Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/XAwvoWzofcrqcmdr8W7XLgyD3rY.roa
File:                     XAwvoWzofcrqcmdr8W7XLgyD3rY.roa (raw, json)
Hash identifier:          EfaTSajOveBIoaBUvkEz3z8IB7Psi20E9UIKUQm2HZA=
Subject key identifier:   5C:0C:2F:A1:6C:E8:7D:CA:EA:72:67:6B:F1:6E:D7:2E:0C:83:DE:B6
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       018CC7277B0234099EB190855DCD8D63BD73
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/XAwvoWzofcrqcmdr8W7XLgyD3rY.roa
Signing time:             Mon 01 Jan 2024 22:31:42 +0000
ROA not before:           Mon 01 Jan 2024 22:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200686
IP address blocks:        85.143.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:7b:02:34:09:9e:b1:90:85:5d:cd:8d:63:bd:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 22:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c0c2fa16ce87dcaea72676bf16ed72e0c83deb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:82:bc:78:4a:8c:be:49:2a:9b:2b:29:c7:16:
                    3a:09:30:4e:39:f6:1c:28:1f:f5:9f:30:c2:3e:57:
                    48:f3:71:16:6d:10:3c:01:93:33:cc:62:db:a5:51:
                    88:29:da:92:51:94:88:27:34:31:0a:66:4e:4d:66:
                    1f:df:f8:52:6c:f4:78:e2:ba:d4:09:48:9f:d7:d5:
                    d3:15:4f:2e:b4:9a:c9:9b:b5:51:1e:b0:b1:c6:12:
                    97:ea:23:82:7d:ea:63:8e:71:d4:30:94:67:c9:1c:
                    29:57:5a:cf:79:cf:0a:08:a9:c7:ff:cd:ab:a6:dd:
                    be:cc:22:83:61:d0:af:11:3c:4a:d8:9a:49:6c:96:
                    0c:5c:b3:62:0a:b8:4e:0f:79:25:76:2f:22:82:3f:
                    c6:8c:5f:53:73:c6:97:2d:7d:b6:10:8c:bb:35:83:
                    d1:7a:78:76:47:8f:54:7a:0c:bb:22:56:a4:ce:47:
                    fa:c5:49:f1:cb:fe:9d:24:26:30:8f:ed:a6:32:d3:
                    9b:f2:74:81:3a:ee:6a:3c:0b:64:9e:19:64:ad:d7:
                    13:5d:55:00:25:0a:41:94:81:ce:0c:da:1a:18:6c:
                    24:b8:28:47:20:00:99:94:cc:fd:17:88:06:56:6b:
                    22:49:05:a2:9f:7f:fb:66:b0:31:9b:0e:c9:a9:d6:
                    2f:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:0C:2F:A1:6C:E8:7D:CA:EA:72:67:6B:F1:6E:D7:2E:0C:83:DE:B6
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/XAwvoWzofcrqcmdr8W7XLgyD3rY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:06:77:5f:ef:d9:03:60:04:65:87:aa:ee:00:ba:79:84:f9:
         40:e1:ef:2a:46:28:d9:6b:ec:b8:7d:9b:8a:ce:3b:1e:a9:29:
         93:9c:d2:f7:82:b3:ed:2a:72:50:08:52:4e:9c:00:eb:c0:65:
         31:d2:34:6c:27:1d:ae:1f:6e:fb:7d:c9:63:53:57:b4:9d:db:
         36:6b:1d:37:db:9d:73:30:41:b3:5b:7d:c6:0f:f9:b3:49:99:
         fa:0e:ee:7b:d0:dd:5d:0b:03:4b:8b:0b:22:35:db:7c:20:4d:
         99:a7:77:f6:63:e4:b3:ad:ae:51:23:9d:1c:4a:85:1d:a0:b4:
         66:92:00:b7:55:0c:6d:61:0b:35:0f:48:37:b1:ba:19:fa:bd:
         2f:5c:ca:1d:b2:25:72:28:b1:aa:f7:18:75:79:53:87:7a:2c:
         51:63:22:12:01:93:2c:a7:e8:a7:3d:be:52:4a:19:9e:30:1e:
         53:7a:60:1a:41:84:70:cb:56:00:1d:e6:82:3a:66:fb:38:18:
         7c:15:c0:6d:0b:ab:38:35:c9:06:6b:9b:3b:b4:81:c5:9a:2c:
         5c:fb:46:59:a4:d8:dc:f6:04:8b:57:56:ec:5a:60:c2:60:40:
         bd:0c:55:94:46:47:b5:5e:4a:f9:e8:c5:fb:30:8f:de:a5:76:
         f7:18:c2:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ3sCNAmesZCFXc2NY71zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwMTAxMjIzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzBjMmZhMTZjZTg3ZGNhZWE3MjY3NmJmMTZlZDcyZTBjODNkZWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg4K8eEqMvkkqmyspxxY6CTBOOfYc
KB/1nzDCPldI83EWbRA8AZMzzGLbpVGIKdqSUZSIJzQxCmZOTWYf3/hSbPR44rrU
CUif19XTFU8utJrJm7VRHrCxxhKX6iOCfepjjnHUMJRnyRwpV1rPec8KCKnH/82r
pt2+zCKDYdCvETxK2JpJbJYMXLNiCrhOD3kldi8igj/GjF9Tc8aXLX22EIy7NYPR
enh2R49Uegy7Ilakzkf6xUnxy/6dJCYwj+2mMtOb8nSBOu5qPAtknhlkrdcTXVUA
JQpBlIHODNoaGGwkuChHIACZlMz9F4gGVmsiSQWin3/7ZrAxmw7JqdYvGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwML6Fs6H3K6nJna/Fu1y4Mg962MB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvWEF3dm9Xem9mY3JxY21kcjhXN1hMZ3lEM3JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVY9kMA0G
CSqGSIb3DQEBCwUAA4IBAQBlBndf79kDYARlh6ruALp5hPlA4e8qRijZa+y4fZuK
zjseqSmTnNL3grPtKnJQCFJOnADrwGUx0jRsJx2uH277fcljU1e0nds2ax03251z
MEGzW33GD/mzSZn6Du570N1dCwNLiwsiNdt8IE2Zp3f2Y+Szra5RI50cSoUdoLRm
kgC3VQxtYQs1D0g3sboZ+r0vXModsiVyKLGq9xh1eVOHeixRYyISAZMsp+inPb5S
ShmeMB5TemAaQYRwy1YAHeaCOmb7OBh8FcBtC6s4NckGa5s7tIHFmixc+0ZZpNjc
9gSLV1bsWmDCYEC9DFWURke1Xkr56MX7MI/epXb3GMLa
-----END CERTIFICATE-----