Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/jRKML1EFFULgUKb28KXlsU_GPfQ.roa
File:                     jRKML1EFFULgUKb28KXlsU_GPfQ.roa (raw, json)
Hash identifier:          /ToLyTsFI1c5PnPSn1SoFYO1aOwtbTmM0cnRjQ8p3YI=
Subject key identifier:   8D:12:8C:2F:51:05:15:42:E0:50:A6:F6:F0:A5:E5:B1:4F:C6:3D:F4
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B2674AD6FB584FC8192BA9CDD68FDC
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/jRKML1EFFULgUKb28KXlsU_GPfQ.roa
Signing time:             Wed 01 Jan 2025 11:48:47 +0000
ROA not before:           Wed 01 Jan 2025 11:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200686
IP address blocks:        85.143.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:67:4a:d6:fb:58:4f:c8:19:2b:a9:cd:d6:8f:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d128c2f51051542e050a6f6f0a5e5b14fc63df4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f7:9f:fe:20:d5:9a:6e:51:04:08:8e:41:32:
                    19:00:18:6d:0b:f8:9f:b5:e1:97:1d:52:ab:df:f8:
                    eb:ad:ce:1a:04:6f:85:d6:65:41:25:bd:f9:61:88:
                    c6:f4:a7:8e:29:e9:6a:6c:38:ef:e6:f8:a0:c2:c9:
                    03:c0:26:d6:ca:d8:12:17:30:1b:27:15:77:16:5c:
                    f8:98:5c:7c:67:5f:c4:c9:37:d1:04:6e:dd:6a:6f:
                    6b:51:a1:6a:b2:df:47:a0:62:b0:d3:d3:99:61:9f:
                    43:d0:93:cc:64:b7:e9:e0:5b:ff:65:46:e0:a2:d2:
                    20:63:20:d0:36:93:8b:b6:ab:6f:7a:1d:25:e0:a5:
                    7d:52:d5:32:f0:0a:29:31:d9:bd:ba:12:96:c8:97:
                    61:81:bf:41:5b:0f:27:81:28:32:40:22:4f:86:13:
                    94:05:a6:47:61:88:b4:ae:8e:44:0a:86:c1:13:c6:
                    1d:c0:4e:1e:27:07:52:1e:94:c6:a1:f4:44:0e:a5:
                    78:f4:c0:9b:b9:ec:1b:b6:d7:0a:79:6b:51:9f:ac:
                    4a:ef:3f:ab:ad:ed:d0:cc:f7:80:0b:11:59:ec:b2:
                    d5:ca:f2:48:31:b0:c3:8c:3f:86:32:ed:a0:55:ec:
                    ca:cb:e9:da:20:87:a8:28:1d:df:d7:1f:5b:ec:5c:
                    5e:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:12:8C:2F:51:05:15:42:E0:50:A6:F6:F0:A5:E5:B1:4F:C6:3D:F4
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/jRKML1EFFULgUKb28KXlsU_GPfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:38:5b:d2:bd:4f:cc:a2:7d:4b:4f:a7:bf:23:b7:f3:96:88:
         f2:94:d3:e1:f3:1c:43:9f:c1:23:a5:1f:a5:52:35:cf:25:50:
         15:c7:38:05:3c:d2:ca:4b:1a:95:c4:4f:13:64:35:b6:4b:96:
         8e:93:7d:72:c6:37:f9:f8:44:29:6d:00:89:b5:c2:73:67:40:
         56:5b:0d:00:91:d6:2f:5b:28:f7:6f:fe:50:0a:53:ee:f0:f5:
         ca:29:b5:dd:12:32:4d:18:f4:e4:66:d1:66:bd:f8:e3:a9:63:
         6d:72:09:30:4b:e5:23:2b:7f:b3:21:87:67:27:9c:5e:7a:d9:
         fa:4f:c9:f6:50:2b:22:45:a1:96:e6:bb:9a:5b:6f:0c:70:38:
         79:ce:1c:34:be:ef:23:05:c6:15:d4:a7:5a:48:cf:fe:2f:4b:
         92:52:d8:a0:a5:ad:e2:00:6a:56:50:a3:0f:86:f5:46:54:6f:
         d4:38:ff:9c:f5:f1:78:37:93:0f:0a:68:d1:b9:40:eb:86:71:
         0f:e8:85:88:1d:25:a4:cc:68:52:9b:88:35:81:c0:6f:36:0a:
         44:82:50:60:1a:1d:e7:7d:4d:be:92:56:e2:57:21:f0:79:42:
         97:6b:8c:97:70:65:91:4f:35:7f:7c:7b:be:ae:f1:05:6b:c6:
         92:78:b8:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsmdK1vtYT8gZK6nN1o/cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDEyOGMyZjUxMDUxNTQyZTA1MGE2ZjZmMGE1ZTViMTRmYzYzZGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvef/iDVmm5RBAiOQTIZABhtC/if
teGXHVKr3/jrrc4aBG+F1mVBJb35YYjG9KeOKelqbDjv5vigwskDwCbWytgSFzAb
JxV3Flz4mFx8Z1/EyTfRBG7dam9rUaFqst9HoGKw09OZYZ9D0JPMZLfp4Fv/ZUbg
otIgYyDQNpOLtqtveh0l4KV9UtUy8AopMdm9uhKWyJdhgb9BWw8ngSgyQCJPhhOU
BaZHYYi0ro5ECobBE8YdwE4eJwdSHpTGofREDqV49MCbuewbttcKeWtRn6xK7z+r
re3QzPeACxFZ7LLVyvJIMbDDjD+GMu2gVezKy+naIIeoKB3f1x9b7FxeZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI0SjC9RBRVC4FCm9vCl5bFPxj30MB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvalJLTUwxRUZGVUxnVUtiMjhLWGxzVV9HUGZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVY9kMA0G
CSqGSIb3DQEBCwUAA4IBAQCWOFvSvU/Mon1LT6e/I7fzlojylNPh8xxDn8EjpR+l
UjXPJVAVxzgFPNLKSxqVxE8TZDW2S5aOk31yxjf5+EQpbQCJtcJzZ0BWWw0AkdYv
Wyj3b/5QClPu8PXKKbXdEjJNGPTkZtFmvfjjqWNtcgkwS+UjK3+zIYdnJ5xeetn6
T8n2UCsiRaGW5ruaW28McDh5zhw0vu8jBcYV1KdaSM/+L0uSUtigpa3iAGpWUKMP
hvVGVG/UOP+c9fF4N5MPCmjRuUDrhnEP6IWIHSWkzGhSm4g1gcBvNgpEglBgGh3n
fU2+klbiVyHweUKXa4yXcGWRTzV/fHu+rvEFa8aSeLji
-----END CERTIFICATE-----