Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/2LnROawt0tlL3N9W1IfVcRj7BjQ.roa
File:                     2LnROawt0tlL3N9W1IfVcRj7BjQ.roa (raw, json)
Hash identifier:          8wDotcztEkzc34NpjSHdA5/gcBiBKKeESLNNav77XbA=
Subject key identifier:   D8:B9:D1:39:AC:2D:D2:D9:4B:DC:DF:56:D4:87:D5:71:18:FB:06:34
Certificate issuer:       /CN=1efa596a3126ace029c6d70d529257e07b38ba06
Certificate serial:       01902B6801752DAA7791B70B9E29C59B7877
Authority key identifier: 1E:FA:59:6A:31:26:AC:E0:29:C6:D7:0D:52:92:57:E0:7B:38:BA:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/2LnROawt0tlL3N9W1IfVcRj7BjQ.roa
Signing time:             Tue 18 Jun 2024 12:52:34 +0000
ROA not before:           Tue 18 Jun 2024 12:52:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        128.139.4.0/24 maxlen: 24
                          128.139.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2b:68:01:75:2d:aa:77:91:b7:0b:9e:29:c5:9b:78:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1efa596a3126ace029c6d70d529257e07b38ba06
        Validity
            Not Before: Jun 18 12:52:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8b9d139ac2dd2d94bdcdf56d487d57118fb0634
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ef:90:c9:90:bf:97:9f:d8:54:02:e9:b6:37:
                    40:cc:9e:a2:2d:3e:05:a8:0d:71:49:be:9b:4b:a4:
                    5d:9d:a5:b2:b7:fd:51:87:a2:6a:2e:41:1f:20:f2:
                    a7:db:49:e4:7d:b5:6a:be:c9:59:64:5c:3d:b9:68:
                    ea:2a:4c:55:e8:53:e3:ef:8e:d6:05:b4:70:4e:b2:
                    26:fa:19:6e:ff:74:25:45:39:d3:bf:d5:f3:63:95:
                    0a:b0:4a:77:02:00:55:94:28:a3:1d:8a:a7:7e:64:
                    6f:60:29:5e:cd:91:e7:6c:58:d1:b0:e3:5a:32:e1:
                    89:7f:26:cb:da:09:58:52:66:de:28:26:05:61:86:
                    c0:5a:43:3d:9a:6c:a3:89:c2:1d:04:b6:40:52:a5:
                    d2:0d:d1:6e:fa:aa:a0:14:7b:95:41:2c:01:35:30:
                    fb:e9:20:dd:e4:27:b4:87:a7:d0:f0:0b:d8:af:97:
                    bd:f1:22:9f:56:16:71:36:64:f4:fd:90:b6:c4:f9:
                    45:81:9c:f1:1a:e0:92:f7:1a:f2:4f:45:03:62:90:
                    d6:58:f9:50:40:be:ff:d1:72:ed:0b:73:15:37:d2:
                    da:46:59:4f:a7:bf:98:85:26:5d:cb:cd:ea:8e:62:
                    34:2c:ae:fb:ed:30:09:02:76:8b:16:01:d8:a5:cc:
                    2b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:B9:D1:39:AC:2D:D2:D9:4B:DC:DF:56:D4:87:D5:71:18:FB:06:34
            X509v3 Authority Key Identifier:
                keyid:1E:FA:59:6A:31:26:AC:E0:29:C6:D7:0D:52:92:57:E0:7B:38:BA:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/2LnROawt0tlL3N9W1IfVcRj7BjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.139.4.0/24
                  128.139.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:8e:a4:5f:e4:8e:d0:f4:42:9b:21:8d:8d:36:e8:2e:aa:36:
         98:a3:8a:3f:73:41:92:88:13:e6:a9:a9:e4:b5:74:2f:27:ad:
         d2:d9:1b:08:ef:57:43:ae:ba:f5:f0:17:df:4e:90:a3:b5:4f:
         c8:11:32:cf:d5:43:b3:32:de:31:dc:8c:b1:d8:a7:2a:c3:b6:
         f7:ca:5b:61:6e:ab:02:15:6e:e8:15:5b:5d:fe:16:a0:28:14:
         17:0a:f5:78:c2:88:d2:68:71:b8:ee:2b:56:5b:b5:42:71:de:
         a8:0c:18:4b:a8:0d:1f:64:80:1b:fc:a7:8b:70:c2:c0:6e:f4:
         3e:8f:c1:85:8d:e8:f9:5d:2c:de:c3:bb:db:30:02:6a:28:16:
         fa:20:9b:87:e2:da:84:b9:56:fb:b4:12:26:74:0f:7e:6b:17:
         67:d7:a4:ab:44:32:7d:27:d3:68:fb:a0:a8:62:8c:cf:69:88:
         c5:5a:46:05:27:06:8c:bb:45:3b:77:90:be:ed:33:78:0f:d0:
         83:b5:29:02:47:2d:69:68:85:b2:4b:f7:60:6e:d9:81:88:e0:
         92:09:6a:91:ba:23:b5:93:ef:57:df:57:a9:aa:3e:26:da:6a:
         62:c2:05:ee:c8:94:1f:44:7f:44:2e:65:41:a9:53:39:9f:b3:
         0f:c4:e4:ba
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZAraAF1Lap3kbcLninFm3h3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlZmE1OTZhMzEyNmFjZTAyOWM2ZDcwZDUyOTI1N2UwN2Iz
OGJhMDYwHhcNMjQwNjE4MTI1MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGI5ZDEzOWFjMmRkMmQ5NGJkY2RmNTZkNDg3ZDU3MTE4ZmIwNjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtu+QyZC/l5/YVALptjdAzJ6iLT4F
qA1xSb6bS6RdnaWyt/1Rh6JqLkEfIPKn20nkfbVqvslZZFw9uWjqKkxV6FPj747W
BbRwTrIm+hlu/3QlRTnTv9XzY5UKsEp3AgBVlCijHYqnfmRvYClezZHnbFjRsONa
MuGJfybL2glYUmbeKCYFYYbAWkM9mmyjicIdBLZAUqXSDdFu+qqgFHuVQSwBNTD7
6SDd5Ce0h6fQ8AvYr5e98SKfVhZxNmT0/ZC2xPlFgZzxGuCS9xryT0UDYpDWWPlQ
QL7/0XLtC3MVN9LaRllPp7+YhSZdy83qjmI0LK777TAJAnaLFgHYpcwrvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNi50TmsLdLZS9zfVtSH1XEY+wY0MB8GA1UdIwQY
MBaAFB76WWoxJqzgKcbXDVKSV+B7OLoGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHZwWmFqRW1yT0FweHRjTlVwSlg0SHM0dWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zY2M3OGEtOGZiNS00NzVhLTg4ODIt
OWQwYzYyMDczNWYxLzEvMkxuUk9hd3QwdGxMM045VzFJZlZjUmo3QmpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zY2M3OGEtOGZiNS00NzVhLTg4ODItOWQwYzYyMDczNWYx
LzEvSHZwWmFqRW1yT0FweHRjTlVwSlg0SHM0dWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAgIsEAwQA
gIsGMA0GCSqGSIb3DQEBCwUAA4IBAQCSjqRf5I7Q9EKbIY2NNuguqjaYo4o/c0GS
iBPmqanktXQvJ63S2RsI71dDrrr18BffTpCjtU/IETLP1UOzMt4x3Iyx2Kcqw7b3
ylthbqsCFW7oFVtd/hagKBQXCvV4wojSaHG47itWW7VCcd6oDBhLqA0fZIAb/KeL
cMLAbvQ+j8GFjej5XSzew7vbMAJqKBb6IJuH4tqEuVb7tBImdA9+axdn16SrRDJ9
J9No+6CoYozPaYjFWkYFJwaMu0U7d5C+7TN4D9CDtSkCRy1paIWyS/dgbtmBiOCS
CWqRuiO1k+9X31epqj4m2mpiwgXuyJQfRH9ELmVBqVM5n7MPxOS6
-----END CERTIFICATE-----