Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/8sV_N_UwmH3qkC9UfLUgTgM1Fs8.roa
File:                     8sV_N_UwmH3qkC9UfLUgTgM1Fs8.roa (raw, json)
Hash identifier:          dgKAO9snIE1rfh8CYKlrb2F9anPgFoSatieYZgwKlwA=
Subject key identifier:   F2:C5:7F:37:F5:30:98:7D:EA:90:2F:54:7C:B5:20:4E:03:35:16:CF
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       018ED80D30F3B715E9A69773A79D0F5D712B
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/8sV_N_UwmH3qkC9UfLUgTgM1Fs8.roa
Signing time:             Sat 13 Apr 2024 15:22:06 +0000
ROA not before:           Sat 13 Apr 2024 15:22:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56679
IP address blocks:        85.143.156.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d8:0d:30:f3:b7:15:e9:a6:97:73:a7:9d:0f:5d:71:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Apr 13 15:22:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2c57f37f530987dea902f547cb5204e033516cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:8f:07:2a:a2:77:cb:91:8a:c9:c0:32:c7:3c:
                    5b:52:9a:73:4d:05:f9:5b:23:91:e3:28:87:61:59:
                    4f:03:38:83:9d:73:e8:d3:1e:01:c1:bf:da:4c:4c:
                    82:5a:0a:75:85:50:5b:4b:b8:12:dc:5a:08:30:bf:
                    23:e3:5b:05:7d:ac:47:9f:12:c8:27:1d:ed:6a:e0:
                    a8:94:54:9e:17:f4:15:52:bb:ab:b8:29:11:9e:2e:
                    58:99:74:8f:38:f6:01:96:00:95:92:c8:cb:af:fe:
                    c1:1e:a6:50:eb:9d:8e:6a:80:7b:47:f0:58:1e:69:
                    7a:4c:20:9c:a4:d1:6b:1f:ec:aa:9d:9c:8f:14:d3:
                    7f:16:42:12:fd:5f:a3:2d:2a:51:b8:19:07:aa:2c:
                    8e:28:8b:26:61:4e:58:c1:a5:77:86:c8:0f:94:ed:
                    9e:27:63:f0:73:83:0b:45:14:ed:12:68:ed:92:ac:
                    c1:a6:ef:b9:34:0e:49:02:d5:b1:08:df:67:62:a7:
                    59:1d:a9:81:dd:2f:ce:73:10:57:35:58:7e:26:6e:
                    16:a8:eb:81:5b:48:3f:9c:0a:4c:08:33:21:39:a8:
                    55:fd:65:4a:c4:8c:9e:a0:f5:47:62:24:97:fe:25:
                    e1:85:86:f4:8d:70:f8:ec:48:84:19:71:45:c2:f4:
                    f6:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:C5:7F:37:F5:30:98:7D:EA:90:2F:54:7C:B5:20:4E:03:35:16:CF
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/8sV_N_UwmH3qkC9UfLUgTgM1Fs8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:d6:37:f0:87:69:4d:15:c0:be:4f:e3:4d:8b:62:f8:66:c3:
         10:a7:e1:ca:91:e1:3e:cf:cb:38:3d:a4:72:f8:6a:00:1b:32:
         b5:65:f1:2f:18:1e:7c:a8:1f:f6:9c:af:a2:1e:f5:03:d1:56:
         7f:08:c9:95:64:70:b0:7c:5f:85:4b:53:45:ce:18:cd:e4:2c:
         74:7b:44:ea:14:96:f1:9f:ee:61:b2:03:fd:df:ad:ad:e1:0b:
         d4:9e:06:81:66:61:ea:7f:70:ad:b9:2f:20:90:e2:9e:5d:66:
         bc:3f:2f:35:c1:76:ec:cc:d2:1d:c6:de:05:e4:90:da:aa:19:
         9b:e1:1b:6d:bc:f3:26:50:09:20:5c:d8:ca:07:88:85:5a:98:
         4f:b4:fd:ef:59:14:ea:fa:18:32:9f:e8:b6:cb:3e:6b:87:70:
         5e:ba:4d:f8:2a:c7:58:4a:74:4f:c5:f0:55:55:d3:7a:ec:07:
         e5:25:31:48:31:ac:d0:50:55:bc:36:bf:b4:63:8e:c9:34:69:
         98:4c:5e:30:f8:07:cf:76:d3:c6:bc:9e:02:2d:da:af:bf:7d:
         a0:76:83:fb:50:27:9a:14:4b:df:ea:65:42:58:3c:71:65:2c:
         1a:e3:38:2b:bd:3b:c4:bd:d7:5b:86:89:4b:f9:c9:f2:28:e3:
         51:fb:ae:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7YDTDztxXpppdzp50PXXErMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwNDEzMTUyMjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmM1N2YzN2Y1MzA5ODdkZWE5MDJmNTQ3Y2I1MjA0ZTAzMzUxNmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu48HKqJ3y5GKycAyxzxbUppzTQX5
WyOR4yiHYVlPAziDnXPo0x4Bwb/aTEyCWgp1hVBbS7gS3FoIML8j41sFfaxHnxLI
Jx3tauColFSeF/QVUruruCkRni5YmXSPOPYBlgCVksjLr/7BHqZQ652OaoB7R/BY
Hml6TCCcpNFrH+yqnZyPFNN/FkIS/V+jLSpRuBkHqiyOKIsmYU5YwaV3hsgPlO2e
J2Pwc4MLRRTtEmjtkqzBpu+5NA5JAtWxCN9nYqdZHamB3S/OcxBXNVh+Jm4WqOuB
W0g/nApMCDMhOahV/WVKxIyeoPVHYiSX/iXhhYb0jXD47EiEGXFFwvT2JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPLFfzf1MJh96pAvVHy1IE4DNRbPMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvOHNWX05fVXdtSDNxa0M5VWZMVWdUZ00xRnM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVY+cMA0G
CSqGSIb3DQEBCwUAA4IBAQAP1jfwh2lNFcC+T+NNi2L4ZsMQp+HKkeE+z8s4PaRy
+GoAGzK1ZfEvGB58qB/2nK+iHvUD0VZ/CMmVZHCwfF+FS1NFzhjN5Cx0e0TqFJbx
n+5hsgP9362t4QvUngaBZmHqf3CtuS8gkOKeXWa8Py81wXbszNIdxt4F5JDaqhmb
4RttvPMmUAkgXNjKB4iFWphPtP3vWRTq+hgyn+i2yz5rh3Beuk34KsdYSnRPxfBV
VdN67AflJTFIMazQUFW8Nr+0Y47JNGmYTF4w+AfPdtPGvJ4CLdqvv32gdoP7UCea
FEvf6mVCWDxxZSwa4zgrvTvEvddbholL+cnyKONR+66J
-----END CERTIFICATE-----