Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/_RQz3qUVgRukfgsqK-6vZRKpkYY.roa
File:                     _RQz3qUVgRukfgsqK-6vZRKpkYY.roa (raw, json)
Hash identifier:          67CNwdEIP3qI11zxFffftMFkmHry6ZpVDuitp7237vI=
Subject key identifier:   FD:14:33:DE:A5:15:81:1B:A4:7E:0B:2A:2B:EE:AF:65:12:A9:91:86
Certificate issuer:       /CN=5380cd8ad2f84e14e9b5b64238937b6d4207e221
Certificate serial:       018F28B1A7DF3936F715176FDFF707D44D4D
Authority key identifier: 53:80:CD:8A:D2:F8:4E:14:E9:B5:B6:42:38:93:7B:6D:42:07:E2:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U4DNitL4ThTptbZCOJN7bUIH4iE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/_RQz3qUVgRukfgsqK-6vZRKpkYY.roa
Signing time:             Mon 29 Apr 2024 07:11:22 +0000
ROA not before:           Mon 29 Apr 2024 07:11:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198247
IP address blocks:        185.12.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/U4DNitL4ThTptbZCOJN7bUIH4iE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/U4DNitL4ThTptbZCOJN7bUIH4iE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U4DNitL4ThTptbZCOJN7bUIH4iE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:28:b1:a7:df:39:36:f7:15:17:6f:df:f7:07:d4:4d:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5380cd8ad2f84e14e9b5b64238937b6d4207e221
        Validity
            Not Before: Apr 29 07:11:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd1433dea515811ba47e0b2a2beeaf6512a99186
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:1c:16:bc:21:7f:e0:5d:4e:09:49:10:eb:31:
                    d6:52:92:69:a2:4d:bf:ad:96:73:ed:50:d8:85:e2:
                    d0:b2:68:49:cb:77:6b:67:cb:14:ec:df:1c:24:34:
                    2f:52:9e:4f:92:28:00:69:1d:98:61:75:7b:c6:4e:
                    91:58:28:e8:79:52:68:b5:be:db:bd:55:2e:15:3e:
                    f5:9d:11:9e:23:71:ae:45:d2:6a:a5:a7:61:6f:58:
                    e5:db:3a:1f:28:f0:8f:d7:14:3c:be:d9:ac:74:f1:
                    2e:08:7d:a5:2a:1a:00:98:6d:10:75:e5:df:b1:2a:
                    68:b0:21:dc:d4:6b:da:ef:51:fa:7e:84:d7:c6:a6:
                    ab:5a:fb:de:63:c4:4c:84:98:91:c5:7f:6f:97:8d:
                    ca:40:18:a6:92:71:7c:c1:4b:cd:a6:74:7f:4c:62:
                    b0:b5:a1:45:3c:f4:0b:79:f7:87:ec:eb:f5:6a:ea:
                    20:0c:14:b4:4e:d9:53:c8:67:ce:67:a7:ff:d3:49:
                    84:12:29:c3:37:6c:7e:3c:54:26:72:cf:bd:4b:73:
                    d2:59:3e:bd:eb:8a:90:0b:8e:2d:5f:c7:7d:03:a3:
                    77:ab:b0:e4:aa:2a:9b:fe:0b:49:78:f3:9f:7a:91:
                    18:7c:70:98:41:37:92:a5:73:71:14:9c:84:a3:a0:
                    be:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:14:33:DE:A5:15:81:1B:A4:7E:0B:2A:2B:EE:AF:65:12:A9:91:86
            X509v3 Authority Key Identifier:
                keyid:53:80:CD:8A:D2:F8:4E:14:E9:B5:B6:42:38:93:7B:6D:42:07:E2:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U4DNitL4ThTptbZCOJN7bUIH4iE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/_RQz3qUVgRukfgsqK-6vZRKpkYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/U4DNitL4ThTptbZCOJN7bUIH4iE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:44:cd:e6:7a:6e:df:14:88:89:33:b8:40:05:53:dd:39:f4:
         29:f3:78:87:0d:1a:e4:a0:0f:57:4f:ff:ed:fb:70:c9:55:2b:
         f0:6d:2a:2d:a5:12:31:4f:dc:9c:ce:b7:3b:3f:9e:0b:fb:7a:
         5d:6e:07:2b:6f:92:5a:73:4e:0a:23:79:d0:2c:8c:fd:85:b4:
         bd:a1:c7:3c:85:09:e7:1c:10:78:a9:67:20:8e:41:a9:ae:85:
         2a:9d:c8:92:d7:e5:ee:50:bf:78:a6:d8:cb:1e:c2:0f:cf:aa:
         06:94:94:2c:78:c4:ef:34:4c:0c:9b:84:d5:c1:3c:5b:c3:ba:
         54:ec:a6:4d:a8:5c:5b:bf:53:41:b6:74:b0:8b:3a:4c:32:ce:
         11:10:d7:bd:fb:7b:88:1f:d8:63:6c:c2:ad:da:9e:83:12:47:
         00:76:9c:83:e6:c7:e0:57:71:54:41:2e:66:e0:94:0d:6e:47:
         09:95:fa:e0:de:1f:cb:d3:8c:15:97:5a:ca:02:99:7a:46:a3:
         8a:30:eb:36:d1:af:b6:46:13:d2:15:44:38:c2:51:bd:8d:19:
         10:9e:af:01:ee:89:b0:99:95:df:4e:8d:a9:7e:94:e3:40:b8:
         74:e5:de:b1:c1:58:33:f3:cf:51:21:43:62:f1:59:da:16:30:
         88:bc:77:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8osaffOTb3FRdv3/cH1E1NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzODBjZDhhZDJmODRlMTRlOWI1YjY0MjM4OTM3YjZkNDIw
N2UyMjEwHhcNMjQwNDI5MDcxMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDE0MzNkZWE1MTU4MTFiYTQ3ZTBiMmEyYmVlYWY2NTEyYTk5MTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBwWvCF/4F1OCUkQ6zHWUpJpok2/
rZZz7VDYheLQsmhJy3drZ8sU7N8cJDQvUp5PkigAaR2YYXV7xk6RWCjoeVJotb7b
vVUuFT71nRGeI3GuRdJqpadhb1jl2zofKPCP1xQ8vtmsdPEuCH2lKhoAmG0QdeXf
sSposCHc1Gva71H6foTXxqarWvveY8RMhJiRxX9vl43KQBimknF8wUvNpnR/TGKw
taFFPPQLefeH7Ov1auogDBS0TtlTyGfOZ6f/00mEEinDN2x+PFQmcs+9S3PSWT69
64qQC44tX8d9A6N3q7Dkqiqb/gtJePOfepEYfHCYQTeSpXNxFJyEo6C+swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0UM96lFYEbpH4LKivur2USqZGGMB8GA1UdIwQY
MBaAFFOAzYrS+E4U6bW2QjiTe21CB+IhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTRETml0TDRUaFRwdGJaQ09KTjdiVUlINGlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8yZmNjOTItYzk2Ny00YTY1LWE0MzQt
NWUzNmQxYjA4MjVlLzEvX1JRejNxVVZnUnVrZmdzcUstNnZaUktwa1lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8yZmNjOTItYzk2Ny00YTY1LWE0MzQtNWUzNmQxYjA4MjVl
LzEvVTRETml0TDRUaFRwdGJaQ09KTjdiVUlINGlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQwZMA0G
CSqGSIb3DQEBCwUAA4IBAQAfRM3mem7fFIiJM7hABVPdOfQp83iHDRrkoA9XT//t
+3DJVSvwbSotpRIxT9yczrc7P54L+3pdbgcrb5Jac04KI3nQLIz9hbS9occ8hQnn
HBB4qWcgjkGproUqnciS1+XuUL94ptjLHsIPz6oGlJQseMTvNEwMm4TVwTxbw7pU
7KZNqFxbv1NBtnSwizpMMs4RENe9+3uIH9hjbMKt2p6DEkcAdpyD5sfgV3FUQS5m
4JQNbkcJlfrg3h/L04wVl1rKApl6RqOKMOs20a+2RhPSFUQ4wlG9jRkQnq8B7omw
mZXfTo2pfpTjQLh05d6xwVgz889RIUNi8VnaFjCIvHef
-----END CERTIFICATE-----