Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/orGCHZvrPrE_q1imfF0mv2dEK-U.roa
File:                     orGCHZvrPrE_q1imfF0mv2dEK-U.roa (raw, json)
Hash identifier:          FY3sDLDsb762/3wGSVrjKgSN5inT2lruali/5VGsPEc=
Subject key identifier:   A2:B1:82:1D:9B:EB:3E:B1:3F:AB:58:A6:7C:5D:26:BF:67:44:2B:E5
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B26426D50F890A8AC392970CDA9DE1
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/orGCHZvrPrE_q1imfF0mv2dEK-U.roa
Signing time:             Wed 01 Jan 2025 11:48:46 +0000
ROA not before:           Wed 01 Jan 2025 11:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57011
IP address blocks:        188.93.108.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 09:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:64:26:d5:0f:89:0a:8a:c3:92:97:0c:da:9d:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a2b1821d9beb3eb13fab58a67c5d26bf67442be5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:39:1c:d7:4d:bf:54:07:d4:e8:03:3c:50:bb:
                    01:b3:21:32:31:09:72:49:56:33:b4:89:19:34:e1:
                    ae:0e:13:ce:ad:7e:78:d5:40:b9:26:36:6a:19:a9:
                    f8:1a:f4:72:77:a0:a6:05:c1:35:74:d8:f0:90:be:
                    02:b5:b5:ed:52:e3:3d:f7:a6:99:99:b5:22:1a:92:
                    35:ea:5c:97:b7:bd:16:f2:42:e7:07:8b:ca:93:a8:
                    d7:d6:6a:57:b1:97:68:8e:84:50:d6:fd:3f:93:55:
                    6a:85:0a:d1:39:04:c6:50:39:c8:2c:ce:9d:ba:76:
                    5b:b5:28:6b:ef:1f:da:30:c5:e6:24:44:ad:b2:69:
                    8a:6b:a4:f6:76:ab:51:cd:f1:84:45:fd:0e:9b:82:
                    06:96:85:11:fd:f3:ce:fc:10:e7:1f:0c:19:67:09:
                    f0:e4:bd:63:14:54:22:f1:b4:95:1e:e9:c9:88:e9:
                    db:fd:45:fa:c8:a6:3a:61:61:13:8d:49:50:41:0d:
                    56:2f:c5:74:9e:89:26:a8:2c:e4:79:74:fe:14:1e:
                    3a:03:2e:4a:3c:4a:a0:df:29:85:31:62:fa:fb:5d:
                    83:12:a9:ee:b6:3a:f4:4d:ce:8a:21:d6:46:79:84:
                    f3:ce:11:d5:89:f7:5e:80:7c:bf:a0:58:2b:1b:a2:
                    2a:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:B1:82:1D:9B:EB:3E:B1:3F:AB:58:A6:7C:5D:26:BF:67:44:2B:E5
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/orGCHZvrPrE_q1imfF0mv2dEK-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.93.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:2b:fa:01:e2:08:ef:6b:fd:9e:37:e3:9c:97:f9:12:d0:de:
         89:a8:18:57:0f:6f:97:5b:29:f3:da:09:9e:3e:bd:f9:d1:de:
         36:49:e4:da:92:c9:ae:cb:6d:38:0f:6f:8e:b9:25:bc:34:86:
         70:07:5c:81:86:22:d9:f8:89:a9:23:a5:62:c9:13:33:de:d4:
         b9:fa:14:1c:64:b7:8a:40:8d:c5:33:71:30:18:f4:33:93:15:
         1f:5e:1e:ad:eb:a9:c6:df:fc:cc:91:b9:0b:b5:38:61:05:97:
         9f:33:11:2e:c2:05:af:c7:d3:ef:65:99:e9:e6:5f:06:8a:f8:
         b4:88:3e:a9:43:15:69:e8:d8:6f:2b:ae:f4:da:71:ed:65:ff:
         63:49:da:f5:21:47:fc:a6:65:7a:51:2d:85:e2:d4:cb:26:f0:
         8c:3f:0a:c9:d8:c4:c5:e5:3f:c6:70:51:09:49:13:ed:49:0d:
         61:0d:18:63:7e:21:2e:95:84:65:29:6a:57:40:86:ef:75:f0:
         f4:5e:5b:b9:68:c6:e7:4e:4d:b3:67:93:6e:d8:8e:41:18:d9:
         e6:82:88:98:25:0a:77:43:57:ca:ff:e8:f4:f0:93:b3:9c:7d:
         97:5e:60:4a:ad:0f:45:5e:d0:34:99:6f:06:77:71:87:9d:7a:
         81:97:3d:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsmQm1Q+JCorDkpcM2p3hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmIxODIxZDliZWIzZWIxM2ZhYjU4YTY3YzVkMjZiZjY3NDQyYmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDkc102/VAfU6AM8ULsBsyEyMQly
SVYztIkZNOGuDhPOrX541UC5JjZqGan4GvRyd6CmBcE1dNjwkL4CtbXtUuM996aZ
mbUiGpI16lyXt70W8kLnB4vKk6jX1mpXsZdojoRQ1v0/k1VqhQrROQTGUDnILM6d
unZbtShr7x/aMMXmJEStsmmKa6T2dqtRzfGERf0Om4IGloUR/fPO/BDnHwwZZwnw
5L1jFFQi8bSVHunJiOnb/UX6yKY6YWETjUlQQQ1WL8V0nokmqCzkeXT+FB46Ay5K
PEqg3ymFMWL6+12DEqnutjr0Tc6KIdZGeYTzzhHVifdegHy/oFgrG6IqqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKxgh2b6z6xP6tYpnxdJr9nRCvlMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvb3JHQ0hadnJQckVfcTFpbWZGMG12MmRFSy1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvF1sMA0G
CSqGSIb3DQEBCwUAA4IBAQCBK/oB4gjva/2eN+Ocl/kS0N6JqBhXD2+XWynz2gme
Pr350d42SeTaksmuy204D2+OuSW8NIZwB1yBhiLZ+ImpI6ViyRMz3tS5+hQcZLeK
QI3FM3EwGPQzkxUfXh6t66nG3/zMkbkLtThhBZefMxEuwgWvx9PvZZnp5l8Givi0
iD6pQxVp6NhvK6702nHtZf9jSdr1IUf8pmV6US2F4tTLJvCMPwrJ2MTF5T/GcFEJ
SRPtSQ1hDRhjfiEulYRlKWpXQIbvdfD0Xlu5aMbnTk2zZ5Nu2I5BGNnmgoiYJQp3
Q1fK/+j08JOznH2XXmBKrQ9FXtA0mW8Gd3GHnXqBlz05
-----END CERTIFICATE-----