Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/6ykHlnPSPX7iEbA3Prlqsy6_oHg.roa
File:                     6ykHlnPSPX7iEbA3Prlqsy6_oHg.roa (raw, json)
Hash identifier:          JJIqTlkINsJXsrn3hygUWeeWtb/C3L2Re4v5NaBADQM=
Subject key identifier:   EB:29:07:96:73:D2:3D:7E:E2:11:B0:37:3E:B9:6A:B3:2E:BF:A0:78
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B25E57BAF46AC1C9D814DCC9F4D67F
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/6ykHlnPSPX7iEbA3Prlqsy6_oHg.roa
Signing time:             Wed 01 Jan 2025 11:48:45 +0000
ROA not before:           Wed 01 Jan 2025 11:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39131
IP address blocks:        194.190.250.0/23 maxlen: 24
                          194.190.252.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 09:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:5e:57:ba:f4:6a:c1:c9:d8:14:dc:c9:f4:d6:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb29079673d23d7ee211b0373eb96ab32ebfa078
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e7:f7:e0:34:53:02:6a:05:3b:6e:da:95:98:
                    4c:8a:c6:ab:0a:d1:5d:31:1f:ca:0e:f5:9a:3d:80:
                    6b:fa:be:0f:10:7e:73:b4:f2:93:57:b9:f7:7b:47:
                    b8:ec:61:c3:7c:20:af:07:b5:df:94:f1:61:1e:48:
                    6c:06:1e:04:16:23:63:2f:92:ce:2a:64:c9:09:f8:
                    1e:cb:c9:f1:57:90:75:eb:41:05:d5:7b:85:87:19:
                    c5:9c:8c:95:03:de:cb:c2:be:e3:94:24:61:44:cd:
                    5d:10:9e:b3:c7:29:73:b2:d6:11:b8:ee:91:d1:89:
                    96:d9:0f:eb:a9:86:97:63:0d:24:92:91:7e:ae:2c:
                    7c:8e:cf:6d:00:fe:b3:47:76:7b:e1:9e:df:84:05:
                    cb:20:e4:46:c0:32:67:5c:4d:d4:28:1e:9f:92:6c:
                    a8:46:7e:4b:74:45:4b:aa:3b:8e:a0:98:b7:03:c1:
                    72:fd:4e:8b:e4:d2:13:f4:bb:c6:89:55:c9:b4:7d:
                    54:86:2e:ad:f0:a2:b9:3f:b5:5c:d6:f9:51:d6:54:
                    1d:51:cc:64:e8:f8:ca:22:9d:99:96:ed:a8:bf:6e:
                    0e:7f:5e:c6:11:ad:03:63:5f:48:39:2a:37:54:1d:
                    7a:aa:4e:b2:1f:01:ea:e0:00:87:d9:39:89:c5:99:
                    ce:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:29:07:96:73:D2:3D:7E:E2:11:B0:37:3E:B9:6A:B3:2E:BF:A0:78
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/6ykHlnPSPX7iEbA3Prlqsy6_oHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.190.250.0-194.190.253.255

    Signature Algorithm: sha256WithRSAEncryption
         4e:2b:e6:a0:29:e0:8a:db:65:17:a7:b2:0e:3d:b1:5f:9b:68:
         cd:14:37:20:c4:00:b2:c7:65:cd:57:9f:10:a0:b6:74:4a:55:
         cd:50:b9:91:cd:77:19:fa:95:2c:b7:a8:dc:8f:76:12:0c:b0:
         81:54:c6:a3:3c:a2:4e:f2:60:5b:a1:17:37:57:d8:8c:82:91:
         28:c8:ef:b2:cb:d2:62:e2:ae:35:b5:c6:dc:4b:02:a6:44:02:
         37:bb:bd:86:88:3d:7e:09:b3:f9:80:07:87:f1:21:8a:b6:74:
         c0:b9:cd:7f:7e:73:72:0a:e2:fb:c2:38:b6:7c:99:45:67:ec:
         f1:01:6d:d3:9e:0a:9d:91:55:d9:ba:3b:5b:80:93:7a:60:11:
         19:ff:cb:84:10:ee:a3:96:d3:db:df:d8:1b:e6:e2:52:94:1a:
         be:e1:10:ff:52:1a:21:d6:2d:5b:e0:72:d5:75:98:39:24:0d:
         72:84:db:b8:f8:52:5b:1d:8c:8d:cb:57:92:03:64:d2:09:fd:
         12:30:7e:74:b9:29:d6:d3:78:24:9c:c3:c2:11:d4:bc:03:f0:
         09:9f:92:5f:98:9a:11:08:b9:98:82:e9:19:71:de:e2:1a:73:
         64:33:4f:8a:2c:59:f8:93:9a:53:d2:5f:71:8d:6b:de:5f:db:
         4b:dc:35:54
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQhsl5XuvRqwcnYFNzJ9NZ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjI5MDc5NjczZDIzZDdlZTIxMWIwMzczZWI5NmFiMzJlYmZhMDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnuf34DRTAmoFO27alZhMisarCtFd
MR/KDvWaPYBr+r4PEH5ztPKTV7n3e0e47GHDfCCvB7XflPFhHkhsBh4EFiNjL5LO
KmTJCfgey8nxV5B160EF1XuFhxnFnIyVA97Lwr7jlCRhRM1dEJ6zxylzstYRuO6R
0YmW2Q/rqYaXYw0kkpF+rix8js9tAP6zR3Z74Z7fhAXLIORGwDJnXE3UKB6fkmyo
Rn5LdEVLqjuOoJi3A8Fy/U6L5NIT9LvGiVXJtH1Uhi6t8KK5P7Vc1vlR1lQdUcxk
6PjKIp2Zlu2ov24Of17GEa0DY19IOSo3VB16qk6yHwHq4ACH2TmJxZnOiwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOspB5Zz0j1+4hGwNz65arMuv6B4MB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvNnlrSGxuUFNQWDdpRWJBM1BybHFzeTZfb0hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAHCvvoD
BAHCvvwwDQYJKoZIhvcNAQELBQADggEBAE4r5qAp4IrbZRensg49sV+baM0UNyDE
ALLHZc1XnxCgtnRKVc1QuZHNdxn6lSy3qNyPdhIMsIFUxqM8ok7yYFuhFzdX2IyC
kSjI77LL0mLirjW1xtxLAqZEAje7vYaIPX4Js/mAB4fxIYq2dMC5zX9+c3IK4vvC
OLZ8mUVn7PEBbdOeCp2RVdm6O1uAk3pgERn/y4QQ7qOW09vf2Bvm4lKUGr7hEP9S
GiHWLVvgctV1mDkkDXKE27j4UlsdjI3LV5IDZNIJ/RIwfnS5KdbTeCScw8IR1LwD
8Amfkl+YmhEIuZiC6Rlx3uIac2QzT4osWfiTmlPSX3GNa95f20vcNVQ=
-----END CERTIFICATE-----