Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/XMK0_oOZaK1ZD0edqvRfNSbGehU.roa
File:                     XMK0_oOZaK1ZD0edqvRfNSbGehU.roa (raw, json)
Hash identifier:          KY8XbDH3e4HYSe7gzMx0tzMpauBJtNOIldM/xqhYehw=
Subject key identifier:   5C:C2:B4:FE:83:99:68:AD:59:0F:47:9D:AA:F4:5F:35:26:C6:7A:15
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B2568D42BC42CA719F0827C7288A43
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/XMK0_oOZaK1ZD0edqvRfNSbGehU.roa
Signing time:             Wed 01 Jan 2025 11:48:43 +0000
ROA not before:           Wed 01 Jan 2025 11:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8941
IP address blocks:        85.143.20.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 09:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:56:8d:42:bc:42:ca:71:9f:08:27:c7:28:8a:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5cc2b4fe839968ad590f479daaf45f3526c67a15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:71:85:a7:d1:56:ff:e3:64:76:f6:27:50:ef:
                    fd:73:72:70:5d:91:09:f8:89:4a:72:55:bf:f5:6b:
                    3d:00:b5:a4:36:8e:d0:ac:e3:31:a7:25:3f:8e:b5:
                    73:f4:23:e3:92:4f:50:3e:51:b0:e8:e5:63:be:b5:
                    1e:a6:14:bd:a7:00:aa:6e:6c:4d:f3:6f:4e:b9:71:
                    e5:04:ab:85:17:6e:ac:e1:27:45:ea:79:f5:56:83:
                    0f:52:0a:46:9a:b0:d0:e1:23:24:cc:5e:f6:bd:b8:
                    9a:7d:d1:a7:57:18:5e:99:5f:da:02:86:cd:d6:93:
                    7c:e1:53:4a:66:03:24:73:97:ec:2c:1e:0e:2f:e0:
                    66:e6:89:46:ee:b8:01:a5:89:2b:2d:47:42:35:20:
                    e9:d9:94:a3:ce:78:d9:70:74:ef:c1:e2:62:44:eb:
                    44:a4:a7:22:92:7a:d3:5c:23:fd:0d:d8:e2:fd:7c:
                    c8:d2:47:61:bd:89:4c:05:1b:60:15:d4:e1:8f:21:
                    f0:d1:47:01:7e:00:ec:8b:2c:38:e7:8a:52:01:4c:
                    b4:08:d2:63:5f:9d:19:49:d3:0c:38:42:17:3c:5f:
                    d0:99:d0:f0:81:c7:cb:83:18:16:6b:84:36:bb:86:
                    9c:77:00:6e:8e:c1:63:0e:65:0c:ad:64:3e:95:ee:
                    73:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:C2:B4:FE:83:99:68:AD:59:0F:47:9D:AA:F4:5F:35:26:C6:7A:15
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/XMK0_oOZaK1ZD0edqvRfNSbGehU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:2e:a6:b6:a6:8f:9a:92:b8:25:8c:10:3d:5c:05:d8:a7:0f:
         1a:7c:b2:f5:12:e7:c1:cb:f4:a5:a0:3e:4e:8d:44:3f:71:51:
         ca:a2:b0:c2:83:f2:cd:2e:00:51:76:dd:2b:13:ce:e3:87:e9:
         81:b9:79:c1:ad:19:de:f1:e1:19:2f:ed:d9:e8:26:09:ec:58:
         c8:21:6e:4b:21:71:e1:23:60:5d:1b:0f:83:27:02:1e:32:10:
         2e:d0:32:e2:14:b7:3d:bc:b2:af:68:65:3f:17:f0:5d:33:ca:
         69:18:bb:d1:41:19:af:28:d0:f3:fd:3c:04:36:90:dd:26:40:
         99:c2:04:9e:da:b4:bb:b6:55:c1:f9:51:37:63:03:9a:31:7b:
         77:91:47:08:51:9c:75:82:0c:76:11:18:f0:b8:71:1b:a0:b1:
         4d:a4:3f:e2:c2:a9:41:21:c7:28:6a:17:7b:e2:f3:14:87:10:
         2a:9c:83:12:14:d1:0a:d3:73:3a:11:5a:a3:6f:6e:3d:cd:6c:
         38:30:78:8d:2f:65:05:56:01:e7:c2:d6:2b:71:9d:3e:38:ff:
         f6:67:3c:f5:67:44:1b:74:d7:07:ba:8d:12:cb:2e:bd:23:bc:
         c1:f0:38:12:c7:90:56:c2:7d:b3:d0:da:0f:88:90:3a:c5:cb:
         50:79:23:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhslaNQrxCynGfCCfHKIpDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2MyYjRmZTgzOTk2OGFkNTkwZjQ3OWRhYWY0NWYzNTI2YzY3YTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHGFp9FW/+NkdvYnUO/9c3JwXZEJ
+IlKclW/9Ws9ALWkNo7QrOMxpyU/jrVz9CPjkk9QPlGw6OVjvrUephS9pwCqbmxN
829OuXHlBKuFF26s4SdF6nn1VoMPUgpGmrDQ4SMkzF72vbiafdGnVxhemV/aAobN
1pN84VNKZgMkc5fsLB4OL+Bm5olG7rgBpYkrLUdCNSDp2ZSjznjZcHTvweJiROtE
pKciknrTXCP9Ddji/XzI0kdhvYlMBRtgFdThjyHw0UcBfgDsiyw454pSAUy0CNJj
X50ZSdMMOEIXPF/QmdDwgcfLgxgWa4Q2u4acdwBujsFjDmUMrWQ+le5zMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFzCtP6DmWitWQ9Hnar0XzUmxnoVMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvWE1LMF9vT1phSzFaRDBlZHF2UmZOU2JHZWhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVY8UMA0G
CSqGSIb3DQEBCwUAA4IBAQBVLqa2po+akrgljBA9XAXYpw8afLL1EufBy/SloD5O
jUQ/cVHKorDCg/LNLgBRdt0rE87jh+mBuXnBrRne8eEZL+3Z6CYJ7FjIIW5LIXHh
I2BdGw+DJwIeMhAu0DLiFLc9vLKvaGU/F/BdM8ppGLvRQRmvKNDz/TwENpDdJkCZ
wgSe2rS7tlXB+VE3YwOaMXt3kUcIUZx1ggx2ERjwuHEboLFNpD/iwqlBIccoahd7
4vMUhxAqnIMSFNEK03M6EVqjb249zWw4MHiNL2UFVgHnwtYrcZ0+OP/2Zzz1Z0Qb
dNcHuo0Syy69I7zB8DgSx5BWwn2z0NoPiJA6xctQeSN+
-----END CERTIFICATE-----