Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/KNM252Dchm4gxU9RWcy_WEv63P4.roa
File:                     KNM252Dchm4gxU9RWcy_WEv63P4.roa (raw, json)
Hash identifier:          VgsgL9pBXFsv7twuJRD7IjNzrhRI654XA04nzZxnx5I=
Subject key identifier:   28:D3:36:E7:60:DC:86:6E:20:C5:4F:51:59:CC:BF:58:4B:FA:DC:FE
Certificate issuer:       /CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Certificate serial:       0192E2EEEA976D1F745A99B36DDED17F5295
Authority key identifier: DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/KNM252Dchm4gxU9RWcy_WEv63P4.roa
Signing time:             Thu 31 Oct 2024 14:16:01 +0000
ROA not before:           Thu 31 Oct 2024 14:16:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202656
IP address blocks:        138.124.21.0/24 maxlen: 24
                          138.124.22.0/24 maxlen: 24
                          138.124.23.0/24 maxlen: 24
                          138.124.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e2:ee:ea:97:6d:1f:74:5a:99:b3:6d:de:d1:7f:52:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
        Validity
            Not Before: Oct 31 14:16:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28d336e760dc866e20c54f5159ccbf584bfadcfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:4f:ba:83:e7:4e:f6:6f:23:ac:21:4c:58:50:
                    4e:fb:a4:5f:8d:cb:9a:25:73:08:be:0e:c5:87:ec:
                    92:c1:33:9e:1c:b8:d7:ee:6f:05:d7:84:58:96:a7:
                    e0:58:93:8e:ce:ab:94:7e:5e:55:2a:05:eb:13:ea:
                    f5:20:9a:b2:ac:36:db:bc:91:a9:32:0b:96:68:6a:
                    b4:5a:70:3c:2e:ce:54:99:32:25:69:b6:bc:01:6a:
                    35:d4:f1:95:7e:19:93:2e:19:37:e0:94:31:8f:4e:
                    ae:e7:71:c5:5a:7a:09:07:ad:ea:cb:81:74:49:b7:
                    10:06:2b:6a:3b:d7:89:06:b1:ca:fa:66:49:c4:00:
                    77:86:2f:e3:24:ec:3f:e9:02:86:e5:c8:73:33:c4:
                    40:56:7b:ea:d9:25:66:27:ef:f9:71:28:fa:5f:41:
                    76:9e:87:8e:39:03:6b:6b:03:bd:93:0a:a1:3d:86:
                    60:f3:00:14:b6:11:47:be:13:55:0e:b4:4b:11:a6:
                    10:00:94:39:e1:a9:ff:59:5f:07:21:a6:f8:60:9a:
                    ba:9a:0e:c1:0b:7c:78:34:9c:9a:95:1b:7f:0a:bb:
                    c7:56:1f:d6:c4:42:37:ca:ea:ea:42:56:fb:fd:99:
                    79:e2:2a:63:80:c0:13:c2:20:f5:0e:87:41:a4:41:
                    0a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:D3:36:E7:60:DC:86:6E:20:C5:4F:51:59:CC:BF:58:4B:FA:DC:FE
            X509v3 Authority Key Identifier:
                keyid:DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/KNM252Dchm4gxU9RWcy_WEv63P4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.124.21.0-138.124.23.255
                  138.124.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:2a:cb:a3:66:27:56:d6:81:1a:71:4a:5c:dc:6d:b8:88:a9:
         86:3c:fe:94:0e:49:cd:42:3d:86:0f:c8:66:f4:39:58:78:5f:
         cf:a5:46:31:01:99:ab:60:32:d2:2c:28:ca:fd:07:ee:00:d7:
         a5:c3:5b:0f:20:52:21:19:15:cd:f7:f9:54:fd:64:d1:27:45:
         4d:77:cb:ed:89:9a:3f:c5:d0:47:74:07:d0:39:a1:7d:45:f1:
         8f:2d:9c:ce:08:91:24:69:7b:e6:14:01:f4:a0:0c:58:49:bd:
         5b:57:1b:f1:76:63:ef:e4:73:96:c7:27:25:67:8a:85:d5:be:
         38:03:05:c4:13:10:38:c6:d2:3f:a4:e0:95:eb:a1:25:5d:ba:
         cc:ec:b5:3f:c7:30:5c:c0:84:ae:fa:40:cc:a1:37:23:ee:5e:
         b6:c9:97:ac:60:6b:f7:23:b8:f4:38:7d:cc:a4:82:eb:ec:82:
         d2:68:a6:1d:60:2f:7f:27:07:7d:03:05:c6:ca:9b:12:06:83:
         ff:7a:a4:46:fc:06:96:04:cd:b9:a9:85:1b:27:a4:31:12:7a:
         4d:de:98:77:98:e9:b0:a1:ec:f7:81:99:7b:3f:1a:7a:a4:7e:
         10:a4:7c:5e:ad:e2:6d:66:28:02:ac:ce:18:3d:c0:25:76:40:
         e0:03:63:b1
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZLi7uqXbR90Wpmzbd7Rf1KVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOGYwNWUzODQzNTE3Y2YwOTcxYzJiZjljZGRkZGQ2Mjcx
N2U1MmMwHhcNMjQxMDMxMTQxNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGQzMzZlNzYwZGM4NjZlMjBjNTRmNTE1OWNjYmY1ODRiZmFkY2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3k+6g+dO9m8jrCFMWFBO+6Rfjcua
JXMIvg7Fh+ySwTOeHLjX7m8F14RYlqfgWJOOzquUfl5VKgXrE+r1IJqyrDbbvJGp
MguWaGq0WnA8Ls5UmTIlaba8AWo11PGVfhmTLhk34JQxj06u53HFWnoJB63qy4F0
SbcQBitqO9eJBrHK+mZJxAB3hi/jJOw/6QKG5chzM8RAVnvq2SVmJ+/5cSj6X0F2
noeOOQNrawO9kwqhPYZg8wAUthFHvhNVDrRLEaYQAJQ54an/WV8HIab4YJq6mg7B
C3x4NJyalRt/CrvHVh/WxEI3yurqQlb7/Zl54ipjgMATwiD1DodBpEEKcQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFCjTNudg3IZuIMVPUVnMv1hL+tz+MB8GA1UdIwQY
MBaAFNqPBeOENRfPCXHCv5zd3dYnF+UsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgt
ZTAxZTk0MTI0Njc0LzEvS05NMjUyRGNobTRneFU5UldjeV9XRXY2M1A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgtZTAxZTk0MTI0Njc0
LzEvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBACKfBUD
BAOKfBADBACKfBswDQYJKoZIhvcNAQELBQADggEBAHMqy6NmJ1bWgRpxSlzcbbiI
qYY8/pQOSc1CPYYPyGb0OVh4X8+lRjEBmatgMtIsKMr9B+4A16XDWw8gUiEZFc33
+VT9ZNEnRU13y+2Jmj/F0Ed0B9A5oX1F8Y8tnM4IkSRpe+YUAfSgDFhJvVtXG/F2
Y+/kc5bHJyVnioXVvjgDBcQTEDjG0j+k4JXroSVduszstT/HMFzAhK76QMyhNyPu
XrbJl6xga/cjuPQ4fcykguvsgtJoph1gL38nB30DBcbKmxIGg/96pEb8BpYEzbmp
hRsnpDESek3emHeY6bCh7PeBmXs/GnqkfhCkfF6t4m1mKAKszhg9wCV2QOADY7E=
-----END CERTIFICATE-----