Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/02cccd-0433-4330-981c-c672d673686f/1/7Jd8JTwiZV3jQ8G4vpdk_-fPHjE.roa
File:                     7Jd8JTwiZV3jQ8G4vpdk_-fPHjE.roa (raw, json)
Hash identifier:          9rC9jsdtHvI+Ft1jr5mX5gWpzX7Ed3WmeLAiReU6GwE=
Subject key identifier:   EC:97:7C:25:3C:22:65:5D:E3:43:C1:B8:BE:97:64:FF:E7:CF:1E:31
Certificate issuer:       /CN=579353cb42e0c4fba5cae253a5768bc1f2465b99
Certificate serial:       018CC2DABEDA1470275F2486FD3912FA0A18
Authority key identifier: 57:93:53:CB:42:E0:C4:FB:A5:CA:E2:53:A5:76:8B:C1:F2:46:5B:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V5NTy0LgxPulyuJTpXaLwfJGW5k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/02cccd-0433-4330-981c-c672d673686f/1/7Jd8JTwiZV3jQ8G4vpdk_-fPHjE.roa
Signing time:             Mon 01 Jan 2024 02:29:24 +0000
ROA not before:           Mon 01 Jan 2024 02:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48728
IP address blocks:        185.25.12.0/23 maxlen: 23
                          185.25.14.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/02cccd-0433-4330-981c-c672d673686f/1/V5NTy0LgxPulyuJTpXaLwfJGW5k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/02cccd-0433-4330-981c-c672d673686f/1/V5NTy0LgxPulyuJTpXaLwfJGW5k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V5NTy0LgxPulyuJTpXaLwfJGW5k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:be:da:14:70:27:5f:24:86:fd:39:12:fa:0a:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=579353cb42e0c4fba5cae253a5768bc1f2465b99
        Validity
            Not Before: Jan  1 02:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec977c253c22655de343c1b8be9764ffe7cf1e31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:93:92:12:09:9a:b9:3c:91:f9:5c:e5:8d:8d:
                    c8:11:b7:97:4b:6a:22:30:98:b6:07:aa:11:15:a1:
                    50:19:18:d5:af:3c:49:2c:17:3b:86:ac:75:e8:70:
                    39:59:5d:15:50:d0:dd:c9:39:c9:06:74:3b:bc:83:
                    1e:a4:8b:09:70:c6:f2:ab:df:72:90:4e:9c:9e:4d:
                    cc:1c:84:ac:e3:5f:64:4c:51:6c:59:d1:6f:94:f4:
                    b0:ad:9d:15:e0:21:ff:64:a5:00:72:13:3f:96:75:
                    5f:2a:25:0b:10:15:7e:66:28:c7:5b:80:4e:f8:61:
                    87:8f:69:b7:73:3d:cf:7b:e1:c1:2d:ad:ea:74:aa:
                    96:5c:01:0e:4a:4d:65:db:06:dc:86:4f:72:5c:9e:
                    f5:02:55:43:d5:65:02:be:a5:66:0e:55:eb:a6:9c:
                    17:c2:57:75:cc:ad:b8:2e:ba:84:90:7e:2d:0b:ae:
                    f8:54:fd:a5:8c:38:90:6f:8d:a9:1c:38:b3:5c:1b:
                    c8:9f:35:51:d7:d3:8e:67:5a:b2:49:48:51:a4:c2:
                    f1:5a:80:48:4e:52:62:65:0c:06:2b:14:e8:47:b2:
                    82:2c:98:4e:d7:64:61:2f:f3:0b:96:07:a2:af:80:
                    5a:bc:f5:2f:17:ce:ac:cb:96:d8:62:4d:17:4f:a3:
                    c9:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:97:7C:25:3C:22:65:5D:E3:43:C1:B8:BE:97:64:FF:E7:CF:1E:31
            X509v3 Authority Key Identifier:
                keyid:57:93:53:CB:42:E0:C4:FB:A5:CA:E2:53:A5:76:8B:C1:F2:46:5B:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V5NTy0LgxPulyuJTpXaLwfJGW5k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/02cccd-0433-4330-981c-c672d673686f/1/7Jd8JTwiZV3jQ8G4vpdk_-fPHjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/02cccd-0433-4330-981c-c672d673686f/1/V5NTy0LgxPulyuJTpXaLwfJGW5k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:9c:f8:21:8a:54:93:58:04:3f:af:64:c9:27:c7:37:b6:8d:
         d1:7e:1f:81:b6:30:af:be:18:bc:34:91:fa:d0:a7:e6:c2:be:
         8a:b1:04:27:f5:a1:81:7f:3f:a1:57:85:b1:a1:94:d9:38:8b:
         7e:94:04:79:95:67:cc:39:16:3c:e9:6d:41:ab:47:b5:2e:2a:
         86:8f:2a:cc:e6:aa:0a:5a:ab:1c:ec:89:7e:33:8d:96:05:a6:
         f6:21:22:2b:b3:fb:92:f4:99:e9:1c:3a:e2:c7:ce:99:0a:22:
         bf:59:1c:9b:e2:a4:86:88:10:4f:8f:08:f3:0b:00:54:ce:1d:
         43:38:f6:26:bf:e3:56:fc:df:c6:50:e7:d2:74:4c:3f:a5:1d:
         da:c0:ae:38:e5:bd:34:c6:7e:a5:cc:c3:8d:6e:5b:8f:76:65:
         80:4c:01:e2:28:33:30:2d:f0:ba:2e:35:bd:7b:28:08:9a:2c:
         56:aa:10:80:a8:82:8e:34:c0:45:9d:7a:4f:c1:c8:82:bf:b5:
         ac:20:4c:cf:f9:11:b6:4a:4e:c5:13:0f:1e:b4:e1:c7:e1:6e:
         f7:22:9d:4e:c8:6b:71:0f:e6:aa:83:d4:6c:88:1a:ee:e9:e0:
         86:ce:86:a5:69:d1:95:aa:3a:e4:1d:fe:34:dd:d3:d4:77:62:
         07:8e:ea:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2r7aFHAnXySG/TkS+goYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3OTM1M2NiNDJlMGM0ZmJhNWNhZTI1M2E1NzY4YmMxZjI0
NjViOTkwHhcNMjQwMTAxMDIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzk3N2MyNTNjMjI2NTVkZTM0M2MxYjhiZTk3NjRmZmU3Y2YxZTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgZOSEgmauTyR+VzljY3IEbeXS2oi
MJi2B6oRFaFQGRjVrzxJLBc7hqx16HA5WV0VUNDdyTnJBnQ7vIMepIsJcMbyq99y
kE6cnk3MHISs419kTFFsWdFvlPSwrZ0V4CH/ZKUAchM/lnVfKiULEBV+ZijHW4BO
+GGHj2m3cz3Pe+HBLa3qdKqWXAEOSk1l2wbchk9yXJ71AlVD1WUCvqVmDlXrppwX
wld1zK24LrqEkH4tC674VP2ljDiQb42pHDizXBvInzVR19OOZ1qySUhRpMLxWoBI
TlJiZQwGKxToR7KCLJhO12RhL/MLlgeir4BavPUvF86sy5bYYk0XT6PJ1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOyXfCU8ImVd40PBuL6XZP/nzx4xMB8GA1UdIwQY
MBaAFFeTU8tC4MT7pcriU6V2i8HyRluZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjVOVHkwTGd4UHVseXVKVHBYYUx3ZkpHVzVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8wMmNjY2QtMDQzMy00MzMwLTk4MWMt
YzY3MmQ2NzM2ODZmLzEvN0pkOEpUd2laVjNqUThHNHZwZGtfLWZQSGpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8wMmNjY2QtMDQzMy00MzMwLTk4MWMtYzY3MmQ2NzM2ODZm
LzEvVjVOVHkwTGd4UHVseXVKVHBYYUx3ZkpHVzVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRkMMA0G
CSqGSIb3DQEBCwUAA4IBAQAcnPghilSTWAQ/r2TJJ8c3to3Rfh+BtjCvvhi8NJH6
0Kfmwr6KsQQn9aGBfz+hV4WxoZTZOIt+lAR5lWfMORY86W1Bq0e1LiqGjyrM5qoK
Wqsc7Il+M42WBab2ISIrs/uS9JnpHDrix86ZCiK/WRyb4qSGiBBPjwjzCwBUzh1D
OPYmv+NW/N/GUOfSdEw/pR3awK445b00xn6lzMONbluPdmWATAHiKDMwLfC6LjW9
eygImixWqhCAqIKONMBFnXpPwciCv7WsIEzP+RG2Sk7FEw8etOHH4W73Ip1OyGtx
D+aqg9RsiBru6eCGzoaladGVqjrkHf403dPUd2IHjupP
-----END CERTIFICATE-----