Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/JO75FcOg5WgA7AYNDrzWEruX8C4.roa
File:                     JO75FcOg5WgA7AYNDrzWEruX8C4.roa (raw, json)
Hash identifier:          QwjB4oRnre2BbbOJTtoqc7DJW58Ng2NQpcG9tJe080I=
Subject key identifier:   24:EE:F9:15:C3:A0:E5:68:00:EC:06:0D:0E:BC:D6:12:BB:97:F0:2E
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       018CC727752A6B7CB29505FD9F74E38D51A4
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/JO75FcOg5WgA7AYNDrzWEruX8C4.roa
Signing time:             Mon 01 Jan 2024 22:31:41 +0000
ROA not before:           Mon 01 Jan 2024 22:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34849
IP address blocks:        80.250.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:75:2a:6b:7c:b2:95:05:fd:9f:74:e3:8d:51:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 22:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24eef915c3a0e56800ec060d0ebcd612bb97f02e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:aa:b3:07:2f:fc:9c:80:eb:7c:2e:8e:c1:5e:
                    6b:d5:6a:8c:4c:03:d0:14:c5:8d:04:65:9a:86:6a:
                    80:01:90:38:19:28:dd:72:b9:84:e3:6b:8a:0b:8f:
                    96:3e:ae:50:48:d1:3b:2d:73:74:1f:68:e4:00:61:
                    b5:6b:1e:6d:d2:87:fc:9b:a9:02:93:21:f3:0b:87:
                    17:69:f7:99:c3:8b:6a:99:b2:aa:b8:34:f2:58:f9:
                    db:63:50:60:eb:af:7c:af:e5:f9:72:0b:4a:7e:3c:
                    9d:6d:b0:4e:9f:af:8b:ef:e6:61:17:f4:e4:d4:96:
                    a4:56:68:35:6f:73:ee:ac:20:ed:23:23:cd:93:b0:
                    ac:bd:d6:76:c0:e3:af:44:a3:cd:af:ed:0e:fc:31:
                    cb:bc:a5:7d:d8:3e:c6:d5:e1:fc:0c:1d:42:d1:56:
                    05:42:0d:a5:b5:82:56:48:4f:f2:cb:0b:97:8e:07:
                    3a:83:3c:e9:6f:af:50:2a:39:42:4e:d2:04:de:8f:
                    72:00:a3:ee:3c:61:24:b0:45:94:6f:46:12:d2:91:
                    1d:1d:45:ca:4d:db:bf:1a:16:20:01:9f:f8:da:e2:
                    d8:72:5a:9c:bf:58:1b:66:13:09:65:de:0f:c4:38:
                    ed:a4:80:df:ab:94:e4:02:ef:c2:e2:d7:5e:e2:e0:
                    78:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:EE:F9:15:C3:A0:E5:68:00:EC:06:0D:0E:BC:D6:12:BB:97:F0:2E
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/JO75FcOg5WgA7AYNDrzWEruX8C4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.250.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:c7:93:ea:29:a1:dd:ee:db:74:47:49:da:fb:c5:60:a4:d8:
         5a:5c:9f:de:a6:45:6e:14:21:35:57:bb:f4:4d:7f:c7:32:69:
         74:28:6d:bc:40:f2:ea:08:76:65:1b:76:c7:3d:60:8b:30:7d:
         36:86:5a:fe:eb:94:27:b0:91:54:a6:9c:0a:0f:58:ec:da:fe:
         7e:57:c5:4c:88:56:14:fd:5b:18:be:a0:25:6f:fb:c1:2a:0e:
         4a:ce:29:e7:84:6c:c7:ef:e5:9c:1e:cf:88:02:44:75:5c:e7:
         06:66:08:76:d2:0a:d0:f1:93:c5:fb:02:90:47:4b:82:ef:78:
         c4:d7:8b:b3:1c:a0:ce:93:b3:ea:90:b2:eb:67:ec:cd:4c:c8:
         ab:e4:40:29:ed:2a:45:de:0c:b5:af:48:48:20:b6:6c:fb:28:
         8a:77:3a:a2:21:50:15:cf:8c:d1:a7:2d:0c:4a:fa:a7:55:bb:
         8c:7c:9d:7f:d5:0c:c5:e2:89:61:1e:04:e0:6e:bd:b8:6e:0f:
         31:90:3d:08:4f:70:ef:93:e2:00:75:80:bb:70:c1:6d:bf:fb:
         7a:fb:e4:7b:ec:3c:d6:a4:c4:cd:ad:04:7b:09:ed:89:3b:a6:
         b4:73:cd:16:cf:f4:7e:a7:95:73:9c:5b:31:24:3a:3a:1b:2e:
         7c:03:70:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ3Uqa3yylQX9n3TjjVGkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwMTAxMjIzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGVlZjkxNWMzYTBlNTY4MDBlYzA2MGQwZWJjZDYxMmJiOTdmMDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiaqzBy/8nIDrfC6OwV5r1WqMTAPQ
FMWNBGWahmqAAZA4GSjdcrmE42uKC4+WPq5QSNE7LXN0H2jkAGG1ax5t0of8m6kC
kyHzC4cXafeZw4tqmbKquDTyWPnbY1Bg6698r+X5cgtKfjydbbBOn6+L7+ZhF/Tk
1JakVmg1b3PurCDtIyPNk7CsvdZ2wOOvRKPNr+0O/DHLvKV92D7G1eH8DB1C0VYF
Qg2ltYJWSE/yywuXjgc6gzzpb69QKjlCTtIE3o9yAKPuPGEksEWUb0YS0pEdHUXK
Tdu/GhYgAZ/42uLYclqcv1gbZhMJZd4PxDjtpIDfq5TkAu/C4tde4uB4eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCTu+RXDoOVoAOwGDQ681hK7l/AuMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvSk83NUZjT2c1V2dBN0FZTkRyeldFcnVYOEM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPquMA0G
CSqGSIb3DQEBCwUAA4IBAQBtx5PqKaHd7tt0R0na+8VgpNhaXJ/epkVuFCE1V7v0
TX/HMml0KG28QPLqCHZlG3bHPWCLMH02hlr+65QnsJFUppwKD1js2v5+V8VMiFYU
/VsYvqAlb/vBKg5KzinnhGzH7+WcHs+IAkR1XOcGZgh20grQ8ZPF+wKQR0uC73jE
14uzHKDOk7PqkLLrZ+zNTMir5EAp7SpF3gy1r0hIILZs+yiKdzqiIVAVz4zRpy0M
SvqnVbuMfJ1/1QzF4olhHgTgbr24bg8xkD0IT3Dvk+IAdYC7cMFtv/t6++R77DzW
pMTNrQR7Ce2JO6a0c80Wz/R+p5VznFsxJDo6Gy58A3Dc
-----END CERTIFICATE-----