Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/a22cfa-01f3-4f12-b6fd-4894f88beddc/1/1DUDxiN76LkQ2OUlXg9t_DFqg6g.roa
File:                     1DUDxiN76LkQ2OUlXg9t_DFqg6g.roa (raw, json)
Hash identifier:          9uztc5ckgtCrBXKcOkt/HNgGCAlgjU4Skl0Qr1Ed2xU=
Subject key identifier:   D4:35:03:C6:23:7B:E8:B9:10:D8:E5:25:5E:0F:6D:FC:31:6A:83:A8
Certificate issuer:       /CN=dbc144ce154eee9dbb3562ce4cd3228338641333
Certificate serial:       018CC6B8A37F477FF262F7501133ECCAB0FE
Authority key identifier: DB:C1:44:CE:15:4E:EE:9D:BB:35:62:CE:4C:D3:22:83:38:64:13:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/28FEzhVO7p27NWLOTNMigzhkEzM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/a22cfa-01f3-4f12-b6fd-4894f88beddc/1/1DUDxiN76LkQ2OUlXg9t_DFqg6g.roa
Signing time:             Mon 01 Jan 2024 20:30:38 +0000
ROA not before:           Mon 01 Jan 2024 20:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9304
IP address blocks:        185.25.244.0/22 maxlen: 22
                          2a00:8420::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/a22cfa-01f3-4f12-b6fd-4894f88beddc/1/28FEzhVO7p27NWLOTNMigzhkEzM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/a22cfa-01f3-4f12-b6fd-4894f88beddc/1/28FEzhVO7p27NWLOTNMigzhkEzM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/28FEzhVO7p27NWLOTNMigzhkEzM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 19:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:a3:7f:47:7f:f2:62:f7:50:11:33:ec:ca:b0:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbc144ce154eee9dbb3562ce4cd3228338641333
        Validity
            Not Before: Jan  1 20:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d43503c6237be8b910d8e5255e0f6dfc316a83a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:72:a3:f0:f5:f7:d5:b6:35:a2:33:15:e4:e5:
                    e7:d9:36:28:a9:5e:26:31:94:d1:c7:92:af:5a:96:
                    b2:a9:7d:73:59:ba:97:a2:f6:2d:f1:2a:ee:db:81:
                    e1:54:9c:22:be:4f:8e:47:e4:1b:9c:47:48:ee:41:
                    c7:d4:c6:a3:89:0c:1e:d3:a5:ef:9b:1e:d8:b2:03:
                    51:6c:b7:fa:fc:4b:a1:a6:5f:11:75:63:a2:d5:8a:
                    6f:64:61:fa:11:f0:31:b0:fb:e7:00:6d:96:6b:e6:
                    6d:57:9b:63:82:07:d3:d6:20:f4:a2:a2:cf:5e:3e:
                    55:93:f6:98:2e:f0:70:65:b8:02:a6:d2:14:45:21:
                    39:99:d7:7c:52:b1:0e:70:85:b1:3a:7e:b1:6a:d0:
                    43:fb:5d:f5:d1:b6:1d:01:28:d0:29:ea:75:ec:5c:
                    33:e4:35:de:54:a2:4a:a4:6f:07:e5:99:6d:7f:1e:
                    33:5a:4b:33:c0:44:19:3d:42:ab:77:4c:78:f3:f5:
                    a5:d0:a1:09:1f:f1:b7:6a:c2:70:cb:fb:9d:7f:21:
                    eb:03:03:0d:2e:b9:ef:93:3c:88:5c:a6:e3:5b:9c:
                    47:0b:a7:b9:f4:a0:90:c0:33:9a:7b:43:f7:b1:90:
                    0c:81:f1:a0:6b:25:f5:30:9b:95:22:6e:48:8b:3f:
                    44:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:35:03:C6:23:7B:E8:B9:10:D8:E5:25:5E:0F:6D:FC:31:6A:83:A8
            X509v3 Authority Key Identifier:
                keyid:DB:C1:44:CE:15:4E:EE:9D:BB:35:62:CE:4C:D3:22:83:38:64:13:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/28FEzhVO7p27NWLOTNMigzhkEzM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/a22cfa-01f3-4f12-b6fd-4894f88beddc/1/1DUDxiN76LkQ2OUlXg9t_DFqg6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/a22cfa-01f3-4f12-b6fd-4894f88beddc/1/28FEzhVO7p27NWLOTNMigzhkEzM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.244.0/22
                IPv6:
                  2a00:8420::/32

    Signature Algorithm: sha256WithRSAEncryption
         b4:e8:01:11:5c:01:43:e8:a1:21:e9:ad:03:8b:de:29:1a:b1:
         4f:d1:4a:e3:08:2e:a2:96:d3:7f:a2:70:f9:9e:d8:7f:cb:55:
         f5:6f:77:7f:ee:49:50:92:7d:9b:57:0f:e1:96:3a:19:13:84:
         ba:94:a5:e1:90:65:6b:b4:21:9e:d2:1b:83:c5:a5:15:35:b3:
         fa:b1:d9:94:2f:c5:79:8f:cf:a4:e6:19:3f:88:79:b6:bc:16:
         de:22:b1:cb:59:fd:93:cc:90:fb:0e:55:15:1f:aa:77:8b:bb:
         9b:fd:0f:9a:50:ac:d5:b3:be:13:7a:94:3c:01:f0:e7:0b:e2:
         7a:97:12:64:44:63:e6:af:e3:0b:1b:13:4c:6b:3c:b7:e8:9d:
         ba:47:43:7a:54:20:ef:56:66:ce:d9:ba:e5:46:f0:99:7e:27:
         3d:a3:56:1f:0b:03:81:8c:76:fc:27:16:f4:46:e6:4b:96:92:
         4f:c4:c9:02:87:e8:ae:b1:a2:2b:45:4c:c1:f2:5a:67:12:24:
         72:ad:56:8c:1b:90:01:e0:f1:2a:40:6c:30:40:59:0b:a8:b5:
         40:23:b9:72:bf:be:37:d5:56:7c:3e:c3:b4:03:96:6f:da:b5:
         06:c1:f7:5c:4a:38:de:46:05:3b:6d:10:a8:3a:e0:95:90:ce:
         d4:ba:71:3f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuKN/R3/yYvdQETPsyrD+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYzE0NGNlMTU0ZWVlOWRiYjM1NjJjZTRjZDMyMjgzMzg2
NDEzMzMwHhcNMjQwMTAxMjAzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDM1MDNjNjIzN2JlOGI5MTBkOGU1MjU1ZTBmNmRmYzMxNmE4M2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHKj8PX31bY1ojMV5OXn2TYoqV4m
MZTRx5KvWpayqX1zWbqXovYt8Sru24HhVJwivk+OR+QbnEdI7kHH1MajiQwe06Xv
mx7YsgNRbLf6/Euhpl8RdWOi1YpvZGH6EfAxsPvnAG2Wa+ZtV5tjggfT1iD0oqLP
Xj5Vk/aYLvBwZbgCptIURSE5mdd8UrEOcIWxOn6xatBD+1310bYdASjQKep17Fwz
5DXeVKJKpG8H5Zltfx4zWkszwEQZPUKrd0x48/Wl0KEJH/G3asJwy/udfyHrAwMN
LrnvkzyIXKbjW5xHC6e59KCQwDOae0P3sZAMgfGgayX1MJuVIm5Iiz9ERwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNQ1A8Yje+i5ENjlJV4PbfwxaoOoMB8GA1UdIwQY
MBaAFNvBRM4VTu6duzVizkzTIoM4ZBMzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjhGRXpoVk83cDI3TldMT1ROTWlnemhrRXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9hMjJjZmEtMDFmMy00ZjEyLWI2ZmQt
NDg5NGY4OGJlZGRjLzEvMURVRHhpTjc2TGtRMk9VbFhnOXRfREZxZzZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9hMjJjZmEtMDFmMy00ZjEyLWI2ZmQtNDg5NGY4OGJlZGRj
LzEvMjhGRXpoVk83cDI3TldMT1ROTWlnemhrRXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRn0MA0E
AgACMAcDBQAqAIQgMA0GCSqGSIb3DQEBCwUAA4IBAQC06AERXAFD6KEh6a0Di94p
GrFP0UrjCC6iltN/onD5nth/y1X1b3d/7klQkn2bVw/hljoZE4S6lKXhkGVrtCGe
0huDxaUVNbP6sdmUL8V5j8+k5hk/iHm2vBbeIrHLWf2TzJD7DlUVH6p3i7ub/Q+a
UKzVs74TepQ8AfDnC+J6lxJkRGPmr+MLGxNMazy36J26R0N6VCDvVmbO2brlRvCZ
fic9o1YfCwOBjHb8Jxb0RuZLlpJPxMkCh+iusaIrRUzB8lpnEiRyrVaMG5AB4PEq
QGwwQFkLqLVAI7lyv7431VZ8PsO0A5Zv2rUGwfdcSjjeRgU7bRCoOuCVkM7UunE/
-----END CERTIFICATE-----