Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/xKfu2bVO4W3GAggExl0R-bKa9_M.roa
File:                     xKfu2bVO4W3GAggExl0R-bKa9_M.roa (raw, json)
Hash identifier:          Rpg7gI/ZwbBbmyA7R0e5BASqB4baHjqp0h/Kpcus0rY=
Subject key identifier:   C4:A7:EE:D9:B5:4E:E1:6D:C6:02:08:04:C6:5D:11:F9:B2:9A:F7:F3
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B2682014A58C95FB5D572EFA5479EA
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/xKfu2bVO4W3GAggExl0R-bKa9_M.roa
Signing time:             Wed 01 Jan 2025 11:48:47 +0000
ROA not before:           Wed 01 Jan 2025 11:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202633
IP address blocks:        85.143.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 09:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:68:20:14:a5:8c:95:fb:5d:57:2e:fa:54:79:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4a7eed9b54ee16dc6020804c65d11f9b29af7f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:4a:57:5a:57:e6:0f:92:11:8e:cc:87:54:83:
                    3c:2a:d1:01:50:ca:6d:f5:f6:ee:0d:27:8c:7d:18:
                    ce:37:77:66:50:cd:52:10:45:03:89:17:bb:91:5d:
                    08:5e:f5:68:83:d5:dd:db:d7:b0:1e:0d:a5:9b:18:
                    1a:00:85:bc:3f:15:27:7e:42:1c:4f:08:19:4f:dd:
                    1c:15:e9:e1:b4:14:40:f3:f1:7b:fd:81:b7:90:c3:
                    1f:55:24:d9:31:e3:e3:5b:7d:69:1c:0a:bc:53:a6:
                    41:ce:cf:fb:9b:54:b1:ba:12:70:c6:29:da:8a:2c:
                    d0:d3:4c:d4:5d:b0:34:94:1d:ec:98:8e:09:d8:a7:
                    c5:a3:e7:19:9e:38:20:55:62:df:0b:d1:6f:87:0a:
                    a1:76:d4:0f:6f:5e:96:4d:e5:71:e8:24:32:7a:7e:
                    cb:06:18:de:12:2e:62:1c:58:64:74:40:14:b3:6e:
                    a6:e6:00:34:ba:33:a1:2b:fd:b2:f9:c5:ac:1b:22:
                    c1:66:ca:8b:a4:b5:d3:b4:95:62:bf:30:0d:e7:d9:
                    27:b4:18:13:5e:e4:7b:f4:e7:03:a3:4c:a2:55:c3:
                    ad:28:6e:ae:85:d2:89:45:67:eb:3d:16:71:ef:09:
                    cb:a1:62:3a:f5:fa:49:d4:dc:96:94:7e:99:2a:2d:
                    c4:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:A7:EE:D9:B5:4E:E1:6D:C6:02:08:04:C6:5D:11:F9:B2:9A:F7:F3
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/xKfu2bVO4W3GAggExl0R-bKa9_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:0d:cb:9e:8c:a0:3a:8d:27:44:ad:41:64:38:6b:09:e3:6d:
         8a:dd:fa:15:f5:f5:e5:ec:6f:07:8b:d6:55:97:a4:85:95:3a:
         fb:e3:8c:2f:18:ea:61:ad:37:e7:71:9d:c2:9c:e8:78:2a:80:
         f6:36:e7:8d:6d:7b:b3:c2:13:cc:3a:31:0c:e6:89:6b:91:1d:
         b4:33:64:68:7a:65:8d:26:25:c6:1f:82:7a:77:8d:7e:68:e2:
         02:2d:d6:71:06:5b:59:96:a0:59:b0:25:d4:83:8f:9b:e8:22:
         91:2d:30:fc:b0:8b:70:3e:4b:ea:b3:df:9a:0a:32:65:27:f0:
         64:c3:b7:a5:07:86:53:41:f7:2f:cc:7d:05:9b:73:9a:c5:b8:
         d1:e5:b3:cf:62:02:9b:a7:2a:71:f3:64:a4:12:20:29:58:ec:
         ff:ff:f6:1d:a9:9f:11:69:4c:86:73:44:fc:fd:31:c2:3c:27:
         52:7f:c0:23:29:90:1f:4b:1f:7d:86:a8:c8:17:4a:83:50:81:
         13:99:d1:58:a9:fe:34:50:d5:bd:87:13:c3:0b:d1:d6:85:10:
         a4:aa:13:80:38:5c:b4:58:b4:b8:53:ef:86:fa:97:7d:12:3e:
         a9:61:37:09:76:1a:a1:b2:56:6f:f5:df:10:e7:e0:3b:dd:be:
         8a:12:73:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsmggFKWMlftdVy76VHnqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGE3ZWVkOWI1NGVlMTZkYzYwMjA4MDRjNjVkMTFmOWIyOWFmN2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA20pXWlfmD5IRjsyHVIM8KtEBUMpt
9fbuDSeMfRjON3dmUM1SEEUDiRe7kV0IXvVog9Xd29ewHg2lmxgaAIW8PxUnfkIc
TwgZT90cFenhtBRA8/F7/YG3kMMfVSTZMePjW31pHAq8U6ZBzs/7m1SxuhJwxina
iizQ00zUXbA0lB3smI4J2KfFo+cZnjggVWLfC9FvhwqhdtQPb16WTeVx6CQyen7L
BhjeEi5iHFhkdEAUs26m5gA0ujOhK/2y+cWsGyLBZsqLpLXTtJVivzAN59kntBgT
XuR79OcDo0yiVcOtKG6uhdKJRWfrPRZx7wnLoWI69fpJ1NyWlH6ZKi3EVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSn7tm1TuFtxgIIBMZdEfmymvfzMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEveEtmdTJiVk80VzNHQWdnRXhsMFItYkthOV9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVY/3MA0G
CSqGSIb3DQEBCwUAA4IBAQBrDcuejKA6jSdErUFkOGsJ422K3foV9fXl7G8Hi9ZV
l6SFlTr744wvGOphrTfncZ3CnOh4KoD2NueNbXuzwhPMOjEM5olrkR20M2RoemWN
JiXGH4J6d41+aOICLdZxBltZlqBZsCXUg4+b6CKRLTD8sItwPkvqs9+aCjJlJ/Bk
w7elB4ZTQfcvzH0Fm3OaxbjR5bPPYgKbpypx82SkEiApWOz///YdqZ8RaUyGc0T8
/THCPCdSf8AjKZAfSx99hqjIF0qDUIETmdFYqf40UNW9hxPDC9HWhRCkqhOAOFy0
WLS4U++G+pd9Ej6pYTcJdhqhslZv9d8Q5+A73b6KEnOP
-----END CERTIFICATE-----