Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/_Kg9dnWVwvovDTI86nCElJGr0n0.roa
File:                     _Kg9dnWVwvovDTI86nCElJGr0n0.roa (raw, json)
Hash identifier:          UCe0X9NIdutEhBxJNAbD45nSVqypO+cr3N5L72/+dhU=
Subject key identifier:   FC:A8:3D:76:75:95:C2:FA:2F:0D:32:3C:EA:70:84:94:91:AB:D2:7D
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       019424B2EDE779FC9C00692C235170B34212
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/_Kg9dnWVwvovDTI86nCElJGr0n0.roa
Signing time:             Thu 02 Jan 2025 01:48:13 +0000
ROA not before:           Thu 02 Jan 2025 01:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42979
IP address blocks:        85.254.1.0/24 maxlen: 24
                          85.254.3.0/24 maxlen: 24
                          2a02:610:ffff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:ed:e7:79:fc:9c:00:69:2c:23:51:70:b3:42:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 01:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fca83d767595c2fa2f0d323cea70849491abd27d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:c0:d1:b5:5d:c1:d4:fa:80:93:14:0a:02:fb:
                    62:7e:8a:d0:f3:27:cc:03:34:d2:3b:df:99:db:5c:
                    29:d2:38:5d:6e:cd:0a:e1:11:f7:32:c5:02:95:4c:
                    e2:66:72:60:f5:a0:ff:52:fd:0c:bd:7e:80:68:55:
                    66:33:1a:f4:56:12:7b:64:75:65:75:41:ab:94:c1:
                    3f:bb:79:c6:fc:d9:db:10:22:7a:5b:c8:00:cc:f8:
                    56:99:74:78:e0:cb:e8:e6:cd:75:99:a3:be:45:25:
                    12:4a:96:5f:39:2a:31:8c:ef:6f:d7:b8:0c:42:a4:
                    10:21:6b:26:84:e6:2b:d9:12:cf:4a:db:8b:0a:49:
                    72:10:96:8d:b9:e8:8d:5a:8d:44:51:14:80:49:6a:
                    2b:41:61:2a:d7:08:7c:63:8f:e9:14:5e:bb:39:7c:
                    36:c9:c2:99:4d:b4:f7:8e:f4:1f:68:5e:84:0f:3a:
                    ba:d9:58:68:68:bc:67:27:f9:5f:92:51:2f:eb:13:
                    3a:7b:cc:e5:94:8a:bd:1e:28:a4:82:4f:6b:73:a5:
                    dc:a4:37:41:a5:03:5d:e3:0b:9b:05:c1:c8:a2:95:
                    4b:3e:ae:39:dc:10:65:54:db:96:b0:76:5d:b6:39:
                    19:27:ae:11:c1:c8:9e:71:0b:47:41:28:45:3c:a2:
                    1a:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:A8:3D:76:75:95:C2:FA:2F:0D:32:3C:EA:70:84:94:91:AB:D2:7D
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/_Kg9dnWVwvovDTI86nCElJGr0n0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.254.1.0/24
                  85.254.3.0/24
                IPv6:
                  2a02:610:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:7c:83:58:a8:77:43:94:e8:f1:31:1f:bb:bd:f2:9a:df:5d:
         80:76:d4:a5:08:a6:98:6d:a1:79:4b:fb:de:c2:e7:e8:f5:10:
         c0:ce:00:75:75:58:95:d6:42:88:b7:56:71:c9:3f:4f:3f:fd:
         e3:88:fe:ac:10:60:b0:c0:8f:d0:1d:43:62:3e:7e:11:46:62:
         bb:52:df:71:68:18:c7:b6:55:22:fb:1a:d9:52:22:6f:a2:e3:
         71:72:cc:b3:bd:08:ba:0d:e5:b3:f7:d7:80:2d:49:9a:81:ba:
         0c:a4:7e:ec:c0:83:d0:19:21:e9:b1:bb:30:31:8b:b8:de:03:
         36:ef:2c:b7:dd:5b:99:f9:c4:83:da:da:ba:98:02:1a:74:24:
         78:f6:5d:84:9a:69:10:bc:43:03:1a:11:f4:3f:ee:18:e9:ce:
         af:e8:89:16:87:9c:9f:d9:cb:6e:8b:52:55:07:bf:bd:fa:54:
         cd:1b:b0:ae:24:ba:f3:50:b9:5b:b2:77:6a:29:aa:7b:8c:47:
         38:f7:79:fc:a4:1c:21:b2:9b:84:ba:30:21:9d:53:ba:ed:77:
         49:37:10:32:e1:af:5f:28:dd:22:6c:1a:7c:e6:2b:1a:9a:f9:
         67:33:22:3b:a5:f7:5a:0a:c9:31:aa:3d:94:5b:f8:d2:27:25:
         67:88:4b:25
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQksu3nefycAGksI1Fws0ISMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjUwMTAyMDE0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2E4M2Q3Njc1OTVjMmZhMmYwZDMyM2NlYTcwODQ5NDkxYWJkMjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlsDRtV3B1PqAkxQKAvtiforQ8yfM
AzTSO9+Z21wp0jhdbs0K4RH3MsUClUziZnJg9aD/Uv0MvX6AaFVmMxr0VhJ7ZHVl
dUGrlME/u3nG/NnbECJ6W8gAzPhWmXR44Mvo5s11maO+RSUSSpZfOSoxjO9v17gM
QqQQIWsmhOYr2RLPStuLCklyEJaNueiNWo1EURSASWorQWEq1wh8Y4/pFF67OXw2
ycKZTbT3jvQfaF6EDzq62VhoaLxnJ/lfklEv6xM6e8zllIq9Hiikgk9rc6XcpDdB
pQNd4wubBcHIopVLPq453BBlVNuWsHZdtjkZJ64RwciecQtHQShFPKIaFwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFPyoPXZ1lcL6Lw0yPOpwhJSRq9J9MB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvX0tnOWRuV1Z3dm92RFRJODZuQ0VsSkdyMG4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAVf4BAwQA
Vf4DMA8EAgACMAkDBwAqAgYQ//8wDQYJKoZIhvcNAQELBQADggEBAHl8g1iod0OU
6PExH7u98prfXYB21KUIpphtoXlL+97C5+j1EMDOAHV1WJXWQoi3VnHJP08//eOI
/qwQYLDAj9AdQ2I+fhFGYrtS33FoGMe2VSL7GtlSIm+i43FyzLO9CLoN5bP314At
SZqBugykfuzAg9AZIemxuzAxi7jeAzbvLLfdW5n5xIPa2rqYAhp0JHj2XYSaaRC8
QwMaEfQ/7hjpzq/oiRaHnJ/Zy26LUlUHv736VM0bsK4kuvNQuVuyd2opqnuMRzj3
efykHCGym4S6MCGdU7rtd0k3EDLhr18o3SJsGnzmKxqa+WczIjul91oKyTGqPZRb
+NInJWeISyU=
-----END CERTIFICATE-----