Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/LXHjj_RJKf2b-8aqwjK8792hwVw.roa
File:                     LXHjj_RJKf2b-8aqwjK8792hwVw.roa (raw, json)
Hash identifier:          kkgqpiYx3wmdO6KRqFMIJATt88qaumGu6cPPoBlS63M=
Subject key identifier:   2D:71:E3:8F:F4:49:29:FD:9B:FB:C6:AA:C2:32:BC:EF:DD:A1:C1:5C
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       019424B2EFAD336D1ED21D117AEF943DA954
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/LXHjj_RJKf2b-8aqwjK8792hwVw.roa
Signing time:             Thu 02 Jan 2025 01:48:14 +0000
ROA not before:           Thu 02 Jan 2025 01:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43615
IP address blocks:        85.254.44.0/24 maxlen: 24
                          85.254.86.0/23 maxlen: 23
                          2a02:610:fffe::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:ef:ad:33:6d:1e:d2:1d:11:7a:ef:94:3d:a9:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 01:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2d71e38ff44929fd9bfbc6aac232bcefdda1c15c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:41:71:1b:6f:4c:2d:99:46:08:f5:a0:9a:4b:
                    bb:98:50:da:a2:5f:7c:08:3a:29:45:6e:06:b7:43:
                    15:2b:1c:06:eb:7f:7a:45:fd:ba:c2:f8:5b:d2:87:
                    77:8b:d6:8a:c1:37:84:73:f4:ae:39:46:db:db:68:
                    a2:69:5f:c1:bb:43:14:fd:d2:68:0d:f6:6c:36:23:
                    70:f2:27:47:e2:2c:10:85:0a:aa:f8:dd:75:f0:bf:
                    25:d2:ea:3e:40:c0:99:33:d8:f9:6c:ac:c1:4a:22:
                    40:f1:2c:d6:e1:73:2e:b3:45:5b:de:de:ab:b0:18:
                    63:e8:eb:fc:43:49:59:e2:fc:a8:8a:fa:a4:dc:f5:
                    73:df:a4:51:7d:12:a0:bc:5e:49:80:cc:2f:b4:77:
                    b9:e1:d3:65:f1:ba:cb:1c:5e:20:a3:6e:dc:48:6f:
                    15:8c:37:48:29:5a:9f:84:55:8b:d3:d5:ab:9e:b9:
                    3b:c0:0a:5f:04:db:f2:ff:0e:0e:09:77:6b:ae:28:
                    c3:20:0b:3e:c8:5b:b5:a7:b0:1f:0f:20:bf:3e:9a:
                    20:74:83:3d:dc:23:b3:5e:c1:a0:42:e2:ce:42:f0:
                    25:c5:e6:73:6f:88:4b:3c:f6:2f:8b:a8:dd:98:6f:
                    cb:a2:4e:e8:08:a2:1e:a3:a7:72:a6:76:88:92:c9:
                    93:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:71:E3:8F:F4:49:29:FD:9B:FB:C6:AA:C2:32:BC:EF:DD:A1:C1:5C
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/LXHjj_RJKf2b-8aqwjK8792hwVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.254.44.0/24
                  85.254.86.0/23
                IPv6:
                  2a02:610:fffe::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:a9:71:ef:f7:e5:db:5a:5a:ba:26:67:18:f3:7f:43:58:5e:
         9e:b3:6a:11:ab:80:92:39:00:25:90:7e:20:f7:6c:9e:b8:a8:
         85:cc:4b:51:1e:00:21:71:80:2a:79:94:8e:4e:b3:8a:b2:7b:
         82:8a:58:c0:fe:86:a6:5e:24:8e:f4:93:3d:14:7e:35:24:99:
         34:90:92:2d:a2:10:a0:54:80:c0:20:da:91:a2:0a:99:c7:81:
         3b:c8:66:da:f0:b0:35:dd:12:be:df:4d:a1:dd:5d:dd:c7:ab:
         87:7b:a1:9f:79:d5:52:1b:51:89:e2:f6:e4:27:56:c8:83:21:
         9d:20:30:c7:ff:34:c8:10:2d:8e:2d:1e:18:a7:22:85:fa:9c:
         50:14:02:64:f2:77:5d:0a:bf:0c:54:a1:b3:dd:98:38:71:e3:
         41:8a:dc:8f:02:c7:8a:86:ce:30:fc:50:af:b1:dc:87:40:78:
         b1:a6:42:21:09:51:3a:eb:d6:42:fa:ec:06:d0:b3:bd:e7:a7:
         80:f3:98:3e:b0:bd:d7:60:a7:e5:91:9e:43:30:7b:db:75:c3:
         8b:3b:d0:bb:50:51:c9:64:64:b8:a6:ac:c3:6f:c2:3b:d7:c8:
         97:52:52:ff:70:ee:ff:0e:97:84:07:19:f9:46:4b:1c:52:2e:
         cf:d6:0d:dc
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQksu+tM20e0h0Reu+UPalUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjUwMTAyMDE0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDcxZTM4ZmY0NDkyOWZkOWJmYmM2YWFjMjMyYmNlZmRkYTFjMTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UFxG29MLZlGCPWgmku7mFDaol98
CDopRW4Gt0MVKxwG6396Rf26wvhb0od3i9aKwTeEc/SuOUbb22iiaV/Bu0MU/dJo
DfZsNiNw8idH4iwQhQqq+N118L8l0uo+QMCZM9j5bKzBSiJA8SzW4XMus0Vb3t6r
sBhj6Ov8Q0lZ4vyoivqk3PVz36RRfRKgvF5JgMwvtHe54dNl8brLHF4go27cSG8V
jDdIKVqfhFWL09Wrnrk7wApfBNvy/w4OCXdrrijDIAs+yFu1p7AfDyC/PpogdIM9
3COzXsGgQuLOQvAlxeZzb4hLPPYvi6jdmG/Lok7oCKIeo6dypnaIksmTkQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFC1x44/0SSn9m/vGqsIyvO/docFcMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvTFhIampfUkpLZjJiLThhcXdqSzg3OTJod1Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAVf4sAwQB
Vf5WMA8EAgACMAkDBwAqAgYQ//4wDQYJKoZIhvcNAQELBQADggEBACupce/35dta
WromZxjzf0NYXp6zahGrgJI5ACWQfiD3bJ64qIXMS1EeACFxgCp5lI5Os4qye4KK
WMD+hqZeJI70kz0UfjUkmTSQki2iEKBUgMAg2pGiCpnHgTvIZtrwsDXdEr7fTaHd
Xd3Hq4d7oZ951VIbUYni9uQnVsiDIZ0gMMf/NMgQLY4tHhinIoX6nFAUAmTyd10K
vwxUobPdmDhx40GK3I8Cx4qGzjD8UK+x3IdAeLGmQiEJUTrr1kL67AbQs73np4Dz
mD6wvddgp+WRnkMwe9t1w4s70LtQUclkZLimrMNvwjvXyJdSUv9w7v8Ol4QHGflG
SxxSLs/WDdw=
-----END CERTIFICATE-----