Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/hP2fgAy34XIg7aM2C0Ad6ElaYgI.roa
File:                     hP2fgAy34XIg7aM2C0Ad6ElaYgI.roa (raw, json)
Hash identifier:          /xs3DUUFJAe9wbGBaQmfw6+eASI54MfNuZpQE+CXA0o=
Subject key identifier:   84:FD:9F:80:0C:B7:E1:72:20:ED:A3:36:0B:40:1D:E8:49:5A:62:02
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       019422FB5E76E9F098FDC587E8FB8A586D7F
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/hP2fgAy34XIg7aM2C0Ad6ElaYgI.roa
Signing time:             Wed 01 Jan 2025 17:48:06 +0000
ROA not before:           Wed 01 Jan 2025 17:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30344
IP address blocks:        138.124.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 22:02:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:5e:76:e9:f0:98:fd:c5:87:e8:fb:8a:58:6d:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Jan  1 17:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84fd9f800cb7e17220eda3360b401de8495a6202
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:5a:fd:0a:42:ce:11:75:ec:92:9c:ea:b7:38:
                    c2:19:de:9c:75:00:36:90:eb:10:e8:7d:4a:8d:a9:
                    59:82:7d:63:d3:a8:48:76:70:7a:d4:68:92:82:5d:
                    15:f3:c8:96:9d:95:5d:04:8e:14:60:71:3f:df:fe:
                    c1:49:37:b0:d2:62:71:fb:7a:e6:97:75:d3:9d:1a:
                    a1:f8:cc:b0:64:c1:ff:a1:69:5d:d6:f4:0d:5a:51:
                    69:6d:e1:27:b5:bd:9a:88:a9:17:53:19:93:4f:e4:
                    4b:38:ad:3c:1f:2a:b7:3a:ea:41:df:85:c5:a8:c7:
                    17:57:4c:72:94:01:3e:22:95:4d:49:42:d6:40:21:
                    ae:7c:54:8f:90:8c:98:5e:c4:38:90:17:78:be:03:
                    f1:68:16:85:bb:11:2f:b9:d2:6e:af:1e:ee:9d:b9:
                    c8:37:a3:ea:96:ab:07:dd:a9:8c:12:ea:09:08:b4:
                    17:4b:94:ef:15:6c:32:db:15:88:f6:7e:cb:87:c5:
                    c0:dc:35:0d:d1:df:87:51:64:63:4f:41:72:bf:a2:
                    76:12:72:39:87:12:6d:39:7e:48:4e:df:2e:c2:af:
                    8e:8a:eb:74:43:f0:ad:9d:f7:69:05:18:f6:a5:a7:
                    a0:37:8f:eb:45:16:5e:e3:08:53:92:d5:f1:27:e2:
                    47:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:FD:9F:80:0C:B7:E1:72:20:ED:A3:36:0B:40:1D:E8:49:5A:62:02
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/hP2fgAy34XIg7aM2C0Ad6ElaYgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.124.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:56:80:2f:1c:4c:a5:3f:ee:89:cf:af:c6:6d:d6:6b:82:51:
         c5:a1:d0:51:5b:b5:5d:84:73:3c:12:1a:91:ba:22:65:b3:1c:
         f0:0f:ce:89:ad:38:78:40:69:33:39:bf:0e:e3:56:6c:e9:50:
         1c:43:95:54:45:7d:36:11:f0:af:81:c9:c5:1f:49:ea:a8:6c:
         0d:fd:7c:02:e6:2e:15:c7:63:f6:7c:e5:08:c2:ba:51:98:52:
         f6:a5:9d:4c:51:8d:ba:9b:27:72:90:b7:9e:66:d5:06:ef:42:
         2d:48:ac:5f:d0:cc:07:95:56:29:30:df:06:7f:85:2f:9b:f1:
         42:69:94:40:e3:4f:65:b2:fd:db:9a:03:e0:b2:ef:c2:8d:1d:
         0e:27:45:19:c3:ad:cc:5f:e1:d8:5a:f4:d0:4e:b6:92:08:94:
         59:68:40:44:3d:cf:fb:c5:39:ac:42:62:85:61:34:77:d3:fa:
         b6:aa:44:3f:f4:da:1f:a5:af:6d:29:03:f1:99:e3:d5:e3:6c:
         fb:f9:86:7b:89:9a:d5:4c:72:70:f3:ae:e1:36:66:40:12:6b:
         de:77:e3:25:f7:e2:6a:43:56:62:67:cd:4b:50:d2:95:07:2e:
         3b:94:30:ac:2b:72:e6:46:94:f7:29:f8:4f:3b:a1:5e:b5:68:
         35:92:5f:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+1526fCY/cWH6PuKWG1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjUwMTAxMTc0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGZkOWY4MDBjYjdlMTcyMjBlZGEzMzYwYjQwMWRlODQ5NWE2MjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0lr9CkLOEXXskpzqtzjCGd6cdQA2
kOsQ6H1KjalZgn1j06hIdnB61GiSgl0V88iWnZVdBI4UYHE/3/7BSTew0mJx+3rm
l3XTnRqh+MywZMH/oWld1vQNWlFpbeEntb2aiKkXUxmTT+RLOK08Hyq3OupB34XF
qMcXV0xylAE+IpVNSULWQCGufFSPkIyYXsQ4kBd4vgPxaBaFuxEvudJurx7unbnI
N6PqlqsH3amMEuoJCLQXS5TvFWwy2xWI9n7Lh8XA3DUN0d+HUWRjT0Fyv6J2EnI5
hxJtOX5ITt8uwq+Oiut0Q/CtnfdpBRj2paegN4/rRRZe4whTktXxJ+JHJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIT9n4AMt+FyIO2jNgtAHehJWmICMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvaFAyZmdBeTM0WElnN2FNMkMwQWQ2RWxhWWdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAiny7MA0G
CSqGSIb3DQEBCwUAA4IBAQBeVoAvHEylP+6Jz6/GbdZrglHFodBRW7VdhHM8EhqR
uiJlsxzwD86JrTh4QGkzOb8O41Zs6VAcQ5VURX02EfCvgcnFH0nqqGwN/XwC5i4V
x2P2fOUIwrpRmFL2pZ1MUY26mydykLeeZtUG70ItSKxf0MwHlVYpMN8Gf4Uvm/FC
aZRA409lsv3bmgPgsu/CjR0OJ0UZw63MX+HYWvTQTraSCJRZaEBEPc/7xTmsQmKF
YTR30/q2qkQ/9Nofpa9tKQPxmePV42z7+YZ7iZrVTHJw867hNmZAEmved+Ml9+Jq
Q1ZiZ81LUNKVBy47lDCsK3LmRpT3KfhPO6FetWg1kl/b
-----END CERTIFICATE-----