Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/ThZuw2nE1X1VR-DHXIMvvMsPTg4.roa
File:                     ThZuw2nE1X1VR-DHXIMvvMsPTg4.roa (raw, json)
Hash identifier:          mHyr0XqOUdMHAyWY5eh/g0YGbNMZ9pAZWhJzXkgoEOk=
Subject key identifier:   4E:16:6E:C3:69:C4:D5:7D:55:47:E0:C7:5C:83:2F:BC:CB:0F:4E:0E
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B265321DCFE9106A123F2674712653
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/ThZuw2nE1X1VR-DHXIMvvMsPTg4.roa
Signing time:             Wed 01 Jan 2025 11:48:46 +0000
ROA not before:           Wed 01 Jan 2025 11:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60643
IP address blocks:        80.250.167.0/24 maxlen: 24
                          86.110.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 09:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:65:32:1d:cf:e9:10:6a:12:3f:26:74:71:26:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e166ec369c4d57d5547e0c75c832fbccb0f4e0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:51:75:c1:e0:c3:d0:36:92:0f:b0:54:99:5d:
                    bf:b5:ec:d8:d2:76:9e:86:8a:c9:9c:19:8d:f8:95:
                    17:8f:4f:0a:05:1d:02:7d:4b:9a:40:18:ff:17:71:
                    9d:0b:95:e0:4f:e1:ce:ac:a1:af:4e:ad:be:ff:49:
                    e5:1e:22:6c:e1:3f:a7:14:10:d2:10:e5:81:74:35:
                    a8:f9:4d:fa:ef:68:63:77:a0:90:5e:b3:a9:a3:aa:
                    2d:fc:53:1d:de:86:7b:02:c4:c3:36:f3:18:dd:98:
                    fe:19:d8:82:61:b0:13:d6:3f:6a:26:74:5c:f1:8d:
                    56:55:a6:d3:d2:f5:c9:94:5a:36:96:4f:fc:61:6d:
                    73:3c:36:0a:55:87:8f:7f:14:b1:08:83:cc:6e:42:
                    0a:4e:7c:c6:cf:b5:2d:2a:a4:4a:05:3f:22:89:d6:
                    4d:10:55:4d:bc:e2:59:9d:65:81:81:58:ab:8f:3e:
                    7f:b5:ab:37:ce:8d:fa:d4:e1:9d:de:bc:2a:cc:cd:
                    05:f9:2e:57:d8:84:81:8e:7c:4d:fc:a2:b6:04:18:
                    36:1f:5d:7f:37:b6:4a:2e:04:37:f8:f6:af:56:19:
                    7f:a5:b7:27:86:1f:33:7f:3f:58:73:51:3c:77:97:
                    9e:9d:fc:ff:13:0d:bb:ee:58:6d:98:cc:27:75:7b:
                    c1:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:16:6E:C3:69:C4:D5:7D:55:47:E0:C7:5C:83:2F:BC:CB:0F:4E:0E
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/ThZuw2nE1X1VR-DHXIMvvMsPTg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.250.167.0/24
                  86.110.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:a2:16:69:81:e7:28:bd:5f:42:32:51:89:55:c3:eb:d2:35:
         ad:42:a9:f8:28:62:ee:93:b7:85:98:d2:ef:15:1e:ef:af:f4:
         f3:c2:8f:f1:cf:54:2a:9d:34:db:ac:b3:c3:2d:30:9b:65:d7:
         81:1f:a2:3b:33:65:60:57:00:4d:41:d0:c4:b3:87:2e:81:07:
         4d:f9:73:7d:d4:78:b3:eb:c8:56:ac:ec:4e:c8:57:ae:37:8e:
         ed:6e:5f:f3:f2:af:4b:ea:94:5b:1c:78:67:84:98:15:03:fe:
         83:6e:4b:ef:31:80:e2:ef:7c:15:01:08:7a:88:db:91:43:02:
         cb:87:2c:99:98:30:42:01:dd:de:2e:af:27:3b:85:be:47:3d:
         62:9b:e1:11:e0:ba:5f:83:65:8f:bc:53:47:0c:10:1b:df:cf:
         9c:f5:df:44:f6:76:9d:29:53:78:a9:85:e4:d4:89:5c:dc:c7:
         dd:2f:82:28:23:76:7f:4c:c8:36:ce:f7:ab:32:91:11:87:14:
         41:a0:19:27:cd:fe:6c:ec:67:c4:0a:3b:d4:2c:2e:e7:18:d5:
         bd:12:19:71:43:95:e3:1c:a4:1f:64:f3:34:4c:a2:2d:14:95:
         5f:d8:59:a3:a2:ad:ac:dd:b3:5e:cb:0b:ed:ec:e2:f0:9c:b9:
         3a:30:69:d1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsmUyHc/pEGoSPyZ0cSZTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTE2NmVjMzY5YzRkNTdkNTU0N2UwYzc1YzgzMmZiY2NiMGY0ZTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1F1weDD0DaSD7BUmV2/tezY0nae
horJnBmN+JUXj08KBR0CfUuaQBj/F3GdC5XgT+HOrKGvTq2+/0nlHiJs4T+nFBDS
EOWBdDWo+U3672hjd6CQXrOpo6ot/FMd3oZ7AsTDNvMY3Zj+GdiCYbAT1j9qJnRc
8Y1WVabT0vXJlFo2lk/8YW1zPDYKVYePfxSxCIPMbkIKTnzGz7UtKqRKBT8iidZN
EFVNvOJZnWWBgVirjz5/tas3zo361OGd3rwqzM0F+S5X2ISBjnxN/KK2BBg2H11/
N7ZKLgQ3+PavVhl/pbcnhh8zfz9Yc1E8d5eenfz/Ew277lhtmMwndXvBkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE4WbsNpxNV9VUfgx1yDL7zLD04OMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvVGhadXcybkUxWDFWUi1ESFhJTXZ2TXNQVGc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUPqnAwQA
Vm5oMA0GCSqGSIb3DQEBCwUAA4IBAQCUohZpgecovV9CMlGJVcPr0jWtQqn4KGLu
k7eFmNLvFR7vr/Tzwo/xz1QqnTTbrLPDLTCbZdeBH6I7M2VgVwBNQdDEs4cugQdN
+XN91Hiz68hWrOxOyFeuN47tbl/z8q9L6pRbHHhnhJgVA/6DbkvvMYDi73wVAQh6
iNuRQwLLhyyZmDBCAd3eLq8nO4W+Rz1im+ER4Lpfg2WPvFNHDBAb38+c9d9E9nad
KVN4qYXk1Ilc3MfdL4IoI3Z/TMg2zverMpERhxRBoBknzf5s7GfECjvULC7nGNW9
EhlxQ5XjHKQfZPM0TKItFJVf2Fmjoq2s3bNeywvt7OLwnLk6MGnR
-----END CERTIFICATE-----