Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/XdDMssnu--iMbA-DIv98xM09ov0.roa
File:                     XdDMssnu--iMbA-DIv98xM09ov0.roa (raw, json)
Hash identifier:          8+C46DWN890E2akrkHVFmsDkS6PxACLguLplkTL7BK0=
Subject key identifier:   5D:D0:CC:B2:C9:EE:FB:E8:8C:6C:0F:83:22:FF:7C:C4:CD:3D:A2:FD
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01942826AB48BEFF332DE3263E771C48B50B
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/XdDMssnu--iMbA-DIv98xM09ov0.roa
Signing time:             Thu 02 Jan 2025 17:53:30 +0000
ROA not before:           Thu 02 Jan 2025 17:53:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14445
IP address blocks:        88.216.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:ab:48:be:ff:33:2d:e3:26:3e:77:1c:48:b5:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  2 17:53:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5dd0ccb2c9eefbe88c6c0f8322ff7cc4cd3da2fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:a1:c2:f4:1f:f9:38:18:a3:58:8a:2b:20:bc:
                    73:8a:9c:ab:1a:82:11:25:23:03:ba:ca:21:30:df:
                    2d:78:17:6c:e4:c5:e0:dd:a0:57:e3:23:42:6d:ab:
                    58:80:f7:3c:73:cc:cd:44:cf:b3:22:35:8c:d4:19:
                    86:2d:8e:d4:82:5b:54:78:70:32:10:ac:a2:e2:06:
                    63:e2:fd:c3:f1:14:51:75:54:a9:a5:55:ff:57:81:
                    35:71:7c:4e:96:12:9b:30:9a:cc:c6:f0:1f:92:a2:
                    a1:e5:75:ae:8e:52:c7:f1:f2:63:1f:23:c0:b5:f7:
                    47:02:43:ce:ec:7c:24:4b:0b:ff:1b:3c:e2:9a:00:
                    27:cf:43:27:b6:c9:54:e9:d7:e0:b8:05:4d:7c:d0:
                    1b:af:5b:9f:34:f3:b6:12:6c:9d:74:db:c7:e7:cb:
                    0a:ba:9b:0c:00:cc:22:0a:40:67:c6:60:53:fe:99:
                    5d:41:27:4d:44:c0:41:e1:36:e6:42:d8:18:16:b2:
                    a5:3d:7f:da:ec:98:90:5f:ef:38:f7:af:f1:e8:52:
                    33:2d:a5:82:d2:50:93:7d:76:2e:50:b0:3b:07:82:
                    a7:f0:4b:c3:ce:05:e4:65:d2:3f:e1:1b:0e:5f:f3:
                    99:d9:ca:6f:1e:e6:59:07:a9:0d:63:2a:9f:97:a8:
                    b0:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:D0:CC:B2:C9:EE:FB:E8:8C:6C:0F:83:22:FF:7C:C4:CD:3D:A2:FD
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/XdDMssnu--iMbA-DIv98xM09ov0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:29:43:93:a3:a1:ab:c0:4c:97:94:f0:51:07:7e:ff:c5:20:
         82:0f:f3:ab:7b:b1:3d:ed:9e:5f:8b:bf:00:94:d6:f6:84:f2:
         47:60:3d:08:b4:7c:af:ce:1a:a6:fa:5f:26:bc:f1:9b:3b:2c:
         e7:e6:25:00:d1:85:e0:38:d8:4c:28:34:52:b4:78:fb:b4:98:
         b7:f2:5c:32:1f:34:6e:41:ed:c4:80:7d:8e:d3:40:dd:aa:2f:
         a9:34:e3:69:4c:1e:6f:2b:9c:ec:68:1b:62:81:ae:26:b0:8d:
         78:1e:0b:41:40:d7:73:60:8d:f1:5c:1a:d4:33:35:aa:22:21:
         d7:61:84:6e:f6:a5:24:77:59:93:8f:c9:97:78:d4:74:fa:3e:
         d3:a3:28:92:2a:87:65:8a:d3:47:6c:86:53:1f:98:7b:91:c4:
         a0:4b:02:8f:12:d5:d5:30:0c:8d:c3:90:ca:09:c5:37:45:d9:
         6c:53:b6:91:46:2c:75:a1:a0:e3:63:c4:03:4d:73:8e:d8:37:
         19:f1:9d:31:a9:70:fb:76:c7:bb:72:e0:19:2b:c7:e2:88:15:
         ab:02:3f:3a:0b:00:44:4d:f5:4a:b8:11:7f:a5:37:67:d2:ae:
         cd:04:ac:fe:38:af:46:00:6e:10:c2:4f:0f:98:31:ae:e4:79:
         ad:ed:b6:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJqtIvv8zLeMmPnccSLULMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwMTAyMTc1MzMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGQwY2NiMmM5ZWVmYmU4OGM2YzBmODMyMmZmN2NjNGNkM2RhMmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnqHC9B/5OBijWIorILxzipyrGoIR
JSMDusohMN8teBds5MXg3aBX4yNCbatYgPc8c8zNRM+zIjWM1BmGLY7UgltUeHAy
EKyi4gZj4v3D8RRRdVSppVX/V4E1cXxOlhKbMJrMxvAfkqKh5XWujlLH8fJjHyPA
tfdHAkPO7HwkSwv/GzzimgAnz0MntslU6dfguAVNfNAbr1ufNPO2EmyddNvH58sK
upsMAMwiCkBnxmBT/pldQSdNRMBB4TbmQtgYFrKlPX/a7JiQX+8496/x6FIzLaWC
0lCTfXYuULA7B4Kn8EvDzgXkZdI/4RsOX/OZ2cpvHuZZB6kNYyqfl6iwUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF3QzLLJ7vvojGwPgyL/fMTNPaL9MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvWGRETXNzbnUtLWlNYkEtREl2OTh4TTA5b3YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNjdMA0G
CSqGSIb3DQEBCwUAA4IBAQCFKUOTo6GrwEyXlPBRB37/xSCCD/Ore7E97Z5fi78A
lNb2hPJHYD0ItHyvzhqm+l8mvPGbOyzn5iUA0YXgONhMKDRStHj7tJi38lwyHzRu
Qe3EgH2O00Ddqi+pNONpTB5vK5zsaBtiga4msI14HgtBQNdzYI3xXBrUMzWqIiHX
YYRu9qUkd1mTj8mXeNR0+j7ToyiSKodlitNHbIZTH5h7kcSgSwKPEtXVMAyNw5DK
CcU3RdlsU7aRRix1oaDjY8QDTXOO2DcZ8Z0xqXD7dse7cuAZK8fiiBWrAj86CwBE
TfVKuBF/pTdn0q7NBKz+OK9GAG4Qwk8PmDGu5Hmt7bb/
-----END CERTIFICATE-----