Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/L8LLjpyPlybd-SPLCBA6C4JAe_k.roa
File:                     L8LLjpyPlybd-SPLCBA6C4JAe_k.roa (raw, json)
Hash identifier:          aX2qKzITLX4VKT9hhFsgyl5MpHiUqDt9g/BTGgt0UQw=
Subject key identifier:   2F:C2:CB:8E:9C:8F:97:26:DD:F9:23:CB:08:10:3A:0B:82:40:7B:F9
Certificate issuer:       /CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
Certificate serial:       0191509CCFD249AF6A0A42372D13A727E23F
Authority key identifier: F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/L8LLjpyPlybd-SPLCBA6C4JAe_k.roa
Signing time:             Wed 14 Aug 2024 11:18:59 +0000
ROA not before:           Wed 14 Aug 2024 11:18:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56382
IP address blocks:        141.98.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:50:9c:cf:d2:49:af:6a:0a:42:37:2d:13:a7:27:e2:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
        Validity
            Not Before: Aug 14 11:18:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fc2cb8e9c8f9726ddf923cb08103a0b82407bf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:7b:79:a2:90:c4:39:62:15:76:88:ce:58:e6:
                    bf:46:ed:73:0c:69:bf:73:3e:62:38:16:65:ec:1a:
                    b2:3b:1f:19:d2:e5:b6:67:e1:68:7d:a8:3e:86:6b:
                    f1:54:cf:a9:43:77:e7:7a:b4:6d:0c:0a:0c:6a:a2:
                    b7:46:17:f9:94:61:99:1d:df:ac:dd:6c:43:ec:5b:
                    49:be:f4:0a:f4:30:a6:c0:c2:fe:66:92:be:cb:1e:
                    bc:0a:ec:32:6c:32:2e:93:94:64:e3:8a:2a:18:a3:
                    48:cd:2f:c7:dc:f8:b8:22:ae:9c:86:78:b5:b8:e4:
                    2c:c9:c1:a0:05:4d:08:72:59:7e:34:01:94:ab:16:
                    ee:1c:29:01:8e:26:1e:65:ae:5a:e4:65:6c:39:94:
                    3d:12:7f:0b:f7:90:30:bb:44:ef:38:19:2d:ca:b2:
                    58:8f:8e:4f:5d:66:a9:be:ad:02:53:3b:fc:a4:31:
                    cd:d2:72:6c:94:f8:46:07:ba:64:dc:4c:54:be:8b:
                    18:fe:19:93:12:42:a5:0d:5e:26:2a:14:5d:e2:45:
                    18:4a:83:b8:98:77:47:71:c0:8c:58:48:2f:d5:68:
                    03:31:55:4a:49:af:ed:7d:c3:9a:f8:21:38:26:39:
                    a1:a4:df:48:66:d0:08:64:db:32:44:c3:73:9c:31:
                    5d:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:C2:CB:8E:9C:8F:97:26:DD:F9:23:CB:08:10:3A:0B:82:40:7B:F9
            X509v3 Authority Key Identifier:
                keyid:F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/L8LLjpyPlybd-SPLCBA6C4JAe_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:56:2b:49:9a:6f:4c:c8:f4:94:7e:d2:79:d6:e7:50:72:f1:
         c3:fa:9e:bc:79:61:06:2e:ed:e4:ac:a7:96:e2:fb:7b:5d:e3:
         21:28:99:73:dc:ba:d6:90:f8:96:50:e7:ec:e1:c1:fe:d4:84:
         8f:e8:7e:b8:c0:a1:f6:08:d2:4c:61:a6:10:c5:d7:b3:9b:cf:
         62:aa:fb:6f:31:b9:0d:31:c4:a4:12:ee:18:7f:04:68:5b:1d:
         fd:c4:b9:07:57:43:11:a7:55:08:86:60:b2:d3:17:38:9a:d8:
         df:c7:52:38:40:4b:6a:d6:62:88:8a:fd:8d:5c:8e:f5:01:a1:
         27:81:03:77:33:84:75:fb:3b:a0:57:ea:e9:26:3d:4c:12:a3:
         98:0f:70:cf:95:81:fb:c5:6f:2d:16:25:ec:e6:4c:1b:ed:82:
         14:b0:00:de:6c:56:70:cf:a0:ac:39:ea:89:05:69:06:e5:74:
         17:51:ef:61:4c:af:ae:47:14:76:7d:01:c3:d9:b6:b9:bb:59:
         f7:8d:3a:76:10:d6:a7:fa:c5:10:ff:46:18:4a:9c:f6:d0:db:
         a2:b4:b4:94:fe:5e:53:67:dc:c5:1c:86:83:34:bf:cb:00:47:
         d8:32:ac:3b:51:30:b2:62:63:ca:60:1b:1d:5d:7b:56:8c:53:
         1a:11:ec:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFQnM/SSa9qCkI3LROnJ+I/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGViMjA0ZjM1ODAwNDc4ODIyNGUyZmIxOGU0ZDVlNzRi
ZWJmOGQwHhcNMjQwODE0MTExODU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmMyY2I4ZTljOGY5NzI2ZGRmOTIzY2IwODEwM2EwYjgyNDA3YmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxnt5opDEOWIVdojOWOa/Ru1zDGm/
cz5iOBZl7BqyOx8Z0uW2Z+Fofag+hmvxVM+pQ3fnerRtDAoMaqK3Rhf5lGGZHd+s
3WxD7FtJvvQK9DCmwML+ZpK+yx68CuwybDIuk5Rk44oqGKNIzS/H3Pi4Iq6chni1
uOQsycGgBU0Icll+NAGUqxbuHCkBjiYeZa5a5GVsOZQ9En8L95Awu0TvOBktyrJY
j45PXWapvq0CUzv8pDHN0nJslPhGB7pk3ExUvosY/hmTEkKlDV4mKhRd4kUYSoO4
mHdHccCMWEgv1WgDMVVKSa/tfcOa+CE4JjmhpN9IZtAIZNsyRMNznDFdYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/Cy46cj5cm3fkjywgQOguCQHv5MB8GA1UdIwQY
MBaAFPBOsgTzWABHiCJOL7GOTV50vr+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMt
NWM1ODkyYWZhNDg3LzEvTDhMTGpweVBseWJkLVNQTENCQTZDNEpBZV9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMtNWM1ODkyYWZhNDg3
LzEvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWKLMA0G
CSqGSIb3DQEBCwUAA4IBAQB9VitJmm9MyPSUftJ51udQcvHD+p68eWEGLu3krKeW
4vt7XeMhKJlz3LrWkPiWUOfs4cH+1ISP6H64wKH2CNJMYaYQxdezm89iqvtvMbkN
McSkEu4YfwRoWx39xLkHV0MRp1UIhmCy0xc4mtjfx1I4QEtq1mKIiv2NXI71AaEn
gQN3M4R1+zugV+rpJj1MEqOYD3DPlYH7xW8tFiXs5kwb7YIUsADebFZwz6CsOeqJ
BWkG5XQXUe9hTK+uRxR2fQHD2ba5u1n3jTp2ENan+sUQ/0YYSpz20NuitLSU/l5T
Z9zFHIaDNL/LAEfYMqw7UTCyYmPKYBsdXXtWjFMaEezs
-----END CERTIFICATE-----