Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OwrvHTH0Vy_NiW387iWXoxewTeg.roa
File:                     OwrvHTH0Vy_NiW387iWXoxewTeg.roa (raw, json)
Hash identifier:          meHl17dQ+2IxWkNnTgyLRcfq0yCwg8zjNwVA3hz2YnE=
Subject key identifier:   3B:0A:EF:1D:31:F4:57:2F:CD:89:6D:FC:EE:25:97:A3:17:B0:4D:E8
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019034A5B934D7B9B9ABDF3059F1B43BF376
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OwrvHTH0Vy_NiW387iWXoxewTeg.roa
Signing time:             Thu 20 Jun 2024 07:56:34 +0000
ROA not before:           Thu 20 Jun 2024 07:56:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44559
IP address blocks:        85.142.192.0/20 maxlen: 24
                          85.142.216.0/21 maxlen: 24
                          85.142.224.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:34:a5:b9:34:d7:b9:b9:ab:df:30:59:f1:b4:3b:f3:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jun 20 07:56:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b0aef1d31f4572fcd896dfcee2597a317b04de8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:16:2d:5b:a6:ce:4b:fa:93:e8:ff:dd:0f:f0:
                    64:9e:34:a6:9a:b4:01:db:23:2b:d7:ce:d5:c1:df:
                    64:d7:33:f8:a4:f2:45:c1:4d:81:f6:91:07:aa:e6:
                    09:d6:2e:80:81:7a:7c:f0:6e:7e:99:76:8d:30:8e:
                    aa:40:0e:49:ee:49:85:51:63:ec:e2:3f:e8:dc:b9:
                    a2:52:63:f4:6b:61:b8:c1:5c:5b:ba:c0:3d:f5:fb:
                    ae:8b:52:d9:32:ba:f9:ad:d3:74:d7:2e:78:fe:1d:
                    78:8c:58:87:de:4a:bb:0c:74:3c:0b:76:80:dc:c4:
                    ac:fa:b8:38:ec:da:e4:4e:05:f0:cf:eb:d1:56:fd:
                    11:b0:8d:44:32:a2:98:f7:d5:24:f1:c0:89:75:79:
                    f3:1f:f3:1c:4a:23:03:f1:f6:c8:c5:42:fb:2e:59:
                    da:fa:b3:9b:97:2b:f2:99:5e:7c:ad:a1:ea:f1:74:
                    3b:6d:11:63:12:9b:1c:7f:e1:b9:27:20:80:93:ef:
                    46:42:4e:d8:07:8f:8c:23:76:ac:dd:3c:f7:6a:7a:
                    8d:d1:1a:3b:cf:3f:05:08:ef:7c:e7:57:37:d7:26:
                    ce:4a:90:94:90:f9:72:85:4c:04:2f:55:42:e9:f3:
                    e8:b8:9c:34:02:f0:66:7a:d7:ff:90:ac:57:b9:16:
                    43:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:0A:EF:1D:31:F4:57:2F:CD:89:6D:FC:EE:25:97:A3:17:B0:4D:E8
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OwrvHTH0Vy_NiW387iWXoxewTeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.142.192.0/20
                  85.142.216.0-85.142.239.255

    Signature Algorithm: sha256WithRSAEncryption
         37:6e:76:70:06:06:8e:b5:b0:3c:93:f5:1d:9e:1d:8c:88:49:
         02:90:b1:34:ed:f1:35:db:56:e2:3c:47:fb:8e:a6:23:f1:8b:
         11:c8:41:3f:f2:4d:41:5d:43:d2:44:f0:05:61:69:98:c0:47:
         e3:4f:16:f8:f9:50:9c:e4:ae:94:62:aa:36:dc:62:4e:ef:a5:
         60:03:bf:99:92:ee:4b:47:be:ba:d0:58:54:cf:d1:b9:bc:c9:
         d4:44:8d:0d:b8:ef:4b:2c:26:06:f7:23:dd:90:e8:a2:32:ae:
         76:24:54:bb:eb:58:ce:4f:26:6f:2b:4d:db:a8:16:34:b8:af:
         93:1b:fe:e0:89:5e:54:38:2a:9a:d1:71:f7:c2:72:34:5d:1f:
         9c:12:65:c4:6b:f0:02:bc:40:1f:85:80:b2:5a:42:7f:49:af:
         db:ed:ea:24:66:bc:da:36:b1:f6:60:40:17:02:d7:0e:67:1c:
         d4:c2:11:3a:c7:22:5e:41:c7:01:c5:f7:bb:56:ec:1b:b2:bd:
         06:d1:e5:9c:9d:85:8b:64:78:d2:1a:f5:b9:e7:1d:80:15:06:
         bf:19:14:7c:82:f7:89:20:a0:87:0e:bc:cf:4e:0a:2b:a7:93:
         38:7a:44:fd:bd:f8:2c:de:0f:4a:7b:29:15:35:5a:c9:6a:4f:
         d4:d3:74:7a
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZA0pbk017m5q98wWfG0O/N2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwNjIwMDc1NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjBhZWYxZDMxZjQ1NzJmY2Q4OTZkZmNlZTI1OTdhMzE3YjA0ZGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhYtW6bOS/qT6P/dD/BknjSmmrQB
2yMr187Vwd9k1zP4pPJFwU2B9pEHquYJ1i6AgXp88G5+mXaNMI6qQA5J7kmFUWPs
4j/o3LmiUmP0a2G4wVxbusA99fuui1LZMrr5rdN01y54/h14jFiH3kq7DHQ8C3aA
3MSs+rg47NrkTgXwz+vRVv0RsI1EMqKY99Uk8cCJdXnzH/McSiMD8fbIxUL7Llna
+rOblyvymV58raHq8XQ7bRFjEpscf+G5JyCAk+9GQk7YB4+MI3as3Tz3anqN0Ro7
zz8FCO9851c31ybOSpCUkPlyhUwEL1VC6fPouJw0AvBmetf/kKxXuRZD+wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDsK7x0x9FcvzYlt/O4ll6MXsE3oMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvT3dydkhUSDBWeV9OaVczODdpV1hveGV3VGVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQEVY7AMAwD
BANVjtgDBARVjuAwDQYJKoZIhvcNAQELBQADggEBADdudnAGBo61sDyT9R2eHYyI
SQKQsTTt8TXbVuI8R/uOpiPxixHIQT/yTUFdQ9JE8AVhaZjAR+NPFvj5UJzkrpRi
qjbcYk7vpWADv5mS7ktHvrrQWFTP0bm8ydREjQ2470ssJgb3I92Q6KIyrnYkVLvr
WM5PJm8rTduoFjS4r5Mb/uCJXlQ4KprRcffCcjRdH5wSZcRr8AK8QB+FgLJaQn9J
r9vt6iRmvNo2sfZgQBcC1w5nHNTCETrHIl5BxwHF97tW7BuyvQbR5ZydhYtkeNIa
9bnnHYAVBr8ZFHyC94kgoIcOvM9OCiunkzh6RP29+CzeD0p7KRU1WslqT9TTdHo=
-----END CERTIFICATE-----