Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/pFdc9GKBdXBjaKb_bkpy4pwiK_0.roa
File:                     pFdc9GKBdXBjaKb_bkpy4pwiK_0.roa (raw, json)
Hash identifier:          8795JOEM2aEDEqQnWkWWkhSBntyGxcwSFS+eMBONKHk=
Subject key identifier:   A4:57:5C:F4:62:81:75:70:63:68:A6:FF:6E:4A:72:E2:9C:22:2B:FD
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       019421B1D3A918289F976F4714AC2D7DD9F9
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/pFdc9GKBdXBjaKb_bkpy4pwiK_0.roa
Signing time:             Wed 01 Jan 2025 11:48:09 +0000
ROA not before:           Wed 01 Jan 2025 11:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198774
IP address blocks:        128.127.144.0/24 maxlen: 24
                          128.127.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:d3:a9:18:28:9f:97:6f:47:14:ac:2d:7d:d9:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 11:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4575cf4628175706368a6ff6e4a72e29c222bfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3e:de:fd:6f:50:d6:a8:c2:0f:f6:a4:a5:ec:
                    80:8a:31:8e:6e:47:5e:9f:32:18:33:49:e2:62:5b:
                    81:05:32:3a:89:47:bc:8d:e0:b5:b9:58:e1:11:75:
                    f0:1c:5f:f2:53:c2:a7:ef:e0:b7:a1:67:0e:c8:61:
                    ed:19:eb:dc:2d:9a:41:ad:65:04:58:7b:c4:4c:35:
                    33:1e:93:73:b9:89:d3:5e:12:5e:6e:bb:89:4f:fd:
                    5d:1c:33:0f:6d:26:fd:79:d6:d3:69:d0:3c:f8:ed:
                    77:e8:e3:58:3e:dc:f8:a2:c6:ad:92:f3:57:9f:70:
                    2c:7c:2d:33:75:69:83:ac:cf:3d:a1:a1:d7:07:5b:
                    a7:e7:f9:83:c3:e2:18:75:0f:cb:54:87:43:61:d7:
                    27:11:9e:bb:3c:0e:74:89:5d:b4:32:79:85:ca:41:
                    ab:9e:5f:94:97:f9:78:22:3c:32:48:82:fc:05:73:
                    31:27:37:dc:a3:f7:90:41:23:f2:48:2a:2b:4d:78:
                    f1:9e:70:70:cd:fe:88:51:51:64:4c:75:df:de:bb:
                    7a:10:7c:af:cb:b5:6a:3a:9c:30:8b:71:49:96:71:
                    6f:9a:e4:c2:e9:a8:20:c1:e5:b6:39:5d:b1:d5:5b:
                    17:5d:a3:e0:cd:4d:6f:8f:2c:85:f9:60:43:4c:9c:
                    39:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:57:5C:F4:62:81:75:70:63:68:A6:FF:6E:4A:72:E2:9C:22:2B:FD
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/pFdc9GKBdXBjaKb_bkpy4pwiK_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.127.144.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5d:d6:22:61:d1:43:99:0f:24:0f:fe:17:76:e8:b2:a2:b0:fd:
         a4:a0:a9:03:f3:52:23:75:be:b6:67:7c:e8:ec:3d:31:12:bd:
         6f:8f:07:06:68:2c:05:15:ae:15:9b:d7:96:14:24:fd:18:8e:
         f6:73:2f:99:43:27:5e:c2:e5:04:47:f8:7d:e1:c5:0a:16:2a:
         7e:09:6e:39:4c:91:80:de:b1:77:67:79:d7:79:68:85:26:cc:
         0c:3d:74:0d:a1:1a:9b:5d:9c:9c:da:94:8c:91:70:c9:48:81:
         89:e6:0b:95:47:f9:08:1d:00:29:5e:3c:ab:ef:7e:50:31:f9:
         dc:38:bb:b6:58:c1:a7:18:d2:4d:69:af:dd:48:51:02:31:29:
         19:ee:20:55:43:ba:34:f9:d9:e7:88:2a:c3:63:37:6d:55:58:
         02:0f:78:6a:60:4a:74:3e:36:4f:c8:b2:12:a0:83:61:4f:ed:
         18:3e:b2:13:45:64:b0:ec:68:25:14:df:3f:2d:22:52:91:88:
         e9:cd:54:da:49:da:21:80:5b:84:b0:2e:03:c6:74:06:30:21:
         76:13:99:41:88:b3:69:e0:d5:09:76:39:fa:14:4e:74:81:69:
         d7:a9:e8:73:3f:ce:76:bd:55:3b:da:cf:69:50:58:9c:1d:3f:
         0f:d7:76:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsdOpGCifl29HFKwtfdn5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjUwMTAxMTE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDU3NWNmNDYyODE3NTcwNjM2OGE2ZmY2ZTRhNzJlMjljMjIyYmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArD7e/W9Q1qjCD/akpeyAijGObkde
nzIYM0niYluBBTI6iUe8jeC1uVjhEXXwHF/yU8Kn7+C3oWcOyGHtGevcLZpBrWUE
WHvETDUzHpNzuYnTXhJebruJT/1dHDMPbSb9edbTadA8+O136ONYPtz4osatkvNX
n3AsfC0zdWmDrM89oaHXB1un5/mDw+IYdQ/LVIdDYdcnEZ67PA50iV20MnmFykGr
nl+Ul/l4IjwySIL8BXMxJzfco/eQQSPySCorTXjxnnBwzf6IUVFkTHXf3rt6EHyv
y7VqOpwwi3FJlnFvmuTC6aggweW2OV2x1VsXXaPgzU1vjyyF+WBDTJw56wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRXXPRigXVwY2im/25KcuKcIiv9MB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvcEZkYzlHS0JkWEJqYUtiX2JrcHk0cHdpS18wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBgH+QMA0G
CSqGSIb3DQEBCwUAA4IBAQBd1iJh0UOZDyQP/hd26LKisP2koKkD81Ijdb62Z3zo
7D0xEr1vjwcGaCwFFa4Vm9eWFCT9GI72cy+ZQydewuUER/h94cUKFip+CW45TJGA
3rF3Z3nXeWiFJswMPXQNoRqbXZyc2pSMkXDJSIGJ5guVR/kIHQApXjyr735QMfnc
OLu2WMGnGNJNaa/dSFECMSkZ7iBVQ7o0+dnniCrDYzdtVVgCD3hqYEp0PjZPyLIS
oINhT+0YPrITRWSw7GglFN8/LSJSkYjpzVTaSdohgFuEsC4DxnQGMCF2E5lBiLNp
4NUJdjn6FE50gWnXqehzP852vVU72s9pUFicHT8P13Y4
-----END CERTIFICATE-----