Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/gk6OHX15TwrH9KVOq9MYrCD75l4.roa
File:                     gk6OHX15TwrH9KVOq9MYrCD75l4.roa (raw, json)
Hash identifier:          R2IWId7VLftIlnxWS290/difAURAIZJkZyKE55CGm0Y=
Subject key identifier:   82:4E:8E:1D:7D:79:4F:0A:C7:F4:A5:4E:AB:D3:18:AC:20:FB:E6:5E
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       018ED80B5C35937BDBFD53C12F25A463F081
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/gk6OHX15TwrH9KVOq9MYrCD75l4.roa
Signing time:             Sat 13 Apr 2024 15:20:06 +0000
ROA not before:           Sat 13 Apr 2024 15:20:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49929
IP address blocks:        85.143.104.0/22 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d8:0b:5c:35:93:7b:db:fd:53:c1:2f:25:a4:63:f0:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Apr 13 15:20:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=824e8e1d7d794f0ac7f4a54eabd318ac20fbe65e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f7:eb:b1:20:e3:5e:8c:50:42:cd:7b:ef:92:
                    5d:98:91:21:c9:5c:ac:b7:f3:31:55:0a:03:bd:1c:
                    b2:e8:ca:c0:01:34:f0:a6:fe:f7:3e:2e:da:68:03:
                    d7:51:86:fb:78:df:93:dd:5e:e2:e4:65:94:6e:5c:
                    55:f3:8b:3b:bd:fa:f2:af:03:0f:8c:d4:93:9a:34:
                    5a:ee:13:36:dd:1b:98:60:5a:92:88:db:5f:a5:ed:
                    94:a3:be:d0:bb:2f:a8:9e:a8:9f:84:ce:02:08:1d:
                    12:39:26:e7:be:35:49:81:72:ca:54:b1:04:a7:6e:
                    1c:11:a2:2d:97:ca:ed:64:e2:ce:95:c9:24:cc:15:
                    65:64:0c:75:cf:31:4c:bb:93:5c:69:f3:ad:5a:09:
                    4c:a7:fc:0b:9c:2e:ea:d8:ab:d9:ef:53:c9:f7:65:
                    c8:81:05:02:6d:9d:aa:eb:a9:3b:4b:59:48:c3:89:
                    2f:5c:7e:41:42:87:84:22:6e:ff:22:18:29:a0:75:
                    be:30:36:a2:e3:b4:f8:fb:c2:ec:d3:88:65:0e:7f:
                    e2:47:b4:b4:65:be:fd:12:ed:4c:cd:53:42:07:3a:
                    26:41:89:e0:ca:7c:1a:ae:8e:d1:14:5b:ae:89:be:
                    e6:d9:a4:1d:90:f4:c0:62:91:4d:dd:8b:7f:c1:05:
                    3a:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:4E:8E:1D:7D:79:4F:0A:C7:F4:A5:4E:AB:D3:18:AC:20:FB:E6:5E
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/gk6OHX15TwrH9KVOq9MYrCD75l4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:1d:37:3f:7c:93:3f:fa:45:26:9f:39:4c:42:1e:39:0c:18:
         ed:ac:7f:70:ae:09:d8:53:fe:29:d6:fa:b4:1a:ee:c2:c8:54:
         4c:16:ef:83:a4:ee:1b:9b:79:20:e0:e0:f3:a0:94:46:11:75:
         34:5b:40:0c:1f:c0:02:b9:22:db:1a:d4:cf:5f:14:f9:52:cf:
         9b:f1:4b:5b:82:3f:ec:72:19:85:9d:54:c7:79:2b:4e:ff:a2:
         2a:71:d4:4a:1b:e8:0d:8a:84:57:91:77:cf:d9:98:ac:cf:86:
         03:2a:d8:e3:f0:14:b5:11:b2:34:08:7a:66:0a:65:6e:4f:2a:
         e9:2e:95:11:26:99:c8:f0:60:62:5d:65:90:c4:10:6c:14:7f:
         85:08:9e:d0:e1:e4:46:1f:a8:e4:d4:f1:88:9b:27:75:7d:67:
         1f:a3:81:1e:3a:d7:97:c6:e1:49:05:55:94:ed:82:45:c9:64:
         51:0e:c0:31:7b:fe:24:13:31:8c:36:20:d0:7f:2b:be:32:3b:
         2f:a5:45:53:4f:22:e6:e3:4d:3d:b0:ff:03:1d:51:f7:15:f2:
         a6:5f:9d:8c:e0:c5:fa:86:14:71:60:02:25:28:0b:26:16:b0:
         df:5c:51:29:45:c7:af:8b:2e:ea:22:a2:f7:64:f3:0d:3f:fa:
         55:8f:67:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7YC1w1k3vb/VPBLyWkY/CBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwNDEzMTUyMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjRlOGUxZDdkNzk0ZjBhYzdmNGE1NGVhYmQzMThhYzIwZmJlNjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjffrsSDjXoxQQs1775JdmJEhyVys
t/MxVQoDvRyy6MrAATTwpv73Pi7aaAPXUYb7eN+T3V7i5GWUblxV84s7vfryrwMP
jNSTmjRa7hM23RuYYFqSiNtfpe2Uo77Quy+onqifhM4CCB0SOSbnvjVJgXLKVLEE
p24cEaItl8rtZOLOlckkzBVlZAx1zzFMu5NcafOtWglMp/wLnC7q2KvZ71PJ92XI
gQUCbZ2q66k7S1lIw4kvXH5BQoeEIm7/IhgpoHW+MDai47T4+8Ls04hlDn/iR7S0
Zb79Eu1MzVNCBzomQYngynwaro7RFFuuib7m2aQdkPTAYpFN3Yt/wQU6QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJOjh19eU8Kx/SlTqvTGKwg++ZeMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvZ2s2T0hYMTVUd3JIOUtWT3E5TVlyQ0Q3NWw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVY9oMA0G
CSqGSIb3DQEBCwUAA4IBAQCWHTc/fJM/+kUmnzlMQh45DBjtrH9wrgnYU/4p1vq0
Gu7CyFRMFu+DpO4bm3kg4ODzoJRGEXU0W0AMH8ACuSLbGtTPXxT5Us+b8Utbgj/s
chmFnVTHeStO/6IqcdRKG+gNioRXkXfP2Zisz4YDKtjj8BS1EbI0CHpmCmVuTyrp
LpURJpnI8GBiXWWQxBBsFH+FCJ7Q4eRGH6jk1PGImyd1fWcfo4EeOteXxuFJBVWU
7YJFyWRRDsAxe/4kEzGMNiDQfyu+MjsvpUVTTyLm4009sP8DHVH3FfKmX52M4MX6
hhRxYAIlKAsmFrDfXFEpRceviy7qIqL3ZPMNP/pVj2cm
-----END CERTIFICATE-----