Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/_Y9Xf5FRnn-nwBj90dQGAm1tg0Q.roa
File:                     _Y9Xf5FRnn-nwBj90dQGAm1tg0Q.roa (raw, json)
Hash identifier:          Mj1Mn8xwompyAWckTze0CAntCc2/GtKs76rUWPTVAk8=
Subject key identifier:   FD:8F:57:7F:91:51:9E:7F:A7:C0:18:FD:D1:D4:06:02:6D:6D:83:44
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       018ED80A723EA44F650A2F01FDF9986F5079
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/_Y9Xf5FRnn-nwBj90dQGAm1tg0Q.roa
Signing time:             Sat 13 Apr 2024 15:19:06 +0000
ROA not before:           Sat 13 Apr 2024 15:19:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51352
IP address blocks:        85.142.151.0/24 maxlen: 24
                          85.142.154.0/23 maxlen: 23
                          85.143.88.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d8:0a:72:3e:a4:4f:65:0a:2f:01:fd:f9:98:6f:50:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Apr 13 15:19:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd8f577f91519e7fa7c018fdd1d406026d6d8344
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:3e:a2:a0:3c:d8:33:43:b9:fa:a1:b7:ff:f2:
                    65:d2:c9:ab:dc:07:4a:9e:2e:7c:da:3b:69:3e:87:
                    dc:d9:cf:47:90:4a:e7:1d:80:30:2f:f9:62:0f:6e:
                    85:4b:4e:d2:dc:13:f4:b8:70:20:33:51:d6:dd:28:
                    38:c0:57:d3:0b:90:c6:8a:5c:37:35:db:05:e8:de:
                    4b:e9:4d:5d:3a:30:f1:5a:83:c8:de:41:68:6a:55:
                    14:56:1f:26:33:af:70:88:3e:88:10:ee:24:49:fb:
                    f2:ed:92:79:3d:43:1a:6c:15:c8:51:bd:3c:2c:fe:
                    e7:b3:16:47:f7:9b:0e:bc:d0:a3:ad:cc:50:7b:bd:
                    90:9b:fe:0a:93:1b:2f:77:84:32:d7:f3:e8:c0:bf:
                    2c:bd:06:78:0f:43:e0:ad:d8:ea:89:37:35:13:98:
                    f6:82:8c:82:56:9d:c1:1f:9a:c9:30:2e:1f:24:ef:
                    4f:28:70:43:82:2a:fd:91:8c:aa:e3:00:f4:69:02:
                    34:39:f3:68:62:15:a7:de:9c:b1:1a:0c:23:4a:61:
                    d9:74:32:cb:c1:fe:0f:ce:df:79:70:8d:e2:c4:e9:
                    f7:6b:b2:0b:a4:fc:a1:6c:4e:41:24:c1:d3:a7:2e:
                    91:99:28:d9:1d:1d:69:59:5c:cf:00:66:a0:fe:8e:
                    f6:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:8F:57:7F:91:51:9E:7F:A7:C0:18:FD:D1:D4:06:02:6D:6D:83:44
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/_Y9Xf5FRnn-nwBj90dQGAm1tg0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.142.151.0/24
                  85.142.154.0/23
                  85.143.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         81:6f:8c:eb:0e:a6:b2:38:51:0a:7c:0b:55:fd:cb:29:a5:f8:
         b4:de:de:1d:38:7e:dd:8a:a5:80:59:bf:d1:00:41:30:8b:e5:
         f8:d6:b1:cd:02:3f:55:d2:3f:39:4a:f2:60:48:0b:ee:9b:db:
         a4:5a:9a:27:e6:c2:a3:5b:36:66:0c:3b:d0:3c:37:9b:0c:1f:
         22:e8:88:64:fb:42:5a:53:f8:25:09:0c:fe:79:f7:9a:ae:e2:
         4e:91:05:fe:13:f8:e9:cf:f8:f8:8d:c0:4a:77:e4:b7:6c:75:
         6c:7e:7f:81:15:92:9c:21:0c:39:81:30:dd:7f:55:91:e5:04:
         29:20:4e:84:9f:16:52:d3:b0:a8:fe:6c:87:95:81:53:2d:9a:
         fe:97:62:97:84:f8:a4:a1:93:8b:42:32:e6:45:7e:7f:12:37:
         78:4c:5a:9b:45:7f:d3:49:19:a2:6f:0a:a9:ef:f2:77:88:c9:
         3f:89:3c:9f:34:31:79:3f:2f:75:85:77:8e:9a:de:70:78:87:
         9a:32:a3:c2:11:7f:0b:19:f7:c5:33:61:cf:74:bf:92:d6:ec:
         b9:e1:0e:b0:7f:74:b2:bf:e3:ab:b9:c5:b6:b6:6a:fc:43:f8:
         29:cf:ea:a4:34:c6:69:97:30:b4:7a:a3:a3:b5:b1:f4:63:01:
         ae:4b:93:90
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY7YCnI+pE9lCi8B/fmYb1B5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwNDEzMTUxOTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDhmNTc3ZjkxNTE5ZTdmYTdjMDE4ZmRkMWQ0MDYwMjZkNmQ4MzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhj6ioDzYM0O5+qG3//Jl0smr3AdK
ni582jtpPofc2c9HkErnHYAwL/liD26FS07S3BP0uHAgM1HW3Sg4wFfTC5DGilw3
NdsF6N5L6U1dOjDxWoPI3kFoalUUVh8mM69wiD6IEO4kSfvy7ZJ5PUMabBXIUb08
LP7nsxZH95sOvNCjrcxQe72Qm/4Kkxsvd4Qy1/PowL8svQZ4D0PgrdjqiTc1E5j2
goyCVp3BH5rJMC4fJO9PKHBDgir9kYyq4wD0aQI0OfNoYhWn3pyxGgwjSmHZdDLL
wf4Pzt95cI3ixOn3a7ILpPyhbE5BJMHTpy6RmSjZHR1pWVzPAGag/o72oQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP2PV3+RUZ5/p8AY/dHUBgJtbYNEMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvX1k5WGY1RlJubi1ud0JqOTBkUUdBbTF0ZzBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVY6XAwQB
VY6aAwQDVY9YMA0GCSqGSIb3DQEBCwUAA4IBAQCBb4zrDqayOFEKfAtV/csppfi0
3t4dOH7diqWAWb/RAEEwi+X41rHNAj9V0j85SvJgSAvum9ukWpon5sKjWzZmDDvQ
PDebDB8i6Ihk+0JaU/glCQz+efearuJOkQX+E/jpz/j4jcBKd+S3bHVsfn+BFZKc
IQw5gTDdf1WR5QQpIE6EnxZS07Co/myHlYFTLZr+l2KXhPikoZOLQjLmRX5/Ejd4
TFqbRX/TSRmibwqp7/J3iMk/iTyfNDF5Py91hXeOmt5weIeaMqPCEX8LGffFM2HP
dL+S1uy54Q6wf3Syv+OrucW2tmr8Q/gpz+qkNMZplzC0eqOjtbH0YwGuS5OQ
-----END CERTIFICATE-----