Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/InCF32lIdiMPVRPb6RlvD3zMrK0.roa
File:                     InCF32lIdiMPVRPb6RlvD3zMrK0.roa (raw, json)
Hash identifier:          iAcPU49SrHMZjVS9qKmiJsB0Km5ji1zhwmlCdwgId9o=
Subject key identifier:   22:70:85:DF:69:48:76:23:0F:55:13:DB:E9:19:6F:0F:7C:CC:AC:AD
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B26BE85D5156122568EFFE586DFEB7
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/InCF32lIdiMPVRPb6RlvD3zMrK0.roa
Signing time:             Wed 01 Jan 2025 11:48:48 +0000
ROA not before:           Wed 01 Jan 2025 11:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207259
IP address blocks:        85.143.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 09:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:6b:e8:5d:51:56:12:25:68:ef:fe:58:6d:fe:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=227085df694876230f5513dbe9196f0f7cccacad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:02:cd:fd:16:fa:45:49:3f:58:77:c3:9c:5e:
                    9d:de:9f:c8:7a:9c:2f:dd:05:7c:d1:19:59:94:ae:
                    ae:4d:9c:6b:7e:8e:44:2c:74:1d:1b:42:48:13:22:
                    8b:67:6c:01:a5:68:ef:a3:c7:c1:5b:ef:40:a4:5d:
                    55:82:eb:82:09:57:26:3c:04:fc:aa:e7:24:47:9e:
                    e6:db:c3:fb:a8:fe:ef:a9:47:07:23:39:5f:fd:0a:
                    82:74:86:75:09:1b:a6:dd:28:34:87:37:74:12:e9:
                    c2:ad:52:90:b1:f3:bb:4a:ff:76:d0:7b:a4:7d:a8:
                    51:db:3d:3e:2d:ba:87:5a:78:52:89:ae:5d:c8:b6:
                    c4:28:e5:b0:9a:00:f3:6b:31:26:b6:7a:fc:67:4e:
                    82:13:77:4f:80:10:b1:94:e8:ce:7e:e6:dd:1c:1a:
                    b8:53:21:e0:e5:a0:78:71:a0:43:b5:d7:5c:18:59:
                    6d:35:c0:5b:83:41:ca:48:66:30:56:e8:55:0c:5b:
                    d9:ea:4e:6d:82:bc:4f:f5:72:7c:79:eb:8f:83:08:
                    13:4a:ba:bf:46:36:94:00:96:23:73:5e:c3:2e:a4:
                    50:de:43:bc:d0:36:07:d7:a7:0e:96:3f:a0:be:ee:
                    ea:71:38:64:e1:b7:2b:33:a7:6b:93:6a:60:fc:ba:
                    b4:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:70:85:DF:69:48:76:23:0F:55:13:DB:E9:19:6F:0F:7C:CC:AC:AD
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/InCF32lIdiMPVRPb6RlvD3zMrK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:74:48:67:6b:f2:1b:ad:23:66:cc:21:24:fb:92:ba:4b:b2:
         b7:5b:49:7d:06:f2:c8:51:f9:3f:1e:61:80:76:41:f0:15:02:
         a0:e9:96:42:d0:9f:7f:8c:56:35:d8:01:32:6d:52:8a:a5:36:
         8d:64:57:43:96:6a:5e:3d:c5:0a:33:fa:81:d4:53:9c:d8:e3:
         22:d4:ce:de:8b:51:f6:99:df:84:e0:46:85:a6:3c:86:d8:91:
         b1:32:53:1f:86:f8:90:73:17:ec:9d:f4:c7:3a:da:77:c8:4d:
         ef:b4:78:61:17:9c:07:80:d3:56:3c:56:be:05:a9:43:d4:4b:
         d6:a6:b7:43:b6:f5:de:c6:c8:5e:50:40:af:15:94:35:1e:e1:
         7d:3e:39:69:42:20:72:3b:02:a8:2c:e1:e0:05:78:d5:0f:8f:
         bd:52:4b:72:e0:f2:4f:2c:61:4f:df:17:61:45:1b:3f:23:ee:
         1b:9f:e9:84:18:5c:7e:9f:9a:2a:2a:f8:c2:8c:fb:39:f1:7a:
         dc:52:d1:b3:e8:40:2b:8c:fd:e6:62:8e:66:59:80:1c:9e:9b:
         c4:7a:08:32:ba:95:ee:fa:43:99:93:f3:d4:6c:ef:7f:10:ad:
         62:90:1e:7c:ab:e9:f9:e4:9d:d9:e5:e5:07:87:18:c1:62:54:
         7f:2c:79:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsmvoXVFWEiVo7/5Ybf63MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjcwODVkZjY5NDg3NjIzMGY1NTEzZGJlOTE5NmYwZjdjY2NhY2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0wLN/Rb6RUk/WHfDnF6d3p/Iepwv
3QV80RlZlK6uTZxrfo5ELHQdG0JIEyKLZ2wBpWjvo8fBW+9ApF1VguuCCVcmPAT8
quckR57m28P7qP7vqUcHIzlf/QqCdIZ1CRum3Sg0hzd0EunCrVKQsfO7Sv920Huk
fahR2z0+LbqHWnhSia5dyLbEKOWwmgDzazEmtnr8Z06CE3dPgBCxlOjOfubdHBq4
UyHg5aB4caBDtddcGFltNcBbg0HKSGYwVuhVDFvZ6k5tgrxP9XJ8eeuPgwgTSrq/
RjaUAJYjc17DLqRQ3kO80DYH16cOlj+gvu7qcThk4bcrM6drk2pg/Lq0GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJwhd9pSHYjD1UT2+kZbw98zKytMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvSW5DRjMybElkaU1QVlJQYjZSbHZEM3pNckswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVY/2MA0G
CSqGSIb3DQEBCwUAA4IBAQB7dEhna/IbrSNmzCEk+5K6S7K3W0l9BvLIUfk/HmGA
dkHwFQKg6ZZC0J9/jFY12AEybVKKpTaNZFdDlmpePcUKM/qB1FOc2OMi1M7ei1H2
md+E4EaFpjyG2JGxMlMfhviQcxfsnfTHOtp3yE3vtHhhF5wHgNNWPFa+BalD1EvW
prdDtvXexsheUECvFZQ1HuF9PjlpQiByOwKoLOHgBXjVD4+9Ukty4PJPLGFP3xdh
RRs/I+4bn+mEGFx+n5oqKvjCjPs58XrcUtGz6EArjP3mYo5mWYAcnpvEeggyupXu
+kOZk/PUbO9/EK1ikB58q+n55J3Z5eUHhxjBYlR/LHlf
-----END CERTIFICATE-----