Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/9fc14c-c366-46ff-aaf7-8949e751b219/1/38nGRFQ3CeH7ZuioLku6aqRQurY.roa
File:                     38nGRFQ3CeH7ZuioLku6aqRQurY.roa (raw, json)
Hash identifier:          aVj+viwLu62G/Q9ZjB7wMaPfU/wiHDBx0tZ+j7PPih8=
Subject key identifier:   DF:C9:C6:44:54:37:09:E1:FB:66:E8:A8:2E:4B:BA:6A:A4:50:BA:B6
Certificate issuer:       /CN=de19baa8c880a9459dc5f44d675dea4ef96dbdef
Certificate serial:       019324E41E225B8BCBC7B77B678B2B33FCD0
Authority key identifier: DE:19:BA:A8:C8:80:A9:45:9D:C5:F4:4D:67:5D:EA:4E:F9:6D:BD:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3hm6qMiAqUWdxfRNZ13qTvltve8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/9fc14c-c366-46ff-aaf7-8949e751b219/1/38nGRFQ3CeH7ZuioLku6aqRQurY.roa
Signing time:             Wed 13 Nov 2024 09:39:09 +0000
ROA not before:           Wed 13 Nov 2024 09:39:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        141.59.240.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/9fc14c-c366-46ff-aaf7-8949e751b219/1/3hm6qMiAqUWdxfRNZ13qTvltve8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/9fc14c-c366-46ff-aaf7-8949e751b219/1/3hm6qMiAqUWdxfRNZ13qTvltve8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3hm6qMiAqUWdxfRNZ13qTvltve8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:24:e4:1e:22:5b:8b:cb:c7:b7:7b:67:8b:2b:33:fc:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de19baa8c880a9459dc5f44d675dea4ef96dbdef
        Validity
            Not Before: Nov 13 09:39:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfc9c644543709e1fb66e8a82e4bba6aa450bab6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:7d:89:ae:9a:cc:bf:43:ed:2a:a6:f9:23:83:
                    1a:c9:19:ac:8d:73:e3:42:bc:95:9d:7a:c8:b2:46:
                    88:da:fd:dd:07:2a:e8:ff:aa:09:a0:f5:dc:3b:7d:
                    e0:fe:29:8c:48:6e:a0:be:fa:5f:23:ee:d0:15:33:
                    98:8d:01:86:e0:ee:07:82:df:24:e6:6b:a8:c0:69:
                    3a:20:99:c8:64:44:b5:fd:bc:87:d6:b3:2b:09:df:
                    c5:7a:c3:b6:96:fe:f0:77:c8:1d:92:1d:cc:79:2b:
                    cd:12:b7:75:3a:8e:3a:a4:5f:ce:c0:1f:7d:86:3b:
                    7f:18:21:d4:36:8e:0d:39:e9:2b:6c:18:f4:2d:41:
                    5d:a5:5a:ed:21:b3:e3:27:f1:19:ef:2a:b7:86:6b:
                    b2:a9:4c:96:32:0d:68:88:a2:37:4a:29:fe:2d:e8:
                    f2:f3:7d:54:05:c4:b6:f8:7a:b0:64:6b:7d:3d:9b:
                    41:8a:2e:15:15:30:55:7f:46:21:85:64:61:49:2b:
                    92:ad:2b:b3:3e:93:3f:55:1b:f8:12:22:46:ff:5d:
                    ad:c7:d1:9f:92:63:c4:ca:41:87:4f:92:a2:21:d7:
                    49:5f:6c:7e:e1:68:8b:0e:b8:25:8f:0b:f6:a9:1c:
                    bd:20:2a:9e:77:ae:d6:b3:58:a5:30:20:42:3d:0c:
                    36:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:C9:C6:44:54:37:09:E1:FB:66:E8:A8:2E:4B:BA:6A:A4:50:BA:B6
            X509v3 Authority Key Identifier:
                keyid:DE:19:BA:A8:C8:80:A9:45:9D:C5:F4:4D:67:5D:EA:4E:F9:6D:BD:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3hm6qMiAqUWdxfRNZ13qTvltve8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9fc14c-c366-46ff-aaf7-8949e751b219/1/38nGRFQ3CeH7ZuioLku6aqRQurY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9fc14c-c366-46ff-aaf7-8949e751b219/1/3hm6qMiAqUWdxfRNZ13qTvltve8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.59.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         24:1a:26:2a:f1:60:a5:35:38:55:6d:ee:44:ce:dd:f4:55:05:
         38:42:11:1c:90:c0:1c:97:01:ce:18:97:d4:c0:db:0c:8e:2b:
         96:6f:7b:5e:74:ef:c3:c5:5b:ae:2d:b2:48:7b:a5:01:11:64:
         92:74:43:82:85:db:87:61:81:f5:4d:5d:95:7e:c6:fd:e1:62:
         7d:fa:17:1e:c2:fd:7c:a9:ab:87:06:fa:d3:bb:01:aa:a4:99:
         83:0e:81:d6:e6:8f:78:00:1a:ec:88:34:7e:c5:fe:70:4a:6d:
         82:53:9b:7c:9f:e2:a1:99:ce:4b:a1:a5:97:27:fe:b1:36:8a:
         ad:12:d8:ce:cb:4c:fc:23:1a:2b:a2:ba:e2:2c:07:eb:b1:22:
         a4:25:03:54:ae:a7:5b:75:03:2a:1f:09:49:e6:13:bc:24:43:
         20:0e:2b:b0:24:a7:0a:78:9a:7e:50:fd:b6:ec:2c:41:35:43:
         00:79:4a:88:58:e5:21:79:83:d1:c6:11:7b:26:01:05:7f:18:
         51:5c:26:1d:41:e1:02:33:84:fa:5b:31:19:7e:06:01:05:d4:
         c9:27:a2:15:1a:ee:90:15:86:c0:ea:ef:91:a7:10:79:83:01:
         d1:c9:34:f5:ed:45:ff:a0:87:e5:bd:d1:6a:5c:c0:2b:11:a3:
         b1:c5:22:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMk5B4iW4vLx7d7Z4srM/zQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMTliYWE4Yzg4MGE5NDU5ZGM1ZjQ0ZDY3NWRlYTRlZjk2
ZGJkZWYwHhcNMjQxMTEzMDkzOTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmM5YzY0NDU0MzcwOWUxZmI2NmU4YTgyZTRiYmE2YWE0NTBiYWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkn2JrprMv0PtKqb5I4MayRmsjXPj
QryVnXrIskaI2v3dByro/6oJoPXcO33g/imMSG6gvvpfI+7QFTOYjQGG4O4Hgt8k
5muowGk6IJnIZES1/byH1rMrCd/FesO2lv7wd8gdkh3MeSvNErd1Oo46pF/OwB99
hjt/GCHUNo4NOekrbBj0LUFdpVrtIbPjJ/EZ7yq3hmuyqUyWMg1oiKI3Sin+Lejy
831UBcS2+HqwZGt9PZtBii4VFTBVf0YhhWRhSSuSrSuzPpM/VRv4EiJG/12tx9Gf
kmPEykGHT5KiIddJX2x+4WiLDrgljwv2qRy9ICqed67Ws1ilMCBCPQw2+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/JxkRUNwnh+2boqC5LumqkULq2MB8GA1UdIwQY
MBaAFN4ZuqjIgKlFncX0TWdd6k75bb3vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2htNnFNaUFxVVdkeGZSTloxM3FUdmx0dmU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85ZmMxNGMtYzM2Ni00NmZmLWFhZjct
ODk0OWU3NTFiMjE5LzEvMzhuR1JGUTNDZUg3WnVpb0xrdTZhcVJRdXJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85ZmMxNGMtYzM2Ni00NmZmLWFhZjctODk0OWU3NTFiMjE5
LzEvM2htNnFNaUFxVVdkeGZSTloxM3FUdmx0dmU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDjTvwMA0G
CSqGSIb3DQEBCwUAA4IBAQAkGiYq8WClNThVbe5Ezt30VQU4QhEckMAclwHOGJfU
wNsMjiuWb3tedO/DxVuuLbJIe6UBEWSSdEOChduHYYH1TV2Vfsb94WJ9+hcewv18
qauHBvrTuwGqpJmDDoHW5o94ABrsiDR+xf5wSm2CU5t8n+Khmc5LoaWXJ/6xNoqt
EtjOy0z8IxororriLAfrsSKkJQNUrqdbdQMqHwlJ5hO8JEMgDiuwJKcKeJp+UP22
7CxBNUMAeUqIWOUheYPRxhF7JgEFfxhRXCYdQeECM4T6WzEZfgYBBdTJJ6IVGu6Q
FYbA6u+RpxB5gwHRyTT17UX/oIflvdFqXMArEaOxxSJ+
-----END CERTIFICATE-----