Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/1-OPyhjybcY9zKkL7PYACswnL48U.roa
File:                     1-OPyhjybcY9zKkL7PYACswnL48U.roa (raw, json)
Hash identifier:          AKteaCeQrW+zBMqk1s4p7+v89nC+UPqSEwqu+PZ/LCY=
Subject key identifier:   F8:E3:F2:86:3C:9B:71:8F:73:2A:42:FB:3D:80:02:B3:09:CB:E3:C5
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B255CB9B5EE4FD3D3A07DCFAEF7FC4
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/1-OPyhjybcY9zKkL7PYACswnL48U.roa
Signing time:             Wed 01 Jan 2025 11:48:42 +0000
ROA not before:           Wed 01 Jan 2025 11:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8732
IP address blocks:        194.149.64.0/24 maxlen: 24
                          2001:b08:22::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 09:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:55:cb:9b:5e:e4:fd:3d:3a:07:dc:fa:ef:7f:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8e3f2863c9b718f732a42fb3d8002b309cbe3c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f1:9e:4b:23:3e:8c:16:a9:8a:4c:f4:65:af:
                    fc:6f:d9:ca:0a:6d:d6:8f:a6:31:97:fc:3a:32:f5:
                    ee:77:fe:68:5e:f0:0c:8d:55:8f:4a:f6:f6:2e:51:
                    5b:47:58:49:a2:37:2a:f0:75:24:16:56:cc:61:c1:
                    d5:a6:37:d1:81:f6:97:50:65:80:29:a3:e1:07:6d:
                    c4:4d:5d:13:f2:4d:0e:2e:0c:42:ea:ea:c5:f3:4a:
                    95:73:b1:2c:d4:5b:fe:48:1f:a1:62:82:dc:56:06:
                    a2:6d:36:a3:bf:81:55:c9:49:53:b2:2a:46:cb:31:
                    0e:48:0d:f2:8f:f8:3a:c4:63:95:9d:35:f1:94:da:
                    6f:08:0b:68:f0:65:77:ba:87:0a:d1:40:65:2f:18:
                    f2:17:04:2c:d9:d1:3b:b1:01:ca:41:9c:a4:61:a8:
                    6e:cc:3d:be:0e:47:ee:be:b1:c9:60:89:2e:a4:b4:
                    e9:7b:15:29:4f:79:a2:e7:49:c4:8c:0a:09:2d:db:
                    00:7d:3c:ef:fe:41:48:90:1c:f1:87:ed:8e:ab:1e:
                    c0:06:84:5c:ad:19:c1:8b:ad:b5:73:b1:03:fd:e7:
                    56:89:42:e9:69:78:92:3e:a5:66:3f:43:92:61:c9:
                    15:4c:78:c1:46:6c:ea:18:82:85:89:cb:ed:80:12:
                    8a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:E3:F2:86:3C:9B:71:8F:73:2A:42:FB:3D:80:02:B3:09:CB:E3:C5
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/1-OPyhjybcY9zKkL7PYACswnL48U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.149.64.0/24
                IPv6:
                  2001:b08:22::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:a6:1b:1a:d3:6e:b9:b6:1a:fa:41:93:b7:a6:bd:6e:20:ed:
         6d:c9:29:01:4f:aa:c9:22:c6:c2:26:55:ff:22:f8:3b:3e:2d:
         d4:69:78:61:18:c4:3d:47:36:9f:3d:54:f5:9d:c2:6f:d0:2a:
         72:0c:b0:41:27:72:4a:e2:a4:74:e8:94:0e:fa:9d:e0:fe:57:
         e0:23:cb:d4:bd:b1:7c:d3:48:41:0a:2f:22:08:4c:2e:93:0e:
         a5:89:48:bc:aa:c0:b3:20:81:de:54:bd:81:74:56:87:8e:04:
         9d:1c:c2:fe:52:fb:e1:16:12:05:6b:e0:81:14:be:d2:3a:a7:
         78:a8:18:31:82:3f:08:60:1b:af:7d:a5:c1:da:2b:93:a5:9b:
         be:d4:7b:bb:3b:b9:54:12:72:ee:46:96:8a:29:94:82:bc:ca:
         ae:87:b6:dd:af:47:5a:a6:dc:6a:0f:4c:10:86:e5:2c:78:8b:
         ad:de:e0:13:63:f2:13:1c:a0:b7:6b:b8:82:71:ca:04:4d:a8:
         0d:2e:63:af:ae:80:04:51:6a:a3:de:99:14:2b:52:c5:34:5a:
         0b:44:7f:a6:cf:f2:99:81:7d:91:95:13:53:e0:09:42:93:3a:
         35:6c:13:15:1b:fb:0c:53:06:92:45:dc:31:7b:04:7c:a0:3b:
         24:27:f1:be
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQhslXLm17k/T06B9z673/EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGUzZjI4NjNjOWI3MThmNzMyYTQyZmIzZDgwMDJiMzA5Y2JlM2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/GeSyM+jBapikz0Za/8b9nKCm3W
j6Yxl/w6MvXud/5oXvAMjVWPSvb2LlFbR1hJojcq8HUkFlbMYcHVpjfRgfaXUGWA
KaPhB23ETV0T8k0OLgxC6urF80qVc7Es1Fv+SB+hYoLcVgaibTajv4FVyUlTsipG
yzEOSA3yj/g6xGOVnTXxlNpvCAto8GV3uocK0UBlLxjyFwQs2dE7sQHKQZykYahu
zD2+DkfuvrHJYIkupLTpexUpT3mi50nEjAoJLdsAfTzv/kFIkBzxh+2Oqx7ABoRc
rRnBi621c7ED/edWiULpaXiSPqVmP0OSYckVTHjBRmzqGIKFicvtgBKKswIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPjj8oY8m3GPcypC+z2AArMJy+PFMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvMS1PUHloanliY1k5ektrTDdQWUFDc3duTDQ4VS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTcvODgxM2Y1LTRlN2ItNGQ1MS1iNWYzLTQwZDk1YmQzM2Zj
Yi8xL09MSWdJN2JxMU1LV2c2bi0xRWs5QTk3aXhvVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEAMKVQDAP
BAIAAjAJAwcAIAELCAAiMA0GCSqGSIb3DQEBCwUAA4IBAQBaphsa0265thr6QZO3
pr1uIO1tySkBT6rJIsbCJlX/Ivg7Pi3UaXhhGMQ9RzafPVT1ncJv0CpyDLBBJ3JK
4qR06JQO+p3g/lfgI8vUvbF800hBCi8iCEwukw6liUi8qsCzIIHeVL2BdFaHjgSd
HML+UvvhFhIFa+CBFL7SOqd4qBgxgj8IYBuvfaXB2iuTpZu+1Hu7O7lUEnLuRpaK
KZSCvMquh7bdr0daptxqD0wQhuUseIut3uATY/ITHKC3a7iCccoETagNLmOvroAE
UWqj3pkUK1LFNFoLRH+mz/KZgX2RlRNT4AlCkzo1bBMVG/sMUwaSRdwxewR8oDsk
J/G+
-----END CERTIFICATE-----