Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/RPXlaYmp_3vzpUurGj0DWbLsaIY.roa
File:                     RPXlaYmp_3vzpUurGj0DWbLsaIY.roa (raw, json)
Hash identifier:          DOHx2mRnSXYN4042LYYATcjtIL5Pfo8Mkq/aPS+oRFE=
Subject key identifier:   44:F5:E5:69:89:A9:FF:7B:F3:A5:4B:AB:1A:3D:03:59:B2:EC:68:86
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D72044DE9312343CFDF9F94322E926
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/RPXlaYmp_3vzpUurGj0DWbLsaIY.roa
Signing time:             Wed 01 Jan 2025 21:48:08 +0000
ROA not before:           Wed 01 Jan 2025 21:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203749
IP address blocks:        194.53.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:20:44:de:93:12:34:3c:fd:f9:f9:43:22:e9:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44f5e56989a9ff7bf3a54bab1a3d0359b2ec6886
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:48:b8:f6:a4:d8:dd:72:b7:a7:be:65:3c:dd:
                    1e:66:76:ca:06:0d:c8:85:b7:53:d1:ec:ff:5a:ef:
                    2a:e6:99:bd:02:3e:f6:16:13:6a:35:c6:2b:6d:22:
                    21:f5:84:46:4c:89:8e:95:1b:64:9d:34:79:cf:aa:
                    b3:1b:64:cd:60:76:87:88:ad:9a:1c:10:bd:95:64:
                    67:7a:bf:ec:b6:06:d1:ec:98:91:d0:d6:b7:62:e8:
                    42:1e:02:42:8a:63:c6:79:50:64:e6:8d:de:3a:da:
                    f2:be:12:fa:7c:d9:9b:21:46:b1:ee:bd:cb:12:bd:
                    84:b6:6f:de:80:10:11:8a:45:c3:2c:67:61:dd:c1:
                    c9:c9:6b:ec:05:ef:a9:84:49:17:c1:40:5a:3f:41:
                    1a:f4:70:0e:1e:5a:be:03:1d:95:62:6b:75:a3:82:
                    dc:c1:75:6d:ae:2a:28:b0:73:8e:bc:7d:b0:5c:e8:
                    ac:aa:9b:98:b5:04:f9:69:08:61:0e:1f:55:00:b4:
                    30:43:b9:a4:c7:de:d3:85:19:0e:02:ae:b1:fb:b8:
                    9c:26:0b:6a:ca:74:4b:b5:db:4a:7c:86:1a:88:7c:
                    b8:8e:0d:c2:1f:fd:20:9b:d8:ec:90:28:e8:2a:ba:
                    a6:15:b4:5a:14:89:6c:63:f0:89:75:61:0e:c1:34:
                    d6:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:F5:E5:69:89:A9:FF:7B:F3:A5:4B:AB:1A:3D:03:59:B2:EC:68:86
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/RPXlaYmp_3vzpUurGj0DWbLsaIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.53.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:46:15:57:14:08:5f:26:57:e9:f6:e8:4c:c9:cd:0b:07:72:
         fd:e2:a9:6b:a9:af:2c:98:e6:b6:c4:f7:d2:2e:04:eb:f1:af:
         2e:b8:48:95:8a:1b:6c:0c:9d:3b:cd:3d:af:1d:b0:ae:a6:d1:
         58:41:a9:b9:aa:84:c0:90:fb:c5:cd:4b:12:63:af:3e:41:03:
         1e:31:c3:58:eb:33:ad:02:a0:8f:63:37:94:de:cc:42:26:1c:
         5d:1f:99:d2:8c:a8:39:32:c6:62:9b:31:7d:ff:cb:1e:6d:d8:
         f4:32:0f:f3:51:36:14:4c:37:d8:fa:4a:f6:69:44:d1:68:9d:
         95:86:d9:e9:c7:59:0d:2b:82:c0:9e:2e:cf:40:98:1b:3e:27:
         c9:d3:76:98:34:c0:f2:e8:3d:d5:42:56:12:16:08:fe:b8:41:
         a0:6e:ca:96:68:a5:c1:a3:37:54:95:72:eb:ca:cc:36:d5:d4:
         52:2a:dd:12:dd:50:7c:10:01:aa:63:76:ac:73:ff:9e:8d:a7:
         1a:37:ea:b8:d7:1d:dd:39:76:b5:75:b4:4f:06:8c:7f:70:14:
         c4:f2:30:0d:96:63:fc:1e:ea:68:a5:8e:1a:b8:00:da:97:d4:
         e7:9e:30:e6:97:b1:e6:bf:7b:6b:13:85:6a:b7:0b:e3:35:3d:
         28:98:e4:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1yBE3pMSNDz9+flDIukmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGY1ZTU2OTg5YTlmZjdiZjNhNTRiYWIxYTNkMDM1OWIyZWM2ODg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArki49qTY3XK3p75lPN0eZnbKBg3I
hbdT0ez/Wu8q5pm9Aj72FhNqNcYrbSIh9YRGTImOlRtknTR5z6qzG2TNYHaHiK2a
HBC9lWRner/stgbR7JiR0Na3YuhCHgJCimPGeVBk5o3eOtryvhL6fNmbIUax7r3L
Er2Etm/egBARikXDLGdh3cHJyWvsBe+phEkXwUBaP0Ea9HAOHlq+Ax2VYmt1o4Lc
wXVtrioosHOOvH2wXOisqpuYtQT5aQhhDh9VALQwQ7mkx97ThRkOAq6x+7icJgtq
ynRLtdtKfIYaiHy4jg3CH/0gm9jskCjoKrqmFbRaFIlsY/CJdWEOwTTWiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFET15WmJqf9786VLqxo9A1my7GiGMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvUlBYbGFZbXBfM3Z6cFV1ckdqMERXYkxzYUlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjU0MA0G
CSqGSIb3DQEBCwUAA4IBAQAyRhVXFAhfJlfp9uhMyc0LB3L94qlrqa8smOa2xPfS
LgTr8a8uuEiVihtsDJ07zT2vHbCuptFYQam5qoTAkPvFzUsSY68+QQMeMcNY6zOt
AqCPYzeU3sxCJhxdH5nSjKg5MsZimzF9/8sebdj0Mg/zUTYUTDfY+kr2aUTRaJ2V
htnpx1kNK4LAni7PQJgbPifJ03aYNMDy6D3VQlYSFgj+uEGgbsqWaKXBozdUlXLr
ysw21dRSKt0S3VB8EAGqY3asc/+ejacaN+q41x3dOXa1dbRPBox/cBTE8jANlmP8
HupopY4auADal9TnnjDml7Hmv3trE4VqtwvjNT0omOSw
-----END CERTIFICATE-----