Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/kilFcYFdq1RyTWXBBgcZ5_hJHRU.roa
File:                     kilFcYFdq1RyTWXBBgcZ5_hJHRU.roa (raw, json)
Hash identifier:          okD4Q99K8dxCrAxKcXNg7+YONuJT8aWZtmXGl876jFc=
Subject key identifier:   92:29:45:71:81:5D:AB:54:72:4D:65:C1:06:07:19:E7:F8:49:1D:15
Certificate issuer:       /CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
Certificate serial:       01914FC6BA25ADD9BB3015A70EC3479B05D2
Authority key identifier: 8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/kilFcYFdq1RyTWXBBgcZ5_hJHRU.roa
Signing time:             Wed 14 Aug 2024 07:25:09 +0000
ROA not before:           Wed 14 Aug 2024 07:25:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39130
IP address blocks:        5.102.38.0/24 maxlen: 24
                          195.5.124.0/24 maxlen: 24
                          2a10:d80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Oct 2024 04:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:4f:c6:ba:25:ad:d9:bb:30:15:a7:0e:c3:47:9b:05:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
        Validity
            Not Before: Aug 14 07:25:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92294571815dab54724d65c1060719e7f8491d15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:91:95:13:11:87:2c:68:85:b9:37:41:3e:26:
                    84:81:bc:ba:5f:ac:ee:55:e1:81:5c:b4:6e:dc:25:
                    3a:20:3e:58:ef:a7:c1:53:90:90:fe:a6:cc:28:cf:
                    2c:6b:2c:0c:3f:a2:93:ec:27:97:8f:fb:27:dc:ac:
                    a1:d0:4e:ee:25:2a:88:b7:e1:78:0a:66:da:bd:e7:
                    83:bf:67:43:02:03:e4:2f:b4:cc:c7:3f:09:11:62:
                    76:dd:50:4b:7a:23:a4:ce:14:cc:dd:23:92:08:d9:
                    89:6f:10:32:9f:ca:62:37:95:c8:a7:5f:08:a9:83:
                    4b:b9:13:a0:2e:22:83:1b:ea:6e:1c:c9:9c:92:66:
                    da:b1:18:32:65:78:9a:a4:6a:31:06:71:fe:5a:84:
                    7a:e0:81:b9:08:83:5e:6b:b4:b2:5b:ec:b0:1e:44:
                    34:20:a7:03:83:ec:c3:b2:fa:9c:4b:ff:44:17:1b:
                    ff:6a:91:60:0e:36:45:e8:50:31:78:2b:2c:50:ca:
                    8d:3d:fe:64:66:68:3f:6d:4b:5c:d4:29:ec:44:ef:
                    85:3f:ed:48:1b:d7:e1:23:83:39:72:31:7c:fb:86:
                    29:b8:65:82:d3:aa:a2:9d:f5:93:67:7e:73:e4:1e:
                    87:15:ac:f2:32:ca:6a:45:0d:d5:2f:1a:1f:ce:a3:
                    f5:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:29:45:71:81:5D:AB:54:72:4D:65:C1:06:07:19:E7:F8:49:1D:15
            X509v3 Authority Key Identifier:
                keyid:8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/kilFcYFdq1RyTWXBBgcZ5_hJHRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.38.0/24
                  195.5.124.0/24
                IPv6:
                  2a10:d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         17:db:5f:6a:e2:e6:2f:9a:f0:b8:bc:2c:06:d0:14:d9:6f:1a:
         48:74:d3:98:05:c1:82:df:de:34:db:da:d2:11:75:bd:7f:78:
         30:e4:1a:47:38:74:2b:c2:1b:0c:c1:0e:57:1f:39:98:a6:67:
         70:10:50:1d:27:fe:d0:1e:47:9e:c1:65:5e:4c:a1:6f:f4:66:
         ef:08:b5:47:c6:ea:c5:77:26:03:4d:e4:ad:4d:4f:5d:40:2a:
         f1:45:4f:1b:0c:48:ff:a3:cd:ce:cb:0f:55:db:e0:2a:50:45:
         6c:f7:48:5a:2b:76:59:b8:c1:29:fb:bd:45:47:b6:8a:c8:7e:
         86:6a:fb:b6:29:9f:42:a0:6d:cf:ff:d7:dc:6d:e5:ca:5d:51:
         e0:71:57:f6:39:ba:d5:9d:04:98:b0:23:c1:27:34:84:c3:1d:
         23:68:03:10:07:0f:4b:04:6f:31:9d:09:eb:f1:0d:d5:67:75:
         91:28:1e:5d:e3:59:1c:f7:28:34:ef:35:5a:61:2b:3a:62:bb:
         93:d1:b4:7b:76:0c:ec:2f:38:08:37:5d:49:1d:be:36:26:9d:
         dd:b0:0f:43:f7:37:06:4a:c3:1e:f1:5a:2f:39:73:77:c8:0f:
         f6:25:10:b5:e5:b6:a6:6f:5e:bf:12:c6:d7:44:df:9f:65:a3:
         a2:3d:60:a8
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZFPxrolrdm7MBWnDsNHmwXSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGY3NmM1NGI5ZTY5MzVjMzBhOWI0YzliYTkzMDlhYzQ3
MGVjMDIwHhcNMjQwODE0MDcyNTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjI5NDU3MTgxNWRhYjU0NzI0ZDY1YzEwNjA3MTllN2Y4NDkxZDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5GVExGHLGiFuTdBPiaEgby6X6zu
VeGBXLRu3CU6ID5Y76fBU5CQ/qbMKM8saywMP6KT7CeXj/sn3Kyh0E7uJSqIt+F4
CmbaveeDv2dDAgPkL7TMxz8JEWJ23VBLeiOkzhTM3SOSCNmJbxAyn8piN5XIp18I
qYNLuROgLiKDG+puHMmckmbasRgyZXiapGoxBnH+WoR64IG5CINea7SyW+ywHkQ0
IKcDg+zDsvqcS/9EFxv/apFgDjZF6FAxeCssUMqNPf5kZmg/bUtc1CnsRO+FP+1I
G9fhI4M5cjF8+4YpuGWC06qinfWTZ35z5B6HFazyMspqRQ3VLxofzqP1SQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJIpRXGBXatUck1lwQYHGef4SR0VMB8GA1UdIwQY
MBaAFIvfdsVLnmk1wwqbTJupMJrEcOwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgt
OGQyMTg2NjUwMjdkLzEva2lsRmNZRmRxMVJ5VFdYQkJnY1o1X2hKSFJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgtOGQyMTg2NjUwMjdk
LzEvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQABWYmAwQA
wwV8MA0EAgACMAcDBQMqEA2AMA0GCSqGSIb3DQEBCwUAA4IBAQAX219q4uYvmvC4
vCwG0BTZbxpIdNOYBcGC394029rSEXW9f3gw5BpHOHQrwhsMwQ5XHzmYpmdwEFAd
J/7QHkeewWVeTKFv9GbvCLVHxurFdyYDTeStTU9dQCrxRU8bDEj/o83Oyw9V2+Aq
UEVs90haK3ZZuMEp+71FR7aKyH6Gavu2KZ9CoG3P/9fcbeXKXVHgcVf2ObrVnQSY
sCPBJzSEwx0jaAMQBw9LBG8xnQnr8Q3VZ3WRKB5d41kc9yg07zVaYSs6YruT0bR7
dgzsLzgIN11JHb42Jp3dsA9D9zcGSsMe8VovOXN3yA/2JRC15bamb16/EsbXRN+f
ZaOiPWCo
-----END CERTIFICATE-----