Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/Lg3WF0Y9H3OPVSKE4huURxbHGmc.roa
File:                     Lg3WF0Y9H3OPVSKE4huURxbHGmc.roa (raw, json)
Hash identifier:          xf7r0uEKC/+UtU7lxdsYq2xZcNjxZfqZbQwBVRX8X+A=
Subject key identifier:   2E:0D:D6:17:46:3D:1F:73:8F:55:22:84:E2:1B:94:47:16:C7:1A:67
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       018CC7277BDA9BFAD20445EED2DA862E1C03
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/Lg3WF0Y9H3OPVSKE4huURxbHGmc.roa
Signing time:             Mon 01 Jan 2024 22:31:42 +0000
ROA not before:           Mon 01 Jan 2024 22:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202633
IP address blocks:        85.143.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:7b:da:9b:fa:d2:04:45:ee:d2:da:86:2e:1c:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 22:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e0dd617463d1f738f552284e21b944716c71a67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:ac:56:b5:eb:9c:ac:87:d9:bc:5c:4c:2b:e6:
                    e8:1b:31:21:ee:36:28:ae:10:be:6c:37:1b:60:cf:
                    63:17:ec:e3:7d:dc:86:5c:f6:77:fe:5e:43:99:2c:
                    6c:31:76:c5:22:69:b2:78:ec:13:b8:fd:0a:6d:a3:
                    36:74:5f:9a:ac:6b:af:2b:5f:4b:0f:36:8e:65:d0:
                    44:1e:09:aa:fc:24:b6:dc:9f:cf:c0:e9:2f:b5:95:
                    ef:37:c6:c4:f4:51:6e:53:99:2b:5e:2e:8b:9c:0d:
                    b3:20:eb:40:86:ba:89:16:9e:b9:6e:03:b5:78:71:
                    1b:ae:0a:e9:34:38:58:7d:e9:07:4d:ad:f1:08:47:
                    13:d5:58:41:97:57:f1:01:ba:b8:24:ae:02:bf:64:
                    d0:40:37:43:5d:93:9f:ac:fe:0f:df:a5:63:43:b6:
                    c1:0f:80:dd:62:cd:9c:9a:15:cc:1c:1c:f7:7e:ca:
                    55:45:68:9f:60:d6:83:02:70:b6:2b:6b:fb:a5:04:
                    97:77:21:70:aa:ae:e7:19:74:60:5e:e5:bf:ab:5b:
                    22:21:06:a9:a9:0a:f7:92:07:16:d0:81:a7:97:29:
                    39:8a:69:1c:49:5f:7c:f1:aa:4b:99:e0:b4:2e:f3:
                    f3:0d:cd:b1:95:8b:e8:1a:25:c0:7d:98:a4:e1:29:
                    bd:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:0D:D6:17:46:3D:1F:73:8F:55:22:84:E2:1B:94:47:16:C7:1A:67
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/Lg3WF0Y9H3OPVSKE4huURxbHGmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:a8:db:b9:f8:d2:da:33:21:a9:66:f0:de:82:8c:b1:69:e7:
         99:d4:cc:6b:21:9b:14:c6:7b:24:5f:36:e5:eb:6b:94:b6:b9:
         31:cc:b5:fa:86:02:4b:7f:34:8f:75:8b:2f:f5:1e:59:d9:99:
         01:8d:21:dd:dd:aa:96:49:4e:bc:25:09:b8:d2:c5:4e:ff:3e:
         4d:50:9f:3b:52:2e:6b:e1:8c:37:22:cf:38:a1:5d:79:98:d0:
         50:1b:54:75:f1:7b:05:8f:f1:c8:8d:92:20:01:79:b8:28:29:
         84:6f:58:71:8a:1a:0e:97:60:4d:cb:76:34:1d:b6:b9:33:9c:
         ba:fd:b6:d0:fb:9c:e2:76:07:47:b2:28:5c:38:5a:54:19:db:
         c1:7a:64:a7:32:b5:ed:09:90:14:95:d1:4c:7a:a1:38:9e:7e:
         db:38:96:c8:b8:72:45:89:ea:0a:71:ce:86:97:21:e8:25:ad:
         ba:67:44:d8:80:47:9f:64:31:40:82:e2:fa:23:89:ea:00:60:
         66:d1:94:22:13:a6:5b:3f:c7:f7:32:7b:22:eb:7f:4e:48:70:
         dd:5c:1a:2b:ce:f6:1f:01:16:47:7c:1c:f5:e3:a4:e9:0f:20:
         c8:91:92:15:fc:bf:e7:2c:92:f9:ed:a4:0a:87:da:7f:6e:dd:
         ec:67:eb:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ3vam/rSBEXu0tqGLhwDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwMTAxMjIzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTBkZDYxNzQ2M2QxZjczOGY1NTIyODRlMjFiOTQ0NzE2YzcxYTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhaxWteucrIfZvFxMK+boGzEh7jYo
rhC+bDcbYM9jF+zjfdyGXPZ3/l5DmSxsMXbFImmyeOwTuP0KbaM2dF+arGuvK19L
DzaOZdBEHgmq/CS23J/PwOkvtZXvN8bE9FFuU5krXi6LnA2zIOtAhrqJFp65bgO1
eHEbrgrpNDhYfekHTa3xCEcT1VhBl1fxAbq4JK4Cv2TQQDdDXZOfrP4P36VjQ7bB
D4DdYs2cmhXMHBz3fspVRWifYNaDAnC2K2v7pQSXdyFwqq7nGXRgXuW/q1siIQap
qQr3kgcW0IGnlyk5imkcSV988apLmeC0LvPzDc2xlYvoGiXAfZik4Sm9OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC4N1hdGPR9zj1UihOIblEcWxxpnMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvTGczV0YwWTlIM09QVlNLRTRodVVSeGJIR21jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVY/3MA0G
CSqGSIb3DQEBCwUAA4IBAQB/qNu5+NLaMyGpZvDegoyxaeeZ1MxrIZsUxnskXzbl
62uUtrkxzLX6hgJLfzSPdYsv9R5Z2ZkBjSHd3aqWSU68JQm40sVO/z5NUJ87Ui5r
4Yw3Is84oV15mNBQG1R18XsFj/HIjZIgAXm4KCmEb1hxihoOl2BNy3Y0Hba5M5y6
/bbQ+5zidgdHsihcOFpUGdvBemSnMrXtCZAUldFMeqE4nn7bOJbIuHJFieoKcc6G
lyHoJa26Z0TYgEefZDFAguL6I4nqAGBm0ZQiE6ZbP8f3Mnsi639OSHDdXBorzvYf
ARZHfBz146TpDyDIkZIV/L/nLJL57aQKh9p/bt3sZ+vo
-----END CERTIFICATE-----