Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/28d5a7-48f1-4414-a853-d86b4caed11d/1/tEv35q2RkU8qZwi3KbCbrQN4IU4.roa
File:                     tEv35q2RkU8qZwi3KbCbrQN4IU4.roa (raw, json)
Hash identifier:          lfI/ly+fn3srZUEQSiNWtoImdhn39dWDFKmOYscx3TI=
Subject key identifier:   B4:4B:F7:E6:AD:91:91:4F:2A:67:08:B7:29:B0:9B:AD:03:78:21:4E
Certificate issuer:       /CN=25a879d628fe5ec8a761c4748679993f9c69f8b4
Certificate serial:       018CC56F069B45109038FAEAC254473F7E66
Authority key identifier: 25:A8:79:D6:28:FE:5E:C8:A7:61:C4:74:86:79:99:3F:9C:69:F8:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jah51ij-XsinYcR0hnmZP5xp-LQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/28d5a7-48f1-4414-a853-d86b4caed11d/1/tEv35q2RkU8qZwi3KbCbrQN4IU4.roa
Signing time:             Mon 01 Jan 2024 14:30:36 +0000
ROA not before:           Mon 01 Jan 2024 14:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42473
IP address blocks:        185.245.66.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/28d5a7-48f1-4414-a853-d86b4caed11d/1/Jah51ij-XsinYcR0hnmZP5xp-LQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/28d5a7-48f1-4414-a853-d86b4caed11d/1/Jah51ij-XsinYcR0hnmZP5xp-LQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jah51ij-XsinYcR0hnmZP5xp-LQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6f:06:9b:45:10:90:38:fa:ea:c2:54:47:3f:7e:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25a879d628fe5ec8a761c4748679993f9c69f8b4
        Validity
            Not Before: Jan  1 14:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b44bf7e6ad91914f2a6708b729b09bad0378214e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:64:f1:fe:c3:5d:a4:78:2e:a3:63:4b:9c:ca:
                    b2:bf:79:23:73:de:95:77:c7:37:4b:cd:9e:bc:08:
                    0d:3a:a0:af:7e:05:f5:f1:da:db:b1:e7:5a:fe:9d:
                    f0:96:97:9c:d1:23:9c:e3:0e:9e:71:34:29:99:a4:
                    b8:b7:66:5a:d8:ab:67:36:c4:66:ac:fe:62:a3:ef:
                    3e:f6:6a:0e:34:bf:9e:e5:39:41:d7:f5:89:c0:58:
                    d7:60:61:5d:08:7f:fd:c6:ad:61:e7:0f:e2:a0:ab:
                    91:4b:21:e6:fd:6a:fb:f3:71:4e:da:79:cf:bc:0a:
                    75:1d:46:37:67:8c:b9:33:ba:01:d3:3f:af:00:f2:
                    52:85:89:82:3c:dc:48:4b:bb:57:99:8a:0f:69:78:
                    44:bc:d2:39:c4:6c:ed:51:91:c4:ae:9d:11:1f:fb:
                    e1:c3:34:f6:e3:d8:b9:84:e3:7d:16:8e:b7:29:04:
                    fe:4d:58:85:c3:bc:c4:13:bd:c0:5a:f3:0e:d0:34:
                    ef:cc:be:a8:44:2c:6e:09:6c:4c:52:4c:9b:26:6e:
                    1c:60:99:45:a2:31:57:04:4c:77:5b:32:ec:fe:1d:
                    51:f3:cf:78:c2:16:db:63:1d:aa:4f:93:0b:c0:02:
                    a5:3b:fb:cb:18:ec:c7:17:bf:b7:cc:0f:79:7a:ff:
                    ae:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:4B:F7:E6:AD:91:91:4F:2A:67:08:B7:29:B0:9B:AD:03:78:21:4E
            X509v3 Authority Key Identifier:
                keyid:25:A8:79:D6:28:FE:5E:C8:A7:61:C4:74:86:79:99:3F:9C:69:F8:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jah51ij-XsinYcR0hnmZP5xp-LQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/28d5a7-48f1-4414-a853-d86b4caed11d/1/tEv35q2RkU8qZwi3KbCbrQN4IU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/28d5a7-48f1-4414-a853-d86b4caed11d/1/Jah51ij-XsinYcR0hnmZP5xp-LQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4d:c3:06:8a:b6:65:98:a7:42:a1:7f:ff:62:c8:03:ac:0e:ce:
         72:2e:3e:b9:2c:cd:f3:09:03:67:f6:65:a9:a5:3c:78:21:34:
         9e:e8:20:da:2d:2b:cf:64:cb:e4:ed:3a:19:c7:41:a1:ff:1a:
         8e:c0:ef:a9:a2:81:01:43:a6:eb:33:a7:87:3f:fd:b7:9d:19:
         43:02:40:6c:dd:07:fe:be:d1:6e:87:0a:c6:c2:a1:e4:b5:81:
         7c:33:c4:10:24:39:68:ff:28:b8:3c:20:7e:32:aa:39:85:09:
         27:b4:40:cd:d6:45:be:5a:22:e0:4c:1d:d2:dc:3e:0e:91:02:
         3c:ed:ac:32:55:a7:6d:66:12:0c:9c:c7:0c:9f:3d:30:c8:10:
         1e:bf:47:ab:71:9e:c3:1c:c1:f7:69:b3:b8:2c:2f:51:97:e8:
         d0:c1:e8:3e:99:e6:72:67:e8:3e:0e:2c:7a:5f:67:d1:5c:1b:
         18:d0:2e:a4:ab:39:f8:27:ea:98:77:02:59:59:16:44:84:70:
         e9:d3:37:1a:71:bd:9a:98:c2:27:f1:97:ce:20:cb:c1:cc:13:
         e6:3d:1d:f1:3d:c5:8a:fa:ea:6b:f9:b6:4b:67:7f:7a:9d:f0:
         4b:66:f7:22:5e:64:ce:47:ab:c5:f9:00:8b:b0:6a:f2:45:93:
         34:63:aa:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbwabRRCQOPrqwlRHP35mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YTg3OWQ2MjhmZTVlYzhhNzYxYzQ3NDg2Nzk5OTNmOWM2
OWY4YjQwHhcNMjQwMTAxMTQzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDRiZjdlNmFkOTE5MTRmMmE2NzA4YjcyOWIwOWJhZDAzNzgyMTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimTx/sNdpHguo2NLnMqyv3kjc96V
d8c3S82evAgNOqCvfgX18drbseda/p3wlpec0SOc4w6ecTQpmaS4t2Za2KtnNsRm
rP5io+8+9moONL+e5TlB1/WJwFjXYGFdCH/9xq1h5w/ioKuRSyHm/Wr783FO2nnP
vAp1HUY3Z4y5M7oB0z+vAPJShYmCPNxIS7tXmYoPaXhEvNI5xGztUZHErp0RH/vh
wzT249i5hON9Fo63KQT+TViFw7zEE73AWvMO0DTvzL6oRCxuCWxMUkybJm4cYJlF
ojFXBEx3WzLs/h1R8894whbbYx2qT5MLwAKlO/vLGOzHF7+3zA95ev+ucQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLRL9+atkZFPKmcItymwm60DeCFOMB8GA1UdIwQY
MBaAFCWoedYo/l7Ip2HEdIZ5mT+cafi0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmFoNTFpai1Yc2luWWNSMGhubVpQNXhwLUxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8yOGQ1YTctNDhmMS00NDE0LWE4NTMt
ZDg2YjRjYWVkMTFkLzEvdEV2MzVxMlJrVThxWndpM0tiQ2JyUU40SVU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8yOGQ1YTctNDhmMS00NDE0LWE4NTMtZDg2YjRjYWVkMTFk
LzEvSmFoNTFpai1Yc2luWWNSMGhubVpQNXhwLUxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufVCMA0G
CSqGSIb3DQEBCwUAA4IBAQBNwwaKtmWYp0Khf/9iyAOsDs5yLj65LM3zCQNn9mWp
pTx4ITSe6CDaLSvPZMvk7ToZx0Gh/xqOwO+pooEBQ6brM6eHP/23nRlDAkBs3Qf+
vtFuhwrGwqHktYF8M8QQJDlo/yi4PCB+Mqo5hQkntEDN1kW+WiLgTB3S3D4OkQI8
7awyVadtZhIMnMcMnz0wyBAev0ercZ7DHMH3abO4LC9Rl+jQweg+meZyZ+g+Dix6
X2fRXBsY0C6kqzn4J+qYdwJZWRZEhHDp0zcacb2amMIn8ZfOIMvBzBPmPR3xPcWK
+upr+bZLZ396nfBLZvciXmTOR6vF+QCLsGryRZM0Y6oz
-----END CERTIFICATE-----