Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/2AjEDDvjLI2NhFoH8wO0CUP59vo.roa
File:                     2AjEDDvjLI2NhFoH8wO0CUP59vo.roa (raw, json)
Hash identifier:          GHH8w/avwQT6edGrBHpj7IWbMAf7RVfozO1Xq9lVeqY=
Subject key identifier:   D8:08:C4:0C:3B:E3:2C:8D:8D:84:5A:07:F3:03:B4:09:43:F9:F6:FA
Certificate issuer:       /CN=de92a1ac8910cf5c865de5b0231b09d04e1132f3
Certificate serial:       01917C1739B5BDCDEE7B007D9C247647F1D3
Authority key identifier: DE:92:A1:AC:89:10:CF:5C:86:5D:E5:B0:23:1B:09:D0:4E:11:32:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/2AjEDDvjLI2NhFoH8wO0CUP59vo.roa
Signing time:             Thu 22 Aug 2024 21:56:22 +0000
ROA not before:           Thu 22 Aug 2024 21:56:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41745
IP address blocks:        138.124.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7c:17:39:b5:bd:cd:ee:7b:00:7d:9c:24:76:47:f1:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de92a1ac8910cf5c865de5b0231b09d04e1132f3
        Validity
            Not Before: Aug 22 21:56:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d808c40c3be32c8d8d845a07f303b40943f9f6fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:da:8a:66:9f:86:1e:61:80:0f:51:a9:e8:52:
                    a3:3e:4e:65:bb:68:64:84:52:e8:49:a8:da:4d:a3:
                    3d:ae:e1:d2:e0:96:d5:94:bb:50:87:1b:d1:b2:85:
                    06:73:a4:c7:9f:82:49:fa:3d:de:df:57:34:68:ac:
                    f2:d3:d5:24:6a:11:ba:97:c1:a5:2c:4f:f0:72:70:
                    52:1b:2d:22:ae:c6:9c:aa:b4:26:96:4f:b6:22:70:
                    66:0c:3e:dc:d0:ca:c2:41:ef:34:6a:81:f7:a9:35:
                    c9:b9:a5:d0:ec:78:b2:a5:50:80:e5:55:4f:66:1e:
                    4a:4e:12:8a:de:24:d5:ab:3f:2e:2b:94:b6:37:db:
                    9e:40:e0:60:11:cb:f8:a8:e8:e9:8a:de:7d:02:06:
                    ae:6e:35:5d:dd:7c:14:80:21:07:f6:fe:d5:d3:a1:
                    1f:a0:83:fe:e0:b7:59:5d:52:b8:20:8e:47:ee:8f:
                    c6:98:a3:cb:5a:bb:e1:08:b6:de:65:3f:3c:ee:11:
                    20:40:93:a0:37:94:45:a6:07:b2:88:08:ac:6b:41:
                    0b:61:fa:83:61:6c:8c:d5:98:f0:40:62:75:78:65:
                    df:3c:59:b2:95:2c:02:d9:f6:89:bd:83:9a:ef:4d:
                    f7:8f:69:0e:b4:64:42:1a:d6:6a:31:dc:97:e8:2f:
                    f8:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:08:C4:0C:3B:E3:2C:8D:8D:84:5A:07:F3:03:B4:09:43:F9:F6:FA
            X509v3 Authority Key Identifier:
                keyid:DE:92:A1:AC:89:10:CF:5C:86:5D:E5:B0:23:1B:09:D0:4E:11:32:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/2AjEDDvjLI2NhFoH8wO0CUP59vo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.124.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:7e:f3:a4:29:01:37:cc:f1:d2:d2:2c:4c:ff:ef:9a:68:61:
         78:12:9e:75:3c:de:cd:05:7c:66:fe:60:0e:13:3a:c9:56:38:
         43:3e:5e:1a:f0:fc:a5:d4:7c:86:34:8e:00:72:1b:bf:c0:72:
         7b:79:14:1b:bc:03:c9:ac:b3:7e:0f:0e:a7:a5:de:50:d2:48:
         61:d0:00:0c:00:9e:67:b1:8a:8f:c4:aa:1f:f1:d9:36:c2:a5:
         2e:ed:64:70:f8:d2:57:2c:f1:57:85:9a:07:39:52:35:57:10:
         0d:09:f4:9a:53:b8:5c:c2:db:d4:97:1a:40:57:76:96:dc:b8:
         48:01:e0:5c:27:a6:d8:98:97:5b:fe:57:f3:15:f6:ed:2b:71:
         10:77:02:63:6b:6c:af:25:1f:27:9d:4f:ec:e6:87:77:9f:36:
         23:dd:05:be:27:62:0b:aa:3c:fc:db:09:de:55:e8:3a:5c:36:
         ca:e0:24:6b:77:06:23:fd:b1:82:8a:70:67:9d:33:7a:bd:ae:
         4b:24:c7:ff:94:54:1f:8e:7f:cc:ef:43:8b:f8:39:21:e2:72:
         49:ec:d5:2c:7f:12:72:5e:e4:8f:61:5d:41:94:10:b3:ea:04:
         11:86:92:36:26:a6:38:c4:bd:8a:54:08:ea:c0:ef:58:b6:a6:
         94:99:55:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF8Fzm1vc3uewB9nCR2R/HTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlOTJhMWFjODkxMGNmNWM4NjVkZTViMDIzMWIwOWQwNGUx
MTMyZjMwHhcNMjQwODIyMjE1NjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODA4YzQwYzNiZTMyYzhkOGQ4NDVhMDdmMzAzYjQwOTQzZjlmNmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNqKZp+GHmGAD1Gp6FKjPk5lu2hk
hFLoSajaTaM9ruHS4JbVlLtQhxvRsoUGc6THn4JJ+j3e31c0aKzy09UkahG6l8Gl
LE/wcnBSGy0irsacqrQmlk+2InBmDD7c0MrCQe80aoH3qTXJuaXQ7HiypVCA5VVP
Zh5KThKK3iTVqz8uK5S2N9ueQOBgEcv4qOjpit59AgaubjVd3XwUgCEH9v7V06Ef
oIP+4LdZXVK4II5H7o/GmKPLWrvhCLbeZT887hEgQJOgN5RFpgeyiAisa0ELYfqD
YWyM1ZjwQGJ1eGXfPFmylSwC2faJvYOa7033j2kOtGRCGtZqMdyX6C/4OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNgIxAw74yyNjYRaB/MDtAlD+fb6MB8GA1UdIwQY
MBaAFN6SoayJEM9chl3lsCMbCdBOETLzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3BLaHJJa1F6MXlHWGVXd0l4c0owRTRSTXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS80Mzc3ZDYtNTE1Yy00MjBhLTkxMzQt
NjllMzM3ODg0Y2M5LzEvMkFqRUREdmpMSTJOaEZvSDh3TzBDVVA1OXZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS80Mzc3ZDYtNTE1Yy00MjBhLTkxMzQtNjllMzM3ODg0Y2M5
LzEvM3BLaHJJa1F6MXlHWGVXd0l4c0owRTRSTXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAiny2MA0G
CSqGSIb3DQEBCwUAA4IBAQBqfvOkKQE3zPHS0ixM/++aaGF4Ep51PN7NBXxm/mAO
EzrJVjhDPl4a8Pyl1HyGNI4Achu/wHJ7eRQbvAPJrLN+Dw6npd5Q0khh0AAMAJ5n
sYqPxKof8dk2wqUu7WRw+NJXLPFXhZoHOVI1VxANCfSaU7hcwtvUlxpAV3aW3LhI
AeBcJ6bYmJdb/lfzFfbtK3EQdwJja2yvJR8nnU/s5od3nzYj3QW+J2ILqjz82wne
Veg6XDbK4CRrdwYj/bGCinBnnTN6va5LJMf/lFQfjn/M70OL+Dkh4nJJ7NUsfxJy
XuSPYV1BlBCz6gQRhpI2JqY4xL2KVAjqwO9YtqaUmVU2
-----END CERTIFICATE-----