Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/xKB2saJiTW-9w0UZ-JDSD04Tm9Q.roa
File:                     xKB2saJiTW-9w0UZ-JDSD04Tm9Q.roa (raw, json)
Hash identifier:          rODDzNp5o158G0nlbQXPqBNrMAzGgZA+BetdQW5s+As=
Subject key identifier:   C4:A0:76:B1:A2:62:4D:6F:BD:C3:45:19:F8:90:D2:0F:4E:13:9B:D4
Certificate issuer:       /CN=de92a1ac8910cf5c865de5b0231b09d04e1132f3
Certificate serial:       018CC5DC1290962A8AA74858537559EE01F9
Authority key identifier: DE:92:A1:AC:89:10:CF:5C:86:5D:E5:B0:23:1B:09:D0:4E:11:32:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/xKB2saJiTW-9w0UZ-JDSD04Tm9Q.roa
Signing time:             Mon 01 Jan 2024 16:29:43 +0000
ROA not before:           Mon 01 Jan 2024 16:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197382
IP address blocks:        138.124.182.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 19:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:12:90:96:2a:8a:a7:48:58:53:75:59:ee:01:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de92a1ac8910cf5c865de5b0231b09d04e1132f3
        Validity
            Not Before: Jan  1 16:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4a076b1a2624d6fbdc34519f890d20f4e139bd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:9e:7f:c2:0c:7b:e0:3b:89:77:43:94:90:95:
                    93:04:b5:d4:90:1c:fa:a6:04:8e:1f:3f:a1:8b:5f:
                    fc:56:e2:16:af:20:17:90:93:25:e7:09:5b:3d:e7:
                    e4:92:c6:00:4a:7e:aa:30:5c:c8:dc:79:32:8b:bd:
                    cc:45:35:bd:31:31:f6:fa:d2:08:da:90:5f:b3:a6:
                    5e:f8:95:34:6d:82:76:91:b5:ab:c4:ea:6c:3c:ef:
                    0c:9f:72:e3:9e:1f:3c:49:a6:02:58:71:85:e3:72:
                    74:e2:28:9b:aa:26:76:2a:1c:90:17:91:49:39:20:
                    56:57:c2:58:82:5d:60:11:52:75:74:30:34:b5:5a:
                    46:7c:e3:81:7c:7e:c5:2b:32:3c:76:89:a4:2c:02:
                    15:d7:47:5a:89:bb:18:15:6e:1e:25:4a:75:6f:f4:
                    de:78:5a:9a:bb:13:15:b5:ba:e2:27:8d:2f:30:56:
                    1d:85:17:21:1b:f3:53:6a:d5:83:47:3e:34:03:7f:
                    e9:e9:97:af:e6:c6:0f:57:ca:f1:92:a5:4f:1a:de:
                    b7:4d:61:bf:05:4d:40:93:39:ae:b3:8a:b9:68:7c:
                    e3:33:53:65:77:7b:72:cb:87:38:22:92:62:11:3a:
                    53:65:78:13:ec:30:45:a5:d4:4e:28:81:ec:4f:35:
                    0f:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:A0:76:B1:A2:62:4D:6F:BD:C3:45:19:F8:90:D2:0F:4E:13:9B:D4
            X509v3 Authority Key Identifier:
                keyid:DE:92:A1:AC:89:10:CF:5C:86:5D:E5:B0:23:1B:09:D0:4E:11:32:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/xKB2saJiTW-9w0UZ-JDSD04Tm9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.124.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:de:ee:ba:9a:72:30:af:51:92:77:61:40:ec:0d:17:63:8b:
         35:40:ed:87:ab:b9:4e:ae:b4:f9:42:b4:c5:ef:d4:a7:56:42:
         d8:40:76:42:0a:36:f4:b5:ff:e8:0f:82:65:03:28:ef:de:5f:
         1b:5c:51:4d:d4:e0:51:2e:ae:9f:00:31:d0:de:0b:ce:5f:50:
         a3:04:e5:65:82:f8:07:5f:ef:49:e8:c3:ed:43:53:0d:11:f6:
         18:3e:15:d5:4c:75:f7:57:b1:1b:0a:90:2a:a4:70:8e:1c:ba:
         8b:83:b2:59:db:9c:53:61:54:7e:93:3c:ee:9f:49:13:cd:50:
         c1:2a:31:6c:3f:94:ea:cb:6f:23:9f:92:18:66:d5:46:2a:10:
         fd:ef:00:ee:09:70:f1:85:98:ed:b7:b0:d9:ec:f5:11:16:21:
         6f:d8:62:1e:81:90:16:a6:ed:1b:cd:c5:72:09:94:ec:2f:d4:
         77:2f:90:90:f2:2c:fc:e1:0a:5d:d0:5f:ec:d4:f7:54:cf:9f:
         9f:c6:68:99:6c:37:9a:11:84:95:2e:9e:1f:b2:ce:af:72:33:
         ce:d1:a3:82:a9:e2:0b:44:1d:72:86:f9:51:df:a4:e0:85:7f:
         33:b7:9d:e9:1a:d8:6c:3e:8a:2a:8e:de:f0:51:e7:90:aa:ff:
         ba:67:3f:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3BKQliqKp0hYU3VZ7gH5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlOTJhMWFjODkxMGNmNWM4NjVkZTViMDIzMWIwOWQwNGUx
MTMyZjMwHhcNMjQwMTAxMTYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGEwNzZiMWEyNjI0ZDZmYmRjMzQ1MTlmODkwZDIwZjRlMTM5YmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqp5/wgx74DuJd0OUkJWTBLXUkBz6
pgSOHz+hi1/8VuIWryAXkJMl5wlbPefkksYASn6qMFzI3Hkyi73MRTW9MTH2+tII
2pBfs6Ze+JU0bYJ2kbWrxOpsPO8Mn3Ljnh88SaYCWHGF43J04iibqiZ2KhyQF5FJ
OSBWV8JYgl1gEVJ1dDA0tVpGfOOBfH7FKzI8domkLAIV10daibsYFW4eJUp1b/Te
eFqauxMVtbriJ40vMFYdhRchG/NTatWDRz40A3/p6Zev5sYPV8rxkqVPGt63TWG/
BU1Akzmus4q5aHzjM1Nld3tyy4c4IpJiETpTZXgT7DBFpdROKIHsTzUPtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSgdrGiYk1vvcNFGfiQ0g9OE5vUMB8GA1UdIwQY
MBaAFN6SoayJEM9chl3lsCMbCdBOETLzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3BLaHJJa1F6MXlHWGVXd0l4c0owRTRSTXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS80Mzc3ZDYtNTE1Yy00MjBhLTkxMzQt
NjllMzM3ODg0Y2M5LzEveEtCMnNhSmlUVy05dzBVWi1KRFNEMDRUbTlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS80Mzc3ZDYtNTE1Yy00MjBhLTkxMzQtNjllMzM3ODg0Y2M5
LzEvM3BLaHJJa1F6MXlHWGVXd0l4c0owRTRSTXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAiny2MA0G
CSqGSIb3DQEBCwUAA4IBAQA43u66mnIwr1GSd2FA7A0XY4s1QO2Hq7lOrrT5QrTF
79SnVkLYQHZCCjb0tf/oD4JlAyjv3l8bXFFN1OBRLq6fADHQ3gvOX1CjBOVlgvgH
X+9J6MPtQ1MNEfYYPhXVTHX3V7EbCpAqpHCOHLqLg7JZ25xTYVR+kzzun0kTzVDB
KjFsP5Tqy28jn5IYZtVGKhD97wDuCXDxhZjtt7DZ7PURFiFv2GIegZAWpu0bzcVy
CZTsL9R3L5CQ8iz84Qpd0F/s1PdUz5+fxmiZbDeaEYSVLp4fss6vcjPO0aOCqeIL
RB1yhvlR36TghX8zt53pGthsPooqjt7wUeeQqv+6Zz+v
-----END CERTIFICATE-----