Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/ly9m938hm_brFTFHp98bw75edZc.roa
File:                     ly9m938hm_brFTFHp98bw75edZc.roa (raw, json)
Hash identifier:          TOSt9ojDU/Lg+M281vEYVGW30zz38eYsA4ce9nd+ygU=
Subject key identifier:   97:2F:66:F7:7F:21:9B:F6:EB:15:31:47:A7:DF:1B:C3:BE:5E:75:97
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B261D325D24598BBB616484A034815
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/ly9m938hm_brFTFHp98bw75edZc.roa
Signing time:             Wed 01 Jan 2025 11:48:46 +0000
ROA not before:           Wed 01 Jan 2025 11:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51352
IP address blocks:        85.142.151.0/24 maxlen: 24
                          85.142.154.0/23 maxlen: 23
                          85.143.88.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 09:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:61:d3:25:d2:45:98:bb:b6:16:48:4a:03:48:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=972f66f77f219bf6eb153147a7df1bc3be5e7597
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:7d:cb:a7:97:e6:c4:ca:1b:8c:0d:57:5d:ae:
                    34:2d:e9:6c:c5:66:8a:03:58:11:26:76:4e:22:03:
                    34:56:35:19:6c:d9:8c:e0:90:cf:02:30:76:0f:51:
                    aa:6a:4b:0f:16:49:d7:0c:e0:58:ac:94:c8:bc:f4:
                    c7:40:9f:c3:c9:7f:b8:8d:d2:25:ed:72:81:2f:2a:
                    b0:7a:b0:c4:8a:19:ad:55:30:fe:15:24:56:e5:d0:
                    f2:1f:3a:1e:25:e2:f0:36:a4:a4:b9:50:47:72:12:
                    c3:86:50:39:1b:3e:0e:3f:dd:94:0a:cb:e8:85:75:
                    0c:1a:a7:c0:fc:ba:87:61:55:f3:70:dd:75:2d:ab:
                    7c:12:aa:e4:3d:e0:da:fa:b6:c5:39:99:3b:6d:0d:
                    8c:ca:95:45:34:4e:46:ce:da:17:75:8c:8c:75:1a:
                    c7:21:e6:13:12:06:3f:a9:5d:34:ad:5b:80:77:26:
                    d1:55:4a:a8:07:61:3a:be:24:dc:b5:67:ba:25:e3:
                    e1:e1:3d:a1:3f:fd:d3:82:ab:3a:5b:60:f4:e2:07:
                    44:94:86:40:f7:36:de:24:db:00:d6:3f:c3:43:e7:
                    cd:ad:1d:d2:03:c9:15:3e:66:6c:87:b2:ab:eb:59:
                    84:4e:e6:a2:1f:bf:2a:90:36:6d:e5:7d:1b:08:d7:
                    07:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:2F:66:F7:7F:21:9B:F6:EB:15:31:47:A7:DF:1B:C3:BE:5E:75:97
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/ly9m938hm_brFTFHp98bw75edZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.142.151.0/24
                  85.142.154.0/23
                  85.143.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         96:e7:9b:de:bc:09:ff:f5:bd:1f:b5:11:52:df:8e:90:8e:5c:
         67:b9:32:91:b0:29:28:08:1e:40:3b:1a:38:dc:4f:22:fc:af:
         5b:2f:f6:33:7d:03:12:65:90:bd:a6:39:85:2f:ca:64:01:b0:
         e4:b7:c7:48:c2:b6:c0:69:f7:7a:ac:ae:92:49:1f:b8:06:fa:
         51:91:ef:e3:1a:98:d3:69:2d:37:98:5c:44:64:ae:43:84:f5:
         fa:f1:b3:82:0d:e6:ad:d4:c8:40:e8:a3:e5:45:ff:59:99:ea:
         94:04:ae:3a:54:db:18:0f:d6:11:9f:ab:df:a1:7e:86:86:1b:
         5b:46:b2:98:e9:e6:70:29:6d:39:07:e0:31:ab:a9:38:fe:21:
         6a:b5:a1:77:ad:d9:40:a4:71:83:30:30:ed:1d:75:09:72:65:
         cc:81:b7:c8:f2:4c:24:25:51:13:67:95:6d:09:9d:6c:52:91:
         1a:06:64:4a:8d:6a:32:a9:d4:c9:52:8b:da:ee:9a:6f:cf:43:
         ce:9e:60:07:f5:0d:96:8a:54:df:2f:9e:9e:97:71:0b:9f:1f:
         9e:34:b0:9f:cc:2f:1d:c0:38:c7:15:4d:6b:1b:40:14:f4:96:
         cb:91:32:c0:b5:40:83:0a:55:da:6b:7b:4d:05:4e:7a:0d:97:
         e9:4b:c1:33
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhsmHTJdJFmLu2FkhKA0gVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzJmNjZmNzdmMjE5YmY2ZWIxNTMxNDdhN2RmMWJjM2JlNWU3NTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2n3Lp5fmxMobjA1XXa40LelsxWaK
A1gRJnZOIgM0VjUZbNmM4JDPAjB2D1GqaksPFknXDOBYrJTIvPTHQJ/DyX+4jdIl
7XKBLyqwerDEihmtVTD+FSRW5dDyHzoeJeLwNqSkuVBHchLDhlA5Gz4OP92UCsvo
hXUMGqfA/LqHYVXzcN11Lat8EqrkPeDa+rbFOZk7bQ2MypVFNE5GztoXdYyMdRrH
IeYTEgY/qV00rVuAdybRVUqoB2E6viTctWe6JePh4T2hP/3Tgqs6W2D04gdElIZA
9zbeJNsA1j/DQ+fNrR3SA8kVPmZsh7Kr61mETuaiH78qkDZt5X0bCNcHAwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJcvZvd/IZv26xUxR6ffG8O+XnWXMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvbHk5bTkzOGhtX2JyRlRGSHA5OGJ3NzVlZFpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVY6XAwQB
VY6aAwQDVY9YMA0GCSqGSIb3DQEBCwUAA4IBAQCW55vevAn/9b0ftRFS346Qjlxn
uTKRsCkoCB5AOxo43E8i/K9bL/YzfQMSZZC9pjmFL8pkAbDkt8dIwrbAafd6rK6S
SR+4BvpRke/jGpjTaS03mFxEZK5DhPX68bOCDeat1MhA6KPlRf9ZmeqUBK46VNsY
D9YRn6vfoX6GhhtbRrKY6eZwKW05B+Axq6k4/iFqtaF3rdlApHGDMDDtHXUJcmXM
gbfI8kwkJVETZ5VtCZ1sUpEaBmRKjWoyqdTJUova7ppvz0POnmAH9Q2WilTfL56e
l3ELnx+eNLCfzC8dwDjHFU1rG0AU9JbLkTLAtUCDClXaa3tNBU56DZfpS8Ez
-----END CERTIFICATE-----