Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/1cb8ca-5993-4d17-a61e-ee7328adcc7c/1/7yTi2tJzXOiInwQGl14zluNMo-M.roa
File:                     7yTi2tJzXOiInwQGl14zluNMo-M.roa (raw, json)
Hash identifier:          orwqyJHPPrFuun/UkDscSlh6k842AqcQAk+VyU1L+eA=
Subject key identifier:   EF:24:E2:DA:D2:73:5C:E8:88:9F:04:06:97:5E:33:96:E3:4C:A3:E3
Certificate issuer:       /CN=de01c443831cf930b7478708d76a3cf44d89a162
Certificate serial:       018CCA2AA6E6CB46F8832E013FD8C0E49DF6
Authority key identifier: DE:01:C4:43:83:1C:F9:30:B7:47:87:08:D7:6A:3C:F4:4D:89:A1:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3gHEQ4Mc-TC3R4cI12o89E2JoWI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/1cb8ca-5993-4d17-a61e-ee7328adcc7c/1/7yTi2tJzXOiInwQGl14zluNMo-M.roa
Signing time:             Tue 02 Jan 2024 12:34:02 +0000
ROA not before:           Tue 02 Jan 2024 12:34:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48601
IP address blocks:        185.42.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/1cb8ca-5993-4d17-a61e-ee7328adcc7c/1/3gHEQ4Mc-TC3R4cI12o89E2JoWI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/1cb8ca-5993-4d17-a61e-ee7328adcc7c/1/3gHEQ4Mc-TC3R4cI12o89E2JoWI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3gHEQ4Mc-TC3R4cI12o89E2JoWI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:a6:e6:cb:46:f8:83:2e:01:3f:d8:c0:e4:9d:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de01c443831cf930b7478708d76a3cf44d89a162
        Validity
            Not Before: Jan  2 12:34:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef24e2dad2735ce8889f0406975e3396e34ca3e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:e6:08:3f:39:12:1f:b1:78:de:39:f5:20:46:
                    9a:e9:e6:67:45:9d:76:f5:e2:cb:71:74:6b:ac:d6:
                    e3:4f:1f:f6:58:b6:a1:49:31:46:6a:d6:8e:8c:6e:
                    e0:61:a8:08:c9:88:52:8a:80:8e:f3:68:1b:9a:ef:
                    d8:10:2d:5a:10:c7:30:1b:e6:1d:46:d4:ca:65:f0:
                    f9:00:bf:31:d6:42:1d:4f:93:53:ed:9f:05:2e:7c:
                    22:92:77:03:b0:ce:bb:af:00:3f:92:81:65:f9:84:
                    d1:2a:78:47:93:81:52:98:ea:9a:be:6a:17:ca:12:
                    10:51:dc:71:ea:3a:41:18:1d:2a:1a:18:0f:09:df:
                    05:84:34:7b:bb:d7:05:c1:0e:96:15:56:7c:6e:14:
                    4b:ec:7a:0a:a0:f4:96:a1:31:0c:23:11:b6:2a:b6:
                    8a:2c:0e:2a:63:54:f6:60:46:d1:9f:d1:2b:4c:af:
                    91:76:fc:08:44:99:36:fd:c2:13:2a:7c:d8:f4:80:
                    a5:81:58:67:58:03:fa:49:67:37:88:2a:06:5a:cd:
                    f8:d7:ac:11:69:bf:f2:e2:b0:f4:68:4c:72:92:e2:
                    25:cd:a8:9c:92:80:c6:cc:6a:ef:af:f0:a6:60:0a:
                    33:21:51:86:9b:3c:e6:d3:df:81:21:ba:5b:97:5e:
                    a8:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:24:E2:DA:D2:73:5C:E8:88:9F:04:06:97:5E:33:96:E3:4C:A3:E3
            X509v3 Authority Key Identifier:
                keyid:DE:01:C4:43:83:1C:F9:30:B7:47:87:08:D7:6A:3C:F4:4D:89:A1:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3gHEQ4Mc-TC3R4cI12o89E2JoWI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/1cb8ca-5993-4d17-a61e-ee7328adcc7c/1/7yTi2tJzXOiInwQGl14zluNMo-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/1cb8ca-5993-4d17-a61e-ee7328adcc7c/1/3gHEQ4Mc-TC3R4cI12o89E2JoWI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.42.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:25:f9:71:e4:9a:f4:0f:9e:90:47:c2:1b:45:e5:64:32:c3:
         aa:4a:29:1e:62:98:89:1f:74:36:a1:a9:dd:73:82:c7:e1:9f:
         b5:d0:27:c9:f6:6d:9c:4f:4c:a5:af:d2:27:86:7f:f7:9b:64:
         d8:59:70:30:6f:1f:12:7f:34:61:28:5d:f5:f1:39:cb:1d:82:
         08:f5:b8:a4:df:96:65:bb:04:53:c9:93:7a:d6:1b:47:ab:d3:
         c7:bf:18:f5:fd:68:f3:32:9d:e2:f5:20:43:0d:6f:1b:12:e7:
         90:61:58:8c:b9:99:e5:9c:a9:83:76:a0:ec:13:7a:61:99:73:
         2a:99:55:cf:af:9e:29:f7:b8:71:57:e5:98:5b:9e:e6:4a:a1:
         d9:0e:82:72:a2:58:19:cf:cc:e5:0e:b7:cc:9a:5f:db:ed:d6:
         c9:4e:1e:cf:f9:a0:a0:55:22:9b:60:50:dc:d2:27:57:6d:5f:
         33:14:6a:21:cf:3a:39:eb:c9:40:4f:61:7e:84:bf:57:77:01:
         38:8b:c5:0b:c0:1d:b4:1c:5a:73:2c:8e:d0:83:92:ac:37:b8:
         0c:b4:fd:ac:39:02:11:5e:09:2d:13:19:64:95:4d:04:d6:26:
         02:1d:9b:eb:a9:8b:90:d0:e1:68:e8:92:80:03:f5:74:aa:62:
         23:7b:cb:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKqbmy0b4gy4BP9jA5J32MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMDFjNDQzODMxY2Y5MzBiNzQ3ODcwOGQ3NmEzY2Y0NGQ4
OWExNjIwHhcNMjQwMTAyMTIzNDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjI0ZTJkYWQyNzM1Y2U4ODg5ZjA0MDY5NzVlMzM5NmUzNGNhM2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+YIPzkSH7F43jn1IEaa6eZnRZ12
9eLLcXRrrNbjTx/2WLahSTFGataOjG7gYagIyYhSioCO82gbmu/YEC1aEMcwG+Yd
RtTKZfD5AL8x1kIdT5NT7Z8FLnwikncDsM67rwA/koFl+YTRKnhHk4FSmOqavmoX
yhIQUdxx6jpBGB0qGhgPCd8FhDR7u9cFwQ6WFVZ8bhRL7HoKoPSWoTEMIxG2KraK
LA4qY1T2YEbRn9ErTK+RdvwIRJk2/cITKnzY9IClgVhnWAP6SWc3iCoGWs3416wR
ab/y4rD0aExykuIlzaickoDGzGrvr/CmYAozIVGGmzzm09+BIbpbl16ouwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO8k4trSc1zoiJ8EBpdeM5bjTKPjMB8GA1UdIwQY
MBaAFN4BxEODHPkwt0eHCNdqPPRNiaFiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2dIRVE0TWMtVEMzUjRjSTEybzg5RTJKb1dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8xY2I4Y2EtNTk5My00ZDE3LWE2MWUt
ZWU3MzI4YWRjYzdjLzEvN3lUaTJ0SnpYT2lJbndRR2wxNHpsdU5Nby1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8xY2I4Y2EtNTk5My00ZDE3LWE2MWUtZWU3MzI4YWRjYzdj
LzEvM2dIRVE0TWMtVEMzUjRjSTEybzg5RTJKb1dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSoZMA0G
CSqGSIb3DQEBCwUAA4IBAQBwJflx5Jr0D56QR8IbReVkMsOqSikeYpiJH3Q2oand
c4LH4Z+10CfJ9m2cT0ylr9Inhn/3m2TYWXAwbx8SfzRhKF318TnLHYII9bik35Zl
uwRTyZN61htHq9PHvxj1/WjzMp3i9SBDDW8bEueQYViMuZnlnKmDdqDsE3phmXMq
mVXPr54p97hxV+WYW57mSqHZDoJyolgZz8zlDrfMml/b7dbJTh7P+aCgVSKbYFDc
0idXbV8zFGohzzo568lAT2F+hL9XdwE4i8ULwB20HFpzLI7Qg5KsN7gMtP2sOQIR
XgktExlklU0E1iYCHZvrqYuQ0OFo6JKAA/V0qmIje8t7
-----END CERTIFICATE-----