Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/Y7x6A4OVyOUHftH5CitKmaalg30.roa
File:                     Y7x6A4OVyOUHftH5CitKmaalg30.roa (raw, json)
Hash identifier:          UDY2SCcbm83PpI9OszTVdhBudX6h9UDiTDXktdLQ3lg=
Subject key identifier:   63:BC:7A:03:83:95:C8:E5:07:7E:D1:F9:0A:2B:4A:99:A6:A5:83:7D
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       0191468AB1864378D697BFFDC9AEA0760530
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/Y7x6A4OVyOUHftH5CitKmaalg30.roa
Signing time:             Mon 12 Aug 2024 12:23:00 +0000
ROA not before:           Mon 12 Aug 2024 12:23:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12389
IP address blocks:        82.137.176.0/20 maxlen: 21
                          194.149.70.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:46:8a:b1:86:43:78:d6:97:bf:fd:c9:ae:a0:76:05:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Aug 12 12:23:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63bc7a038395c8e5077ed1f90a2b4a99a6a5837d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:98:10:65:b8:a7:36:17:56:8c:0f:e3:81:6d:
                    a4:e6:09:f1:1d:21:9c:89:ef:cd:2c:91:9a:8e:1f:
                    c6:16:2b:5f:81:7c:08:63:26:32:e9:fd:ea:1a:60:
                    76:3b:38:3f:2e:65:0b:e2:46:09:c4:6b:c2:b6:d2:
                    5b:07:d0:26:48:a2:0a:b5:64:c3:23:d4:00:dd:e2:
                    c2:75:08:6f:3c:97:23:27:3a:1f:2c:c3:b8:00:9d:
                    9b:a6:22:dd:f3:f0:10:bc:d4:b0:8d:36:33:3b:5a:
                    39:33:ae:95:10:15:86:63:de:c5:fd:a1:13:61:ad:
                    86:e6:b9:ae:67:80:c8:98:0d:2e:70:5f:be:a9:e8:
                    65:a3:6a:76:b2:a6:3a:30:e7:11:d4:85:d2:54:5a:
                    9f:23:4c:aa:e3:50:1b:65:0d:63:a1:65:13:da:19:
                    65:9c:ea:f3:75:f1:ae:68:9a:4e:f2:08:a0:10:f4:
                    36:58:7a:04:70:5d:2d:a3:b1:df:6b:77:49:96:c3:
                    22:ed:6a:a9:a9:a7:79:7a:6f:77:7f:8f:80:0d:71:
                    ed:53:fd:5c:5a:5e:e2:25:7a:18:23:eb:94:69:d6:
                    35:f0:c9:e0:3e:17:66:4e:a9:48:06:2f:1a:8a:8b:
                    0c:68:1e:c9:62:00:c3:1e:a8:73:cc:3e:9b:6f:e2:
                    c2:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:BC:7A:03:83:95:C8:E5:07:7E:D1:F9:0A:2B:4A:99:A6:A5:83:7D
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/Y7x6A4OVyOUHftH5CitKmaalg30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.137.176.0/20
                  194.149.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         97:22:00:af:cc:b5:6b:52:3c:ea:ee:c3:c7:16:23:e8:b5:04:
         e6:53:df:f7:f7:0a:f7:30:d7:1e:7a:bd:ac:ad:9c:0a:43:20:
         dd:74:d9:b6:3d:3d:8c:02:6a:00:de:4e:57:93:5c:ac:f5:0a:
         fb:cd:46:1e:3c:d5:6d:5b:6d:d4:20:77:bd:1e:d2:ba:a2:c3:
         36:1b:d5:25:12:df:82:34:bf:32:49:2e:f6:da:eb:06:40:9c:
         0d:6a:56:61:49:af:a3:6b:c0:92:e4:25:27:c9:ed:11:00:12:
         7a:10:c2:b2:29:cd:e5:ac:54:97:d7:04:b3:86:c9:b2:dd:88:
         15:da:3b:73:b6:95:73:9a:52:f1:3e:86:cb:49:4a:ed:9f:86:
         d4:6d:90:e9:5d:7d:c7:38:0e:0d:00:63:1e:69:d7:8b:dc:31:
         73:4f:2a:fb:6a:e2:b3:38:39:e5:60:54:f8:40:fa:db:6e:a2:
         8e:01:7e:cc:6f:18:74:5b:1b:a3:a4:c2:80:c1:c6:93:9e:06:
         dc:97:db:0e:9b:8a:12:01:67:56:5e:c4:02:17:e2:2a:55:95:
         a8:03:ac:28:7b:cc:08:2d:3b:4a:e4:b6:2e:ac:94:d4:48:7d:
         12:c4:0d:4b:b1:8e:fa:8a:53:e0:17:0c:7d:00:18:ee:df:31:
         48:a7:de:f4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFGirGGQ3jWl7/9ya6gdgUwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwODEyMTIyMzAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2JjN2EwMzgzOTVjOGU1MDc3ZWQxZjkwYTJiNGE5OWE2YTU4MzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+5gQZbinNhdWjA/jgW2k5gnxHSGc
ie/NLJGajh/GFitfgXwIYyYy6f3qGmB2Ozg/LmUL4kYJxGvCttJbB9AmSKIKtWTD
I9QA3eLCdQhvPJcjJzofLMO4AJ2bpiLd8/AQvNSwjTYzO1o5M66VEBWGY97F/aET
Ya2G5rmuZ4DImA0ucF++qehlo2p2sqY6MOcR1IXSVFqfI0yq41AbZQ1joWUT2hll
nOrzdfGuaJpO8gigEPQ2WHoEcF0to7Hfa3dJlsMi7Wqpqad5em93f4+ADXHtU/1c
Wl7iJXoYI+uUadY18MngPhdmTqlIBi8aiosMaB7JYgDDHqhzzD6bb+LClwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGO8egODlcjlB37R+QorSpmmpYN9MB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvWTd4NkE0T1Z5T1VIZnRINUNpdEttYWFsZzMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEUomwAwQB
wpVGMA0GCSqGSIb3DQEBCwUAA4IBAQCXIgCvzLVrUjzq7sPHFiPotQTmU9/39wr3
MNceer2srZwKQyDddNm2PT2MAmoA3k5Xk1ys9Qr7zUYePNVtW23UIHe9HtK6osM2
G9UlEt+CNL8ySS722usGQJwNalZhSa+ja8CS5CUnye0RABJ6EMKyKc3lrFSX1wSz
hsmy3YgV2jtztpVzmlLxPobLSUrtn4bUbZDpXX3HOA4NAGMeadeL3DFzTyr7auKz
ODnlYFT4QPrbbqKOAX7Mbxh0WxujpMKAwcaTngbcl9sOm4oSAWdWXsQCF+IqVZWo
A6woe8wILTtK5LYurJTUSH0SxA1LsY76ilPgFwx9ABju3zFIp970
-----END CERTIFICATE-----