Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/V7Kfu9FDDrvJtwfTbVVk9aStW9U.roa
File:                     V7Kfu9FDDrvJtwfTbVVk9aStW9U.roa (raw, json)
Hash identifier:          6WmXk2ZROdRYhVU65ZS20A2lwlZWtuxXpEj+k4FlIOM=
Subject key identifier:   57:B2:9F:BB:D1:43:0E:BB:C9:B7:07:D3:6D:55:64:F5:A4:AD:5B:D5
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       018EDCF4625D7EC94379CC2043E7739137BB
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/V7Kfu9FDDrvJtwfTbVVk9aStW9U.roa
Signing time:             Sun 14 Apr 2024 14:13:07 +0000
ROA not before:           Sun 14 Apr 2024 14:13:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8790
IP address blocks:        194.85.172.0/23 maxlen: 24
                          195.209.248.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:dc:f4:62:5d:7e:c9:43:79:cc:20:43:e7:73:91:37:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Apr 14 14:13:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57b29fbbd1430ebbc9b707d36d5564f5a4ad5bd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:a3:fe:f5:f2:a0:7e:71:85:d9:0e:24:2d:b8:
                    3a:af:76:a0:86:59:5a:15:05:73:70:a1:98:eb:4b:
                    6a:9a:b5:3a:5d:07:42:28:05:69:3c:47:0d:7f:f0:
                    17:1d:ca:af:51:bc:23:80:c2:da:e2:a8:be:f7:a9:
                    8c:cf:47:4f:0c:0e:a2:04:be:5d:8c:ad:11:b3:22:
                    57:8b:32:e8:d6:77:e3:16:9b:fc:00:dd:62:a8:3a:
                    f9:86:64:71:4c:08:54:89:45:4f:07:9a:f5:c4:10:
                    c2:08:51:17:dc:ca:b0:e1:14:cc:ab:ce:ae:e3:88:
                    8e:23:49:71:3d:b7:bc:b5:b9:ba:f3:d2:0b:17:39:
                    20:ed:ee:29:1c:45:a4:05:1f:a3:ce:50:87:d8:7d:
                    59:cd:44:0f:ba:02:e1:15:d9:e1:f1:06:2f:6b:22:
                    ce:71:ba:0f:e9:2e:a1:7f:38:4f:15:00:6d:6c:ae:
                    3a:43:8c:78:4e:1e:9b:8a:19:5b:b1:95:6c:a2:57:
                    7e:08:23:0a:ac:b5:b2:45:bb:63:40:a9:04:4e:b2:
                    1c:94:48:7c:21:21:5f:bf:36:78:f2:14:b2:80:f7:
                    1a:67:70:85:ed:76:9d:de:ae:41:e3:7b:e9:ee:aa:
                    c8:ca:7d:59:c4:51:d6:73:1f:17:29:ed:9a:97:75:
                    8f:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:B2:9F:BB:D1:43:0E:BB:C9:B7:07:D3:6D:55:64:F5:A4:AD:5B:D5
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/V7Kfu9FDDrvJtwfTbVVk9aStW9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.85.172.0/23
                  195.209.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:dc:ae:97:e9:91:44:75:e7:01:c7:a2:e5:90:8a:cd:51:de:
         81:88:72:a8:2d:89:8e:e7:55:6c:5e:b0:82:b6:53:a5:c9:6e:
         67:8b:46:cf:8c:56:23:59:a2:e5:72:98:50:b0:ff:61:0d:c0:
         fb:52:ac:19:9f:16:89:1c:77:c2:54:bb:2d:f4:44:98:d7:aa:
         9c:9d:03:c1:a3:a2:e4:4e:d8:53:db:0f:e8:34:26:6e:0d:6a:
         55:29:0f:d4:88:0f:13:39:5d:9d:85:6c:ef:3f:23:3a:0f:51:
         0f:99:39:8d:26:ba:34:d1:78:9a:97:78:1a:45:a9:24:74:0c:
         75:ce:93:e3:8a:7d:24:00:99:55:40:d1:d6:58:36:26:e1:e0:
         45:69:f7:30:f7:2f:c2:2f:e6:25:a3:ae:e3:82:d9:32:98:22:
         2c:6a:e0:28:52:7c:53:13:a7:a7:ea:7e:f2:04:91:1f:a5:70:
         9f:cf:e4:e6:66:30:31:90:ff:1c:5f:24:27:e0:1a:cb:0a:e2:
         ae:38:2c:bd:9d:d0:63:00:04:32:1c:c6:cf:71:57:fb:43:f8:
         ad:07:cf:b2:ad:40:00:cd:44:8d:10:6a:dc:ab:3a:2b:b0:fb:
         b2:fb:74:e9:d2:37:e8:f1:6f:14:c4:7f:e7:7f:cf:06:70:43:
         fa:c6:2a:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7c9GJdfslDecwgQ+dzkTe7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwNDE0MTQxMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2IyOWZiYmQxNDMwZWJiYzliNzA3ZDM2ZDU1NjRmNWE0YWQ1YmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKP+9fKgfnGF2Q4kLbg6r3aghlla
FQVzcKGY60tqmrU6XQdCKAVpPEcNf/AXHcqvUbwjgMLa4qi+96mMz0dPDA6iBL5d
jK0RsyJXizLo1nfjFpv8AN1iqDr5hmRxTAhUiUVPB5r1xBDCCFEX3Mqw4RTMq86u
44iOI0lxPbe8tbm689ILFzkg7e4pHEWkBR+jzlCH2H1ZzUQPugLhFdnh8QYvayLO
cboP6S6hfzhPFQBtbK46Q4x4Th6bihlbsZVsold+CCMKrLWyRbtjQKkETrIclEh8
ISFfvzZ48hSygPcaZ3CF7Xad3q5B43vp7qrIyn1ZxFHWcx8XKe2al3WPuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFeyn7vRQw67ybcH021VZPWkrVvVMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvVjdLZnU5RkREcnZKdHdmVGJWVms5YVN0VzlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwlWsAwQB
w9H4MA0GCSqGSIb3DQEBCwUAA4IBAQB53K6X6ZFEdecBx6LlkIrNUd6BiHKoLYmO
51VsXrCCtlOlyW5ni0bPjFYjWaLlcphQsP9hDcD7UqwZnxaJHHfCVLst9ESY16qc
nQPBo6LkTthT2w/oNCZuDWpVKQ/UiA8TOV2dhWzvPyM6D1EPmTmNJro00Xial3ga
RakkdAx1zpPjin0kAJlVQNHWWDYm4eBFafcw9y/CL+Ylo67jgtkymCIsauAoUnxT
E6en6n7yBJEfpXCfz+TmZjAxkP8cXyQn4BrLCuKuOCy9ndBjAAQyHMbPcVf7Q/it
B8+yrUAAzUSNEGrcqzorsPuy+3Tp0jfo8W8UxH/nf88GcEP6xips
-----END CERTIFICATE-----