:18:3f:38:c9:c5:c3:1f:65:1d:f9:
                    7b:f6:2f:b6:f2:c6:da:4d:fa:51:2d:12:70:c1:24:
                    73:b9:92:bf:81:77:22:97:cd:ce:55:1b:5f:b4:b5:
                    1d:0a:3b:dd:72:4d:33:09:ba:b5:7e:10:7e:be:db:
                    71:37:7a:0c:33:03:4f:aa:ae:0c:b6:3d:e1:ae:60:
                    41:09:4f:e9:cc:a2:54:75:e2:60:bc:ee:5e:56:8c:
                    e8:d1:51:7d:52:73:d4:ee:34:19:37:0c:36:c9:e4:
                    6b:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:F0:00:D7:16:91:DD:27:BE:46:FB:EF:40:A2:49:DA:03:28:6B:EC
            X509v3 Authority Key Identifier:
                keyid:2E:5C:57:1B:F9:BF:A7:E2:1B:C7:E3:39:F9:B8:EE:BE:06:13:37:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LlxXG_m_p-Ibx-M5-bjuvgYTNxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/979d20-2ff2-4f92-9c27-d6092a9fbe6c/1/RfAA1xaR3Se-RvvvQKJJ2gMoa-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/979d20-2ff2-4f92-9c27-d6092a9fbe6c/1/LlxXG_m_p-Ibx-M5-bjuvgYTNxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:a6:a3:53:fa:97:24:5f:b2:58:ae:1f:7d:b3:26:fa:e7:91:
         e1:03:84:04:63:60:73:1f:0f:58:b0:c8:38:09:f3:4d:7f:8d:
         00:ad:c2:5d:63:e2:ba:70:87:f7:f4:74:07:18:82:db:c6:1c:
         16:4c:b4:b1:ea:a3:96:00:99:f2:d8:5e:fb:81:a6:a7:f2:ea:
         26:02:8a:55:2f:62:27:f0:c2:58:36:6b:f5:24:55:8f:3a:e3:
         10:bd:a5:45:b7:d6:f0:5f:32:75:c7:b3:c1:72:44:fd:34:04:
         70:03:0f:1a:72:c4:f7:15:a7:3b:b3:3c:c3:3d:e1:00:84:a6:
         e5:8b:be:23:0b:62:2f:f4:eb:6b:cb:21:d4:f2:fb:17:c1:19:
         0e:76:ac:65:ff:3d:23:83:4c:75:ce:6f:3d:15:73:0f:3d:bc:
         8d:24:cb:13:7a:28:e3:16:91:06:8f:72:1f:61:72:38:07:3c:
         aa:71:64:c4:e1:69:7a:77:58:1e:d9:97:9a:45:0f:6e:82:f0:
         6f:57:fb:ce:a9:d3:b2:0b:e3:c0:fb:26:68:f3:30:f2:3c:0b:
         2e:97:68:55:a9:21:31:7b:0f:00:4d:41:81:c3:78:89:e9:92:
         52:68:52:de:70:cd:44:92:ab:dd:7f:e0:47:b9:c5:cc:09:45:
         5a:da:e8:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkssxBanQ7As1Iwtz0906dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNWM1NzFiZjliZmE3ZTIxYmM3ZTMzOWY5YjhlZWJlMDYx
MzM3MTEwHhcNMjUwMTAyMDE0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWYwMDBkNzE2OTFkZDI3YmU0NmZiZWY0MGEyNDlkYTAzMjg2YmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt14cjYcRTNa63ycpLCOH31XcovDS
UcgOxBxwnTFOJBPYLU2gUuOfUlZvuUIJxfZmToKmzeqo8+iu8j7OwkddCciCSQCe
iXx4hTZx3Y+6bMywcG2cCWcjCN2YH6PmSGzhRDptCmhfza0I4bmtPjQXctD7xwXl
Cc3QJcyoxx0MNpPgSC7DTOzZsg46spstYq1k5G6t6pXJFIo0XBg/OMnFwx9lHfl7
9i+28sbaTfpRLRJwwSRzuZK/gXcil83OVRtftLUdCjvdck0zCbq1fhB+vttxN3oM
MwNPqq4Mtj3hrmBBCU/pzKJUdeJgvO5eVozo0VF9UnPU7jQZNww2yeRruwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEXwANcWkd0nvkb770CiSdoDKGvsMB8GA1UdIwQY
MBaAFC5cVxv5v6fiG8fjOfm47r4GEzcRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGx4WEdfbV9wLUlieC1NNS1ianV2Z1lUTnhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS85NzlkMjAtMmZmMi00ZjkyLTljMjct
ZDYwOTJhOWZiZTZjLzEvUmZBQTF4YVIzU2UtUnZ2dlFLSkoyZ01vYS13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS85NzlkMjAtMmZmMi00ZjkyLTljMjctZDYwOTJhOWZiZTZj
LzEvTGx4WEdfbV9wLUlieC1NNS1ianV2Z1lUTnhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwpM0MA0G
CSqGSIb3DQEBCwUAA4IBAQAQpqNT+pckX7JYrh99syb655HhA4QEY2BzHw9YsMg4
CfNNf40ArcJdY+K6cIf39HQHGILbxhwWTLSx6qOWAJny2F77gaan8uomAopVL2In
8MJYNmv1JFWPOuMQvaVFt9bwXzJ1x7PBckT9NARwAw8acsT3Fac7szzDPeEAhKbl
i74jC2Iv9OtryyHU8vsXwRkOdqxl/z0jg0x1zm89FXMPPbyNJMsTeijjFpEGj3If
YXI4BzyqcWTE4Wl6d1ge2ZeaRQ9ugvBvV/vOqdOyC+PA+yZo8zDyPAsul2hVqSEx
ew8ATUGBw3iJ6ZJSaFLecM1Ekqvdf+BHucXMCUVa2ui6
-----END CERTIFICATE-----