Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/lLQ_p3lsoM3mw193Y5LX2e3mh2c.roa
File:                     lLQ_p3lsoM3mw193Y5LX2e3mh2c.roa (raw, json)
Hash identifier:          S5Zbtz4fqZxRGX+nnn9HpimcfkXBflIGrlyJFgiX2T4=
Subject key identifier:   94:B4:3F:A7:79:6C:A0:CD:E6:C3:5F:77:63:92:D7:D9:ED:E6:87:67
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       018ED8098764AB0C02141FCB5A712DD082C4
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/lLQ_p3lsoM3mw193Y5LX2e3mh2c.roa
Signing time:             Sat 13 Apr 2024 15:18:06 +0000
ROA not before:           Sat 13 Apr 2024 15:18:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5567
IP address blocks:        85.143.64.0/20 maxlen: 20
                          85.143.80.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d8:09:87:64:ab:0c:02:14:1f:cb:5a:71:2d:d0:82:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Apr 13 15:18:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94b43fa7796ca0cde6c35f776392d7d9ede68767
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:f1:08:55:54:11:34:7e:ac:3a:8f:f9:66:c1:
                    3f:f9:37:27:e1:1e:77:a3:80:16:24:e3:12:d2:af:
                    f0:f4:ab:6b:7f:d0:7f:34:d3:cb:76:63:3c:da:58:
                    57:d6:d5:c8:78:3d:f0:b6:c7:b8:0c:02:de:8a:37:
                    e0:da:1d:18:7f:98:b7:55:c3:44:9a:d1:e9:98:e8:
                    83:e0:68:82:85:6b:f6:ac:24:2c:1c:c5:1e:eb:9e:
                    7a:02:11:16:e0:b9:f4:f1:f2:00:31:81:2b:db:f1:
                    62:ac:af:2c:60:a4:59:8c:0f:da:76:0e:4f:4b:d0:
                    bb:ee:a7:15:aa:57:c1:20:a6:a9:f1:c8:43:da:f5:
                    88:5e:3e:95:1a:52:cd:27:a7:a9:34:3c:e1:ca:9e:
                    00:bc:e8:67:e9:9a:99:2e:ce:47:52:52:a1:26:14:
                    fb:30:b6:7f:bb:8f:dc:80:61:19:d5:a8:f1:95:0e:
                    3a:91:d8:da:0f:55:8e:59:d0:86:e6:7b:48:62:69:
                    20:53:d8:79:b2:f3:ae:34:eb:4c:10:e0:40:72:f7:
                    32:1e:27:d5:67:d8:f4:5f:33:bc:34:23:0a:53:b1:
                    38:d8:cb:37:37:68:73:df:03:34:ca:4c:6c:77:bd:
                    7a:90:a5:57:ae:ac:f0:b2:2a:db:48:2f:7f:cf:82:
                    f1:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:B4:3F:A7:79:6C:A0:CD:E6:C3:5F:77:63:92:D7:D9:ED:E6:87:67
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/lLQ_p3lsoM3mw193Y5LX2e3mh2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.64.0-85.143.87.255

    Signature Algorithm: sha256WithRSAEncryption
         82:a2:c7:be:a5:f0:60:01:55:08:52:f8:98:40:59:b3:63:54:
         10:da:98:dc:14:74:f4:f6:d7:6c:d4:1e:fc:53:d3:33:13:18:
         b3:a3:07:0c:c6:b0:dd:6e:46:60:89:bd:1b:e9:64:d7:44:61:
         48:1e:b1:bb:e1:10:3c:bd:79:05:70:3b:c8:18:cd:68:8e:9f:
         66:c6:cc:ff:87:0d:54:c5:fd:e3:35:c9:39:f4:46:31:e1:8e:
         bb:e9:9c:cf:19:7d:07:bb:ce:84:df:de:2e:ff:06:71:f2:f1:
         e4:ae:b6:7f:f6:9d:9b:47:9a:37:83:d5:9f:62:ab:1b:9b:31:
         6f:4c:6c:86:15:d4:16:81:c5:28:43:57:c1:d0:00:fa:d5:27:
         5c:8d:11:04:eb:d8:23:26:61:aa:53:e3:c2:6d:02:3b:55:e7:
         c1:eb:99:17:c4:9c:9c:87:c6:69:1e:84:4e:a7:3d:53:5e:4e:
         b6:7c:80:1a:8f:6d:9e:55:53:ac:cf:d2:e2:06:d3:ed:9d:71:
         80:6c:18:26:21:a8:5d:01:48:5f:f5:58:93:f3:04:bd:8a:78:
         69:d3:5a:97:76:d5:0e:e2:eb:9d:c6:54:53:b1:2e:44:ae:6a:
         00:e2:02:6c:77:1e:b8:a5:42:42:12:c3:50:f0:d1:fe:80:bf:
         26:62:89:d4
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY7YCYdkqwwCFB/LWnEt0ILEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwNDEzMTUxODA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGI0M2ZhNzc5NmNhMGNkZTZjMzVmNzc2MzkyZDdkOWVkZTY4NzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3vEIVVQRNH6sOo/5ZsE/+Tcn4R53
o4AWJOMS0q/w9Ktrf9B/NNPLdmM82lhX1tXIeD3wtse4DALeijfg2h0Yf5i3VcNE
mtHpmOiD4GiChWv2rCQsHMUe6556AhEW4Ln08fIAMYEr2/FirK8sYKRZjA/adg5P
S9C77qcVqlfBIKap8chD2vWIXj6VGlLNJ6epNDzhyp4AvOhn6ZqZLs5HUlKhJhT7
MLZ/u4/cgGEZ1ajxlQ46kdjaD1WOWdCG5ntIYmkgU9h5svOuNOtMEOBAcvcyHifV
Z9j0XzO8NCMKU7E42Ms3N2hz3wM0ykxsd716kKVXrqzwsirbSC9/z4LxGQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJS0P6d5bKDN5sNfd2OS19nt5odnMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvbExRX3AzbHNvTTNtdzE5M1k1TFgyZTNtaDJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAZVj0AD
BANVj1AwDQYJKoZIhvcNAQELBQADggEBAIKix76l8GABVQhS+JhAWbNjVBDamNwU
dPT212zUHvxT0zMTGLOjBwzGsN1uRmCJvRvpZNdEYUgesbvhEDy9eQVwO8gYzWiO
n2bGzP+HDVTF/eM1yTn0RjHhjrvpnM8ZfQe7zoTf3i7/BnHy8eSutn/2nZtHmjeD
1Z9iqxubMW9MbIYV1BaBxShDV8HQAPrVJ1yNEQTr2CMmYapT48JtAjtV58HrmRfE
nJyHxmkehE6nPVNeTrZ8gBqPbZ5VU6zP0uIG0+2dcYBsGCYhqF0BSF/1WJPzBL2K
eGnTWpd21Q7i653GVFOxLkSuagDiAmx3HrilQkISw1Dw0f6AvyZiidQ=
-----END CERTIFICATE-----