Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/IyufV2wnapjKPXJAY49U5nLoaKE.roa
File:                     IyufV2wnapjKPXJAY49U5nLoaKE.roa (raw, json)
Hash identifier:          1D9RfH6tdaRNeKmRi2my6fF3qekf3aCnaSCz14VZDpk=
Subject key identifier:   23:2B:9F:57:6C:27:6A:98:CA:3D:72:40:63:8F:54:E6:72:E8:68:A1
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B26166C244994289EE7BB3DC56D2C8
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/IyufV2wnapjKPXJAY49U5nLoaKE.roa
Signing time:             Wed 01 Jan 2025 11:48:45 +0000
ROA not before:           Wed 01 Jan 2025 11:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50340
IP address blocks:        85.142.144.0/22 maxlen: 24
                          85.143.52.0/23 maxlen: 24
                          85.143.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:61:66:c2:44:99:42:89:ee:7b:b3:dc:56:d2:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=232b9f576c276a98ca3d7240638f54e672e868a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d8:f5:c9:4f:1b:2a:ed:4e:5f:2d:7c:9b:92:
                    cc:12:80:b9:ac:4d:05:aa:73:0f:d6:ef:23:c8:de:
                    70:6b:0f:b3:7c:33:79:91:97:b3:58:72:d4:f4:ec:
                    a2:08:0a:ad:0c:bf:91:a4:5e:b4:50:0e:9c:07:ac:
                    eb:24:33:2e:77:66:0e:61:cd:c1:34:79:f6:66:85:
                    0f:3f:9a:59:15:fd:77:f3:76:79:0f:ee:2b:f8:14:
                    37:e6:24:2c:f3:7b:fb:90:d5:af:7f:99:bb:ec:8c:
                    09:74:85:30:d9:64:7a:96:e1:9b:4e:e2:5f:c1:32:
                    5e:25:8d:56:6e:88:8a:29:3b:b5:15:18:78:fb:ee:
                    67:1f:ea:b4:ac:3d:f1:bf:95:7d:70:f1:2c:73:0a:
                    de:2e:90:7f:9b:b0:78:44:fb:9c:0d:87:ca:1e:75:
                    5c:14:78:ac:ed:52:e4:a7:db:c6:f6:bb:bd:72:44:
                    92:cf:8b:e7:12:97:01:e8:77:59:42:90:be:eb:49:
                    ef:74:61:45:c3:c8:35:9b:c6:6a:40:ee:b9:4d:79:
                    99:30:1b:79:a4:96:a0:1d:a4:9a:eb:bf:07:c4:bf:
                    bb:a9:13:4e:76:b4:0c:e2:8a:11:4f:a9:62:b6:0c:
                    77:3c:41:70:7c:82:68:b6:e6:b3:21:4c:5c:61:f6:
                    a3:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:2B:9F:57:6C:27:6A:98:CA:3D:72:40:63:8F:54:E6:72:E8:68:A1
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/IyufV2wnapjKPXJAY49U5nLoaKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.142.144.0/22
                  85.143.52.0-85.143.54.255

    Signature Algorithm: sha256WithRSAEncryption
         48:ce:37:1d:77:56:41:e8:5a:3b:02:6d:d9:8f:a2:34:db:df:
         c7:4a:57:f4:d4:45:6d:bf:e7:29:68:78:07:e8:51:6e:d7:7d:
         3d:04:6f:f4:fa:52:3c:18:b7:22:e1:13:4c:c7:f8:da:59:81:
         d8:3c:d4:8b:2d:e7:4f:f5:03:b6:88:2f:68:7c:a1:9a:f0:f0:
         15:16:bb:ef:84:e6:ba:e4:95:c3:bc:77:e0:9c:b4:a4:ac:f7:
         0a:66:7d:7a:d1:11:72:92:26:95:b1:6e:89:f2:31:49:a4:28:
         b7:5e:7b:0c:0e:f6:3c:3c:28:51:00:07:0c:66:07:c1:63:89:
         92:fa:d4:ef:74:b9:59:05:34:75:06:e5:5c:dd:90:ce:65:a5:
         41:4e:be:50:f4:3d:4b:f2:da:60:74:b7:bd:2b:d3:71:71:a4:
         7a:ea:21:b8:02:69:d7:23:63:50:ae:93:7f:e9:05:45:ea:68:
         9d:96:9b:35:74:9e:75:5b:78:dd:6c:d0:09:51:08:bf:05:b7:
         d6:eb:53:7a:d2:8b:52:cf:7a:05:c4:9c:d2:01:fc:2a:ff:9a:
         df:5e:48:d0:cf:4d:b3:56:09:cf:18:b2:b9:44:47:6d:eb:5d:
         1c:42:c0:60:30:f9:f0:82:9a:8b:6b:47:33:cb:e8:bb:74:bb:
         64:8b:ae:c7
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQhsmFmwkSZQonue7PcVtLIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzJiOWY1NzZjMjc2YTk4Y2EzZDcyNDA2MzhmNTRlNjcyZTg2OGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9j1yU8bKu1OXy18m5LMEoC5rE0F
qnMP1u8jyN5waw+zfDN5kZezWHLU9OyiCAqtDL+RpF60UA6cB6zrJDMud2YOYc3B
NHn2ZoUPP5pZFf1383Z5D+4r+BQ35iQs83v7kNWvf5m77IwJdIUw2WR6luGbTuJf
wTJeJY1WboiKKTu1FRh4++5nH+q0rD3xv5V9cPEscwreLpB/m7B4RPucDYfKHnVc
FHis7VLkp9vG9ru9ckSSz4vnEpcB6HdZQpC+60nvdGFFw8g1m8ZqQO65TXmZMBt5
pJagHaSa678HxL+7qRNOdrQM4ooRT6litgx3PEFwfIJotuazIUxcYfajawIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFCMrn1dsJ2qYyj1yQGOPVOZy6GihMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvSXl1ZlYyd25hcGpLUFhKQVk0OVU1bkxvYUtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCVY6QMAwD
BAJVjzQDBABVjzYwDQYJKoZIhvcNAQELBQADggEBAEjONx13VkHoWjsCbdmPojTb
38dKV/TURW2/5yloeAfoUW7XfT0Eb/T6UjwYtyLhE0zH+NpZgdg81Ist50/1A7aI
L2h8oZrw8BUWu++E5rrklcO8d+CctKSs9wpmfXrREXKSJpWxbonyMUmkKLdeewwO
9jw8KFEABwxmB8FjiZL61O90uVkFNHUG5VzdkM5lpUFOvlD0PUvy2mB0t70r03Fx
pHrqIbgCadcjY1Cuk3/pBUXqaJ2WmzV0nnVbeN1s0AlRCL8Ft9brU3rSi1LPegXE
nNIB/Cr/mt9eSNDPTbNWCc8YsrlER23rXRxCwGAw+fCCmotrRzPL6Lt0u2SLrsc=
-----END CERTIFICATE-----