Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/fdpdMS2hj4z_WxE6IIGIGLkQnfw.roa
File:                     fdpdMS2hj4z_WxE6IIGIGLkQnfw.roa (raw, json)
Hash identifier:          NEg/7y2bRr67DPVVZDddHNqda4mGSIrTRrWkYE5OKGw=
Subject key identifier:   7D:DA:5D:31:2D:A1:8F:8C:FF:5B:11:3A:20:81:88:18:B9:10:9D:FC
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       019424B2EADD9BDE01A4A552E98AAA4F3CCC
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/fdpdMS2hj4z_WxE6IIGIGLkQnfw.roa
Signing time:             Thu 02 Jan 2025 01:48:12 +0000
ROA not before:           Thu 02 Jan 2025 01:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34073
IP address blocks:        85.254.88.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:ea:dd:9b:de:01:a4:a5:52:e9:8a:aa:4f:3c:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 01:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7dda5d312da18f8cff5b113a20818818b9109dfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:c0:02:44:61:b5:01:b4:fa:41:90:56:7d:06:
                    64:17:d6:0c:42:c1:1e:bd:ac:f2:ba:20:8f:50:41:
                    20:09:80:51:22:84:92:38:05:74:11:b3:37:aa:e8:
                    89:00:28:b5:72:a2:dc:91:24:4f:da:d0:80:e0:58:
                    04:9d:59:08:a4:51:04:39:ae:61:bf:40:32:9e:7e:
                    41:d5:a8:f7:76:94:86:11:b2:8b:76:21:f5:1a:56:
                    4f:f3:3d:f9:1f:2d:51:ba:c9:2e:6a:a5:6a:45:28:
                    09:ab:78:ec:21:b0:94:98:88:8a:fc:b5:2c:63:8f:
                    c8:43:5e:1d:39:98:62:d6:2d:51:54:7a:07:bd:ce:
                    33:70:f9:29:48:15:a4:4d:97:ea:54:25:89:08:2b:
                    ac:a5:d6:b1:2b:2f:d5:29:f1:1b:e6:4b:0a:f6:67:
                    8e:90:eb:60:18:c1:f3:3b:80:23:c8:9d:e7:a9:26:
                    a9:27:90:be:47:2a:d5:88:3b:3f:d4:b0:d4:20:11:
                    0c:43:82:a3:6b:7b:3c:09:54:f4:1c:16:b3:35:26:
                    ac:14:3c:8d:dc:cc:92:be:f0:29:09:65:28:c5:a9:
                    25:f8:b3:28:73:a9:c6:a7:f9:fe:db:e1:c9:5a:98:
                    99:8d:4a:45:0a:77:ef:c4:30:27:17:4e:e5:cc:e3:
                    20:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:DA:5D:31:2D:A1:8F:8C:FF:5B:11:3A:20:81:88:18:B9:10:9D:FC
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/fdpdMS2hj4z_WxE6IIGIGLkQnfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.254.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:98:4f:84:e7:e8:2b:5f:8b:08:6e:54:c9:17:71:59:34:94:
         16:57:0e:a5:2e:b1:0a:bb:d0:ac:06:ea:36:6d:a9:ed:cd:5b:
         bb:a2:f4:54:7f:7d:0f:1b:e6:6b:ab:f2:de:7b:72:90:21:f9:
         bd:87:5d:f9:6e:6f:29:49:5f:30:b6:3d:70:08:2c:14:ef:72:
         3f:65:24:32:bb:b1:bf:1b:00:b8:24:5f:66:05:0e:c1:39:9f:
         6f:f8:ad:82:f0:e7:2e:fd:1a:1a:61:6c:74:f8:3a:a4:b4:61:
         85:86:44:85:14:5b:53:c3:7c:6c:a2:65:a1:fd:f8:95:52:13:
         1a:cd:f2:95:30:91:70:cc:35:1c:07:38:b0:16:39:1f:9f:2e:
         c7:02:2e:1f:05:eb:d3:9b:b6:78:06:25:1e:c5:39:fc:3f:dc:
         4f:32:84:60:9b:db:58:10:07:85:f0:ae:83:9e:14:f0:50:93:
         61:56:dd:ee:27:1d:c3:5c:0d:ce:91:ed:31:c6:05:74:76:6f:
         30:96:84:ef:16:13:58:62:84:c5:d5:57:55:ff:8c:b3:e1:5d:
         4c:72:d5:6a:23:29:6c:38:a9:87:91:ea:25:af:4d:fe:db:cb:
         3c:39:c2:83:3b:ca:17:50:ce:8d:a7:12:be:5b:b2:6f:0a:4e:
         88:6f:4d:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksurdm94BpKVS6YqqTzzMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjUwMTAyMDE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGRhNWQzMTJkYTE4ZjhjZmY1YjExM2EyMDgxODgxOGI5MTA5ZGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMACRGG1AbT6QZBWfQZkF9YMQsEe
vazyuiCPUEEgCYBRIoSSOAV0EbM3quiJACi1cqLckSRP2tCA4FgEnVkIpFEEOa5h
v0Aynn5B1aj3dpSGEbKLdiH1GlZP8z35Hy1RuskuaqVqRSgJq3jsIbCUmIiK/LUs
Y4/IQ14dOZhi1i1RVHoHvc4zcPkpSBWkTZfqVCWJCCuspdaxKy/VKfEb5ksK9meO
kOtgGMHzO4AjyJ3nqSapJ5C+RyrViDs/1LDUIBEMQ4Kja3s8CVT0HBazNSasFDyN
3MySvvApCWUoxakl+LMoc6nGp/n+2+HJWpiZjUpFCnfvxDAnF07lzOMgqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3aXTEtoY+M/1sROiCBiBi5EJ38MB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvZmRwZE1TMmhqNHpfV3hFNklJR0lHTGtRbmZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVf5YMA0G
CSqGSIb3DQEBCwUAA4IBAQA0mE+E5+grX4sIblTJF3FZNJQWVw6lLrEKu9CsBuo2
bantzVu7ovRUf30PG+Zrq/Lee3KQIfm9h135bm8pSV8wtj1wCCwU73I/ZSQyu7G/
GwC4JF9mBQ7BOZ9v+K2C8Ocu/RoaYWx0+DqktGGFhkSFFFtTw3xsomWh/fiVUhMa
zfKVMJFwzDUcBziwFjkfny7HAi4fBevTm7Z4BiUexTn8P9xPMoRgm9tYEAeF8K6D
nhTwUJNhVt3uJx3DXA3Oke0xxgV0dm8wloTvFhNYYoTF1VdV/4yz4V1MctVqIyls
OKmHkeolr03+28s8OcKDO8oXUM6NpxK+W7JvCk6Ib00/
-----END CERTIFICATE-----