Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/FDdC23f-QMX8x6wvwKf2MaftED4.roa
File:                     FDdC23f-QMX8x6wvwKf2MaftED4.roa (raw, json)
Hash identifier:          h9m2qsiGkrW+4l59GNkStG6h59aEcnuwE/KLJqr7Cgk=
Subject key identifier:   14:37:42:DB:77:FE:40:C5:FC:C7:AC:2F:C0:A7:F6:31:A7:ED:10:3E
Certificate issuer:       /CN=ab8c6c58b607ff23ae7175a61682c75480f1e214
Certificate serial:       019424458C5857666CD91DD5F1A593CB7F08
Authority key identifier: AB:8C:6C:58:B6:07:FF:23:AE:71:75:A6:16:82:C7:54:80:F1:E2:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/FDdC23f-QMX8x6wvwKf2MaftED4.roa
Signing time:             Wed 01 Jan 2025 23:48:45 +0000
ROA not before:           Wed 01 Jan 2025 23:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61389
IP address blocks:        92.55.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 07:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:8c:58:57:66:6c:d9:1d:d5:f1:a5:93:cb:7f:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab8c6c58b607ff23ae7175a61682c75480f1e214
        Validity
            Not Before: Jan  1 23:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=143742db77fe40c5fcc7ac2fc0a7f631a7ed103e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:39:20:aa:b5:fb:00:29:b8:a3:06:5f:53:58:
                    18:fd:06:0e:35:81:43:ff:8b:93:7a:c0:46:70:ea:
                    c7:df:6e:58:34:10:91:a0:cf:b5:d8:1d:70:90:49:
                    f7:82:48:27:dd:68:2f:0f:27:bd:f1:75:0f:31:07:
                    94:34:41:db:4f:42:03:c8:69:60:5e:da:ab:9d:13:
                    fb:27:84:e5:ae:a1:29:ba:4d:38:65:ec:7e:6e:43:
                    1b:5b:77:14:59:5f:2d:84:25:18:8a:9e:49:a1:9c:
                    a7:43:5e:4d:3f:4e:94:af:cb:24:16:d5:4c:8a:a3:
                    11:16:33:7f:62:57:ca:7d:6d:b2:42:56:11:3f:f3:
                    e1:11:f0:a2:0e:4a:15:39:5f:ef:ae:46:fa:6a:4e:
                    1e:d5:f3:d7:cb:06:0d:01:ae:c3:6a:f6:18:fb:cc:
                    f0:e1:f1:36:a2:35:55:2e:8c:ba:e8:28:f7:18:ab:
                    af:1f:63:e1:ee:13:a3:44:54:6b:30:38:e2:d1:06:
                    f0:bd:c7:c3:f2:6b:66:f3:6e:cb:2f:ee:8b:cd:19:
                    72:d3:26:7b:e1:7a:a2:69:bc:c3:e0:5a:57:f1:4a:
                    65:66:c8:e3:6f:62:e8:7f:0f:e3:08:90:86:0a:68:
                    86:cf:c2:b2:14:57:ef:27:05:b5:47:d1:25:a7:05:
                    60:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:37:42:DB:77:FE:40:C5:FC:C7:AC:2F:C0:A7:F6:31:A7:ED:10:3E
            X509v3 Authority Key Identifier:
                keyid:AB:8C:6C:58:B6:07:FF:23:AE:71:75:A6:16:82:C7:54:80:F1:E2:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/FDdC23f-QMX8x6wvwKf2MaftED4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.55.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:d5:32:8f:6c:1f:69:06:19:58:26:97:76:7f:e8:39:66:95:
         2c:50:b0:ae:dd:db:92:05:da:7f:a2:03:8a:fa:58:bb:2f:c2:
         c3:f4:12:c2:3c:11:5a:97:c9:21:ee:96:04:3c:dc:f7:14:3e:
         0e:10:ff:91:2f:28:97:91:73:7d:b7:c3:d3:5b:ca:52:3b:30:
         02:62:3f:d9:b1:27:f4:c0:67:c5:2e:a2:85:d4:93:d2:76:0c:
         7d:59:a1:21:28:cd:b6:53:79:0d:60:b6:24:ae:3f:e6:e3:04:
         40:c2:0b:a9:ab:a2:10:fd:68:07:56:e8:f4:08:3d:2a:a0:03:
         e6:34:73:b4:8c:75:32:cc:b3:80:dc:7e:54:e3:4d:73:9a:5b:
         6a:5a:d5:ae:94:34:0c:ce:6b:5f:73:d1:69:e8:58:f9:36:a3:
         72:45:e5:d9:4b:c6:d4:e3:e9:1d:01:2f:a8:5c:a6:80:67:fa:
         12:27:ad:1b:c4:3f:5c:0f:6a:38:10:fd:08:8a:ae:f3:e8:e8:
         a5:19:b2:c3:9e:33:77:c2:53:a7:f2:0c:9e:2e:3d:fd:e5:c9:
         52:54:19:11:14:6e:98:ce:28:5d:9f:3c:f8:93:37:93:97:a1:
         2b:af:5b:94:8e:05:ce:1f:9e:9f:64:76:74:d1:3f:fb:6c:c3:
         96:53:fc:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRYxYV2Zs2R3V8aWTy38IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiOGM2YzU4YjYwN2ZmMjNhZTcxNzVhNjE2ODJjNzU0ODBm
MWUyMTQwHhcNMjUwMTAxMjM0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDM3NDJkYjc3ZmU0MGM1ZmNjN2FjMmZjMGE3ZjYzMWE3ZWQxMDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjkgqrX7ACm4owZfU1gY/QYONYFD
/4uTesBGcOrH325YNBCRoM+12B1wkEn3gkgn3WgvDye98XUPMQeUNEHbT0IDyGlg
XtqrnRP7J4TlrqEpuk04Zex+bkMbW3cUWV8thCUYip5JoZynQ15NP06Ur8skFtVM
iqMRFjN/YlfKfW2yQlYRP/PhEfCiDkoVOV/vrkb6ak4e1fPXywYNAa7DavYY+8zw
4fE2ojVVLoy66Cj3GKuvH2Ph7hOjRFRrMDji0QbwvcfD8mtm827LL+6LzRly0yZ7
4XqiabzD4FpX8UplZsjjb2Lofw/jCJCGCmiGz8KyFFfvJwW1R9ElpwVgQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBQ3Qtt3/kDF/MesL8Cn9jGn7RA+MB8GA1UdIwQY
MBaAFKuMbFi2B/8jrnF1phaCx1SA8eIUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTR4c1dMWUhfeU91Y1hXbUZvTEhWSUR4NGhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9lZmI4ZWUtYzVjNC00NDY3LWEwY2Mt
ODhhM2M0MWZhZWUyLzEvRkRkQzIzZi1RTVg4eDZ3dndLZjJNYWZ0RUQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9lZmI4ZWUtYzVjNC00NDY3LWEwY2MtODhhM2M0MWZhZWUy
LzEvcTR4c1dMWUhfeU91Y1hXbUZvTEhWSUR4NGhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXDeWMA0G
CSqGSIb3DQEBCwUAA4IBAQBn1TKPbB9pBhlYJpd2f+g5ZpUsULCu3duSBdp/ogOK
+li7L8LD9BLCPBFal8kh7pYEPNz3FD4OEP+RLyiXkXN9t8PTW8pSOzACYj/ZsSf0
wGfFLqKF1JPSdgx9WaEhKM22U3kNYLYkrj/m4wRAwgupq6IQ/WgHVuj0CD0qoAPm
NHO0jHUyzLOA3H5U401zmltqWtWulDQMzmtfc9Fp6Fj5NqNyReXZS8bU4+kdAS+o
XKaAZ/oSJ60bxD9cD2o4EP0Iiq7z6OilGbLDnjN3wlOn8gyeLj395clSVBkRFG6Y
zihdnzz4kzeTl6Err1uUjgXOH56fZHZ00T/7bMOWU/xL
-----END CERTIFICATE-----