Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/614d77-d34c-4fba-94e3-2b5ec652af6d/1/XeS-j2IYyupPYwAd3k1rQhL0Pjk.roa
File:                     XeS-j2IYyupPYwAd3k1rQhL0Pjk.roa (raw, json)
Hash identifier:          LaZnavonJdxkwg+OL44y91TnIY6G41jXIPEjOAmHc4s=
Subject key identifier:   5D:E4:BE:8F:62:18:CA:EA:4F:63:00:1D:DE:4D:6B:42:12:F4:3E:39
Certificate issuer:       /CN=7240ba744e09e1d36cb7046cb58995c1e3513220
Certificate serial:       0194258FC6509EAFA8A38CC449C019C5BB85
Authority key identifier: 72:40:BA:74:4E:09:E1:D3:6C:B7:04:6C:B5:89:95:C1:E3:51:32:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ckC6dE4J4dNstwRstYmVweNRMiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/614d77-d34c-4fba-94e3-2b5ec652af6d/1/XeS-j2IYyupPYwAd3k1rQhL0Pjk.roa
Signing time:             Thu 02 Jan 2025 05:49:26 +0000
ROA not before:           Thu 02 Jan 2025 05:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47692
IP address blocks:        193.84.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/614d77-d34c-4fba-94e3-2b5ec652af6d/1/ckC6dE4J4dNstwRstYmVweNRMiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/614d77-d34c-4fba-94e3-2b5ec652af6d/1/ckC6dE4J4dNstwRstYmVweNRMiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ckC6dE4J4dNstwRstYmVweNRMiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:c6:50:9e:af:a8:a3:8c:c4:49:c0:19:c5:bb:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7240ba744e09e1d36cb7046cb58995c1e3513220
        Validity
            Not Before: Jan  2 05:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5de4be8f6218caea4f63001dde4d6b4212f43e39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:99:61:79:59:0b:dd:a7:de:1c:e3:70:29:cd:
                    45:38:ab:a9:f9:18:93:99:46:dc:78:84:5f:7a:a8:
                    df:65:38:73:bc:09:91:9e:4d:8c:b8:f3:d4:aa:07:
                    00:bd:5c:5e:3f:af:15:94:9c:7d:9e:62:6d:68:a6:
                    0b:83:f7:d3:4d:e4:ac:e1:0f:68:36:42:97:1d:cb:
                    63:ec:5d:58:5c:59:d3:9b:c6:3e:c0:65:8a:4e:ff:
                    1e:fc:d9:93:d6:4b:12:70:bd:a7:a9:1b:77:29:da:
                    49:a5:84:b2:ab:da:7b:ee:f7:ce:59:0f:61:c1:b5:
                    9c:e2:65:0e:c6:f3:09:bf:61:1a:58:1a:3b:07:e5:
                    e4:c4:ec:6d:1b:9f:c3:7b:1a:bd:1f:3f:86:4e:cc:
                    e2:e6:8c:5a:b4:7c:6a:07:1e:b0:3c:53:ff:d6:9c:
                    26:e1:3a:32:22:73:70:ee:fd:ed:6f:95:d8:57:1e:
                    59:08:d0:68:52:06:e2:81:ca:99:de:50:0c:12:b5:
                    0f:c3:3c:b9:7c:f9:1b:5a:f2:8b:3d:ef:8c:ab:af:
                    3e:cb:57:01:52:bc:bd:ca:5f:c6:05:7f:84:af:3c:
                    fc:ca:21:44:68:21:2f:4c:5d:e3:33:f9:d5:d2:03:
                    6b:1d:cb:ec:dc:11:62:65:49:7a:e9:e7:0c:19:07:
                    78:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:E4:BE:8F:62:18:CA:EA:4F:63:00:1D:DE:4D:6B:42:12:F4:3E:39
            X509v3 Authority Key Identifier:
                keyid:72:40:BA:74:4E:09:E1:D3:6C:B7:04:6C:B5:89:95:C1:E3:51:32:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ckC6dE4J4dNstwRstYmVweNRMiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/614d77-d34c-4fba-94e3-2b5ec652af6d/1/XeS-j2IYyupPYwAd3k1rQhL0Pjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/614d77-d34c-4fba-94e3-2b5ec652af6d/1/ckC6dE4J4dNstwRstYmVweNRMiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:b7:1d:93:b1:65:ab:98:20:5f:4b:3f:3a:7f:a6:95:58:e8:
         bc:61:c8:ab:b8:b9:a3:69:70:a3:6e:2c:33:c0:c8:4f:69:01:
         60:4b:91:1b:e6:41:cb:86:19:7f:8a:45:4e:e5:1d:6e:8c:2d:
         28:7a:d7:ff:19:a5:2d:be:a6:55:0b:c0:59:62:cb:86:3d:8d:
         57:a7:77:6a:82:60:05:bd:f9:55:94:88:a0:75:47:6b:a0:f1:
         8c:0d:93:d0:c5:df:11:98:66:14:53:8f:de:d6:3d:0a:0c:6a:
         bb:8a:01:cd:f8:5c:e8:10:8e:72:e0:47:eb:d7:ab:99:98:71:
         c9:8e:66:04:e8:4f:90:f3:9b:91:3e:f3:0a:a7:4f:a5:87:f9:
         d5:81:4e:1b:ae:eb:78:22:f9:7e:f4:b8:e7:44:c0:60:d8:bd:
         36:c7:d4:41:87:4d:8d:07:35:ed:5c:30:da:1d:cc:33:71:fb:
         40:b6:59:22:b0:18:8c:c4:ad:1d:28:bd:30:d8:cf:96:8a:4a:
         9f:75:89:b1:25:14:a0:f6:e2:3f:21:e3:d6:54:8c:e7:d1:c7:
         63:6b:6b:43:3b:e2:21:8b:54:88:3e:6a:2a:fb:dc:1e:76:46:
         9c:3d:c1:23:60:dc:4b:90:45:c9:2f:82:6d:f3:bb:36:b5:e6:
         89:ce:91:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj8ZQnq+oo4zEScAZxbuFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNDBiYTc0NGUwOWUxZDM2Y2I3MDQ2Y2I1ODk5NWMxZTM1
MTMyMjAwHhcNMjUwMTAyMDU0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGU0YmU4ZjYyMThjYWVhNGY2MzAwMWRkZTRkNmI0MjEyZjQzZTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZlheVkL3afeHONwKc1FOKup+RiT
mUbceIRfeqjfZThzvAmRnk2MuPPUqgcAvVxeP68VlJx9nmJtaKYLg/fTTeSs4Q9o
NkKXHctj7F1YXFnTm8Y+wGWKTv8e/NmT1ksScL2nqRt3KdpJpYSyq9p77vfOWQ9h
wbWc4mUOxvMJv2EaWBo7B+XkxOxtG5/Dexq9Hz+GTszi5oxatHxqBx6wPFP/1pwm
4ToyInNw7v3tb5XYVx5ZCNBoUgbigcqZ3lAMErUPwzy5fPkbWvKLPe+Mq68+y1cB
Ury9yl/GBX+Erzz8yiFEaCEvTF3jM/nV0gNrHcvs3BFiZUl66ecMGQd4ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF3kvo9iGMrqT2MAHd5Na0IS9D45MB8GA1UdIwQY
MBaAFHJAunROCeHTbLcEbLWJlcHjUTIgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2tDNmRFNEo0ZE5zdHdSc3RZbVZ3ZU5STWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS82MTRkNzctZDM0Yy00ZmJhLTk0ZTMt
MmI1ZWM2NTJhZjZkLzEvWGVTLWoySVl5dXBQWXdBZDNrMXJRaEwwUGprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS82MTRkNzctZDM0Yy00ZmJhLTk0ZTMtMmI1ZWM2NTJhZjZk
LzEvY2tDNmRFNEo0ZE5zdHdSc3RZbVZ3ZU5STWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwVQ0MA0G
CSqGSIb3DQEBCwUAA4IBAQDNtx2TsWWrmCBfSz86f6aVWOi8YciruLmjaXCjbiwz
wMhPaQFgS5Eb5kHLhhl/ikVO5R1ujC0oetf/GaUtvqZVC8BZYsuGPY1Xp3dqgmAF
vflVlIigdUdroPGMDZPQxd8RmGYUU4/e1j0KDGq7igHN+FzoEI5y4Efr16uZmHHJ
jmYE6E+Q85uRPvMKp0+lh/nVgU4brut4Ivl+9LjnRMBg2L02x9RBh02NBzXtXDDa
HcwzcftAtlkisBiMxK0dKL0w2M+WikqfdYmxJRSg9uI/IePWVIzn0cdja2tDO+Ih
i1SIPmoq+9wedkacPcEjYNxLkEXJL4Jt87s2teaJzpEW
-----END CERTIFICATE-----