Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/979d20-2ff2-4f92-9c27-d6092a9fbe6c/1/xk4clEX32MFtZNuPD1ldUyQfWLI.roa
File:                     xk4clEX32MFtZNuPD1ldUyQfWLI.roa (raw, json)
Hash identifier:          fIEqQg1OXkYptCVnxu+MaDKcjLYQQHSm0uo6PvQ6NsA=
Subject key identifier:   C6:4E:1C:94:45:F7:D8:C1:6D:64:DB:8F:0F:59:5D:53:24:1F:58:B2
Certificate issuer:       /CN=2e5c571bf9bfa7e21bc7e339f9b8eebe06133711
Certificate serial:       018CC26D4F8BD3339C3C90163510702E768E
Authority key identifier: 2E:5C:57:1B:F9:BF:A7:E2:1B:C7:E3:39:F9:B8:EE:BE:06:13:37:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LlxXG_m_p-Ibx-M5-bjuvgYTNxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/979d20-2ff2-4f92-9c27-d6092a9fbe6c/1/xk4clEX32MFtZNuPD1ldUyQfWLI.roa
Signing time:             Mon 01 Jan 2024 00:29:52 +0000
ROA not before:           Mon 01 Jan 2024 00:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        194.147.52.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/979d20-2ff2-4f92-9c27-d6092a9fbe6c/1/LlxXG_m_p-Ibx-M5-bjuvgYTNxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/979d20-2ff2-4f92-9c27-d6092a9fbe6c/1/LlxXG_m_p-Ibx-M5-bjuvgYTNxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LlxXG_m_p-Ibx-M5-bjuvgYTNxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:4f:8b:d3:33:9c:3c:90:16:35:10:70:2e:76:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e5c571bf9bfa7e21bc7e339f9b8eebe06133711
        Validity
            Not Before: Jan  1 00:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c64e1c9445f7d8c16d64db8f0f595d53241f58b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:69:9c:f7:c0:f3:71:28:14:73:05:ec:86:85:
                    3a:c1:fd:92:82:7e:c8:a7:93:07:bc:4c:cb:02:6e:
                    4e:fc:0b:36:31:a1:61:f7:5e:4b:c4:f9:11:83:89:
                    98:9a:3e:54:62:dc:d4:40:2a:90:81:d1:5f:c2:26:
                    86:b8:55:80:28:ee:e0:ba:bb:b0:d6:9b:cd:78:b2:
                    b7:0b:46:50:9f:84:6e:ec:2e:fe:72:70:16:54:8f:
                    71:ba:3e:79:d1:ea:1e:0a:69:22:d9:ec:c8:c9:8c:
                    c2:5f:f5:81:a5:f9:d4:fb:1f:64:43:aa:1d:7b:22:
                    ef:19:50:c8:d5:df:a3:eb:f9:d9:96:f6:39:8a:59:
                    52:66:f6:aa:aa:39:b8:f6:da:0c:4d:9f:e3:17:01:
                    ab:5b:d4:f1:ff:f0:e8:3f:16:e7:5c:c9:1c:d5:a8:
                    f1:ec:6a:65:5d:b5:bb:87:c8:3e:a7:6b:48:20:51:
                    9f:97:81:8d:54:59:54:d3:ae:e2:38:bb:7b:1d:db:
                    91:3f:b5:a5:8e:80:4c:95:1e:33:0a:b0:db:d5:32:
                    4d:5c:84:be:30:79:e0:9a:f5:51:9b:e0:c2:9e:79:
                    26:c3:b3:68:62:16:0a:66:66:b1:de:87:14:e3:e4:
                    4d:92:11:7d:8f:62:8d:f8:13:0b:5f:42:90:8e:2e:
                    ed:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:4E:1C:94:45:F7:D8:C1:6D:64:DB:8F:0F:59:5D:53:24:1F:58:B2
            X509v3 Authority Key Identifier:
                keyid:2E:5C:57:1B:F9:BF:A7:E2:1B:C7:E3:39:F9:B8:EE:BE:06:13:37:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LlxXG_m_p-Ibx-M5-bjuvgYTNxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/979d20-2ff2-4f92-9c27-d6092a9fbe6c/1/xk4clEX32MFtZNuPD1ldUyQfWLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/979d20-2ff2-4f92-9c27-d6092a9fbe6c/1/LlxXG_m_p-Ibx-M5-bjuvgYTNxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:c7:bf:43:cf:73:0e:d3:94:ed:cf:d6:5b:04:a1:4b:12:f7:
         4a:7a:6d:bc:3a:d4:2f:60:15:a7:2f:70:d6:79:cb:f7:4e:0e:
         2c:e3:05:13:66:30:7d:78:1b:18:74:73:2d:21:45:1d:44:11:
         0b:00:55:c6:c0:06:ae:c5:34:0b:87:f5:04:db:16:ca:eb:d6:
         0f:ac:24:56:25:58:d7:62:0c:5d:f2:68:38:60:6c:ad:8c:4b:
         92:15:6d:15:c0:d3:ef:09:52:dc:eb:ef:ff:01:a6:f1:2d:f4:
         90:7c:c0:bc:6e:71:29:4e:61:24:c2:98:2c:97:42:92:47:e4:
         9e:5b:be:ba:c7:57:aa:95:2b:32:34:65:92:50:9d:13:60:71:
         ec:4f:ae:6c:85:ee:96:c8:e7:00:14:c6:11:4f:14:05:07:51:
         dd:75:71:f4:76:99:1b:d3:b1:0d:cd:e4:3a:d3:4f:1e:77:a4:
         ea:55:17:41:60:47:0f:7f:0e:28:98:3d:55:a8:bb:2b:58:b2:
         d3:a1:8e:f4:86:60:eb:11:f6:16:13:12:89:da:a3:2f:7a:14:
         52:9e:7a:87:2c:3b:6b:cd:55:b5:f9:e7:3a:aa:7a:eb:d8:f8:
         5e:17:93:84:96:e9:b2:f5:02:7d:cf:9b:bf:14:d8:6e:02:6f:
         6f:1c:16:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbU+L0zOcPJAWNRBwLnaOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNWM1NzFiZjliZmE3ZTIxYmM3ZTMzOWY5YjhlZWJlMDYx
MzM3MTEwHhcNMjQwMTAxMDAyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjRlMWM5NDQ1ZjdkOGMxNmQ2NGRiOGYwZjU5NWQ1MzI0MWY1OGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGmc98DzcSgUcwXshoU6wf2Sgn7I
p5MHvEzLAm5O/As2MaFh915LxPkRg4mYmj5UYtzUQCqQgdFfwiaGuFWAKO7guruw
1pvNeLK3C0ZQn4Ru7C7+cnAWVI9xuj550eoeCmki2ezIyYzCX/WBpfnU+x9kQ6od
eyLvGVDI1d+j6/nZlvY5illSZvaqqjm49toMTZ/jFwGrW9Tx//DoPxbnXMkc1ajx
7GplXbW7h8g+p2tIIFGfl4GNVFlU067iOLt7HduRP7WljoBMlR4zCrDb1TJNXIS+
MHngmvVRm+DCnnkmw7NoYhYKZmax3ocU4+RNkhF9j2KN+BMLX0KQji7tYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZOHJRF99jBbWTbjw9ZXVMkH1iyMB8GA1UdIwQY
MBaAFC5cVxv5v6fiG8fjOfm47r4GEzcRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGx4WEdfbV9wLUlieC1NNS1ianV2Z1lUTnhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS85NzlkMjAtMmZmMi00ZjkyLTljMjct
ZDYwOTJhOWZiZTZjLzEveGs0Y2xFWDMyTUZ0Wk51UEQxbGRVeVFmV0xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS85NzlkMjAtMmZmMi00ZjkyLTljMjctZDYwOTJhOWZiZTZj
LzEvTGx4WEdfbV9wLUlieC1NNS1ianV2Z1lUTnhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwpM0MA0G
CSqGSIb3DQEBCwUAA4IBAQCex79Dz3MO05Ttz9ZbBKFLEvdKem28OtQvYBWnL3DW
ecv3Tg4s4wUTZjB9eBsYdHMtIUUdRBELAFXGwAauxTQLh/UE2xbK69YPrCRWJVjX
Ygxd8mg4YGytjEuSFW0VwNPvCVLc6+//AabxLfSQfMC8bnEpTmEkwpgsl0KSR+Se
W766x1eqlSsyNGWSUJ0TYHHsT65she6WyOcAFMYRTxQFB1HddXH0dpkb07ENzeQ6
008ed6TqVRdBYEcPfw4omD1VqLsrWLLToY70hmDrEfYWExKJ2qMvehRSnnqHLDtr
zVW1+ec6qnrr2PheF5OElumy9QJ9z5u/FNhuAm9vHBZg
-----END CERTIFICATE-----