Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/f13f98-4e7a-435d-b1b0-8386e70bdc58/1/dRczkNlE78tPt_hRF0-ei8z9uOg.roa
File:                     dRczkNlE78tPt_hRF0-ei8z9uOg.roa (raw, json)
Hash identifier:          3wpEvifJeVFBwSclWgIJxMroNJeS1ss3CuAYbK4EOro=
Subject key identifier:   75:17:33:90:D9:44:EF:CB:4F:B7:F8:51:17:4F:9E:8B:CC:FD:B8:E8
Certificate issuer:       /CN=de6ed0579c3fd253597ec82f0939111ba9d8c88d
Certificate serial:       018CC4250707E6DFA0C453109BA8A8A72FDD
Authority key identifier: DE:6E:D0:57:9C:3F:D2:53:59:7E:C8:2F:09:39:11:1B:A9:D8:C8:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3m7QV5w_0lNZfsgvCTkRG6nYyI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/f13f98-4e7a-435d-b1b0-8386e70bdc58/1/dRczkNlE78tPt_hRF0-ei8z9uOg.roa
Signing time:             Mon 01 Jan 2024 08:30:10 +0000
ROA not before:           Mon 01 Jan 2024 08:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30758
IP address blocks:        185.48.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/f13f98-4e7a-435d-b1b0-8386e70bdc58/1/3m7QV5w_0lNZfsgvCTkRG6nYyI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/f13f98-4e7a-435d-b1b0-8386e70bdc58/1/3m7QV5w_0lNZfsgvCTkRG6nYyI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3m7QV5w_0lNZfsgvCTkRG6nYyI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:07:07:e6:df:a0:c4:53:10:9b:a8:a8:a7:2f:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de6ed0579c3fd253597ec82f0939111ba9d8c88d
        Validity
            Not Before: Jan  1 08:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75173390d944efcb4fb7f851174f9e8bccfdb8e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:60:dc:7b:88:ee:df:dc:c2:3e:58:b2:54:5a:
                    ec:7e:be:1c:4a:c2:40:ce:40:b1:47:32:16:4a:bd:
                    28:d2:61:4a:57:b5:61:db:33:49:e1:ad:c5:16:4c:
                    56:f8:29:ca:ba:8a:b3:d1:d3:eb:2e:f3:4d:63:4b:
                    e4:f9:0a:79:96:76:f0:f9:f6:35:a8:69:0e:f7:a2:
                    19:e4:2e:42:95:14:bb:8b:84:18:d0:fe:2d:3e:e4:
                    9a:81:60:7b:71:87:da:c9:e4:0f:8f:fc:08:1b:52:
                    86:4a:03:96:09:98:f0:43:6f:48:c0:8d:59:d6:08:
                    59:19:5f:7b:14:f8:55:67:2d:f0:51:73:be:01:cd:
                    8d:aa:06:e5:fe:44:69:5c:f6:de:af:dc:c9:9d:9f:
                    8b:84:6c:1c:1d:b2:bb:bf:b3:2b:65:9c:4e:4e:61:
                    47:83:e4:9d:e6:2c:06:5f:bd:7d:f2:d1:48:c5:9a:
                    f4:58:24:b5:65:8e:2d:2f:26:b1:cd:3a:c8:31:05:
                    24:31:1c:10:f9:bb:fb:1e:69:67:79:c7:3e:68:ad:
                    af:da:84:06:84:db:93:5b:2c:6c:0d:ae:4d:aa:39:
                    95:39:7e:e4:0f:f7:3b:22:a4:ef:7d:84:fd:d0:ee:
                    dc:15:92:b4:62:58:dd:49:cd:9f:11:9b:56:0c:88:
                    a5:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:17:33:90:D9:44:EF:CB:4F:B7:F8:51:17:4F:9E:8B:CC:FD:B8:E8
            X509v3 Authority Key Identifier:
                keyid:DE:6E:D0:57:9C:3F:D2:53:59:7E:C8:2F:09:39:11:1B:A9:D8:C8:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3m7QV5w_0lNZfsgvCTkRG6nYyI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/f13f98-4e7a-435d-b1b0-8386e70bdc58/1/dRczkNlE78tPt_hRF0-ei8z9uOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/f13f98-4e7a-435d-b1b0-8386e70bdc58/1/3m7QV5w_0lNZfsgvCTkRG6nYyI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.48.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:e9:bc:23:a0:78:1c:47:2d:38:ec:45:d2:1c:8a:95:c1:2c:
         f4:9f:3a:c7:96:80:b7:c3:ee:16:db:23:5d:34:05:eb:67:a3:
         2c:89:3f:86:16:00:23:28:94:b4:26:93:f3:53:d0:c6:ff:21:
         dc:ed:cc:34:61:2a:bd:74:00:8d:1b:07:7b:e8:22:a4:a5:00:
         2d:e1:a9:e2:53:87:f3:31:99:92:fa:a0:61:e5:2e:e4:5e:92:
         db:c5:48:06:9d:9c:26:5a:4b:12:53:a0:9c:7c:ae:42:ac:ff:
         fc:bb:0e:ac:b5:32:e3:fd:7f:23:51:6c:80:3b:3d:ba:f1:7d:
         03:9a:4f:4d:4b:79:13:67:ef:c4:3e:1b:16:84:9d:ff:cd:a2:
         a3:c6:d7:58:12:28:6a:f6:58:0b:d8:dc:e0:87:37:17:0e:6d:
         76:d6:94:03:6f:39:2d:30:f9:6c:62:b1:b1:56:53:49:41:a6:
         02:80:12:15:52:66:bc:f5:d0:d7:04:62:b1:46:16:69:dd:23:
         b1:48:03:e6:ad:20:5d:8f:40:7b:8e:59:01:72:9a:5f:c9:63:
         3b:d1:83:ac:a2:19:ed:a9:49:93:91:3b:9a:44:49:55:73:02:
         7b:45:37:13:2a:e6:47:74:33:76:e6:69:81:27:d9:6e:bf:c6:
         dd:57:ea:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJQcH5t+gxFMQm6iopy/dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlNmVkMDU3OWMzZmQyNTM1OTdlYzgyZjA5MzkxMTFiYTlk
OGM4OGQwHhcNMjQwMTAxMDgzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTE3MzM5MGQ5NDRlZmNiNGZiN2Y4NTExNzRmOWU4YmNjZmRiOGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02Dce4ju39zCPliyVFrsfr4cSsJA
zkCxRzIWSr0o0mFKV7Vh2zNJ4a3FFkxW+CnKuoqz0dPrLvNNY0vk+Qp5lnbw+fY1
qGkO96IZ5C5ClRS7i4QY0P4tPuSagWB7cYfayeQPj/wIG1KGSgOWCZjwQ29IwI1Z
1ghZGV97FPhVZy3wUXO+Ac2Nqgbl/kRpXPber9zJnZ+LhGwcHbK7v7MrZZxOTmFH
g+Sd5iwGX7198tFIxZr0WCS1ZY4tLyaxzTrIMQUkMRwQ+bv7Hmlnecc+aK2v2oQG
hNuTWyxsDa5NqjmVOX7kD/c7IqTvfYT90O7cFZK0YljdSc2fEZtWDIiloQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUXM5DZRO/LT7f4URdPnovM/bjoMB8GA1UdIwQY
MBaAFN5u0FecP9JTWX7ILwk5ERup2MiNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM203UVY1d18wbE5aZnNndkNUa1JHNm5ZeUkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9mMTNmOTgtNGU3YS00MzVkLWIxYjAt
ODM4NmU3MGJkYzU4LzEvZFJjemtObEU3OHRQdF9oUkYwLWVpOHo5dU9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9mMTNmOTgtNGU3YS00MzVkLWIxYjAtODM4NmU3MGJkYzU4
LzEvM203UVY1d18wbE5aZnNndkNUa1JHNm5ZeUkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTAZMA0G
CSqGSIb3DQEBCwUAA4IBAQAx6bwjoHgcRy047EXSHIqVwSz0nzrHloC3w+4W2yNd
NAXrZ6MsiT+GFgAjKJS0JpPzU9DG/yHc7cw0YSq9dACNGwd76CKkpQAt4aniU4fz
MZmS+qBh5S7kXpLbxUgGnZwmWksSU6CcfK5CrP/8uw6stTLj/X8jUWyAOz268X0D
mk9NS3kTZ+/EPhsWhJ3/zaKjxtdYEihq9lgL2NzghzcXDm121pQDbzktMPlsYrGx
VlNJQaYCgBIVUma89dDXBGKxRhZp3SOxSAPmrSBdj0B7jlkBcppfyWM70YOsohnt
qUmTkTuaRElVcwJ7RTcTKuZHdDN25mmBJ9luv8bdV+r/
-----END CERTIFICATE-----