Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/e2e048-2788-49b8-9ed5-453bd8995bca/1/24ln-8DkQtv-Hk-B6dzvfSqyjQY.roa
File:                     24ln-8DkQtv-Hk-B6dzvfSqyjQY.roa (raw, json)
Hash identifier:          SeW6VNZ/+9bUzjzq/OzL5WVkY+lRaswkW52Mz3zEsYI=
Subject key identifier:   DB:89:67:FB:C0:E4:42:DB:FE:1E:4F:81:E9:DC:EF:7D:2A:B2:8D:06
Certificate issuer:       /CN=c2b5d3afd0b72eb734c21ed782329eb6e7c1ce41
Certificate serial:       0194206820BE488D14CF940D5816129DAE6A
Authority key identifier: C2:B5:D3:AF:D0:B7:2E:B7:34:C2:1E:D7:82:32:9E:B6:E7:C1:CE:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wrXTr9C3Lrc0wh7XgjKetufBzkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/e2e048-2788-49b8-9ed5-453bd8995bca/1/24ln-8DkQtv-Hk-B6dzvfSqyjQY.roa
Signing time:             Wed 01 Jan 2025 05:48:02 +0000
ROA not before:           Wed 01 Jan 2025 05:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204802
IP address blocks:        185.239.108.0/24 maxlen: 24
                          2a10:4880::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/e2e048-2788-49b8-9ed5-453bd8995bca/1/wrXTr9C3Lrc0wh7XgjKetufBzkE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/e2e048-2788-49b8-9ed5-453bd8995bca/1/wrXTr9C3Lrc0wh7XgjKetufBzkE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wrXTr9C3Lrc0wh7XgjKetufBzkE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:20:be:48:8d:14:cf:94:0d:58:16:12:9d:ae:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2b5d3afd0b72eb734c21ed782329eb6e7c1ce41
        Validity
            Not Before: Jan  1 05:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db8967fbc0e442dbfe1e4f81e9dcef7d2ab28d06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:eb:e9:5c:b4:fc:40:ef:ff:ce:2f:60:5d:db:
                    35:ee:28:55:87:c9:b0:12:c5:cd:60:72:b3:78:74:
                    45:01:50:66:ae:92:ce:d2:73:f9:f9:83:6c:42:99:
                    fc:80:74:ee:a0:cb:10:6b:e8:f9:92:62:83:4a:89:
                    44:b7:7f:30:b8:dc:32:29:13:db:24:02:f4:4c:62:
                    3f:1b:23:d3:b8:f7:f3:03:6b:a2:83:67:e7:8c:05:
                    02:a8:ee:68:36:01:f2:4a:1c:1a:71:53:b4:31:7b:
                    e8:f2:6d:7a:02:20:eb:7e:1f:15:47:31:f2:29:f3:
                    04:1c:ae:63:6d:68:c6:87:9b:3d:63:f5:b4:cd:10:
                    92:6a:3f:6e:fd:67:11:84:f9:fc:32:88:3e:74:f6:
                    d7:cf:86:6e:ef:c6:3e:f2:69:d0:0e:e4:1e:f3:46:
                    01:7d:87:9b:a4:8d:fe:dc:f3:19:c1:cf:6f:64:30:
                    b1:11:97:75:df:c2:8a:b4:6f:2d:7e:5a:4c:61:5e:
                    de:7e:44:fd:d1:c4:74:a0:30:95:3c:c8:45:c4:2e:
                    f6:58:db:e5:ca:4e:d0:a3:3f:07:84:10:af:37:93:
                    54:06:03:fe:ef:c0:07:c4:7d:10:73:0a:48:cc:59:
                    4c:12:1d:ad:ee:bf:7d:63:74:72:a4:ad:eb:b2:72:
                    4e:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:89:67:FB:C0:E4:42:DB:FE:1E:4F:81:E9:DC:EF:7D:2A:B2:8D:06
            X509v3 Authority Key Identifier:
                keyid:C2:B5:D3:AF:D0:B7:2E:B7:34:C2:1E:D7:82:32:9E:B6:E7:C1:CE:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wrXTr9C3Lrc0wh7XgjKetufBzkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/e2e048-2788-49b8-9ed5-453bd8995bca/1/24ln-8DkQtv-Hk-B6dzvfSqyjQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/e2e048-2788-49b8-9ed5-453bd8995bca/1/wrXTr9C3Lrc0wh7XgjKetufBzkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.108.0/24
                IPv6:
                  2a10:4880::/29

    Signature Algorithm: sha256WithRSAEncryption
         62:0f:18:a0:5b:6c:42:02:4e:20:8b:fe:89:c5:11:ed:71:54:
         34:49:bd:17:46:b2:2c:b5:df:1a:93:8a:60:6c:74:ae:69:26:
         93:70:b2:5b:7a:b8:d3:94:0d:60:2f:7d:f9:0a:6a:4c:c2:57:
         e7:ed:07:fb:01:71:14:19:c6:89:0e:17:ac:1a:46:a2:5b:4e:
         db:09:51:03:ca:7d:57:54:73:6a:97:32:e8:c8:c3:b4:97:0e:
         89:d0:71:3e:e0:4f:13:59:38:f5:8e:cc:9c:7e:6f:d9:20:9d:
         c2:3f:43:60:f0:b9:54:9d:79:b6:c6:0d:bf:67:4f:26:de:c4:
         1e:1a:78:62:48:a4:26:ab:01:99:e4:a7:a3:ae:14:89:c7:df:
         3b:00:c5:f0:2a:84:72:de:c2:ae:99:81:fb:7b:1a:c3:51:01:
         63:fa:34:69:65:94:a5:66:d6:1d:10:22:d5:07:2c:be:aa:d4:
         45:19:0f:62:f4:57:51:8a:13:f3:2e:59:31:7c:b3:b2:96:6e:
         7f:20:22:6f:f3:c7:7a:72:4e:24:ea:b1:9c:b0:ae:ca:ca:ef:
         78:9b:61:3e:3b:f7:8f:30:65:c3:3c:7a:eb:19:dd:5e:b5:f2:
         05:60:c2:68:8b:72:f2:f3:05:40:57:aa:d5:af:ce:a3:0e:03:
         62:17:33:06
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgaCC+SI0Uz5QNWBYSna5qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyYjVkM2FmZDBiNzJlYjczNGMyMWVkNzgyMzI5ZWI2ZTdj
MWNlNDEwHhcNMjUwMTAxMDU0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjg5NjdmYmMwZTQ0MmRiZmUxZTRmODFlOWRjZWY3ZDJhYjI4ZDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OvpXLT8QO//zi9gXds17ihVh8mw
EsXNYHKzeHRFAVBmrpLO0nP5+YNsQpn8gHTuoMsQa+j5kmKDSolEt38wuNwyKRPb
JAL0TGI/GyPTuPfzA2uig2fnjAUCqO5oNgHyShwacVO0MXvo8m16AiDrfh8VRzHy
KfMEHK5jbWjGh5s9Y/W0zRCSaj9u/WcRhPn8Mog+dPbXz4Zu78Y+8mnQDuQe80YB
fYebpI3+3PMZwc9vZDCxEZd138KKtG8tflpMYV7efkT90cR0oDCVPMhFxC72WNvl
yk7Qoz8HhBCvN5NUBgP+78AHxH0QcwpIzFlMEh2t7r99Y3RypK3rsnJO3QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNuJZ/vA5ELb/h5Pgenc730qso0GMB8GA1UdIwQY
MBaAFMK106/Qty63NMIe14Iynrbnwc5BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3JYVHI5QzNMcmMwd2g3WGdqS2V0dWZCemtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9lMmUwNDgtMjc4OC00OWI4LTllZDUt
NDUzYmQ4OTk1YmNhLzEvMjRsbi04RGtRdHYtSGstQjZkenZmU3F5alFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9lMmUwNDgtMjc4OC00OWI4LTllZDUtNDUzYmQ4OTk1YmNh
LzEvd3JYVHI5QzNMcmMwd2g3WGdqS2V0dWZCemtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAue9sMA0E
AgACMAcDBQMqEEiAMA0GCSqGSIb3DQEBCwUAA4IBAQBiDxigW2xCAk4gi/6JxRHt
cVQ0Sb0XRrIstd8ak4pgbHSuaSaTcLJberjTlA1gL335CmpMwlfn7Qf7AXEUGcaJ
DhesGkaiW07bCVEDyn1XVHNqlzLoyMO0lw6J0HE+4E8TWTj1jsycfm/ZIJ3CP0Ng
8LlUnXm2xg2/Z08m3sQeGnhiSKQmqwGZ5KejrhSJx987AMXwKoRy3sKumYH7exrD
UQFj+jRpZZSlZtYdECLVByy+qtRFGQ9i9FdRihPzLlkxfLOylm5/ICJv88d6ck4k
6rGcsK7Kyu94m2E+O/ePMGXDPHrrGd1etfIFYMJoi3Ly8wVAV6rVr86jDgNiFzMG
-----END CERTIFICATE-----