Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/vlxPZtpMCaa2JDv4-2zXo1cAYOY.roa
File:                     vlxPZtpMCaa2JDv4-2zXo1cAYOY.roa (raw, json)
Hash identifier:          ncIcXqkoPS5cdQwu+spypdb4BmFh4HC0LYdw1Zq4ZnE=
Subject key identifier:   BE:5C:4F:66:DA:4C:09:A6:B6:24:3B:F8:FB:6C:D7:A3:57:00:60:E6
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B2552A74934C0A75C8B033147F4EB3
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/vlxPZtpMCaa2JDv4-2zXo1cAYOY.roa
Signing time:             Wed 01 Jan 2025 11:48:42 +0000
ROA not before:           Wed 01 Jan 2025 11:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8480
IP address blocks:        85.143.25.0/24 maxlen: 24
                          194.190.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:55:2a:74:93:4c:0a:75:c8:b0:33:14:7f:4e:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be5c4f66da4c09a6b6243bf8fb6cd7a3570060e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:af:8a:31:6e:2e:bb:f0:3b:d4:4c:10:f4:eb:
                    19:6c:af:7f:32:61:6e:c0:93:7b:cf:27:6b:b2:80:
                    3b:36:40:6f:17:45:0f:1e:68:1e:85:e0:95:ef:35:
                    1b:6b:ab:5e:c5:fa:1e:8e:04:b7:e3:64:d5:ed:58:
                    b9:7f:26:d7:20:eb:af:24:18:a3:53:fd:9f:3a:f9:
                    35:d4:5f:28:0f:30:bc:b4:d1:9d:6a:6d:f4:b1:f6:
                    71:10:cb:17:ad:3e:9b:04:cd:66:c9:e2:56:47:18:
                    1d:72:30:f5:03:28:88:70:62:0c:2a:ad:51:52:4c:
                    7c:bb:b1:43:e8:0a:3c:c4:78:0e:f3:90:e4:86:17:
                    90:8a:64:33:de:69:3e:26:77:e5:47:14:fb:92:76:
                    4c:2e:ef:f1:e5:77:27:34:98:dd:82:0a:de:2e:65:
                    d6:6e:03:d3:3c:71:98:c9:52:a0:2f:34:19:08:67:
                    e2:f3:5f:5c:ba:62:4d:fc:82:b9:49:6a:a0:6a:c4:
                    35:89:56:97:69:80:7a:43:07:71:51:f3:11:c5:ac:
                    ed:01:2e:ee:c1:01:29:3d:f6:37:5c:fd:1e:d2:60:
                    4d:00:bb:fb:11:16:c6:b3:b3:e2:e4:9c:0b:01:cb:
                    1e:f5:56:61:45:19:d7:eb:a4:51:11:70:48:05:ff:
                    86:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:5C:4F:66:DA:4C:09:A6:B6:24:3B:F8:FB:6C:D7:A3:57:00:60:E6
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/vlxPZtpMCaa2JDv4-2zXo1cAYOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.25.0/24
                  194.190.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:ca:f6:d5:2b:11:ad:5f:b5:19:46:1b:12:0c:32:53:ec:62:
         16:e0:85:19:40:61:0c:d3:f4:58:74:d2:7a:cb:a9:59:04:b5:
         c1:b8:3b:9f:2b:fc:5e:28:54:10:0e:f5:0c:71:f9:0a:df:fb:
         49:a0:a5:e5:48:5e:e8:69:8c:1d:64:a5:ec:b2:e5:e8:98:77:
         6e:0f:d9:0e:2a:8f:e2:31:ad:c2:cd:b9:e2:4d:a3:84:a8:62:
         15:e0:e7:6d:17:4f:ea:fd:73:28:96:dc:d9:32:c3:2c:22:44:
         dd:ff:aa:87:3e:5d:22:84:60:cc:01:87:b8:27:53:8a:d0:0c:
         b2:08:38:c1:e0:25:a9:7f:54:90:73:e2:d4:c5:3a:db:8b:82:
         2a:71:96:5b:f0:1b:11:a6:d7:55:67:6a:1e:84:4b:98:0c:aa:
         62:d7:38:5e:97:39:de:5e:dc:a0:94:6f:f4:9e:ad:92:6f:12:
         df:3c:b8:2d:13:71:fc:e2:fc:ad:6a:0d:1a:74:e8:97:39:a2:
         68:3c:38:b8:2f:9e:d1:c8:66:8c:f4:36:75:11:84:27:bb:d2:
         3c:a6:54:11:24:01:42:f4:d7:04:2d:9b:83:41:36:1c:ed:16:
         ba:69:f2:a2:68:07:72:9b:95:47:39:06:c5:44:1e:06:6c:7a:
         e7:f1:4a:fa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhslUqdJNMCnXIsDMUf06zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTVjNGY2NmRhNGMwOWE2YjYyNDNiZjhmYjZjZDdhMzU3MDA2MGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsq+KMW4uu/A71EwQ9OsZbK9/MmFu
wJN7zydrsoA7NkBvF0UPHmgeheCV7zUba6texfoejgS342TV7Vi5fybXIOuvJBij
U/2fOvk11F8oDzC8tNGdam30sfZxEMsXrT6bBM1myeJWRxgdcjD1AyiIcGIMKq1R
Ukx8u7FD6Ao8xHgO85DkhheQimQz3mk+JnflRxT7knZMLu/x5XcnNJjdggreLmXW
bgPTPHGYyVKgLzQZCGfi819cumJN/IK5SWqgasQ1iVaXaYB6QwdxUfMRxaztAS7u
wQEpPfY3XP0e0mBNALv7ERbGs7Pi5JwLAcse9VZhRRnX66RREXBIBf+G4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL5cT2baTAmmtiQ7+Pts16NXAGDmMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvdmx4UFp0cE1DYWEySkR2NC0yelhvMWNBWU9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVY8ZAwQA
wr7jMA0GCSqGSIb3DQEBCwUAA4IBAQAMyvbVKxGtX7UZRhsSDDJT7GIW4IUZQGEM
0/RYdNJ6y6lZBLXBuDufK/xeKFQQDvUMcfkK3/tJoKXlSF7oaYwdZKXssuXomHdu
D9kOKo/iMa3CzbniTaOEqGIV4OdtF0/q/XMoltzZMsMsIkTd/6qHPl0ihGDMAYe4
J1OK0AyyCDjB4CWpf1SQc+LUxTrbi4IqcZZb8BsRptdVZ2oehEuYDKpi1zhelzne
XtyglG/0nq2SbxLfPLgtE3H84vytag0adOiXOaJoPDi4L57RyGaM9DZ1EYQnu9I8
plQRJAFC9NcELZuDQTYc7Ra6afKiaAdym5VHOQbFRB4GbHrn8Ur6
-----END CERTIFICATE-----