Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/a22cfa-01f3-4f12-b6fd-4894f88beddc/1/VK2lkpPJSWNvcFm_VI7rxrLDgwg.roa
File:                     VK2lkpPJSWNvcFm_VI7rxrLDgwg.roa (raw, json)
Hash identifier:          OVrxxsaCYNK3a6LSw5LlCrrYQ6BsGkALeDXQ/cBmiLI=
Subject key identifier:   54:AD:A5:92:93:C9:49:63:6F:70:59:BF:54:8E:EB:C6:B2:C3:83:08
Certificate issuer:       /CN=dbc144ce154eee9dbb3562ce4cd3228338641333
Certificate serial:       01941FFA386E1957B194B992505F9E043D54
Authority key identifier: DB:C1:44:CE:15:4E:EE:9D:BB:35:62:CE:4C:D3:22:83:38:64:13:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/28FEzhVO7p27NWLOTNMigzhkEzM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/a22cfa-01f3-4f12-b6fd-4894f88beddc/1/VK2lkpPJSWNvcFm_VI7rxrLDgwg.roa
Signing time:             Wed 01 Jan 2025 03:47:59 +0000
ROA not before:           Wed 01 Jan 2025 03:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42853
IP address blocks:        185.25.244.0/23 maxlen: 23
                          185.25.244.0/24 maxlen: 24
                          185.25.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/a22cfa-01f3-4f12-b6fd-4894f88beddc/1/28FEzhVO7p27NWLOTNMigzhkEzM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/a22cfa-01f3-4f12-b6fd-4894f88beddc/1/28FEzhVO7p27NWLOTNMigzhkEzM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/28FEzhVO7p27NWLOTNMigzhkEzM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 06:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:38:6e:19:57:b1:94:b9:92:50:5f:9e:04:3d:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbc144ce154eee9dbb3562ce4cd3228338641333
        Validity
            Not Before: Jan  1 03:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54ada59293c949636f7059bf548eebc6b2c38308
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:db:06:e0:70:f9:b5:02:cd:dd:af:09:5b:12:
                    7d:2f:63:6a:e1:ce:07:91:c5:35:7d:8a:6c:da:2d:
                    da:e4:68:44:41:ba:36:fb:47:9d:7d:c4:81:45:a5:
                    b8:2a:03:89:17:f3:65:86:1c:45:bd:ed:9f:a9:ce:
                    92:8d:72:a4:54:9e:7d:c6:1a:6d:c1:c9:8e:d6:c3:
                    94:26:cb:4e:3b:12:6b:fb:7d:10:e2:1c:8d:bf:8c:
                    c9:82:49:f1:f0:0f:57:b4:12:e6:e1:7b:ce:4b:00:
                    8a:d0:d5:a6:cc:2d:96:3e:10:36:6c:11:e5:21:85:
                    2a:df:48:fa:d8:7a:b0:10:5a:ef:92:bc:7e:93:fa:
                    dc:6c:c7:e4:0e:3b:c2:eb:ec:f3:ae:fb:16:85:7d:
                    00:98:b5:37:a8:cf:66:3d:cc:1d:b8:50:74:b6:7a:
                    22:3b:06:c1:a6:18:4c:10:aa:eb:8e:b5:33:32:99:
                    ef:91:d2:55:b6:2b:a3:a9:6b:9c:b1:22:ed:7f:bb:
                    33:ac:ee:69:9e:e1:b0:ea:6a:43:49:8a:d1:5c:87:
                    b4:0a:b1:c1:14:57:06:c1:b6:2b:b9:37:07:0f:96:
                    20:87:8d:b0:aa:1e:81:b0:91:91:62:58:6e:55:5f:
                    9d:34:0d:d4:09:08:51:48:af:66:48:7a:f3:d5:ed:
                    5d:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:AD:A5:92:93:C9:49:63:6F:70:59:BF:54:8E:EB:C6:B2:C3:83:08
            X509v3 Authority Key Identifier:
                keyid:DB:C1:44:CE:15:4E:EE:9D:BB:35:62:CE:4C:D3:22:83:38:64:13:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/28FEzhVO7p27NWLOTNMigzhkEzM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/a22cfa-01f3-4f12-b6fd-4894f88beddc/1/VK2lkpPJSWNvcFm_VI7rxrLDgwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/a22cfa-01f3-4f12-b6fd-4894f88beddc/1/28FEzhVO7p27NWLOTNMigzhkEzM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:c9:f0:c4:54:c3:a5:2a:14:3a:1e:be:1e:50:40:ab:c8:44:
         d8:c5:d5:ac:cc:f2:02:e7:28:61:5c:26:28:34:f4:48:12:dc:
         3c:06:07:6a:a2:76:43:9b:33:e9:7c:a8:ac:14:fb:12:f2:51:
         fa:c1:47:d6:7b:4f:65:74:c7:2e:9a:f8:c0:12:ef:1a:a0:fa:
         f2:e3:02:f2:d1:ce:45:16:4d:1f:2a:71:d8:25:39:a5:21:f6:
         87:d7:9b:cd:1b:bc:24:10:83:20:45:4f:e7:b1:1e:f5:48:2c:
         bd:44:00:fa:b3:55:c1:71:59:78:54:c2:49:7d:b0:5b:46:ca:
         c6:75:3c:b2:4e:f2:eb:ab:49:52:dd:08:b8:68:7f:82:4c:1c:
         26:df:ff:79:7c:68:73:a4:9e:3b:8d:ff:93:a0:7a:64:1b:c9:
         31:37:9d:0f:bf:b6:48:60:c3:a3:d9:16:f8:a4:68:57:c8:14:
         6d:59:85:03:15:56:c7:bb:9b:92:af:0f:58:96:e5:57:a1:f4:
         80:61:5c:80:9d:71:aa:6f:7e:7e:30:d0:c6:28:03:ea:15:01:
         67:20:3d:49:74:d2:f5:14:e8:99:34:6c:af:5e:4c:58:57:9b:
         23:dd:14:cc:93:c0:da:93:a3:7c:47:4a:a1:4e:c4:3c:db:e7:
         83:78:cc:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+jhuGVexlLmSUF+eBD1UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYzE0NGNlMTU0ZWVlOWRiYjM1NjJjZTRjZDMyMjgzMzg2
NDEzMzMwHhcNMjUwMTAxMDM0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGFkYTU5MjkzYzk0OTYzNmY3MDU5YmY1NDhlZWJjNmIyYzM4MzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9sG4HD5tQLN3a8JWxJ9L2Nq4c4H
kcU1fYps2i3a5GhEQbo2+0edfcSBRaW4KgOJF/NlhhxFve2fqc6SjXKkVJ59xhpt
wcmO1sOUJstOOxJr+30Q4hyNv4zJgknx8A9XtBLm4XvOSwCK0NWmzC2WPhA2bBHl
IYUq30j62HqwEFrvkrx+k/rcbMfkDjvC6+zzrvsWhX0AmLU3qM9mPcwduFB0tnoi
OwbBphhMEKrrjrUzMpnvkdJVtiujqWucsSLtf7szrO5pnuGw6mpDSYrRXIe0CrHB
FFcGwbYruTcHD5Ygh42wqh6BsJGRYlhuVV+dNA3UCQhRSK9mSHrz1e1dyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFStpZKTyUljb3BZv1SO68ayw4MIMB8GA1UdIwQY
MBaAFNvBRM4VTu6duzVizkzTIoM4ZBMzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjhGRXpoVk83cDI3TldMT1ROTWlnemhrRXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9hMjJjZmEtMDFmMy00ZjEyLWI2ZmQt
NDg5NGY4OGJlZGRjLzEvVksybGtwUEpTV052Y0ZtX1ZJN3J4ckxEZ3dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9hMjJjZmEtMDFmMy00ZjEyLWI2ZmQtNDg5NGY4OGJlZGRj
LzEvMjhGRXpoVk83cDI3TldMT1ROTWlnemhrRXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuRn0MA0G
CSqGSIb3DQEBCwUAA4IBAQBhyfDEVMOlKhQ6Hr4eUECryETYxdWszPIC5yhhXCYo
NPRIEtw8BgdqonZDmzPpfKisFPsS8lH6wUfWe09ldMcumvjAEu8aoPry4wLy0c5F
Fk0fKnHYJTmlIfaH15vNG7wkEIMgRU/nsR71SCy9RAD6s1XBcVl4VMJJfbBbRsrG
dTyyTvLrq0lS3Qi4aH+CTBwm3/95fGhzpJ47jf+ToHpkG8kxN50Pv7ZIYMOj2Rb4
pGhXyBRtWYUDFVbHu5uSrw9YluVXofSAYVyAnXGqb35+MNDGKAPqFQFnID1JdNL1
FOiZNGyvXkxYV5sj3RTMk8Dak6N8R0qhTsQ82+eDeMw2
-----END CERTIFICATE-----