Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/wJ9btk4-rl85ScHrnHadpxXA9gc.roa
File:                     wJ9btk4-rl85ScHrnHadpxXA9gc.roa (raw, json)
Hash identifier:          P1I8yRWR+UbRhqMX2ofKq58Ew5tecaslWlhoAyvDWhU=
Subject key identifier:   C0:9F:5B:B6:4E:3E:AE:5F:39:49:C1:EB:9C:76:9D:A7:15:C0:F6:07
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B267A88083FE356B3743DA03BCD2DF
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/wJ9btk4-rl85ScHrnHadpxXA9gc.roa
Signing time:             Wed 01 Jan 2025 11:48:47 +0000
ROA not before:           Wed 01 Jan 2025 11:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201848
IP address blocks:        85.143.172.0/22 maxlen: 22
                          85.143.208.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:67:a8:80:83:fe:35:6b:37:43:da:03:bc:d2:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c09f5bb64e3eae5f3949c1eb9c769da715c0f607
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:4a:7c:a7:5f:4d:ac:6b:21:fa:a0:a0:a8:80:
                    65:6b:e1:72:0d:b8:55:8d:fc:ff:4e:7a:1e:33:2c:
                    1d:06:5d:ac:02:d9:e1:d9:40:70:36:a6:7f:a8:6d:
                    5e:69:6c:6d:ea:0f:cc:54:f7:ce:f4:ef:8a:40:da:
                    55:f0:dc:fa:39:7b:0c:11:19:56:8e:37:d0:13:0a:
                    3c:2a:98:68:dd:d3:0a:20:86:1a:e9:01:c9:87:e1:
                    c5:c2:9c:52:72:32:1b:59:09:cd:0e:a2:ec:95:a0:
                    e4:5a:ed:fd:a6:79:2b:4f:78:e2:e9:dc:75:fa:41:
                    82:58:5f:db:b9:73:6d:8a:c1:60:9a:68:97:a4:45:
                    1b:37:b0:33:31:3a:f1:07:79:b2:c4:8b:4c:ca:9d:
                    7d:08:65:03:39:13:94:77:13:49:4c:c4:e9:80:79:
                    60:83:34:52:9a:36:e0:88:d2:35:0d:7f:50:5f:f0:
                    d6:61:10:c5:7f:a7:81:40:ef:64:20:f0:2a:46:a6:
                    da:91:ed:20:ab:a1:36:9e:6a:5f:11:af:a0:e9:4b:
                    34:18:13:f2:65:33:55:20:80:aa:ab:99:de:20:61:
                    46:f4:13:b7:84:c4:a8:4a:f6:ad:0f:6e:56:ea:6b:
                    22:65:6f:28:23:7d:0e:e5:ca:c9:30:77:47:9d:36:
                    0c:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:9F:5B:B6:4E:3E:AE:5F:39:49:C1:EB:9C:76:9D:A7:15:C0:F6:07
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/wJ9btk4-rl85ScHrnHadpxXA9gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.172.0/22
                  85.143.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8d:c1:4e:ef:c9:d7:95:3a:a4:6c:ae:b7:fd:22:5d:ad:13:08:
         7f:a5:d4:c3:b3:29:d7:ae:77:c6:0f:6b:f7:45:35:2b:85:73:
         04:0d:90:7d:93:1d:2b:db:c7:31:b2:14:ed:51:7a:58:50:70:
         f1:6d:72:ec:57:e4:d0:16:14:b1:08:19:d0:e7:17:f5:e1:f6:
         20:9a:f3:1b:88:d8:6e:f8:0e:74:27:1b:b1:1a:01:91:fb:6e:
         91:3c:0f:65:e6:72:f3:66:c8:c4:81:c0:e7:e8:6a:e5:58:e5:
         91:dc:c0:ec:ed:b3:3b:45:22:76:58:78:64:27:1c:ed:39:5f:
         85:d5:85:15:b9:49:9a:af:ef:e0:e3:e8:95:3b:90:4e:3e:dc:
         04:5d:20:d6:5e:c6:6b:4f:2c:b7:4e:fa:c3:b7:3a:b7:87:4b:
         98:09:47:ef:b6:5a:17:69:6a:7e:10:72:ce:a8:eb:50:44:ca:
         6f:2c:8c:e7:90:45:77:88:bd:e4:a9:4e:02:35:cc:c8:98:b1:
         29:d9:b0:76:69:0e:09:a5:b5:75:80:43:be:a3:26:a8:a6:0c:
         9d:00:b7:10:e3:33:c2:d7:6c:56:a8:fe:f4:05:70:bd:65:7c:
         7f:ef:b7:bf:ad:2d:4c:ec:5c:96:b1:b5:e5:ec:1c:b5:eb:73:
         3b:ba:6f:c2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsmeogIP+NWs3Q9oDvNLfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDlmNWJiNjRlM2VhZTVmMzk0OWMxZWI5Yzc2OWRhNzE1YzBmNjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA80p8p19NrGsh+qCgqIBla+FyDbhV
jfz/TnoeMywdBl2sAtnh2UBwNqZ/qG1eaWxt6g/MVPfO9O+KQNpV8Nz6OXsMERlW
jjfQEwo8Kpho3dMKIIYa6QHJh+HFwpxScjIbWQnNDqLslaDkWu39pnkrT3ji6dx1
+kGCWF/buXNtisFgmmiXpEUbN7AzMTrxB3myxItMyp19CGUDOROUdxNJTMTpgHlg
gzRSmjbgiNI1DX9QX/DWYRDFf6eBQO9kIPAqRqbake0gq6E2nmpfEa+g6Us0GBPy
ZTNVIICqq5neIGFG9BO3hMSoSvatD25W6msiZW8oI30O5crJMHdHnTYMdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMCfW7ZOPq5fOUnB65x2nacVwPYHMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvd0o5YnRrNC1ybDg1U2NIcm5IYWRweFhBOWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCVY+sAwQE
VY/QMA0GCSqGSIb3DQEBCwUAA4IBAQCNwU7vydeVOqRsrrf9Il2tEwh/pdTDsynX
rnfGD2v3RTUrhXMEDZB9kx0r28cxshTtUXpYUHDxbXLsV+TQFhSxCBnQ5xf14fYg
mvMbiNhu+A50JxuxGgGR+26RPA9l5nLzZsjEgcDn6GrlWOWR3MDs7bM7RSJ2WHhk
JxztOV+F1YUVuUmar+/g4+iVO5BOPtwEXSDWXsZrTyy3TvrDtzq3h0uYCUfvtloX
aWp+EHLOqOtQRMpvLIznkEV3iL3kqU4CNczImLEp2bB2aQ4JpbV1gEO+oyaopgyd
ALcQ4zPC12xWqP70BXC9ZXx/77e/rS1M7FyWsbXl7By163M7um/C
-----END CERTIFICATE-----