Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/xhXT7GCOhCcBBiQR1BE9XQIW74w.roa
File:                     xhXT7GCOhCcBBiQR1BE9XQIW74w.roa (raw, json)
Hash identifier:          wirfkF5mWAOV8h5tNguOUW9PONNbtWi6IoPZUOfgSts=
Subject key identifier:   C6:15:D3:EC:60:8E:84:27:01:06:24:11:D4:11:3D:5D:02:16:EF:8C
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       018CC7277F96186A14CF8519743142B80A80
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/xhXT7GCOhCcBBiQR1BE9XQIW74w.roa
Signing time:             Mon 01 Jan 2024 22:31:43 +0000
ROA not before:           Mon 01 Jan 2024 22:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210276
IP address blocks:        85.143.238.0/24 maxlen: 24
                          86.110.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:7f:96:18:6a:14:cf:85:19:74:31:42:b8:0a:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 22:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c615d3ec608e842701062411d4113d5d0216ef8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:6e:f1:13:32:bf:d0:c1:34:c8:ad:78:fe:30:
                    e5:cf:59:4f:89:02:e2:c0:29:ee:79:97:3d:e7:62:
                    e1:da:08:18:15:98:de:3a:16:07:79:d0:d2:c7:b0:
                    58:d4:e8:9d:4d:42:47:72:7a:bf:13:db:f7:66:06:
                    0d:7c:69:2b:04:c7:c1:38:df:9a:30:f3:c5:54:63:
                    de:59:69:01:9e:1e:60:02:e5:a6:3c:83:0b:6f:40:
                    f5:55:d9:24:32:9d:c9:49:82:92:68:47:98:04:88:
                    e2:73:fd:a2:0a:a5:66:2f:10:cd:bf:98:75:4d:2a:
                    1b:aa:1c:68:dc:c1:65:16:76:0d:f7:f9:3b:57:26:
                    4b:d9:0f:14:bb:70:e5:55:58:85:bc:38:6d:43:18:
                    b4:23:58:85:f9:a9:32:6f:c6:44:d6:e9:92:d5:d3:
                    6c:af:42:68:88:be:5f:90:0f:41:7d:1b:f4:92:d4:
                    09:6d:36:af:44:bf:15:5f:5c:2c:d1:78:81:a0:dc:
                    a3:7f:f3:44:b9:ed:46:0a:8c:a8:84:43:12:6d:c0:
                    89:6b:5d:aa:d3:78:34:83:91:49:ec:66:77:c8:63:
                    2b:d5:0c:57:1a:a6:4d:15:77:a8:58:2f:3b:8f:ff:
                    e3:3a:e5:6a:6e:ec:83:84:48:0b:b3:77:73:2f:8e:
                    8f:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:15:D3:EC:60:8E:84:27:01:06:24:11:D4:11:3D:5D:02:16:EF:8C
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/xhXT7GCOhCcBBiQR1BE9XQIW74w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.238.0/24
                  86.110.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:3b:59:6c:da:82:e1:b7:46:d4:05:1e:66:b4:74:ac:35:2c:
         48:5b:3e:46:49:ae:aa:06:44:35:16:55:df:8c:65:ef:69:ab:
         6e:5b:07:c5:8a:38:55:1b:cf:45:c7:9b:d4:35:1b:75:ec:ad:
         0e:dd:d9:29:b1:49:a5:49:8d:de:70:fd:d5:d5:7a:6c:8d:76:
         18:4c:83:38:ce:0d:c3:29:b1:98:b7:b5:29:c4:ef:03:4c:c1:
         3d:de:26:06:b9:80:df:0a:8f:d7:98:7d:37:c5:6d:ec:51:08:
         c0:79:84:70:dd:31:3f:2b:64:7f:03:14:84:b2:88:7e:34:b6:
         dd:db:40:ee:18:ce:51:4e:67:88:14:ff:5f:08:14:d3:25:bc:
         b3:c4:af:70:26:4b:a0:44:80:97:25:4a:36:f7:78:bb:70:26:
         7c:23:f7:78:40:df:7a:ae:15:f8:20:af:62:9c:66:92:c4:0c:
         a9:43:9d:22:c9:3d:ac:87:35:61:a0:70:df:cf:e3:14:50:e9:
         7d:11:47:ca:ba:e6:89:e4:5f:aa:a4:15:e9:ad:fa:fd:79:11:
         7b:26:82:58:50:68:a0:4e:a6:be:84:a1:03:53:47:83:bc:d2:
         7e:87:7f:d1:13:33:e7:2f:79:ee:fe:7b:97:1f:73:e9:20:e4:
         e7:19:cd:c2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJ3+WGGoUz4UZdDFCuAqAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwMTAxMjIzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjE1ZDNlYzYwOGU4NDI3MDEwNjI0MTFkNDExM2Q1ZDAyMTZlZjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnW7xEzK/0ME0yK14/jDlz1lPiQLi
wCnueZc952Lh2ggYFZjeOhYHedDSx7BY1OidTUJHcnq/E9v3ZgYNfGkrBMfBON+a
MPPFVGPeWWkBnh5gAuWmPIMLb0D1VdkkMp3JSYKSaEeYBIjic/2iCqVmLxDNv5h1
TSobqhxo3MFlFnYN9/k7VyZL2Q8Uu3DlVViFvDhtQxi0I1iF+akyb8ZE1umS1dNs
r0JoiL5fkA9BfRv0ktQJbTavRL8VX1ws0XiBoNyjf/NEue1GCoyohEMSbcCJa12q
03g0g5FJ7GZ3yGMr1QxXGqZNFXeoWC87j//jOuVqbuyDhEgLs3dzL46PLwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMYV0+xgjoQnAQYkEdQRPV0CFu+MMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEveGhYVDdHQ09oQ2NCQmlRUjFCRTlYUUlXNzR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVY/uAwQA
Vm5kMA0GCSqGSIb3DQEBCwUAA4IBAQCMO1ls2oLht0bUBR5mtHSsNSxIWz5GSa6q
BkQ1FlXfjGXvaatuWwfFijhVG89Fx5vUNRt17K0O3dkpsUmlSY3ecP3V1XpsjXYY
TIM4zg3DKbGYt7UpxO8DTME93iYGuYDfCo/XmH03xW3sUQjAeYRw3TE/K2R/AxSE
soh+NLbd20DuGM5RTmeIFP9fCBTTJbyzxK9wJkugRICXJUo293i7cCZ8I/d4QN96
rhX4IK9inGaSxAypQ50iyT2shzVhoHDfz+MUUOl9EUfKuuaJ5F+qpBXprfr9eRF7
JoJYUGigTqa+hKEDU0eDvNJ+h3/REzPnL3nu/nuXH3PpIOTnGc3C
-----END CERTIFICATE-----