Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/pdTDACZ2y4doNG1RsUb6vos6HHc.roa
File:                     pdTDACZ2y4doNG1RsUb6vos6HHc.roa (raw, json)
Hash identifier:          qODoQ4iM0VA8PuwMryH7Q9Cd9rzIFswdPFhQzyzH4O0=
Subject key identifier:   A5:D4:C3:00:26:76:CB:87:68:34:6D:51:B1:46:FA:BE:8B:3A:1C:77
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       0196FD99C44F93B356F484758A588660B840
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/pdTDACZ2y4doNG1RsUb6vos6HHc.roa
Signing time:             Fri 23 May 2025 14:43:55 +0000
ROA not before:           Fri 23 May 2025 14:43:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54339
IP address blocks:        159.148.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fd:99:c4:4f:93:b3:56:f4:84:75:8a:58:86:60:b8:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: May 23 14:43:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5d4c3002676cb8768346d51b146fabe8b3a1c77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:35:94:63:cc:3a:f7:50:7d:8b:84:10:17:c9:
                    68:65:67:e0:a9:53:1c:cd:74:ba:61:2d:b4:57:7e:
                    b4:ab:f7:3f:dc:f0:f7:c6:0a:56:23:c2:d5:35:c7:
                    15:bd:5a:d5:0b:45:08:d8:79:73:70:d8:ed:e0:7a:
                    21:2f:9e:1c:db:86:2b:b8:d0:89:ae:ff:69:2c:98:
                    4a:a8:be:d7:da:1d:c9:03:c1:3b:59:33:18:20:3f:
                    a0:56:74:2c:df:31:95:23:8f:29:83:fd:a3:d0:28:
                    23:59:27:cb:a1:ca:d2:00:61:da:5f:c4:96:d1:e0:
                    90:fe:2f:e6:35:de:09:a0:2a:dc:2b:ea:01:5d:40:
                    8f:b4:9b:91:7c:53:14:ca:e0:6a:dd:c0:d2:4f:c0:
                    f2:b5:0d:f7:c1:eb:7f:25:b9:50:30:ed:03:34:2f:
                    3a:1d:34:de:4a:de:29:f7:f1:d1:7c:53:24:5c:b5:
                    7b:d2:1a:7c:f3:45:37:62:31:3c:4f:7c:2c:a0:6a:
                    9f:cf:7b:d2:30:b6:e1:85:b3:40:bf:78:12:73:a0:
                    28:0f:bc:ee:68:0f:f4:2e:70:01:d5:dd:57:1e:67:
                    a5:a2:53:a5:cf:13:19:81:fd:f9:be:89:ad:f5:19:
                    64:cf:07:27:05:fa:20:54:95:71:ee:85:24:16:3c:
                    8c:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:D4:C3:00:26:76:CB:87:68:34:6D:51:B1:46:FA:BE:8B:3A:1C:77
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/pdTDACZ2y4doNG1RsUb6vos6HHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:d8:a4:b6:66:55:82:b0:ca:b0:30:7e:78:07:f9:e1:01:3e:
         95:6b:46:ed:7c:e7:dc:ff:89:37:90:ec:ae:14:d5:da:11:69:
         21:f5:0a:7c:dc:89:cf:c6:4e:8b:34:d7:4e:16:69:ca:f2:91:
         48:bb:50:eb:1c:73:8f:78:0b:64:78:7e:4a:95:86:a6:3e:53:
         45:4a:16:a1:9d:af:a6:f9:f6:27:dd:2a:35:7e:d3:b4:a8:be:
         7e:93:ea:ab:51:1e:55:2c:79:e0:89:e6:cd:43:92:e7:0b:a3:
         b0:38:ff:f0:8b:f2:17:88:a4:24:77:30:32:c1:ef:0a:09:28:
         a3:88:e3:94:8f:9b:99:1e:4c:53:11:f6:d0:b3:8c:cf:c6:8d:
         c9:09:b9:be:f8:82:75:54:14:44:39:27:80:d6:29:36:e1:e5:
         1e:c4:dd:68:1c:d2:ef:08:a9:47:79:3e:62:d1:5e:2c:08:15:
         c2:50:25:60:4d:aa:6f:92:76:8e:6d:c5:f5:2f:5d:ce:a1:ae:
         54:51:82:76:21:29:e2:e0:95:e4:6b:d7:bd:d0:14:e2:37:d0:
         04:95:dd:c1:e9:7a:0f:27:8e:4d:42:12:e4:ba:a6:37:23:4a:
         b2:4e:0d:7c:99:59:f1:a3:fd:1d:e5:72:d1:f2:2e:84:a6:4b:
         db:d7:37:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb9mcRPk7NW9IR1iliGYLhAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjUwNTIzMTQ0MzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWQ0YzMwMDI2NzZjYjg3NjgzNDZkNTFiMTQ2ZmFiZThiM2ExYzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5zWUY8w691B9i4QQF8loZWfgqVMc
zXS6YS20V360q/c/3PD3xgpWI8LVNccVvVrVC0UI2HlzcNjt4HohL54c24YruNCJ
rv9pLJhKqL7X2h3JA8E7WTMYID+gVnQs3zGVI48pg/2j0CgjWSfLocrSAGHaX8SW
0eCQ/i/mNd4JoCrcK+oBXUCPtJuRfFMUyuBq3cDST8DytQ33wet/JblQMO0DNC86
HTTeSt4p9/HRfFMkXLV70hp880U3YjE8T3wsoGqfz3vSMLbhhbNAv3gSc6AoD7zu
aA/0LnAB1d1XHmelolOlzxMZgf35vomt9RlkzwcnBfogVJVx7oUkFjyMEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKXUwwAmdsuHaDRtUbFG+r6LOhx3MB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvcGRUREFDWjJ5NGRvTkcxUnNVYjZ2b3M2SEhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn5T/MA0G
CSqGSIb3DQEBCwUAA4IBAQCr2KS2ZlWCsMqwMH54B/nhAT6Va0btfOfc/4k3kOyu
FNXaEWkh9Qp83InPxk6LNNdOFmnK8pFIu1DrHHOPeAtkeH5KlYamPlNFShahna+m
+fYn3So1ftO0qL5+k+qrUR5VLHngiebNQ5LnC6OwOP/wi/IXiKQkdzAywe8KCSij
iOOUj5uZHkxTEfbQs4zPxo3JCbm++IJ1VBREOSeA1ik24eUexN1oHNLvCKlHeT5i
0V4sCBXCUCVgTapvknaObcX1L13Ooa5UUYJ2ISni4JXka9e90BTiN9AEld3B6XoP
J45NQhLkuqY3I0qyTg18mVnxo/0d5XLR8i6Epkvb1zcn
-----END CERTIFICATE-----