Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/9tx-RjuJQFz0_kC6cHLDv4JY34o.roa
File:                     9tx-RjuJQFz0_kC6cHLDv4JY34o.roa (raw, json)
Hash identifier:          gtOACnPZXMBr9O3cS5fUigaP4lki+dDW4Fhx0EZvDXc=
Subject key identifier:   F6:DC:7E:46:3B:89:40:5C:F4:FE:40:BA:70:72:C3:BF:82:58:DF:8A
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       018CC7277C5489B5A9B500F7A290B18FD88C
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/9tx-RjuJQFz0_kC6cHLDv4JY34o.roa
Signing time:             Mon 01 Jan 2024 22:31:42 +0000
ROA not before:           Mon 01 Jan 2024 22:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202974
IP address blocks:        85.143.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:7c:54:89:b5:a9:b5:00:f7:a2:90:b1:8f:d8:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 22:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6dc7e463b89405cf4fe40ba7072c3bf8258df8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:cc:f8:ec:77:54:15:b9:83:e0:e3:b5:19:98:
                    c2:00:6c:15:f1:75:67:ff:a3:2d:49:ab:1e:66:4e:
                    be:69:20:49:c9:ea:be:ce:e0:5a:42:12:ca:db:3e:
                    95:06:10:14:13:d6:e3:b1:63:7e:f1:71:7a:94:50:
                    a8:e9:92:f5:54:a9:3f:92:07:d3:cf:f3:80:35:5d:
                    97:cd:13:2c:c4:4c:ce:90:70:f5:22:25:8f:3f:d5:
                    60:4b:83:c2:27:26:e4:ce:c4:6b:0b:cf:f3:da:2a:
                    19:c9:26:68:fe:a4:d0:6f:19:35:d0:47:5c:57:38:
                    c0:3f:dd:b8:4c:1d:45:10:8c:81:8b:56:99:27:14:
                    2a:e2:49:f2:a0:86:ab:a1:fe:87:0e:72:b3:db:18:
                    58:2e:03:4a:af:1d:35:96:71:e0:43:13:40:96:bd:
                    b4:f5:3b:d1:5d:44:84:cd:0d:d7:d4:b1:26:0a:cf:
                    b8:3b:f1:1d:a0:c0:71:37:0e:86:06:95:2a:53:0c:
                    81:9d:58:6b:05:8c:5e:40:c4:0c:7c:d1:bb:dd:47:
                    41:4a:ca:a6:a7:83:d3:c3:44:9a:99:ff:9c:3e:94:
                    17:75:8f:77:dc:e0:fb:97:4b:87:67:e4:99:4e:8e:
                    c2:f5:3c:67:8e:04:31:f8:a1:c4:8f:6a:19:94:b9:
                    d1:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:DC:7E:46:3B:89:40:5C:F4:FE:40:BA:70:72:C3:BF:82:58:DF:8A
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/9tx-RjuJQFz0_kC6cHLDv4JY34o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:ed:fc:24:4d:89:b8:8d:16:4a:f0:17:cb:71:61:1e:e3:a5:
         c5:4f:04:34:f7:cd:d5:38:2f:ec:2d:f6:df:4c:11:3e:fb:aa:
         36:2b:ad:49:58:4d:14:ea:e7:ef:fa:f3:a9:ec:f9:0d:3a:13:
         d5:10:51:67:b7:95:78:09:63:59:c6:2c:f3:c0:4b:a8:89:74:
         32:1a:15:73:de:6a:a3:d7:a4:19:f9:8c:9d:ae:37:d6:2c:fa:
         05:94:d0:7d:68:ac:5c:e6:ef:e1:a4:0b:79:54:fb:25:b5:0b:
         61:1e:97:3a:ec:a2:5f:d3:c3:6d:ed:5e:f1:2e:1e:74:1b:50:
         39:1c:2b:2c:6c:f1:89:30:d8:79:b1:38:88:6c:92:95:2d:8d:
         ee:b9:6b:06:cd:0d:60:04:c6:46:26:a1:16:60:04:f5:16:ac:
         19:d6:33:d1:20:4b:bd:68:d8:f6:09:d9:09:7b:9b:50:e1:28:
         48:0c:3d:3d:3c:9d:83:6f:25:eb:cd:2e:39:e5:a5:6c:c3:e4:
         2a:29:eb:e8:81:29:9d:f2:a6:aa:e6:45:31:d4:aa:26:23:15:
         70:e6:27:71:85:de:71:bb:ae:6e:0a:fa:9a:4e:5f:0a:ef:99:
         fe:b0:6e:cf:31:c2:f7:b1:8f:1c:e6:1c:c4:1d:1f:e1:85:7b:
         93:30:ee:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ3xUibWptQD3opCxj9iMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwMTAxMjIzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmRjN2U0NjNiODk0MDVjZjRmZTQwYmE3MDcyYzNiZjgyNThkZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+8z47HdUFbmD4OO1GZjCAGwV8XVn
/6MtSaseZk6+aSBJyeq+zuBaQhLK2z6VBhAUE9bjsWN+8XF6lFCo6ZL1VKk/kgfT
z/OANV2XzRMsxEzOkHD1IiWPP9VgS4PCJybkzsRrC8/z2ioZySZo/qTQbxk10Edc
VzjAP924TB1FEIyBi1aZJxQq4knyoIarof6HDnKz2xhYLgNKrx01lnHgQxNAlr20
9TvRXUSEzQ3X1LEmCs+4O/EdoMBxNw6GBpUqUwyBnVhrBYxeQMQMfNG73UdBSsqm
p4PTw0Samf+cPpQXdY933OD7l0uHZ+SZTo7C9TxnjgQx+KHEj2oZlLnRqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPbcfkY7iUBc9P5AunByw7+CWN+KMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvOXR4LVJqdUpRRnowX2tDNmNITER2NEpZMzRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVY/5MA0G
CSqGSIb3DQEBCwUAA4IBAQBu7fwkTYm4jRZK8BfLcWEe46XFTwQ0983VOC/sLfbf
TBE++6o2K61JWE0U6ufv+vOp7PkNOhPVEFFnt5V4CWNZxizzwEuoiXQyGhVz3mqj
16QZ+YydrjfWLPoFlNB9aKxc5u/hpAt5VPsltQthHpc67KJf08Nt7V7xLh50G1A5
HCssbPGJMNh5sTiIbJKVLY3uuWsGzQ1gBMZGJqEWYAT1FqwZ1jPRIEu9aNj2CdkJ
e5tQ4ShIDD09PJ2DbyXrzS455aVsw+QqKevogSmd8qaq5kUx1KomIxVw5idxhd5x
u65uCvqaTl8K75n+sG7PMcL3sY8c5hzEHR/hhXuTMO6y
-----END CERTIFICATE-----