Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/zN94u2P0OcgUyF2Io8qfJAhfeUk.roa
File:                     zN94u2P0OcgUyF2Io8qfJAhfeUk.roa (raw, json)
Hash identifier:          hodzCdrza6C4uqEyPC5xqNCIY1vsP79XPwOL383rj4Y=
Subject key identifier:   CC:DF:78:BB:63:F4:39:C8:14:C8:5D:88:A3:CA:9F:24:08:5F:79:49
Certificate issuer:       /CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Certificate serial:       0191BC68FCAB2337B014439A852231450753
Authority key identifier: DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/zN94u2P0OcgUyF2Io8qfJAhfeUk.roa
Signing time:             Wed 04 Sep 2024 09:41:22 +0000
ROA not before:           Wed 04 Sep 2024 09:41:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205007
IP address blocks:        138.124.126.0/24 maxlen: 24
                          138.124.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bc:68:fc:ab:23:37:b0:14:43:9a:85:22:31:45:07:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
        Validity
            Not Before: Sep  4 09:41:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccdf78bb63f439c814c85d88a3ca9f24085f7949
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:f5:41:59:59:a8:bd:99:6a:6a:0e:07:31:a8:
                    69:c7:cf:1a:c4:ed:51:32:3e:ed:02:16:44:64:21:
                    1b:65:f7:aa:62:dd:a5:4d:3b:c3:6d:11:49:13:f4:
                    0b:a7:40:2a:50:60:f2:32:fc:cb:e5:a1:84:50:e4:
                    61:64:9a:e9:bf:1e:04:fd:ec:3a:cf:14:eb:1b:90:
                    9d:16:ee:d7:98:9f:22:e0:5b:0f:4b:cd:71:97:9b:
                    85:7d:24:bb:a3:44:44:2d:fa:7f:19:ca:18:9c:11:
                    94:fe:55:da:32:7e:29:bd:f1:9c:ee:ea:9c:b0:6a:
                    85:4b:63:c5:2a:54:e7:31:3b:aa:ef:a7:90:19:4d:
                    86:df:2e:44:df:72:b9:75:33:9d:7a:ab:55:9e:85:
                    64:85:14:72:d2:16:05:d2:d5:35:70:ed:a1:17:cb:
                    f3:51:81:fd:1a:1a:2d:d7:1b:c8:d3:2c:0f:4d:d3:
                    c9:0b:f1:fe:12:ee:65:46:90:ec:db:fa:dd:22:b2:
                    4b:e8:64:e9:44:7b:35:e1:fa:ad:b0:a7:aa:2b:7a:
                    63:f7:1c:89:e9:4c:2b:06:71:c4:72:a8:6b:c0:8f:
                    f6:34:44:b7:63:e0:4b:c4:50:0e:d7:73:a8:e5:09:
                    5a:9a:c4:20:ab:5b:ce:d6:c1:22:ce:5d:c3:b9:4c:
                    f5:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:DF:78:BB:63:F4:39:C8:14:C8:5D:88:A3:CA:9F:24:08:5F:79:49
            X509v3 Authority Key Identifier:
                keyid:DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/zN94u2P0OcgUyF2Io8qfJAhfeUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.124.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:d5:c0:4e:03:e7:28:bc:eb:22:5a:7d:33:0d:ae:35:05:36:
         30:6d:5b:ce:3b:00:da:bc:fb:81:a5:3c:43:1e:d6:4f:7b:f9:
         ca:ce:df:ee:e0:e2:26:55:52:84:d9:91:6b:9d:7e:c4:ef:e5:
         bf:a3:34:e3:f0:43:49:9f:b8:87:88:d8:1d:8a:a9:ca:ad:09:
         78:cb:8e:eb:88:85:4d:6f:8c:d1:07:f2:7d:46:24:18:da:e8:
         fd:57:8f:72:b0:3b:6e:eb:4a:90:e0:37:51:9f:64:d0:08:63:
         6d:96:5b:5f:5a:25:8e:5a:a6:75:85:ff:ab:0b:89:f6:2b:a8:
         67:d0:1e:2c:f2:03:0d:e6:16:84:9e:cf:d5:61:f0:d1:6a:67:
         6e:94:f6:37:3e:dc:31:54:a8:52:72:7c:1f:43:b8:7c:21:d3:
         b3:4e:56:22:18:7a:f8:f4:42:5d:83:ea:11:48:fb:d9:a3:fd:
         f4:60:ec:2e:ba:9c:ee:35:19:b8:04:94:73:23:14:38:a7:db:
         f0:36:f9:56:5b:61:53:fc:b3:1d:88:21:06:a3:5c:12:72:a3:
         36:d6:72:70:d8:07:74:f4:92:36:4f:98:a4:c3:d0:be:4a:83:
         b1:36:18:fc:b0:df:fc:3e:4d:9b:71:09:fb:38:79:c5:d4:dc:
         39:c1:a4:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG8aPyrIzewFEOahSIxRQdTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOGYwNWUzODQzNTE3Y2YwOTcxYzJiZjljZGRkZGQ2Mjcx
N2U1MmMwHhcNMjQwOTA0MDk0MTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2RmNzhiYjYzZjQzOWM4MTRjODVkODhhM2NhOWYyNDA4NWY3OTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6vVBWVmovZlqag4HMahpx88axO1R
Mj7tAhZEZCEbZfeqYt2lTTvDbRFJE/QLp0AqUGDyMvzL5aGEUORhZJrpvx4E/ew6
zxTrG5CdFu7XmJ8i4FsPS81xl5uFfSS7o0RELfp/GcoYnBGU/lXaMn4pvfGc7uqc
sGqFS2PFKlTnMTuq76eQGU2G3y5E33K5dTOdeqtVnoVkhRRy0hYF0tU1cO2hF8vz
UYH9Ghot1xvI0ywPTdPJC/H+Eu5lRpDs2/rdIrJL6GTpRHs14fqtsKeqK3pj9xyJ
6UwrBnHEcqhrwI/2NES3Y+BLxFAO13Oo5QlamsQgq1vO1sEizl3DuUz12wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMzfeLtj9DnIFMhdiKPKnyQIX3lJMB8GA1UdIwQY
MBaAFNqPBeOENRfPCXHCv5zd3dYnF+UsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgt
ZTAxZTk0MTI0Njc0LzEvek45NHUyUDBPY2dVeUYySW84cWZKQWhmZVVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgtZTAxZTk0MTI0Njc0
LzEvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBinx+MA0G
CSqGSIb3DQEBCwUAA4IBAQBE1cBOA+covOsiWn0zDa41BTYwbVvOOwDavPuBpTxD
HtZPe/nKzt/u4OImVVKE2ZFrnX7E7+W/ozTj8ENJn7iHiNgdiqnKrQl4y47riIVN
b4zRB/J9RiQY2uj9V49ysDtu60qQ4DdRn2TQCGNtlltfWiWOWqZ1hf+rC4n2K6hn
0B4s8gMN5haEns/VYfDRamdulPY3PtwxVKhScnwfQ7h8IdOzTlYiGHr49EJdg+oR
SPvZo/30YOwuupzuNRm4BJRzIxQ4p9vwNvlWW2FT/LMdiCEGo1wScqM21nJw2Ad0
9JI2T5ikw9C+SoOxNhj8sN/8Pk2bcQn7OHnF1Nw5waQ2
-----END CERTIFICATE-----