Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/xzNEP_0ZHqJNVslG576avUhq8jA.roa
File:                     xzNEP_0ZHqJNVslG576avUhq8jA.roa (raw, json)
Hash identifier:          aMYJ4MCAvmzZ+Bu3WS4P+V6dCvB6HQt+wUY45qKySAs=
Subject key identifier:   C7:33:44:3F:FD:19:1E:A2:4D:56:C9:46:E7:BE:9A:BD:48:6A:F2:30
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B269CB9944EE2B7F49EF58AF490107
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/xzNEP_0ZHqJNVslG576avUhq8jA.roa
Signing time:             Wed 01 Jan 2025 11:48:48 +0000
ROA not before:           Wed 01 Jan 2025 11:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203004
IP address blocks:        85.143.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:69:cb:99:44:ee:2b:7f:49:ef:58:af:49:01:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c733443ffd191ea24d56c946e7be9abd486af230
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:40:39:9b:6c:a5:ef:49:2c:33:eb:ad:22:ad:
                    1c:bd:6b:a7:63:f7:72:17:77:da:66:5f:0f:e5:cd:
                    f6:1e:d2:af:99:b9:24:9c:87:97:57:ef:29:98:76:
                    2c:6f:cc:e2:3c:30:4f:0e:75:3d:2a:17:9a:52:a3:
                    c5:62:ba:25:96:7c:6d:95:c6:3b:c5:60:c0:8f:cd:
                    14:50:d1:1c:c2:ea:3f:a3:31:46:b6:30:ad:10:67:
                    15:38:09:28:c9:20:45:42:6d:cb:2f:20:60:ed:57:
                    00:13:8d:25:67:16:2c:dc:e5:71:c3:50:d8:3d:c0:
                    e2:57:01:e0:53:69:9a:d6:b9:d8:eb:ec:50:4f:fd:
                    47:01:04:c6:43:5e:38:fa:7c:ec:8e:da:3f:84:c7:
                    d8:8d:f2:bc:72:35:5a:b1:e3:d1:d4:28:48:0b:73:
                    8f:b0:4d:85:69:69:24:2f:d4:64:fb:ec:97:a8:bf:
                    b1:96:9d:38:d1:28:22:a0:f3:39:dd:78:da:59:41:
                    3e:92:56:e9:e9:c6:75:ae:f5:7e:56:40:ab:f1:b1:
                    2c:29:5d:e2:26:16:b1:de:96:ce:48:61:85:26:03:
                    57:8e:20:2e:30:8d:4d:53:0a:05:77:87:1c:4c:a5:
                    aa:92:16:95:bb:04:b9:18:ec:1c:80:78:39:b4:c8:
                    63:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:33:44:3F:FD:19:1E:A2:4D:56:C9:46:E7:BE:9A:BD:48:6A:F2:30
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/xzNEP_0ZHqJNVslG576avUhq8jA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:23:d8:0a:04:82:69:b5:d0:e8:7c:a9:a4:c9:27:63:58:0d:
         06:2d:76:22:fc:6f:f6:ea:92:7b:ea:9f:56:b5:eb:37:62:23:
         a4:76:59:40:0f:37:13:f8:d8:20:04:fe:2c:ff:1c:83:24:2a:
         1a:88:81:45:33:8a:af:94:6a:f0:f5:91:1f:c6:61:ab:4c:a8:
         33:73:72:43:cd:61:49:58:8a:4e:73:7e:7f:23:dd:38:bd:9c:
         69:21:bf:e6:ee:ff:c3:9c:3c:14:24:c7:f2:85:d6:f0:72:1d:
         6a:8d:20:72:5f:c9:f0:86:e3:4d:a1:85:4d:b8:23:b5:54:96:
         65:66:53:41:f2:83:cc:aa:d2:d2:d7:c7:e8:7d:2b:d1:7b:60:
         f8:5d:f1:b6:d5:41:42:88:93:8b:dd:03:43:a1:18:da:a2:58:
         21:f1:cb:06:50:5b:a9:68:a7:b9:3c:b3:1d:cc:ee:b5:23:b6:
         8e:de:97:4d:85:a3:91:5b:14:57:3b:af:8c:d7:b7:09:04:a3:
         7a:de:c6:ba:4c:69:04:4c:55:95:72:59:0f:76:7e:b4:33:7d:
         d3:64:e4:7d:e3:16:f5:95:6e:33:6a:d4:be:27:cf:59:a6:06:
         aa:13:ec:a3:a8:0a:aa:cc:77:0e:8a:0e:8e:2c:49:e6:e2:65:
         80:74:69:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsmnLmUTuK39J71ivSQEHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzMzNDQzZmZkMTkxZWEyNGQ1NmM5NDZlN2JlOWFiZDQ4NmFmMjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkA5m2yl70ksM+utIq0cvWunY/dy
F3faZl8P5c32HtKvmbkknIeXV+8pmHYsb8ziPDBPDnU9KheaUqPFYrollnxtlcY7
xWDAj80UUNEcwuo/ozFGtjCtEGcVOAkoySBFQm3LLyBg7VcAE40lZxYs3OVxw1DY
PcDiVwHgU2ma1rnY6+xQT/1HAQTGQ144+nzsjto/hMfYjfK8cjVasePR1ChIC3OP
sE2FaWkkL9Rk++yXqL+xlp040SgioPM53XjaWUE+klbp6cZ1rvV+VkCr8bEsKV3i
Jhax3pbOSGGFJgNXjiAuMI1NUwoFd4ccTKWqkhaVuwS5GOwcgHg5tMhjFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMczRD/9GR6iTVbJRue+mr1IavIwMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEveHpORVBfMFpIcUpOVnNsRzU3NmF2VWhxOGpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVY/KMA0G
CSqGSIb3DQEBCwUAA4IBAQAuI9gKBIJptdDofKmkySdjWA0GLXYi/G/26pJ76p9W
tes3YiOkdllADzcT+NggBP4s/xyDJCoaiIFFM4qvlGrw9ZEfxmGrTKgzc3JDzWFJ
WIpOc35/I904vZxpIb/m7v/DnDwUJMfyhdbwch1qjSByX8nwhuNNoYVNuCO1VJZl
ZlNB8oPMqtLS18fofSvRe2D4XfG21UFCiJOL3QNDoRjaolgh8csGUFupaKe5PLMd
zO61I7aO3pdNhaORWxRXO6+M17cJBKN63sa6TGkETFWVclkPdn60M33TZOR94xb1
lW4zatS+J89ZpgaqE+yjqAqqzHcOig6OLEnm4mWAdGkE
-----END CERTIFICATE-----