Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/xiRwf4iUz6hGk-MeadNPQs7hKW8.roa
File:                     xiRwf4iUz6hGk-MeadNPQs7hKW8.roa (raw, json)
Hash identifier:          KphcsyAIm1gw2rsg2ovWNXz/80HlJFc7Ajkcnm2Q6L4=
Subject key identifier:   C6:24:70:7F:88:94:CF:A8:46:93:E3:1E:69:D3:4F:42:CE:E1:29:6F
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       018CC7277E86380228376FA24EAEA28FCFD0
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/xiRwf4iUz6hGk-MeadNPQs7hKW8.roa
Signing time:             Mon 01 Jan 2024 22:31:43 +0000
ROA not before:           Mon 01 Jan 2024 22:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207259
IP address blocks:        85.143.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:7e:86:38:02:28:37:6f:a2:4e:ae:a2:8f:cf:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 22:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c624707f8894cfa84693e31e69d34f42cee1296f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a6:e7:6b:79:7b:4a:82:59:3c:82:ee:8c:ce:
                    0b:89:07:2e:91:dd:f8:97:dc:18:4d:ba:ee:70:40:
                    2a:ea:a4:5e:b9:b0:ce:1e:ca:ef:54:95:ab:0c:fb:
                    a4:fc:9c:d4:55:14:39:d6:ab:96:f9:04:e4:a0:92:
                    c4:82:66:5c:86:03:7f:91:cc:5a:4c:6e:e5:3d:b1:
                    03:0d:a4:46:23:9b:a4:b1:ac:cb:34:3b:d0:f4:7e:
                    6e:38:df:0d:0e:30:ce:00:a6:0a:ae:8a:c9:58:3f:
                    81:08:25:ca:cb:63:f7:87:b1:dc:45:ba:e8:82:48:
                    4d:91:fe:ba:70:91:43:2b:8d:10:09:e4:1c:d8:14:
                    97:1c:2b:09:0a:4c:f6:bb:4c:6f:cf:ea:5f:00:ff:
                    ad:fc:cf:f7:f7:8b:cb:a4:ac:80:43:82:3d:36:1e:
                    cb:62:ab:ba:e0:13:d1:46:ea:55:ab:fd:24:f4:59:
                    99:be:f5:de:05:5d:8c:83:93:5b:46:c9:8b:56:79:
                    c5:0e:ce:5d:ad:ad:9b:c1:d2:3b:94:cd:57:64:b9:
                    ff:36:86:f3:15:f9:34:a6:85:04:16:fd:96:d4:f2:
                    59:c8:fa:17:12:a9:e8:a1:0f:ba:d8:07:33:63:c1:
                    d0:cb:5c:95:72:65:d0:39:b4:82:6f:39:b5:ca:af:
                    91:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:24:70:7F:88:94:CF:A8:46:93:E3:1E:69:D3:4F:42:CE:E1:29:6F
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/xiRwf4iUz6hGk-MeadNPQs7hKW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:84:76:be:5e:77:c4:38:45:c9:1d:28:c0:6b:10:0b:23:b9:
         d3:61:91:8d:20:ba:27:48:1e:a7:50:b3:0d:ba:2f:7c:e9:de:
         6f:b0:e3:d3:39:42:45:86:00:93:47:e4:31:fe:30:00:41:bf:
         c6:1f:c0:13:0c:47:31:a6:1e:ec:7b:2c:d6:b7:c9:62:c5:b7:
         6a:3c:83:e2:03:ac:c0:a8:93:96:91:eb:4b:1b:69:04:51:df:
         f7:3c:cb:42:ea:0a:24:74:ec:ad:2f:b3:ae:af:51:b3:34:fb:
         10:51:22:bd:1e:80:e4:55:fd:c0:8b:9e:96:58:1f:ed:d7:96:
         76:1c:db:1f:01:3c:05:c2:53:c1:79:96:d0:f4:04:a2:87:1f:
         cd:5b:ad:80:17:88:e7:eb:8d:d0:bf:9e:c0:16:be:cb:3a:e7:
         bd:d1:5e:95:14:f5:62:44:8b:f6:6a:1c:c0:44:0e:07:58:b6:
         87:33:a0:fb:7c:e5:3d:3e:18:42:fa:44:f6:21:59:4f:e1:ef:
         38:c2:7f:d2:13:36:8d:c5:7a:26:52:c5:6a:29:4d:2f:6e:da:
         da:cd:ef:83:88:9a:f3:52:23:af:17:3d:63:8f:e0:7b:cb:ff:
         ee:be:9a:af:08:8f:e4:d1:fe:92:61:4f:b5:e6:98:51:37:58:
         58:ce:f9:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ36GOAIoN2+iTq6ij8/QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwMTAxMjIzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjI0NzA3Zjg4OTRjZmE4NDY5M2UzMWU2OWQzNGY0MmNlZTEyOTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6bna3l7SoJZPILujM4LiQcukd34
l9wYTbrucEAq6qReubDOHsrvVJWrDPuk/JzUVRQ51quW+QTkoJLEgmZchgN/kcxa
TG7lPbEDDaRGI5uksazLNDvQ9H5uON8NDjDOAKYKrorJWD+BCCXKy2P3h7HcRbro
gkhNkf66cJFDK40QCeQc2BSXHCsJCkz2u0xvz+pfAP+t/M/394vLpKyAQ4I9Nh7L
Yqu64BPRRupVq/0k9FmZvvXeBV2Mg5NbRsmLVnnFDs5dra2bwdI7lM1XZLn/Nobz
Ffk0poUEFv2W1PJZyPoXEqnooQ+62AczY8HQy1yVcmXQObSCbzm1yq+RxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMYkcH+IlM+oRpPjHmnTT0LO4SlvMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEveGlSd2Y0aVV6NmhHay1NZWFkTlBRczdoS1c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVY/2MA0G
CSqGSIb3DQEBCwUAA4IBAQCQhHa+XnfEOEXJHSjAaxALI7nTYZGNILonSB6nULMN
ui986d5vsOPTOUJFhgCTR+Qx/jAAQb/GH8ATDEcxph7seyzWt8lixbdqPIPiA6zA
qJOWketLG2kEUd/3PMtC6gokdOytL7Our1GzNPsQUSK9HoDkVf3Ai56WWB/t15Z2
HNsfATwFwlPBeZbQ9ASihx/NW62AF4jn643Qv57AFr7LOue90V6VFPViRIv2ahzA
RA4HWLaHM6D7fOU9PhhC+kT2IVlP4e84wn/SEzaNxXomUsVqKU0vbtraze+DiJrz
UiOvFz1jj+B7y//uvpqvCI/k0f6SYU+15phRN1hYzvmE
-----END CERTIFICATE-----