Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/bZL8uTAlVGO_k_Ej49uZSI_Pbc4.roa
File:                     bZL8uTAlVGO_k_Ej49uZSI_Pbc4.roa (raw, json)
Hash identifier:          vuUuHFLtCzHc2G8CmcL8cfuOhiC/xqPOKGs3lA0+0LY=
Subject key identifier:   6D:92:FC:B9:30:25:54:63:BF:93:F1:23:E3:DB:99:48:8F:CF:6D:CE
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B258F86028BC2C72545006B1A898AC
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/bZL8uTAlVGO_k_Ej49uZSI_Pbc4.roa
Signing time:             Wed 01 Jan 2025 11:48:43 +0000
ROA not before:           Wed 01 Jan 2025 11:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12770
IP address blocks:        85.142.68.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 09:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:58:f8:60:28:bc:2c:72:54:50:06:b1:a8:98:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d92fcb930255463bf93f123e3db99488fcf6dce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ed:21:66:97:dc:e9:14:15:24:49:f2:5f:35:
                    cc:57:d0:0c:b5:7a:97:68:77:07:0f:a7:a0:4d:5d:
                    3f:8c:b2:53:22:37:46:d4:15:74:f3:b8:55:a4:84:
                    59:ab:32:38:8b:38:6c:0c:42:d0:64:da:55:81:ce:
                    ea:c7:9d:af:de:3b:31:69:fa:0b:98:4c:a4:c9:fa:
                    37:fc:84:93:ee:fd:32:66:96:ad:d1:f8:f2:cd:c8:
                    15:b6:47:36:1d:4e:5c:a6:9e:1a:b0:0f:84:da:d4:
                    17:44:21:f8:1c:86:ed:2e:b6:72:0f:aa:36:eb:d2:
                    eb:32:2d:62:65:8f:3f:2e:ed:a3:ac:e7:0d:46:b1:
                    13:63:b9:98:f6:68:c9:9e:04:e8:ee:d1:0c:a6:6b:
                    88:6c:e4:21:10:2a:75:b2:bc:20:9e:ed:ca:5c:a0:
                    18:be:76:d1:25:3c:f9:98:84:68:7d:21:4f:2e:d7:
                    09:82:30:f3:af:3f:7e:e0:fc:d5:01:16:94:a0:04:
                    45:83:59:1a:16:36:b8:18:db:4d:28:72:8d:61:5a:
                    87:fd:5a:66:d3:57:25:c1:6c:94:83:6c:48:29:c4:
                    ca:cd:4e:fc:6a:d3:ce:6d:21:4d:19:4a:eb:cc:e3:
                    d1:cc:44:72:15:a3:f3:d6:68:4c:d9:d3:54:53:84:
                    75:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:92:FC:B9:30:25:54:63:BF:93:F1:23:E3:DB:99:48:8F:CF:6D:CE
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/bZL8uTAlVGO_k_Ej49uZSI_Pbc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.142.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:f5:89:bd:f8:be:be:9f:67:c8:7a:13:1d:92:cd:88:db:ee:
         e1:24:da:83:6a:d7:51:9d:8c:0a:3c:0c:dc:c6:74:8b:9c:75:
         11:30:7b:c3:b8:3a:5f:23:10:f1:55:24:5f:91:69:34:72:0c:
         55:fc:97:a8:0d:ac:9c:5b:ec:1c:2a:c8:ce:5d:80:f3:9a:ac:
         06:23:84:8d:84:e2:05:4e:2b:a8:c9:0f:04:d1:a1:de:7d:cb:
         79:bc:8d:29:33:db:54:aa:45:e2:15:b7:3c:ce:6e:75:ba:cb:
         5b:d3:88:6c:38:b0:0d:80:37:be:4d:11:a5:5c:c2:fa:32:44:
         63:de:a0:d1:ab:cd:63:54:90:c8:b3:03:60:60:c6:58:78:7c:
         43:86:bb:ca:90:07:b1:cb:d6:b2:d1:fd:55:e0:11:0d:71:94:
         91:c0:11:09:f1:fd:c1:55:e2:7e:63:4c:eb:2c:df:c0:d5:e3:
         24:7f:eb:ab:ac:9b:a0:b6:bc:e4:17:9b:33:02:1f:a8:e3:b8:
         eb:fc:08:d2:79:f3:81:e2:5a:c4:6e:b0:49:19:83:5a:59:0a:
         8e:e2:f8:c2:fc:46:f9:8e:80:02:46:d8:e3:fb:cd:09:0d:c6:
         aa:97:c6:e0:55:92:a7:13:5b:a4:3c:f2:24:ba:a7:0e:e9:17:
         c0:83:b7:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhslj4YCi8LHJUUAaxqJisMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDkyZmNiOTMwMjU1NDYzYmY5M2YxMjNlM2RiOTk0ODhmY2Y2ZGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAje0hZpfc6RQVJEnyXzXMV9AMtXqX
aHcHD6egTV0/jLJTIjdG1BV087hVpIRZqzI4izhsDELQZNpVgc7qx52v3jsxafoL
mEykyfo3/IST7v0yZpat0fjyzcgVtkc2HU5cpp4asA+E2tQXRCH4HIbtLrZyD6o2
69LrMi1iZY8/Lu2jrOcNRrETY7mY9mjJngTo7tEMpmuIbOQhECp1srwgnu3KXKAY
vnbRJTz5mIRofSFPLtcJgjDzrz9+4PzVARaUoARFg1kaFja4GNtNKHKNYVqH/Vpm
01clwWyUg2xIKcTKzU78atPObSFNGUrrzOPRzERyFaPz1mhM2dNUU4R1eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2S/LkwJVRjv5PxI+PbmUiPz23OMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvYlpMOHVUQWxWR09fa19FajQ5dVpTSV9QYmM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVY5EMA0G
CSqGSIb3DQEBCwUAA4IBAQA99Ym9+L6+n2fIehMdks2I2+7hJNqDatdRnYwKPAzc
xnSLnHURMHvDuDpfIxDxVSRfkWk0cgxV/JeoDaycW+wcKsjOXYDzmqwGI4SNhOIF
TiuoyQ8E0aHefct5vI0pM9tUqkXiFbc8zm51ustb04hsOLANgDe+TRGlXML6MkRj
3qDRq81jVJDIswNgYMZYeHxDhrvKkAexy9ay0f1V4BENcZSRwBEJ8f3BVeJ+Y0zr
LN/A1eMkf+urrJugtrzkF5szAh+o47jr/AjSefOB4lrEbrBJGYNaWQqO4vjC/Eb5
joACRtjj+80JDcaql8bgVZKnE1ukPPIkuqcO6RfAg7cs
-----END CERTIFICATE-----