Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/dFZMO2VP4AqySbEQh3NK_Is5BKQ.roa
File:                     dFZMO2VP4AqySbEQh3NK_Is5BKQ.roa (raw, json)
Hash identifier:          ROKbXrppvP4A8pHGDyWRJNx07Y7g4bd+83JBnGx3icI=
Subject key identifier:   74:56:4C:3B:65:4F:E0:0A:B2:49:B1:10:87:73:4A:FC:8B:39:04:A4
Certificate issuer:       /CN=e5a83b40b3f4d7d31fb3368dafaca1199a449892
Certificate serial:       019423D6A1AD7A51B578A315047F4C39B6E0
Authority key identifier: E5:A8:3B:40:B3:F4:D7:D3:1F:B3:36:8D:AF:AC:A1:19:9A:44:98:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5ag7QLP019MfszaNr6yhGZpEmJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/dFZMO2VP4AqySbEQh3NK_Is5BKQ.roa
Signing time:             Wed 01 Jan 2025 21:47:36 +0000
ROA not before:           Wed 01 Jan 2025 21:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47857
IP address blocks:        185.25.8.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/5ag7QLP019MfszaNr6yhGZpEmJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/5ag7QLP019MfszaNr6yhGZpEmJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5ag7QLP019MfszaNr6yhGZpEmJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:a1:ad:7a:51:b5:78:a3:15:04:7f:4c:39:b6:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5a83b40b3f4d7d31fb3368dafaca1199a449892
        Validity
            Not Before: Jan  1 21:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74564c3b654fe00ab249b11087734afc8b3904a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:55:97:cd:e2:78:ad:fe:d7:2d:ef:da:53:c5:
                    5f:4c:2f:47:e8:64:8e:5e:e2:4c:0c:b0:1f:62:18:
                    09:15:85:2b:c4:04:0c:cf:59:61:fc:5b:b2:38:72:
                    31:16:f7:7d:c8:e9:51:20:c9:0a:78:a2:0d:c8:1f:
                    eb:d0:aa:e9:3d:6a:25:99:c5:24:4c:91:e5:5a:2a:
                    34:27:87:f0:e0:c3:81:d4:4a:06:a3:b2:a8:4c:90:
                    21:99:e8:0a:c3:08:97:ad:63:58:9d:ec:40:55:11:
                    1b:85:06:d1:22:2d:f4:99:1e:f8:24:32:05:5b:f9:
                    5f:4c:ef:f7:96:e5:e8:c6:de:b1:1c:b7:b5:dc:e0:
                    c6:9b:9d:b8:a5:03:71:55:8b:82:0e:47:e6:8b:54:
                    f2:64:63:15:61:be:84:1c:5e:0d:51:3c:e3:56:87:
                    5d:2e:fe:df:f6:71:2c:f9:c0:10:60:e1:26:a7:2b:
                    77:30:3b:ea:4a:ee:20:3b:ec:4f:81:02:99:4e:2b:
                    5c:c2:85:2f:b5:d7:27:d7:a9:46:ff:00:31:94:a4:
                    b0:32:98:22:b1:32:cb:72:93:00:90:65:88:e5:d2:
                    6b:bf:69:d3:39:68:d9:ff:3a:09:f7:78:c2:7a:36:
                    0a:45:d3:4a:2f:94:28:f5:d6:4a:b9:15:79:97:e8:
                    90:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:56:4C:3B:65:4F:E0:0A:B2:49:B1:10:87:73:4A:FC:8B:39:04:A4
            X509v3 Authority Key Identifier:
                keyid:E5:A8:3B:40:B3:F4:D7:D3:1F:B3:36:8D:AF:AC:A1:19:9A:44:98:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5ag7QLP019MfszaNr6yhGZpEmJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/dFZMO2VP4AqySbEQh3NK_Is5BKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/5ag7QLP019MfszaNr6yhGZpEmJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:30:0b:8a:b6:2f:8b:b9:31:38:d6:63:00:58:8a:40:cc:51:
         c3:99:1d:1a:1e:bd:c2:28:04:a7:65:3a:18:9a:53:c8:9c:db:
         1a:85:aa:d4:4c:88:39:a6:1e:39:78:72:5f:11:bc:93:75:8b:
         c2:53:12:4d:b5:45:eb:e5:46:35:b0:93:b7:02:94:f4:b9:82:
         a4:35:4a:85:1d:ec:e0:e7:a1:2a:87:0b:5b:98:28:93:2f:7c:
         43:46:ac:51:50:53:21:55:0b:8b:f3:16:77:41:58:f2:7f:d3:
         63:92:ac:21:37:14:47:26:ae:19:c8:d8:14:45:0e:fc:b6:0d:
         aa:8d:51:3b:16:65:95:43:ff:a7:b2:1e:5e:3f:69:84:9b:8f:
         13:4c:71:5b:21:4a:15:00:a5:9d:f6:62:31:78:de:b5:8f:3b:
         85:f9:0e:9b:f8:aa:09:9e:43:69:32:6c:d9:af:c5:8b:c9:16:
         a1:2f:cb:64:16:5f:17:03:93:89:17:08:84:0e:74:21:cc:0f:
         f0:2c:1f:27:ef:81:74:88:75:98:6b:87:04:90:c3:d4:71:c0:
         85:1e:37:3b:59:6d:1c:9a:c4:67:9a:46:52:73:41:c7:a9:a0:
         b4:f4:93:d2:aa:45:d3:83:a6:31:75:71:dc:bb:2c:41:85:43:
         46:ba:ee:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1qGtelG1eKMVBH9MObbgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YTgzYjQwYjNmNGQ3ZDMxZmIzMzY4ZGFmYWNhMTE5OWE0
NDk4OTIwHhcNMjUwMTAxMjE0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDU2NGMzYjY1NGZlMDBhYjI0OWIxMTA4NzczNGFmYzhiMzkwNGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1WXzeJ4rf7XLe/aU8VfTC9H6GSO
XuJMDLAfYhgJFYUrxAQMz1lh/FuyOHIxFvd9yOlRIMkKeKINyB/r0KrpPWolmcUk
TJHlWio0J4fw4MOB1EoGo7KoTJAhmegKwwiXrWNYnexAVREbhQbRIi30mR74JDIF
W/lfTO/3luXoxt6xHLe13ODGm524pQNxVYuCDkfmi1TyZGMVYb6EHF4NUTzjVodd
Lv7f9nEs+cAQYOEmpyt3MDvqSu4gO+xPgQKZTitcwoUvtdcn16lG/wAxlKSwMpgi
sTLLcpMAkGWI5dJrv2nTOWjZ/zoJ93jCejYKRdNKL5Qo9dZKuRV5l+iQ2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHRWTDtlT+AKskmxEIdzSvyLOQSkMB8GA1UdIwQY
MBaAFOWoO0Cz9NfTH7M2ja+soRmaRJiSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWFnN1FMUDAxOU1mc3phTnI2eWhHWnBFbUpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8yNGNhYjQtMDEyNS00MzgzLTg1ZmEt
M2QzODg2MDZkYTEyLzEvZEZaTU8yVlA0QXF5U2JFUWgzTktfSXM1QktRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8yNGNhYjQtMDEyNS00MzgzLTg1ZmEtM2QzODg2MDZkYTEy
LzEvNWFnN1FMUDAxOU1mc3phTnI2eWhHWnBFbUpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRkIMA0G
CSqGSIb3DQEBCwUAA4IBAQCDMAuKti+LuTE41mMAWIpAzFHDmR0aHr3CKASnZToY
mlPInNsaharUTIg5ph45eHJfEbyTdYvCUxJNtUXr5UY1sJO3ApT0uYKkNUqFHezg
56EqhwtbmCiTL3xDRqxRUFMhVQuL8xZ3QVjyf9NjkqwhNxRHJq4ZyNgURQ78tg2q
jVE7FmWVQ/+nsh5eP2mEm48TTHFbIUoVAKWd9mIxeN61jzuF+Q6b+KoJnkNpMmzZ
r8WLyRahL8tkFl8XA5OJFwiEDnQhzA/wLB8n74F0iHWYa4cEkMPUccCFHjc7WW0c
msRnmkZSc0HHqaC09JPSqkXTg6YxdXHcuyxBhUNGuu64
-----END CERTIFICATE-----