Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/f25v4uVZY4JbTyMqNXKXGA35WKk.roa
File:                     f25v4uVZY4JbTyMqNXKXGA35WKk.roa (raw, json)
Hash identifier:          Cmqw5364kiAvR31aujca3rQebhgV1WXm34C80bI/lTU=
Subject key identifier:   7F:6E:6F:E2:E5:59:63:82:5B:4F:23:2A:35:72:97:18:0D:F9:58:A9
Certificate issuer:       /CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
Certificate serial:       0194266B0DD1E3BD785EE1647BD4972CD40E
Authority key identifier: DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/f25v4uVZY4JbTyMqNXKXGA35WKk.roa
Signing time:             Thu 02 Jan 2025 09:48:57 +0000
ROA not before:           Thu 02 Jan 2025 09:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4785
IP address blocks:        45.12.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:0d:d1:e3:bd:78:5e:e1:64:7b:d4:97:2c:d4:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
        Validity
            Not Before: Jan  2 09:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f6e6fe2e55963825b4f232a357297180df958a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:91:1d:68:83:44:bc:c4:20:d5:68:44:b5:d3:
                    d1:d5:ad:b3:3b:e7:77:ad:8b:5d:e6:1c:fb:8d:80:
                    59:11:29:df:66:6e:9d:a5:3b:89:ba:71:34:5b:7a:
                    26:a8:0b:14:f8:d3:06:69:56:2f:a9:e8:33:06:95:
                    03:99:18:2a:45:0f:2f:56:67:37:2d:a8:3a:0d:d2:
                    ca:7e:5d:59:5d:93:97:8c:dc:05:f7:73:70:51:51:
                    80:23:44:c7:7d:d8:99:46:ac:e9:fa:a9:87:fe:d1:
                    ae:c3:1c:4d:6b:99:3c:3a:78:b8:ad:bd:a0:11:2b:
                    6e:c0:9c:e0:74:9b:42:82:3c:e8:64:77:da:5c:93:
                    8a:f5:31:6f:02:b2:90:bd:75:f6:08:21:db:42:75:
                    f9:26:9a:a9:ef:d5:00:70:26:3a:55:4c:bf:28:5d:
                    d3:cb:45:62:d8:73:bf:52:67:68:04:72:7e:24:a2:
                    16:a0:57:b6:96:93:0e:3f:59:32:7c:03:34:7e:d6:
                    72:cb:8d:87:6e:88:11:e4:df:fc:ab:1d:4c:7f:0e:
                    32:d3:1b:95:0b:a1:45:d9:e0:48:6e:10:52:dd:f3:
                    b7:64:a2:6d:ae:05:1c:92:c8:f6:6c:ad:f0:04:37:
                    92:4b:10:73:c9:a5:cd:5c:54:c2:99:bd:99:87:e9:
                    c2:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:6E:6F:E2:E5:59:63:82:5B:4F:23:2A:35:72:97:18:0D:F9:58:A9
            X509v3 Authority Key Identifier:
                keyid:DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/f25v4uVZY4JbTyMqNXKXGA35WKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:4d:4c:88:c5:de:0b:01:6d:d3:a7:73:d8:02:a1:8d:b5:96:
         8b:50:e2:e6:77:bb:52:c1:5e:ab:2a:fa:9d:46:0a:83:6a:9b:
         da:11:5c:89:4f:ca:98:c3:27:ed:16:f6:79:3d:6e:b7:f8:49:
         f3:9d:7a:78:0e:eb:84:59:36:94:5e:be:18:04:f2:d2:7a:04:
         71:e8:05:5b:10:5b:fe:78:d9:a2:d7:24:46:fb:f0:81:96:bd:
         20:44:ae:4a:9b:d4:59:65:7d:1a:79:7e:7c:61:3a:f3:a7:2b:
         a3:dd:63:98:78:90:b0:06:fb:73:4c:e2:3e:4b:3b:e0:f1:36:
         82:9f:79:ca:f0:94:8f:90:91:41:a7:95:5d:35:91:b5:5b:0b:
         dc:03:1e:6e:cc:0d:21:68:4e:68:de:13:59:09:f2:45:e7:31:
         39:eb:34:ac:50:14:e6:3b:3d:50:24:c6:2f:c0:21:60:cc:06:
         3a:b0:ca:1c:88:cd:10:55:d8:f0:6f:6b:fb:73:39:a9:74:49:
         af:7c:58:f4:06:8b:b2:54:7d:e8:87:80:f6:a8:78:aa:c6:cc:
         50:2f:15:7f:4f:5e:f9:54:98:38:fc:f3:02:19:f7:52:92:0b:
         51:36:6a:ce:91:02:9e:72:7c:aa:2a:4c:af:35:0f:17:41:81:
         3e:2a:66:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmaw3R4714XuFke9SXLNQOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmM2ZkYzRiZjMzYmQ4MGZlMTI4ZDc1Njg0M2Y2MGIzOWQ1
YmVlZTMwHhcNMjUwMTAyMDk0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjZlNmZlMmU1NTk2MzgyNWI0ZjIzMmEzNTcyOTcxODBkZjk1OGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5EdaINEvMQg1WhEtdPR1a2zO+d3
rYtd5hz7jYBZESnfZm6dpTuJunE0W3omqAsU+NMGaVYvqegzBpUDmRgqRQ8vVmc3
Lag6DdLKfl1ZXZOXjNwF93NwUVGAI0THfdiZRqzp+qmH/tGuwxxNa5k8Oni4rb2g
EStuwJzgdJtCgjzoZHfaXJOK9TFvArKQvXX2CCHbQnX5Jpqp79UAcCY6VUy/KF3T
y0Vi2HO/UmdoBHJ+JKIWoFe2lpMOP1kyfAM0ftZyy42HbogR5N/8qx1Mfw4y0xuV
C6FF2eBIbhBS3fO3ZKJtrgUcksj2bK3wBDeSSxBzyaXNXFTCmb2Zh+nC9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH9ub+LlWWOCW08jKjVylxgN+VipMB8GA1UdIwQY
MBaAFN8/3EvzO9gP4SjXVoQ/YLOdW+7jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMt
YTQ3M2VjNTQxMGMzLzEvZjI1djR1VlpZNEpiVHlNcU5YS1hHQTM1V0trLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMtYTQ3M2VjNTQxMGMz
LzEvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQxZMA0G
CSqGSIb3DQEBCwUAA4IBAQBKTUyIxd4LAW3Tp3PYAqGNtZaLUOLmd7tSwV6rKvqd
RgqDapvaEVyJT8qYwyftFvZ5PW63+EnznXp4DuuEWTaUXr4YBPLSegRx6AVbEFv+
eNmi1yRG+/CBlr0gRK5Km9RZZX0aeX58YTrzpyuj3WOYeJCwBvtzTOI+Szvg8TaC
n3nK8JSPkJFBp5VdNZG1WwvcAx5uzA0haE5o3hNZCfJF5zE56zSsUBTmOz1QJMYv
wCFgzAY6sMociM0QVdjwb2v7czmpdEmvfFj0BouyVH3oh4D2qHiqxsxQLxV/T175
VJg4/PMCGfdSkgtRNmrOkQKecnyqKkyvNQ8XQYE+Kma+
-----END CERTIFICATE-----