Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/1RrjqmJTMFFwgM9vkv8uVT0IhnI.roa
File:                     1RrjqmJTMFFwgM9vkv8uVT0IhnI.roa (raw, json)
Hash identifier:          fAW51MFEXjQc75Aha2y3Qxee9p2Z+czjLFC0kpxl+Mw=
Subject key identifier:   D5:1A:E3:AA:62:53:30:51:70:80:CF:6F:92:FF:2E:55:3D:08:86:72
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       018CC72774829418878B8AE912E29DF4D3BC
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/1RrjqmJTMFFwgM9vkv8uVT0IhnI.roa
Signing time:             Mon 01 Jan 2024 22:31:40 +0000
ROA not before:           Mon 01 Jan 2024 22:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31575
IP address blocks:        82.179.176.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:74:82:94:18:87:8b:8a:e9:12:e2:9d:f4:d3:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 22:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d51ae3aa625330517080cf6f92ff2e553d088672
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:99:f0:08:67:8f:22:07:bd:45:19:f1:91:eb:
                    41:a7:03:e9:79:33:ba:b2:05:4a:75:0b:78:04:61:
                    e6:be:5a:e6:88:e4:eb:c7:14:cf:49:b4:d8:f6:3b:
                    b3:1f:87:03:0f:40:b9:a3:9b:6e:0b:03:98:8c:5b:
                    e6:23:b4:7b:68:d2:5c:be:8f:a4:8f:aa:f2:90:e0:
                    f8:e2:f0:6b:6a:98:b1:bf:32:45:28:72:38:f1:d3:
                    6d:8e:d5:44:85:f1:4d:39:ab:c7:9c:76:b1:55:ee:
                    4d:a4:e2:28:57:98:90:d9:e3:33:ef:95:6d:dc:f1:
                    77:85:e8:b5:0d:0d:09:eb:5d:13:92:fa:ee:78:90:
                    95:4f:a8:58:29:fc:01:af:5b:c9:32:64:df:f7:23:
                    b5:56:e6:45:0f:85:94:96:3c:ea:26:f6:a2:b4:ce:
                    7a:e8:47:78:d0:38:c5:f7:22:2c:8c:d7:26:ea:77:
                    2d:d3:50:26:d1:79:cb:e0:00:9c:76:13:04:cf:5a:
                    97:97:57:b1:92:b4:39:13:ce:29:73:4e:98:cc:f9:
                    28:a0:72:75:b4:78:11:fa:84:44:cd:06:93:03:ee:
                    85:08:10:f2:1f:74:7b:ba:b7:7c:4f:61:ca:68:1c:
                    3b:6b:52:f5:4a:ff:e0:65:2d:b1:49:36:0a:0a:5c:
                    73:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:1A:E3:AA:62:53:30:51:70:80:CF:6F:92:FF:2E:55:3D:08:86:72
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/1RrjqmJTMFFwgM9vkv8uVT0IhnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.179.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         7e:8a:10:11:ec:14:02:f9:9e:85:13:63:53:5a:33:d7:e7:5c:
         d0:8d:62:5c:1f:a4:c2:3c:ff:29:70:d8:93:52:b0:03:5b:99:
         ab:3d:6f:96:60:2d:2d:09:ca:8c:25:e8:13:21:f6:e5:79:df:
         df:c4:fc:77:68:6e:e0:b7:37:44:2a:3a:af:5c:1f:12:3c:56:
         ec:3f:36:bd:c8:ee:98:ae:86:11:4a:7a:90:3a:5c:06:e4:5e:
         58:61:34:b7:0c:16:71:07:f0:98:cb:9c:4a:5c:96:e5:5d:92:
         27:cc:21:bd:0c:ab:1c:1d:fd:cc:bc:81:32:f6:94:97:4e:1e:
         d5:20:7f:2c:ac:27:b6:21:d4:49:ff:5d:4b:1c:5c:26:86:f2:
         0a:1d:79:42:fb:36:22:8d:b8:d7:5d:6b:e0:35:43:87:79:f8:
         78:8d:7d:b4:e7:59:d7:dd:54:cf:5d:58:4d:2f:cd:81:50:b3:
         a5:d9:ac:fb:9f:55:d5:84:cd:ac:e9:0c:35:21:39:6d:3e:6d:
         41:a1:4a:03:6b:24:61:9e:01:7f:a7:31:a7:04:00:ba:05:6b:
         07:97:3c:4a:2b:7a:72:5c:1a:ff:b8:fe:79:90:61:1d:df:e9:
         8d:9a:bf:12:32:1f:2f:d0:17:fc:16:6f:84:a7:66:be:06:ca:
         2d:33:a9:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ3SClBiHi4rpEuKd9NO8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwMTAxMjIzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTFhZTNhYTYyNTMzMDUxNzA4MGNmNmY5MmZmMmU1NTNkMDg4NjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZnwCGePIge9RRnxketBpwPpeTO6
sgVKdQt4BGHmvlrmiOTrxxTPSbTY9juzH4cDD0C5o5tuCwOYjFvmI7R7aNJcvo+k
j6rykOD44vBrapixvzJFKHI48dNtjtVEhfFNOavHnHaxVe5NpOIoV5iQ2eMz75Vt
3PF3hei1DQ0J610TkvrueJCVT6hYKfwBr1vJMmTf9yO1VuZFD4WUljzqJvaitM56
6Ed40DjF9yIsjNcm6nct01Am0XnL4ACcdhMEz1qXl1exkrQ5E84pc06YzPkooHJ1
tHgR+oREzQaTA+6FCBDyH3R7urd8T2HKaBw7a1L1Sv/gZS2xSTYKClxzRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUa46piUzBRcIDPb5L/LlU9CIZyMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvMVJyanFtSlRNRkZ3Z005dmt2OHVWVDBJaG5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUrOwMA0G
CSqGSIb3DQEBCwUAA4IBAQB+ihAR7BQC+Z6FE2NTWjPX51zQjWJcH6TCPP8pcNiT
UrADW5mrPW+WYC0tCcqMJegTIfbled/fxPx3aG7gtzdEKjqvXB8SPFbsPza9yO6Y
roYRSnqQOlwG5F5YYTS3DBZxB/CYy5xKXJblXZInzCG9DKscHf3MvIEy9pSXTh7V
IH8srCe2IdRJ/11LHFwmhvIKHXlC+zYijbjXXWvgNUOHefh4jX2051nX3VTPXVhN
L82BULOl2az7n1XVhM2s6Qw1ITltPm1BoUoDayRhngF/pzGnBAC6BWsHlzxKK3py
XBr/uP55kGEd3+mNmr8SMh8v0Bf8Fm+Ep2a+BsotM6lz
-----END CERTIFICATE-----