Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/5d1908-6c4d-4581-8f10-985aac5beb30/1/1-hdiWMY5l0xAZuqxRKYMnls1-tQ.roa
File:                     1-hdiWMY5l0xAZuqxRKYMnls1-tQ.roa (raw, json)
Hash identifier:          T86Jb9a9Ub4X+hYRFQtCytnDevJ3Vo4p0E2BCYldVL4=
Subject key identifier:   FA:17:62:58:C6:39:97:4C:40:66:EA:B1:44:A6:0C:9E:5B:35:FA:D4
Certificate issuer:       /CN=dd8a4e1dee5bb1e6579b1161ca912ca9c03b46ed
Certificate serial:       0194236A3AB8803C2D7936FB62360D2F51DE
Authority key identifier: DD:8A:4E:1D:EE:5B:B1:E6:57:9B:11:61:CA:91:2C:A9:C0:3B:46:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3YpOHe5bseZXmxFhypEsqcA7Ru0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/5d1908-6c4d-4581-8f10-985aac5beb30/1/1-hdiWMY5l0xAZuqxRKYMnls1-tQ.roa
Signing time:             Wed 01 Jan 2025 19:49:11 +0000
ROA not before:           Wed 01 Jan 2025 19:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60605
IP address blocks:        185.25.172.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/5d1908-6c4d-4581-8f10-985aac5beb30/1/3YpOHe5bseZXmxFhypEsqcA7Ru0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/5d1908-6c4d-4581-8f10-985aac5beb30/1/3YpOHe5bseZXmxFhypEsqcA7Ru0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3YpOHe5bseZXmxFhypEsqcA7Ru0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:3a:b8:80:3c:2d:79:36:fb:62:36:0d:2f:51:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd8a4e1dee5bb1e6579b1161ca912ca9c03b46ed
        Validity
            Not Before: Jan  1 19:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa176258c639974c4066eab144a60c9e5b35fad4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a4:90:ec:dd:53:16:00:e2:74:7a:3e:2a:9e:
                    54:76:fd:c1:e9:f5:4f:ff:3b:f1:96:6f:f1:a8:1c:
                    10:c5:dc:6e:36:0f:42:5c:a7:79:00:26:98:57:2f:
                    93:ad:08:88:73:31:da:ce:67:20:87:d4:c9:04:80:
                    f1:47:c3:13:e7:f7:83:36:21:30:85:30:d7:57:62:
                    10:da:20:22:ff:1d:eb:7a:7e:f1:14:15:59:24:64:
                    af:0f:19:64:d8:26:6e:1f:97:47:13:c5:9e:95:ec:
                    2f:2f:d5:d4:05:46:e5:46:d5:cc:a0:16:fe:c7:cc:
                    99:bf:bd:65:bc:47:8a:ea:9f:61:6e:11:d2:01:c7:
                    ef:a0:a7:75:44:8b:eb:48:ae:11:71:06:cf:3c:5e:
                    04:4f:14:33:16:fd:ad:c4:af:92:fe:75:49:ca:e3:
                    74:e4:25:7c:af:51:dd:a0:18:a1:14:34:8e:eb:15:
                    d2:a1:8d:81:59:b3:3f:53:70:c8:bf:37:ce:f7:2f:
                    9b:3e:90:58:72:57:29:25:42:a1:ad:75:37:b5:30:
                    70:bc:c3:bd:82:f5:e8:d3:0e:1e:38:96:b3:fc:1c:
                    f1:38:b1:b3:c5:13:bd:4d:78:98:ed:2c:4c:ff:dc:
                    a1:1b:f6:cb:db:a6:72:40:24:9a:32:f0:93:59:93:
                    80:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:17:62:58:C6:39:97:4C:40:66:EA:B1:44:A6:0C:9E:5B:35:FA:D4
            X509v3 Authority Key Identifier:
                keyid:DD:8A:4E:1D:EE:5B:B1:E6:57:9B:11:61:CA:91:2C:A9:C0:3B:46:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3YpOHe5bseZXmxFhypEsqcA7Ru0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/5d1908-6c4d-4581-8f10-985aac5beb30/1/1-hdiWMY5l0xAZuqxRKYMnls1-tQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/5d1908-6c4d-4581-8f10-985aac5beb30/1/3YpOHe5bseZXmxFhypEsqcA7Ru0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bf:16:96:ed:57:9f:39:77:9e:7e:24:1c:85:ae:87:97:b0:79:
         b1:e3:88:fa:8f:eb:7d:40:e3:6f:61:65:f3:f8:30:a7:d2:29:
         a4:1d:28:57:ad:dc:de:58:9c:fb:bf:33:8c:dc:a2:ea:bb:e5:
         da:f2:60:45:52:63:9f:ea:a2:6f:42:42:d3:90:67:cb:95:37:
         7c:9f:00:7c:d2:55:ed:8d:0c:c5:48:5e:82:8e:1a:e4:5c:11:
         71:e1:cd:e4:65:9d:56:e5:90:b5:9f:48:97:a1:d7:41:02:8d:
         b0:15:5c:be:0f:c8:3a:38:a5:d0:b9:59:c9:88:6c:8c:b4:83:
         1d:da:df:2e:3b:2c:49:24:f3:28:84:9b:ba:01:f3:13:fc:cf:
         94:4b:93:34:10:55:88:bf:3f:0b:f4:9d:91:db:c6:1f:c2:40:
         32:36:2b:83:2b:b3:4d:ee:59:a8:c2:e0:71:93:f8:54:8e:e4:
         10:2f:3a:d3:bd:f9:a2:0f:6d:22:c2:03:78:9b:e6:73:ba:b7:
         8f:05:de:a0:7e:a1:1b:7d:7f:62:bf:f8:30:36:3c:9f:aa:6f:
         d1:95:4d:c7:af:a4:58:77:62:97:17:4c:a7:8e:b5:f4:5e:bb:
         dd:cd:60:50:f2:29:79:1a:f3:99:70:eb:8b:1e:fb:c6:e4:38:
         6b:d8:f1:67
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQjajq4gDwteTb7YjYNL1HeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkOGE0ZTFkZWU1YmIxZTY1NzliMTE2MWNhOTEyY2E5YzAz
YjQ2ZWQwHhcNMjUwMTAxMTk0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTE3NjI1OGM2Mzk5NzRjNDA2NmVhYjE0NGE2MGM5ZTViMzVmYWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6SQ7N1TFgDidHo+Kp5Udv3B6fVP
/zvxlm/xqBwQxdxuNg9CXKd5ACaYVy+TrQiIczHazmcgh9TJBIDxR8MT5/eDNiEw
hTDXV2IQ2iAi/x3ren7xFBVZJGSvDxlk2CZuH5dHE8WelewvL9XUBUblRtXMoBb+
x8yZv71lvEeK6p9hbhHSAcfvoKd1RIvrSK4RcQbPPF4ETxQzFv2txK+S/nVJyuN0
5CV8r1HdoBihFDSO6xXSoY2BWbM/U3DIvzfO9y+bPpBYclcpJUKhrXU3tTBwvMO9
gvXo0w4eOJaz/BzxOLGzxRO9TXiY7SxM/9yhG/bL26ZyQCSaMvCTWZOAuwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPoXYljGOZdMQGbqsUSmDJ5bNfrUMB8GA1UdIwQY
MBaAFN2KTh3uW7HmV5sRYcqRLKnAO0btMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1lwT0hlNWJzZVpYbXhGaHlwRXNxY0E3UnUwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS81ZDE5MDgtNmM0ZC00NTgxLThmMTAt
OTg1YWFjNWJlYjMwLzEvMS1oZGlXTVk1bDB4QVp1cXhSS1lNbmxzMS10US5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjUvNWQxOTA4LTZjNGQtNDU4MS04ZjEwLTk4NWFhYzViZWIz
MC8xLzNZcE9IZTVic2VaWG14Rmh5cEVzcWNBN1J1MC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArkZrDAN
BgkqhkiG9w0BAQsFAAOCAQEAvxaW7VefOXeefiQcha6Hl7B5seOI+o/rfUDjb2Fl
8/gwp9IppB0oV63c3lic+78zjNyi6rvl2vJgRVJjn+qib0JC05Bny5U3fJ8AfNJV
7Y0MxUhego4a5FwRceHN5GWdVuWQtZ9Il6HXQQKNsBVcvg/IOjil0LlZyYhsjLSD
HdrfLjssSSTzKISbugHzE/zPlEuTNBBViL8/C/SdkdvGH8JAMjYrgyuzTe5ZqMLg
cZP4VI7kEC860735og9tIsIDeJvmc7q3jwXeoH6hG31/Yr/4MDY8n6pv0ZVNx6+k
WHdilxdMp4619F673c1gUPIpeRrzmXDrix77xuQ4a9jxZw==
-----END CERTIFICATE-----