Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/xLjbHEWN70CSSo5YEnWEs0-bdWY.roa
File:                     xLjbHEWN70CSSo5YEnWEs0-bdWY.roa (raw, json)
Hash identifier:          uLbdfrsxdbii6znqxvB37XvHu1V1AwB0eJioY3VsJkY=
Subject key identifier:   C4:B8:DB:1C:45:8D:EF:40:92:4A:8E:58:12:75:84:B3:4F:9B:75:66
Certificate issuer:       /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial:       019427484E543E5D2755A76D3A824290CF21
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/xLjbHEWN70CSSo5YEnWEs0-bdWY.roa
Signing time:             Thu 02 Jan 2025 13:50:37 +0000
ROA not before:           Thu 02 Jan 2025 13:50:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211043
IP address blocks:        85.203.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 05:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:4e:54:3e:5d:27:55:a7:6d:3a:82:42:90:cf:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
        Validity
            Not Before: Jan  2 13:50:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4b8db1c458def40924a8e58127584b34f9b7566
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0f:76:69:56:43:64:47:3d:f2:c8:4a:e9:9d:
                    9e:28:77:29:a1:9b:8d:cb:38:c4:a8:4c:c0:48:97:
                    9a:54:3e:f0:e0:78:9d:09:54:55:b2:0b:79:4f:04:
                    a9:b0:2e:9f:52:87:f4:63:75:c3:5f:2f:8c:68:49:
                    7b:81:01:d4:72:ee:e2:39:0d:12:1d:51:65:c8:b2:
                    d5:22:84:35:fc:f4:ac:91:75:c8:4e:c6:6d:82:50:
                    12:12:68:80:17:68:e1:d5:07:f1:ef:f2:31:76:a4:
                    fe:c1:6c:14:8d:8e:6d:fd:b6:65:cc:df:bc:b5:7c:
                    fd:47:e1:ac:3e:ab:cc:cb:8d:47:c1:fc:bf:4e:32:
                    8c:c8:e0:bb:6d:d2:b7:1f:52:8d:e6:20:5e:d4:e0:
                    82:78:81:3c:a0:23:ef:fa:89:e2:62:ad:ec:e9:54:
                    5c:f9:14:60:51:cc:2c:60:c4:ac:31:47:86:da:55:
                    03:38:b2:4c:95:a6:71:60:db:8c:a0:26:dc:ff:8d:
                    d7:72:79:ce:ca:bf:c9:dd:0c:19:ee:01:ad:07:88:
                    c5:78:d5:05:c9:29:73:2d:22:5f:e5:54:b0:59:4c:
                    9a:3b:ea:62:92:7f:73:7b:d6:96:73:ba:5f:7f:12:
                    e9:7f:c2:50:79:86:4c:d3:06:85:4c:c8:94:1a:e0:
                    07:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:B8:DB:1C:45:8D:EF:40:92:4A:8E:58:12:75:84:B3:4F:9B:75:66
            X509v3 Authority Key Identifier:
                keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/xLjbHEWN70CSSo5YEnWEs0-bdWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:ba:0b:1e:cf:07:b6:8c:13:72:48:2a:50:6c:89:5d:d7:42:
         f3:b6:fd:50:a8:cf:c0:a6:88:86:96:a8:c7:91:82:28:6b:00:
         7b:21:48:e9:6e:fb:a2:94:b7:50:f2:52:59:b6:06:3f:51:3b:
         c4:2f:16:3a:ca:a1:02:96:bb:4f:4e:e4:52:88:9d:83:8a:f2:
         c0:31:9a:35:a1:be:01:10:52:b1:0e:f7:35:a6:17:25:28:1e:
         11:61:c2:ad:6f:1d:3e:2c:86:ce:13:89:cf:89:42:79:a8:3a:
         3e:09:e2:a3:94:e0:3a:df:46:ca:32:27:9c:8f:cc:5a:f3:16:
         b6:b3:c4:1c:5f:8c:b4:43:0e:3f:34:09:89:19:66:0a:3f:bd:
         2f:f1:66:26:23:d1:df:2e:76:46:5c:bc:96:2a:47:9c:d6:bc:
         2a:94:34:3e:25:3a:03:2b:4a:fd:b0:14:68:10:33:60:82:e8:
         2e:9e:54:20:fb:6d:0c:1b:e2:30:fd:b6:22:03:e7:6b:65:ca:
         22:ef:86:6e:7b:1d:18:e0:d5:91:c9:d1:e7:14:59:87:82:b9:
         20:47:5e:ea:f0:69:fd:42:03:f8:00:5c:d6:60:9d:69:47:e8:
         66:26:3f:22:1a:84:6d:d9:23:de:85:26:c5:9b:af:91:61:66:
         b8:a1:5e:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSE5UPl0nVadtOoJCkM8hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjUwMTAyMTM1MDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGI4ZGIxYzQ1OGRlZjQwOTI0YThlNTgxMjc1ODRiMzRmOWI3NTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqw92aVZDZEc98shK6Z2eKHcpoZuN
yzjEqEzASJeaVD7w4HidCVRVsgt5TwSpsC6fUof0Y3XDXy+MaEl7gQHUcu7iOQ0S
HVFlyLLVIoQ1/PSskXXITsZtglASEmiAF2jh1Qfx7/IxdqT+wWwUjY5t/bZlzN+8
tXz9R+GsPqvMy41Hwfy/TjKMyOC7bdK3H1KN5iBe1OCCeIE8oCPv+oniYq3s6VRc
+RRgUcwsYMSsMUeG2lUDOLJMlaZxYNuMoCbc/43XcnnOyr/J3QwZ7gGtB4jFeNUF
ySlzLSJf5VSwWUyaO+pikn9ze9aWc7pffxLpf8JQeYZM0waFTMiUGuAH3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMS42xxFje9AkkqOWBJ1hLNPm3VmMB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEveExqYkhFV043MENTU281WUVuV0VzMC1iZFdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcs0MA0G
CSqGSIb3DQEBCwUAA4IBAQAHugsezwe2jBNySCpQbIld10Lztv1QqM/ApoiGlqjH
kYIoawB7IUjpbvuilLdQ8lJZtgY/UTvELxY6yqEClrtPTuRSiJ2DivLAMZo1ob4B
EFKxDvc1phclKB4RYcKtbx0+LIbOE4nPiUJ5qDo+CeKjlOA630bKMiecj8xa8xa2
s8QcX4y0Qw4/NAmJGWYKP70v8WYmI9HfLnZGXLyWKkec1rwqlDQ+JToDK0r9sBRo
EDNggugunlQg+20MG+Iw/bYiA+drZcoi74Zuex0Y4NWRydHnFFmHgrkgR17q8Gn9
QgP4AFzWYJ1pR+hmJj8iGoRt2SPehSbFm6+RYWa4oV5c
-----END CERTIFICATE-----