Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/b5d3b8-bdbf-46fb-aa94-b14e599c0cc2/1/XXvB1rUSSOE8PrMLtiUshH48jNM.roa
File:                     XXvB1rUSSOE8PrMLtiUshH48jNM.roa (raw, json)
Hash identifier:          tgt25xcECKVs6BAXZZ/u1yn8Baf9UudLkxMYuvqggeQ=
Subject key identifier:   5D:7B:C1:D6:B5:12:48:E1:3C:3E:B3:0B:B6:25:2C:84:7E:3C:8C:D3
Certificate issuer:       /CN=51aedc576bdf5600bfe4c4790385facedc46f034
Certificate serial:       018CC3495CA61C54E5ECC0E24FB695A6AD22
Authority key identifier: 51:AE:DC:57:6B:DF:56:00:BF:E4:C4:79:03:85:FA:CE:DC:46:F0:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ua7cV2vfVgC_5MR5A4X6ztxG8DQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/b5d3b8-bdbf-46fb-aa94-b14e599c0cc2/1/XXvB1rUSSOE8PrMLtiUshH48jNM.roa
Signing time:             Mon 01 Jan 2024 04:30:14 +0000
ROA not before:           Mon 01 Jan 2024 04:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29353
IP address blocks:        194.13.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/b5d3b8-bdbf-46fb-aa94-b14e599c0cc2/1/Ua7cV2vfVgC_5MR5A4X6ztxG8DQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/b5d3b8-bdbf-46fb-aa94-b14e599c0cc2/1/Ua7cV2vfVgC_5MR5A4X6ztxG8DQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ua7cV2vfVgC_5MR5A4X6ztxG8DQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:5c:a6:1c:54:e5:ec:c0:e2:4f:b6:95:a6:ad:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51aedc576bdf5600bfe4c4790385facedc46f034
        Validity
            Not Before: Jan  1 04:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d7bc1d6b51248e13c3eb30bb6252c847e3c8cd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:0e:4f:49:aa:19:fb:14:f0:5c:d5:62:cb:1e:
                    cf:b8:91:27:e2:82:b2:d6:76:cb:5f:8c:2b:3d:2a:
                    2a:0a:52:4f:95:07:01:7a:f9:08:af:da:70:a1:8f:
                    f3:4e:9b:a2:50:88:ed:81:f9:6d:17:65:8a:99:eb:
                    d5:a1:59:cc:c6:17:51:0d:75:2b:66:0a:24:09:d1:
                    1b:fb:9a:d1:91:dc:09:0e:3b:07:06:0e:59:60:17:
                    0d:4f:f0:9d:73:c0:36:e3:a6:7b:e9:73:3e:cc:c1:
                    b8:1a:c2:81:a8:b7:26:ea:1f:ae:4b:94:bb:de:6f:
                    f4:b7:9a:5b:6d:0b:5f:9a:99:33:19:78:32:6e:97:
                    57:0d:65:53:54:42:62:66:77:06:65:e5:23:66:b5:
                    3b:c9:24:54:96:e4:75:30:64:e5:c5:58:eb:d8:3f:
                    dd:46:b2:a8:37:2a:f2:78:95:5d:15:a0:48:f4:69:
                    61:4e:3b:4d:02:cc:0b:c3:bc:c3:51:7e:05:1e:0a:
                    fc:89:56:1a:fd:fc:3a:ae:b9:92:b4:6f:6d:2e:ba:
                    f4:2e:e2:ec:0e:b8:cc:1a:bc:89:29:4d:eb:ec:53:
                    5c:10:a2:4c:ab:ce:1d:58:83:18:8e:95:48:be:eb:
                    cb:0d:4a:dd:0b:37:3f:a8:c7:24:fc:0a:91:47:ad:
                    d8:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:7B:C1:D6:B5:12:48:E1:3C:3E:B3:0B:B6:25:2C:84:7E:3C:8C:D3
            X509v3 Authority Key Identifier:
                keyid:51:AE:DC:57:6B:DF:56:00:BF:E4:C4:79:03:85:FA:CE:DC:46:F0:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ua7cV2vfVgC_5MR5A4X6ztxG8DQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/b5d3b8-bdbf-46fb-aa94-b14e599c0cc2/1/XXvB1rUSSOE8PrMLtiUshH48jNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/b5d3b8-bdbf-46fb-aa94-b14e599c0cc2/1/Ua7cV2vfVgC_5MR5A4X6ztxG8DQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.13.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:07:eb:07:15:c9:a2:8c:c1:24:48:ff:a0:81:1c:31:8c:6b:
         17:cb:74:52:c1:10:01:0d:89:1f:58:6b:f6:95:bc:33:18:d4:
         5b:c9:59:6c:ea:85:59:1b:24:ee:3f:0b:9f:d1:fe:f4:5e:78:
         38:28:48:66:81:45:94:49:ba:53:67:ce:8e:90:77:ac:68:dc:
         de:e4:c7:3a:42:5a:71:2f:68:c2:90:7f:88:ee:fd:41:33:8b:
         bf:d5:fc:a7:b5:3d:f3:12:ab:0e:fa:51:ee:43:fb:4a:74:88:
         ca:b7:00:bb:8f:0e:2f:03:2a:64:59:f8:86:86:30:73:13:68:
         19:f2:52:e3:f7:c1:81:5d:be:de:2e:65:2e:0c:93:a1:d2:be:
         0f:7e:d0:ef:ab:b4:0b:7c:39:25:6c:e5:b3:3b:8d:8f:7a:b2:
         2b:0e:dd:83:fc:ba:0b:02:f7:ad:3b:71:fb:65:9a:5e:ef:1e:
         fa:d7:62:64:e6:b3:6a:be:4a:33:4c:fd:46:4e:c5:af:07:50:
         45:c3:88:43:72:93:f7:5b:13:e1:16:aa:70:13:60:db:b7:85:
         ce:fb:2a:02:e4:e8:ba:98:e8:f3:7b:dd:be:cc:6b:83:69:5a:
         e4:d3:ef:76:74:c4:3f:0a:d3:d5:63:44:1d:40:42:97:56:9c:
         27:74:fd:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVymHFTl7MDiT7aVpq0iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYWVkYzU3NmJkZjU2MDBiZmU0YzQ3OTAzODVmYWNlZGM0
NmYwMzQwHhcNMjQwMTAxMDQzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDdiYzFkNmI1MTI0OGUxM2MzZWIzMGJiNjI1MmM4NDdlM2M4Y2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1A5PSaoZ+xTwXNViyx7PuJEn4oKy
1nbLX4wrPSoqClJPlQcBevkIr9pwoY/zTpuiUIjtgfltF2WKmevVoVnMxhdRDXUr
ZgokCdEb+5rRkdwJDjsHBg5ZYBcNT/Cdc8A246Z76XM+zMG4GsKBqLcm6h+uS5S7
3m/0t5pbbQtfmpkzGXgybpdXDWVTVEJiZncGZeUjZrU7ySRUluR1MGTlxVjr2D/d
RrKoNyryeJVdFaBI9GlhTjtNAswLw7zDUX4FHgr8iVYa/fw6rrmStG9tLrr0LuLs
DrjMGryJKU3r7FNcEKJMq84dWIMYjpVIvuvLDUrdCzc/qMck/AqRR63YswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF17wda1EkjhPD6zC7YlLIR+PIzTMB8GA1UdIwQY
MBaAFFGu3Fdr31YAv+TEeQOF+s7cRvA0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWE3Y1YydmZWZ0NfNU1SNUE0WDZ6dHhHOERRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9iNWQzYjgtYmRiZi00NmZiLWFhOTQt
YjE0ZTU5OWMwY2MyLzEvWFh2QjFyVVNTT0U4UHJNTHRpVXNoSDQ4ak5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9iNWQzYjgtYmRiZi00NmZiLWFhOTQtYjE0ZTU5OWMwY2My
LzEvVWE3Y1YydmZWZ0NfNU1SNUE0WDZ6dHhHOERRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg1vMA0G
CSqGSIb3DQEBCwUAA4IBAQB7B+sHFcmijMEkSP+ggRwxjGsXy3RSwRABDYkfWGv2
lbwzGNRbyVls6oVZGyTuPwuf0f70Xng4KEhmgUWUSbpTZ86OkHesaNze5Mc6Qlpx
L2jCkH+I7v1BM4u/1fyntT3zEqsO+lHuQ/tKdIjKtwC7jw4vAypkWfiGhjBzE2gZ
8lLj98GBXb7eLmUuDJOh0r4PftDvq7QLfDklbOWzO42PerIrDt2D/LoLAvetO3H7
ZZpe7x7612Jk5rNqvkozTP1GTsWvB1BFw4hDcpP3WxPhFqpwE2Dbt4XO+yoC5Oi6
mOjze92+zGuDaVrk0+92dMQ/CtPVY0QdQEKXVpwndP0D
-----END CERTIFICATE-----