Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/9zqFafTlGAl-YTbPKOcp52a_MAQ.roa
File:                     9zqFafTlGAl-YTbPKOcp52a_MAQ.roa (raw, json)
Hash identifier:          ds5BNEQah5X/9xfXiFCBE6pfDwbx6SuySOlVFdJCt40=
Subject key identifier:   F7:3A:85:69:F4:E5:18:09:7E:61:36:CF:28:E7:29:E7:66:BF:30:04
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFA7D59FF86A2C96E91484E5928BE8
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/9zqFafTlGAl-YTbPKOcp52a_MAQ.roa
Signing time:             Tue 02 Jan 2024 06:32:29 +0000
ROA not before:           Tue 02 Jan 2024 06:32:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203749
IP address blocks:        194.53.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a7:d5:9f:f8:6a:2c:96:e9:14:84:e5:92:8b:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f73a8569f4e518097e6136cf28e729e766bf3004
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ab:4d:a7:04:49:56:5b:75:61:e6:c3:1b:8f:
                    72:17:39:f6:2a:b2:03:53:db:af:26:ba:9d:90:3b:
                    f0:d0:e4:b7:1b:bd:30:26:f9:f6:e9:81:9e:e8:6f:
                    1e:32:57:74:dd:01:7a:7b:c8:fd:ce:29:be:08:98:
                    05:3b:d5:82:27:df:0a:00:fc:93:71:b0:d5:5b:fe:
                    75:69:ef:c6:64:16:89:50:c3:a6:72:ad:6b:b7:36:
                    66:b6:86:90:45:70:0c:dc:a9:4a:93:03:8c:65:57:
                    bf:b9:1e:2f:88:9d:4e:59:fc:2d:cf:0b:f4:23:7f:
                    bc:95:ec:bf:ad:2b:93:c7:3f:ea:6b:1f:ca:6a:3e:
                    24:44:ef:90:aa:a5:ad:a6:80:5f:2a:41:12:b5:ad:
                    75:c9:9a:b5:21:8a:7b:a6:8a:97:e3:36:34:49:c3:
                    49:92:94:b8:6f:41:16:f4:f2:0a:53:06:a3:62:68:
                    3b:34:06:f1:b1:8f:ed:f8:76:0f:44:56:57:fe:38:
                    bf:ef:f8:87:78:e5:41:6c:92:28:6f:29:8a:f7:3b:
                    b9:49:77:27:e6:5a:b7:11:11:bd:e3:4e:e1:2e:de:
                    4b:bb:b2:95:4b:86:3c:4e:ad:18:b2:38:7a:f9:38:
                    42:71:a4:7c:06:f8:77:08:1d:f4:92:17:46:b6:b2:
                    4b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:3A:85:69:F4:E5:18:09:7E:61:36:CF:28:E7:29:E7:66:BF:30:04
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/9zqFafTlGAl-YTbPKOcp52a_MAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.53.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:bc:4e:57:8f:78:c0:59:3b:63:b3:af:5a:c9:49:0c:ca:bf:
         02:e2:49:4d:ff:b8:4a:90:58:98:86:46:b2:22:5b:5b:33:26:
         03:32:60:0e:68:b9:a5:41:d5:40:f2:ef:19:4b:ac:9e:a6:df:
         2f:fa:55:b3:f8:76:00:01:a9:a1:63:34:11:dd:bf:fb:fc:6a:
         43:e3:b3:dc:19:a3:02:5b:f9:8e:3c:48:e3:db:d9:7f:34:c4:
         f3:3a:77:35:d0:bd:b2:63:3f:13:44:d2:d1:82:13:b9:88:7b:
         84:cf:15:43:d3:7f:30:1b:0e:04:79:74:f5:ed:b8:8e:b8:34:
         5f:19:65:af:1b:65:46:00:90:c3:f3:01:6e:31:8d:34:54:e0:
         e6:00:ab:da:5c:9d:93:e1:34:da:9d:02:98:1a:c8:51:2b:8d:
         c3:39:ed:76:b5:fc:80:e3:3b:e3:50:d1:2b:5c:5c:d1:e2:c5:
         54:1e:58:8a:03:58:bf:4e:53:44:c8:6b:b0:09:ff:96:5e:2c:
         db:a8:b4:92:01:ea:96:27:05:33:82:d0:39:a3:91:ce:3e:3b:
         6c:9e:b0:c8:19:67:08:b7:43:f8:2a:28:82:7e:be:49:0e:be:
         f8:1a:61:b9:a2:f1:e5:70:49:a8:ef:59:f7:1c:64:d5:a0:d4:
         90:89:5f:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36fVn/hqLJbpFITlkovoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzNhODU2OWY0ZTUxODA5N2U2MTM2Y2YyOGU3MjllNzY2YmYzMDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkKtNpwRJVlt1YebDG49yFzn2KrID
U9uvJrqdkDvw0OS3G70wJvn26YGe6G8eMld03QF6e8j9zim+CJgFO9WCJ98KAPyT
cbDVW/51ae/GZBaJUMOmcq1rtzZmtoaQRXAM3KlKkwOMZVe/uR4viJ1OWfwtzwv0
I3+8ley/rSuTxz/qax/Kaj4kRO+QqqWtpoBfKkESta11yZq1IYp7poqX4zY0ScNJ
kpS4b0EW9PIKUwajYmg7NAbxsY/t+HYPRFZX/ji/7/iHeOVBbJIobymK9zu5SXcn
5lq3ERG9407hLt5Lu7KVS4Y8Tq0Ysjh6+ThCcaR8Bvh3CB30khdGtrJLsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPc6hWn05RgJfmE2zyjnKedmvzAEMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvOXpxRmFmVGxHQWwtWVRiUEtPY3A1MmFfTUFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjU0MA0G
CSqGSIb3DQEBCwUAA4IBAQAwvE5Xj3jAWTtjs69ayUkMyr8C4klN/7hKkFiYhkay
IltbMyYDMmAOaLmlQdVA8u8ZS6yept8v+lWz+HYAAamhYzQR3b/7/GpD47PcGaMC
W/mOPEjj29l/NMTzOnc10L2yYz8TRNLRghO5iHuEzxVD038wGw4EeXT17biOuDRf
GWWvG2VGAJDD8wFuMY00VODmAKvaXJ2T4TTanQKYGshRK43DOe12tfyA4zvjUNEr
XFzR4sVUHliKA1i/TlNEyGuwCf+WXizbqLSSAeqWJwUzgtA5o5HOPjtsnrDIGWcI
t0P4KiiCfr5JDr74GmG5ovHlcEmo71n3HGTVoNSQiV9b
-----END CERTIFICATE-----