Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/0365de-8008-4713-ab99-619fa80b8d74/1/2ksl-0DaqqPMJOIcVSjRYw3oowo.roa
File:                     2ksl-0DaqqPMJOIcVSjRYw3oowo.roa (raw, json)
Hash identifier:          bR5/CsRer/6UzbcdOln79yAgzHl3TX5cZlnxevkQmfk=
Subject key identifier:   DA:4B:25:FB:40:DA:AA:A3:CC:24:E2:1C:55:28:D1:63:0D:E8:A3:0A
Certificate issuer:       /CN=393d2f0a96199a060856cf67e2105fda2cb93d37
Certificate serial:       019422FBFDA029625AC32FF558E47F9DD372
Authority key identifier: 39:3D:2F:0A:96:19:9A:06:08:56:CF:67:E2:10:5F:DA:2C:B9:3D:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OT0vCpYZmgYIVs9n4hBf2iy5PTc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/0365de-8008-4713-ab99-619fa80b8d74/1/2ksl-0DaqqPMJOIcVSjRYw3oowo.roa
Signing time:             Wed 01 Jan 2025 17:48:47 +0000
ROA not before:           Wed 01 Jan 2025 17:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.133.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/0365de-8008-4713-ab99-619fa80b8d74/1/OT0vCpYZmgYIVs9n4hBf2iy5PTc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/0365de-8008-4713-ab99-619fa80b8d74/1/OT0vCpYZmgYIVs9n4hBf2iy5PTc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OT0vCpYZmgYIVs9n4hBf2iy5PTc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:fd:a0:29:62:5a:c3:2f:f5:58:e4:7f:9d:d3:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=393d2f0a96199a060856cf67e2105fda2cb93d37
        Validity
            Not Before: Jan  1 17:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da4b25fb40daaaa3cc24e21c5528d1630de8a30a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c3:8b:b7:14:b8:33:56:7a:c2:8a:c6:45:2e:
                    71:02:24:26:6e:e5:73:35:0f:0d:14:15:a8:d5:41:
                    7b:fa:70:1d:4b:d4:5d:5b:e5:56:1b:81:8a:8b:07:
                    d0:1d:46:b5:bb:bc:4f:cf:f5:1c:db:c4:e8:48:53:
                    2a:6f:d3:d6:ef:b1:9d:54:da:b9:d3:85:49:52:66:
                    72:9b:c4:59:dd:7d:c9:ff:7c:f1:af:0e:6d:fe:cd:
                    8f:b3:19:88:b1:65:99:d1:9b:9e:54:65:cd:ff:1b:
                    94:69:c9:b2:20:54:cc:72:fa:a0:6a:5d:2e:85:7c:
                    02:cf:a4:fa:20:67:49:42:90:c8:29:da:e6:86:54:
                    0b:e2:96:ee:38:a3:82:7b:59:cb:b4:bd:b3:0d:7f:
                    58:96:9e:45:9d:85:cd:e9:d9:53:28:42:e5:fd:1e:
                    70:f1:10:13:04:42:bb:91:5e:d2:10:64:a7:9c:d3:
                    d8:0b:21:4d:0c:02:05:72:6c:a1:21:b5:5f:70:87:
                    2d:8f:f4:6d:29:2b:be:43:61:cc:ec:d6:20:23:ad:
                    ab:a7:ef:24:3f:a5:5e:71:a9:d5:17:d2:9f:e7:22:
                    db:63:09:57:4d:f0:ff:f6:cc:40:15:80:f2:ab:06:
                    cf:b6:22:6d:f2:97:d7:70:7b:89:2a:54:64:0e:f7:
                    fd:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:4B:25:FB:40:DA:AA:A3:CC:24:E2:1C:55:28:D1:63:0D:E8:A3:0A
            X509v3 Authority Key Identifier:
                keyid:39:3D:2F:0A:96:19:9A:06:08:56:CF:67:E2:10:5F:DA:2C:B9:3D:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OT0vCpYZmgYIVs9n4hBf2iy5PTc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/0365de-8008-4713-ab99-619fa80b8d74/1/2ksl-0DaqqPMJOIcVSjRYw3oowo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/0365de-8008-4713-ab99-619fa80b8d74/1/OT0vCpYZmgYIVs9n4hBf2iy5PTc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:1f:dc:89:d5:b2:ac:46:f3:b3:51:a4:53:80:fc:85:1d:9b:
         04:c6:f3:1b:ca:3d:c1:f9:d1:bf:cf:c5:5f:34:98:28:21:ee:
         b3:ff:17:26:52:37:c6:f3:47:d4:12:b7:d7:c0:b5:0a:32:39:
         bf:bf:ae:93:84:6f:43:46:01:5a:23:12:e6:2b:60:16:b5:4e:
         34:31:75:45:a7:39:88:1a:d9:39:8b:20:62:6f:75:61:6b:61:
         60:6f:35:e6:4b:99:13:30:86:cb:a1:79:6c:50:c6:b7:34:af:
         97:fb:d1:30:9b:f1:73:a8:c9:89:ff:f3:65:4c:fc:50:27:2e:
         1a:9f:cc:7e:9a:ed:cf:84:cb:00:35:ef:5b:69:38:ac:a4:f2:
         1e:54:09:1e:d9:76:61:47:72:a9:db:1c:07:31:b0:11:b2:20:
         29:09:e4:bb:5e:4b:30:e1:eb:3e:db:7e:2c:20:5f:2a:04:a7:
         31:2c:ac:cb:e3:15:b1:6e:85:e4:d9:94:03:4c:21:35:95:02:
         f0:ac:44:0b:8d:be:a6:d0:53:2e:bc:ce:58:c0:ef:52:54:ab:
         84:de:fc:70:a3:a5:d0:9a:06:1f:b3:cb:c1:cf:d9:da:d2:fe:
         9f:78:53:e9:d1:31:98:03:7a:96:40:e3:ff:86:8c:b4:1f:ea:
         52:52:f1:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+/2gKWJawy/1WOR/ndNyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5M2QyZjBhOTYxOTlhMDYwODU2Y2Y2N2UyMTA1ZmRhMmNi
OTNkMzcwHhcNMjUwMTAxMTc0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTRiMjVmYjQwZGFhYWEzY2MyNGUyMWM1NTI4ZDE2MzBkZThhMzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncOLtxS4M1Z6worGRS5xAiQmbuVz
NQ8NFBWo1UF7+nAdS9RdW+VWG4GKiwfQHUa1u7xPz/Uc28ToSFMqb9PW77GdVNq5
04VJUmZym8RZ3X3J/3zxrw5t/s2PsxmIsWWZ0ZueVGXN/xuUacmyIFTMcvqgal0u
hXwCz6T6IGdJQpDIKdrmhlQL4pbuOKOCe1nLtL2zDX9Ylp5FnYXN6dlTKELl/R5w
8RATBEK7kV7SEGSnnNPYCyFNDAIFcmyhIbVfcIctj/RtKSu+Q2HM7NYgI62rp+8k
P6VecanVF9Kf5yLbYwlXTfD/9sxAFYDyqwbPtiJt8pfXcHuJKlRkDvf9awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNpLJftA2qqjzCTiHFUo0WMN6KMKMB8GA1UdIwQY
MBaAFDk9LwqWGZoGCFbPZ+IQX9osuT03MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1QwdkNwWVptZ1lJVnM5bjRoQmYyaXk1UFRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8wMzY1ZGUtODAwOC00NzEzLWFiOTkt
NjE5ZmE4MGI4ZDc0LzEvMmtzbC0wRGFxcVBNSk9JY1ZTalJZdzNvb3dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8wMzY1ZGUtODAwOC00NzEzLWFiOTktNjE5ZmE4MGI4ZDc0
LzEvT1QwdkNwWVptZ1lJVnM5bjRoQmYyaXk1UFRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYWKMA0G
CSqGSIb3DQEBCwUAA4IBAQCyH9yJ1bKsRvOzUaRTgPyFHZsExvMbyj3B+dG/z8Vf
NJgoIe6z/xcmUjfG80fUErfXwLUKMjm/v66ThG9DRgFaIxLmK2AWtU40MXVFpzmI
Gtk5iyBib3Vha2FgbzXmS5kTMIbLoXlsUMa3NK+X+9Ewm/FzqMmJ//NlTPxQJy4a
n8x+mu3PhMsANe9baTispPIeVAke2XZhR3Kp2xwHMbARsiApCeS7Xksw4es+234s
IF8qBKcxLKzL4xWxboXk2ZQDTCE1lQLwrEQLjb6m0FMuvM5YwO9SVKuE3vxwo6XQ
mgYfs8vBz9na0v6feFPp0TGYA3qWQOP/hoy0H+pSUvF5
-----END CERTIFICATE-----