Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/hmPftndANiOel_mUR-MvXCtCo0g.roa
File:                     hmPftndANiOel_mUR-MvXCtCo0g.roa (raw, json)
Hash identifier:          JzqcQNWwUfvndAaMBZrlutiCpoYy3e7Dxtxu4tu1mxs=
Subject key identifier:   86:63:DF:B6:77:40:36:23:9E:97:F9:94:47:E3:2F:5C:2B:42:A3:48
Certificate issuer:       /CN=de92a1ac8910cf5c865de5b0231b09d04e1132f3
Certificate serial:       01918E956D34D3B5E5695453637FDF6A6541
Authority key identifier: DE:92:A1:AC:89:10:CF:5C:86:5D:E5:B0:23:1B:09:D0:4E:11:32:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/hmPftndANiOel_mUR-MvXCtCo0g.roa
Signing time:             Mon 26 Aug 2024 12:07:23 +0000
ROA not before:           Mon 26 Aug 2024 12:07:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215402
IP address blocks:        138.124.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8e:95:6d:34:d3:b5:e5:69:54:53:63:7f:df:6a:65:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de92a1ac8910cf5c865de5b0231b09d04e1132f3
        Validity
            Not Before: Aug 26 12:07:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8663dfb6774036239e97f99447e32f5c2b42a348
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f8:d6:6f:34:4c:5c:f2:25:e7:f1:fb:ab:7b:
                    f6:93:bd:18:3a:54:77:61:bc:f1:04:20:6f:33:50:
                    27:f6:f9:92:0e:2c:bd:43:d5:5f:b9:a6:13:0a:24:
                    f6:4e:74:92:d5:e0:67:3e:ac:a6:34:e6:8f:94:26:
                    11:2b:9c:2e:4d:46:69:5e:86:b0:83:88:ef:a2:1a:
                    49:0a:d1:47:f9:9f:06:d3:a6:4c:c3:3c:2b:74:cd:
                    01:ef:06:9b:f0:30:59:d4:56:8e:8c:4c:75:8e:c0:
                    36:6e:44:62:ac:fa:56:e4:a9:5c:f5:31:9f:9d:d2:
                    86:0a:68:7c:f7:fe:76:89:21:d7:c3:3c:8e:e3:ee:
                    7a:6a:16:97:5d:1f:36:b8:0f:10:fb:f6:f2:3d:df:
                    af:83:92:70:b6:bf:7a:eb:1c:74:48:9e:f1:1c:54:
                    bf:e1:9c:d5:86:20:aa:e1:e5:f8:2b:39:a4:7c:99:
                    54:6c:1f:26:22:f5:d3:ea:ac:93:93:94:20:a1:5c:
                    31:54:ba:e1:98:88:2a:94:16:11:8c:49:ab:0b:0a:
                    db:72:38:04:16:49:3d:2e:57:cb:95:09:47:2f:69:
                    af:54:9f:61:6f:cb:e5:78:17:5d:b7:35:96:26:f9:
                    7c:89:cb:dc:5b:0a:e3:b7:50:db:8e:a2:93:c2:e8:
                    9e:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:63:DF:B6:77:40:36:23:9E:97:F9:94:47:E3:2F:5C:2B:42:A3:48
            X509v3 Authority Key Identifier:
                keyid:DE:92:A1:AC:89:10:CF:5C:86:5D:E5:B0:23:1B:09:D0:4E:11:32:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/hmPftndANiOel_mUR-MvXCtCo0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.124.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:c1:0c:6e:ef:fb:ec:cd:ea:c6:cb:0f:fc:43:4a:c3:28:99:
         e0:3a:cc:bf:93:4d:89:e2:cb:50:1e:38:0e:ee:fd:c7:86:a4:
         3e:ad:2e:88:e4:84:8c:af:f3:54:a6:90:9f:bf:b8:7a:cb:15:
         7f:19:77:cc:fa:b8:43:88:75:bf:6b:13:47:33:47:f3:70:6f:
         9c:7f:ea:a5:e7:6f:4d:64:6f:24:10:05:5e:f8:89:df:f1:1f:
         81:d2:81:8c:16:a2:bf:1a:b7:d3:e4:2c:aa:d5:13:64:ea:55:
         e7:77:bc:f4:89:68:e3:cc:ff:1e:90:63:90:0b:e9:17:4e:48:
         78:d1:be:d7:f7:4f:e9:45:e3:ae:46:1d:bd:b2:90:4f:2d:a6:
         b4:b7:86:9b:44:fc:a1:92:3d:f2:d2:32:76:c5:2e:0b:5b:5e:
         35:65:df:67:93:5c:22:10:0d:e6:c6:4e:19:bf:71:11:db:18:
         8c:c3:c6:b5:5c:8c:04:d6:5e:f1:64:fe:69:68:ff:0b:14:97:
         ae:d6:6d:75:89:74:4c:6a:0d:66:67:3f:d2:48:77:df:7b:48:
         e0:20:f2:71:c4:6f:8b:0d:ad:d2:0b:c8:d3:44:a3:41:0e:36:
         05:7d:cb:b4:c5:76:fe:5d:3e:72:f5:f6:18:0d:a6:fb:3a:c0:
         be:8a:08:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGOlW0007XlaVRTY3/famVBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlOTJhMWFjODkxMGNmNWM4NjVkZTViMDIzMWIwOWQwNGUx
MTMyZjMwHhcNMjQwODI2MTIwNzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjYzZGZiNjc3NDAzNjIzOWU5N2Y5OTQ0N2UzMmY1YzJiNDJhMzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/jWbzRMXPIl5/H7q3v2k70YOlR3
YbzxBCBvM1An9vmSDiy9Q9VfuaYTCiT2TnSS1eBnPqymNOaPlCYRK5wuTUZpXoaw
g4jvohpJCtFH+Z8G06ZMwzwrdM0B7wab8DBZ1FaOjEx1jsA2bkRirPpW5Klc9TGf
ndKGCmh89/52iSHXwzyO4+56ahaXXR82uA8Q+/byPd+vg5Jwtr966xx0SJ7xHFS/
4ZzVhiCq4eX4KzmkfJlUbB8mIvXT6qyTk5QgoVwxVLrhmIgqlBYRjEmrCwrbcjgE
Fkk9LlfLlQlHL2mvVJ9hb8vleBddtzWWJvl8icvcWwrjt1DbjqKTwuieiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZj37Z3QDYjnpf5lEfjL1wrQqNIMB8GA1UdIwQY
MBaAFN6SoayJEM9chl3lsCMbCdBOETLzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3BLaHJJa1F6MXlHWGVXd0l4c0owRTRSTXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS80Mzc3ZDYtNTE1Yy00MjBhLTkxMzQt
NjllMzM3ODg0Y2M5LzEvaG1QZnRuZEFOaU9lbF9tVVItTXZYQ3RDbzBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS80Mzc3ZDYtNTE1Yy00MjBhLTkxMzQtNjllMzM3ODg0Y2M5
LzEvM3BLaHJJa1F6MXlHWGVXd0l4c0owRTRSTXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAiny1MA0G
CSqGSIb3DQEBCwUAA4IBAQAzwQxu7/vszerGyw/8Q0rDKJngOsy/k02J4stQHjgO
7v3HhqQ+rS6I5ISMr/NUppCfv7h6yxV/GXfM+rhDiHW/axNHM0fzcG+cf+ql529N
ZG8kEAVe+Inf8R+B0oGMFqK/GrfT5Cyq1RNk6lXnd7z0iWjjzP8ekGOQC+kXTkh4
0b7X90/pReOuRh29spBPLaa0t4abRPyhkj3y0jJ2xS4LW141Zd9nk1wiEA3mxk4Z
v3ER2xiMw8a1XIwE1l7xZP5paP8LFJeu1m11iXRMag1mZz/SSHffe0jgIPJxxG+L
Da3SC8jTRKNBDjYFfcu0xXb+XT5y9fYYDab7OsC+ighz
-----END CERTIFICATE-----