Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/kOAknu0MnCFTlQtxUnys1Hu_2ls.roa
File:                     kOAknu0MnCFTlQtxUnys1Hu_2ls.roa (raw, json)
Hash identifier:          j4GI3xP2Wa+dUi5T5E5clPTu1ByXJEz1Av7sZJwC7XU=
Subject key identifier:   90:E0:24:9E:ED:0C:9C:21:53:95:0B:71:52:7C:AC:D4:7B:BF:DA:5B
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B26C35547A8F0E9C66D01E65A9023F
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/kOAknu0MnCFTlQtxUnys1Hu_2ls.roa
Signing time:             Wed 01 Jan 2025 11:48:48 +0000
ROA not before:           Wed 01 Jan 2025 11:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207373
IP address blocks:        85.143.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 09:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:6c:35:54:7a:8f:0e:9c:66:d0:1e:65:a9:02:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90e0249eed0c9c2153950b71527cacd47bbfda5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:c2:d9:1e:03:bf:3c:80:27:50:88:07:76:f2:
                    ae:7d:2c:4a:c7:44:44:62:64:3f:3f:8f:25:ff:bf:
                    51:b2:69:3a:c4:0e:d5:0b:07:56:9a:9f:2d:c1:9e:
                    7f:9c:05:43:22:f4:26:9c:c3:a7:68:e1:a9:b0:16:
                    5a:97:b3:7f:bc:b0:7e:d9:a2:53:d3:15:cd:cc:0d:
                    ca:32:f2:16:ae:94:c7:3f:a0:8f:a1:a8:c5:03:bf:
                    59:14:00:81:96:22:24:f1:03:65:81:c7:e4:40:3a:
                    b7:16:d6:99:a5:c1:99:46:cd:29:ed:be:84:d9:d8:
                    f3:6a:57:8e:46:5a:46:9a:7d:1d:39:30:9f:f3:1e:
                    56:12:29:94:d3:4a:e1:bf:3a:14:18:ab:f6:79:af:
                    cb:89:a9:32:5e:86:99:85:17:6d:fd:e8:1d:66:9c:
                    ee:5e:41:7a:0b:b3:7b:fa:15:83:70:66:53:82:a6:
                    90:eb:d2:f3:b1:da:69:01:fd:a3:e7:b7:26:c2:73:
                    48:da:c6:74:1c:b8:46:c8:84:b9:1f:87:84:b7:64:
                    af:b3:08:26:e2:b7:cd:55:53:53:ac:a2:7e:4a:de:
                    c9:3c:e3:a1:ba:3a:7c:67:94:18:6c:9c:cf:74:1c:
                    45:9c:1d:3f:8c:14:5a:57:1d:34:1d:81:ba:99:7f:
                    37:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:E0:24:9E:ED:0C:9C:21:53:95:0B:71:52:7C:AC:D4:7B:BF:DA:5B
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/kOAknu0MnCFTlQtxUnys1Hu_2ls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:45:08:79:27:b6:7f:23:98:1c:86:40:b1:5a:9f:de:ca:08:
         62:d0:c6:e4:c8:e9:1e:07:90:1b:9a:c1:7b:d9:15:b9:68:a0:
         e5:32:5f:38:2b:50:7d:dc:1a:82:3f:92:19:0e:a2:10:a9:e1:
         d0:d8:4d:46:3f:2f:f1:0f:04:b7:94:7b:1a:d3:b4:bf:35:e6:
         fd:d8:24:6d:cc:94:42:90:33:87:88:84:81:cd:ae:e6:5f:df:
         11:b8:2b:00:10:f3:8a:55:06:49:e1:40:7f:7f:d1:af:17:a9:
         0a:99:d4:90:31:3d:92:1e:3a:65:cb:c4:08:54:4a:11:dd:4e:
         db:5e:d6:fa:cd:ae:7c:2f:53:5b:3f:70:2b:62:2a:5a:1c:8d:
         dd:5f:24:c8:ec:7c:98:82:86:01:25:5e:45:bc:a7:d3:c4:38:
         ee:dc:e6:05:c1:6a:02:25:cb:54:30:34:80:70:33:11:8f:79:
         a2:17:17:75:0a:ca:cd:ba:bb:24:da:71:b8:51:04:47:fa:92:
         fb:5e:67:9d:55:a7:51:18:fb:dc:ae:20:fe:b3:19:61:48:7c:
         5a:cc:72:4e:ca:90:23:10:2e:e6:a8:06:88:f7:67:80:3a:1d:
         dc:86:ff:eb:db:44:21:d1:01:40:e8:31:f2:42:90:f8:ee:76:
         95:7f:58:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsmw1VHqPDpxm0B5lqQI/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGUwMjQ5ZWVkMGM5YzIxNTM5NTBiNzE1MjdjYWNkNDdiYmZkYTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcLZHgO/PIAnUIgHdvKufSxKx0RE
YmQ/P48l/79Rsmk6xA7VCwdWmp8twZ5/nAVDIvQmnMOnaOGpsBZal7N/vLB+2aJT
0xXNzA3KMvIWrpTHP6CPoajFA79ZFACBliIk8QNlgcfkQDq3FtaZpcGZRs0p7b6E
2djzaleORlpGmn0dOTCf8x5WEimU00rhvzoUGKv2ea/LiakyXoaZhRdt/egdZpzu
XkF6C7N7+hWDcGZTgqaQ69LzsdppAf2j57cmwnNI2sZ0HLhGyIS5H4eEt2Svswgm
4rfNVVNTrKJ+St7JPOOhujp8Z5QYbJzPdBxFnB0/jBRaVx00HYG6mX83LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDgJJ7tDJwhU5ULcVJ8rNR7v9pbMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEva09Ba251ME1uQ0ZUbFF0eFVueXMxSHVfMmxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVY8YMA0G
CSqGSIb3DQEBCwUAA4IBAQBDRQh5J7Z/I5gchkCxWp/eyghi0MbkyOkeB5AbmsF7
2RW5aKDlMl84K1B93BqCP5IZDqIQqeHQ2E1GPy/xDwS3lHsa07S/Neb92CRtzJRC
kDOHiISBza7mX98RuCsAEPOKVQZJ4UB/f9GvF6kKmdSQMT2SHjply8QIVEoR3U7b
Xtb6za58L1NbP3ArYipaHI3dXyTI7HyYgoYBJV5FvKfTxDju3OYFwWoCJctUMDSA
cDMRj3miFxd1CsrNursk2nG4UQRH+pL7XmedVadRGPvcriD+sxlhSHxazHJOypAj
EC7mqAaI92eAOh3chv/r20Qh0QFA6DHyQpD47naVf1gr
-----END CERTIFICATE-----