Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/fXyG3UogOoc9vIKeYRfauK97sxU.roa
File:                     fXyG3UogOoc9vIKeYRfauK97sxU.roa (raw, json)
Hash identifier:          zrB5SFAHyTegP7AP74pA4iut5g8AEH3UEPCYKVXfTJA=
Subject key identifier:   7D:7C:86:DD:4A:20:3A:87:3D:BC:82:9E:61:17:DA:B8:AF:7B:B3:15
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B25974EE68B7B71EA448499226B3E0
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/fXyG3UogOoc9vIKeYRfauK97sxU.roa
Signing time:             Wed 01 Jan 2025 11:48:43 +0000
ROA not before:           Wed 01 Jan 2025 11:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13077
IP address blocks:        195.209.244.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 09:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:59:74:ee:68:b7:b7:1e:a4:48:49:92:26:b3:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7d7c86dd4a203a873dbc829e6117dab8af7bb315
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b1:95:1f:1e:43:18:07:8b:ab:4a:ff:b2:4f:
                    cf:a0:78:f3:07:35:76:4e:11:e0:e1:cc:0e:a0:bd:
                    af:31:e2:93:4e:f2:f3:63:d5:49:3b:18:b6:35:25:
                    3b:29:dd:53:09:24:bf:ac:f5:2d:39:b2:28:15:c3:
                    a8:b0:c9:7d:67:f3:96:ca:7e:e6:b4:aa:10:b2:aa:
                    3d:2d:42:9b:ca:c9:3f:e3:fb:0d:07:c6:12:c1:da:
                    64:ed:bc:41:86:0c:03:fc:f6:82:f3:e2:c4:3f:dc:
                    f1:13:b6:71:45:b0:1e:0a:f8:33:c5:1e:00:27:36:
                    7d:a6:33:d4:a2:44:85:aa:ce:b6:dc:6b:b3:7c:d6:
                    10:78:e8:6d:2a:97:00:3d:ed:2f:d8:0e:10:9a:f6:
                    a8:ed:33:5e:15:5c:c2:01:80:83:4d:f7:ad:54:b8:
                    9c:91:77:bf:3f:27:29:06:2c:3d:5a:66:a0:bb:40:
                    ff:a9:0b:5a:13:5c:6b:01:cc:bd:d5:61:44:67:6f:
                    d2:74:92:9e:e0:28:75:fd:7d:2a:3d:30:0d:8d:fd:
                    ad:11:b4:b4:09:85:a1:f9:22:84:55:36:b0:21:17:
                    f9:b8:9e:01:f3:e3:2e:00:70:39:d0:f8:9c:f8:e0:
                    17:3a:a7:99:13:89:67:02:06:9d:47:a8:df:20:c0:
                    d0:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:7C:86:DD:4A:20:3A:87:3D:BC:82:9E:61:17:DA:B8:AF:7B:B3:15
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/fXyG3UogOoc9vIKeYRfauK97sxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.209.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:54:1e:3e:fc:81:c8:0e:27:89:bb:77:f2:63:2b:33:09:fe:
         aa:6a:fd:7b:96:e8:ba:49:c4:d6:56:9d:ed:da:bc:ec:ce:5c:
         ff:7a:44:fd:0a:62:25:d0:1f:bb:1a:48:b4:88:e2:be:96:14:
         84:13:7d:89:9f:ff:3d:8d:a6:fa:02:08:5e:9a:d7:88:ba:56:
         c6:5b:61:7a:c4:c5:8a:d1:91:7b:a2:6b:eb:71:01:50:69:f8:
         48:10:01:03:24:35:9e:0b:18:2d:6f:72:a5:ad:20:de:8c:d1:
         97:dc:4d:0f:43:11:38:a7:c0:11:8b:40:d3:3d:e9:5e:cf:fc:
         49:1c:53:e0:ff:6f:33:4f:ed:6c:07:99:9e:1a:53:e4:24:9a:
         87:44:6d:4e:3d:68:4b:67:da:6b:06:27:05:07:6a:1a:39:5c:
         98:79:31:07:d3:ec:f2:53:29:24:17:db:bd:e0:25:b0:0e:ba:
         dc:e3:ea:14:e7:75:eb:ec:92:93:55:23:77:b7:fc:0c:bd:ba:
         a2:18:cb:e3:f7:11:5e:bc:f2:ec:1d:77:94:e6:4f:66:b7:77:
         14:de:5c:56:60:0e:3b:00:29:df:ea:df:97:c0:20:e3:11:5b:
         9c:d8:bd:67:8f:46:a3:4e:53:1a:c7:5c:32:72:e1:77:0f:49:
         48:c1:19:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsll07mi3tx6kSEmSJrPgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDdjODZkZDRhMjAzYTg3M2RiYzgyOWU2MTE3ZGFiOGFmN2JiMzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLGVHx5DGAeLq0r/sk/PoHjzBzV2
ThHg4cwOoL2vMeKTTvLzY9VJOxi2NSU7Kd1TCSS/rPUtObIoFcOosMl9Z/OWyn7m
tKoQsqo9LUKbysk/4/sNB8YSwdpk7bxBhgwD/PaC8+LEP9zxE7ZxRbAeCvgzxR4A
JzZ9pjPUokSFqs623GuzfNYQeOhtKpcAPe0v2A4Qmvao7TNeFVzCAYCDTfetVLic
kXe/PycpBiw9Wmagu0D/qQtaE1xrAcy91WFEZ2/SdJKe4Ch1/X0qPTANjf2tEbS0
CYWh+SKEVTawIRf5uJ4B8+MuAHA50Pic+OAXOqeZE4lnAgadR6jfIMDQcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH18ht1KIDqHPbyCnmEX2rive7MVMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvZlh5RzNVb2dPb2M5dklLZVlSZmF1Szk3c3hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw9H0MA0G
CSqGSIb3DQEBCwUAA4IBAQCCVB4+/IHIDieJu3fyYyszCf6qav17lui6ScTWVp3t
2rzszlz/ekT9CmIl0B+7Gki0iOK+lhSEE32Jn/89jab6AghemteIulbGW2F6xMWK
0ZF7omvrcQFQafhIEAEDJDWeCxgtb3KlrSDejNGX3E0PQxE4p8ARi0DTPelez/xJ
HFPg/28zT+1sB5meGlPkJJqHRG1OPWhLZ9prBicFB2oaOVyYeTEH0+zyUykkF9u9
4CWwDrrc4+oU53Xr7JKTVSN3t/wMvbqiGMvj9xFevPLsHXeU5k9mt3cU3lxWYA47
ACnf6t+XwCDjEVuc2L1nj0ajTlMax1wycuF3D0lIwRk4
-----END CERTIFICATE-----