Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/1-S5qpnBw1ylZG1spddvT9f57eco.roa
File:                     1-S5qpnBw1ylZG1spddvT9f57eco.roa (raw, json)
Hash identifier:          maWJwVVWyYP373g2CIlTAWvamrZD0BLeDX8OlPQnHj0=
Subject key identifier:   F9:2E:6A:A6:70:70:D7:29:59:1B:5B:29:75:DB:D3:F5:FE:7B:79:CA
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       0198EB4D8B24F1AA80F8050C6B776428345D
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/1-S5qpnBw1ylZG1spddvT9f57eco.roa
Signing time:             Wed 27 Aug 2025 11:33:04 +0000
ROA not before:           Wed 27 Aug 2025 11:33:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215540
IP address blocks:        138.124.186.0/24 maxlen: 24
                          212.18.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:eb:4d:8b:24:f1:aa:80:f8:05:0c:6b:77:64:28:34:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Aug 27 11:33:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f92e6aa67070d729591b5b2975dbd3f5fe7b79ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d4:4f:e3:4e:40:8c:69:ee:e3:95:b6:de:cb:
                    1f:b0:c7:b3:c2:0c:33:91:b9:b7:20:cb:ab:c8:9f:
                    6e:a2:11:67:de:e0:ee:aa:77:fa:d7:c8:6a:e9:56:
                    19:c0:ae:71:f2:33:aa:2b:f0:a8:24:60:3d:f6:33:
                    f3:95:de:78:72:50:61:d8:8f:d3:a3:15:66:5c:78:
                    16:71:32:3b:43:fa:26:04:39:37:86:e4:4d:ea:57:
                    04:88:68:a5:5d:0b:03:c5:38:56:78:c0:09:c4:83:
                    5d:06:0d:42:4e:7d:5d:a8:24:f7:41:fa:7f:ea:4e:
                    88:ed:46:df:1a:40:92:30:bd:5d:ec:27:c1:28:69:
                    7b:6b:93:7b:c1:d6:14:1f:72:4d:ef:f1:39:2a:a9:
                    a1:8c:ee:0a:69:f8:0e:4a:68:f7:e6:47:f5:42:f4:
                    20:b3:e3:e7:20:d0:a4:3b:b2:0f:b3:1f:fb:c4:19:
                    2b:79:df:18:0f:00:1a:9f:6c:10:21:4c:1e:4d:24:
                    b4:e4:4f:3f:ac:83:87:81:56:2d:64:d6:8d:6b:0e:
                    3c:2c:7e:16:ff:06:38:47:05:b3:7d:ad:e3:50:ca:
                    4f:31:8c:dc:3a:78:26:20:63:66:88:85:25:bc:fd:
                    52:29:7f:9b:95:2b:ca:e8:86:f2:21:83:a2:b3:4e:
                    db:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:2E:6A:A6:70:70:D7:29:59:1B:5B:29:75:DB:D3:F5:FE:7B:79:CA
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/1-S5qpnBw1ylZG1spddvT9f57eco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.124.186.0/24
                  212.18.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:05:a9:80:26:40:13:95:b2:29:f2:4b:43:0c:2d:bf:55:e3:
         c8:58:72:25:e9:0d:27:4e:4f:83:30:89:03:9b:d9:19:77:b7:
         85:5f:b2:aa:83:4c:7e:21:ad:48:0b:d7:95:07:a1:33:57:d5:
         ba:3e:93:f6:3e:81:15:b5:33:0e:9a:4b:60:5d:4c:b4:be:0d:
         b8:a8:11:bc:d4:bb:6d:aa:18:b0:3c:32:59:56:3b:3c:a6:41:
         44:68:3f:63:1f:81:64:87:f2:12:cc:45:64:32:15:0a:d8:80:
         6e:e8:56:92:d7:49:ea:3c:8f:31:c4:64:a1:7e:56:ac:4b:59:
         fc:7d:30:2b:90:34:06:93:eb:7a:f4:62:74:30:d2:85:4b:5c:
         13:5e:ee:11:7f:e4:05:3c:1c:61:e7:69:69:3b:df:a7:a9:a1:
         e5:00:78:d5:c2:e8:2b:dd:70:6c:4f:a5:20:df:d4:be:89:f9:
         d8:3a:4e:b9:bc:04:fe:da:1d:72:dc:f9:3e:62:e6:ed:f9:07:
         eb:52:4e:0f:a1:0b:3b:3d:21:29:cb:ad:2d:b9:61:f0:6e:04:
         60:a5:01:de:52:11:0b:d9:24:0a:cd:25:f3:87:53:85:a5:24:
         61:bb:a5:59:86:19:3a:ea:a0:ac:6a:78:af:8c:be:61:f5:69:
         3c:76:3a:65
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZjrTYsk8aqA+AUMa3dkKDRdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjUwODI3MTEzMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTJlNmFhNjcwNzBkNzI5NTkxYjViMjk3NWRiZDNmNWZlN2I3OWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdRP405AjGnu45W23ssfsMezwgwz
kbm3IMuryJ9uohFn3uDuqnf618hq6VYZwK5x8jOqK/CoJGA99jPzld54clBh2I/T
oxVmXHgWcTI7Q/omBDk3huRN6lcEiGilXQsDxThWeMAJxINdBg1CTn1dqCT3Qfp/
6k6I7UbfGkCSML1d7CfBKGl7a5N7wdYUH3JN7/E5KqmhjO4KafgOSmj35kf1QvQg
s+PnINCkO7IPsx/7xBkred8YDwAan2wQIUweTSS05E8/rIOHgVYtZNaNaw48LH4W
/wY4RwWzfa3jUMpPMYzcOngmIGNmiIUlvP1SKX+blSvK6IbyIYOis07buwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPkuaqZwcNcpWRtbKXXb0/X+e3nKMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvMS1TNXFwbkJ3MXlsWkcxc3BkZHZUOWY1N2Vjby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjUvMzBkYzg1LTJkZDgtNGIxYy1iMTUxLTRiZDYzYWRjNzM1
NC8xL3Y0UVJOVVhaQUFkZzltQmlwQ0laTTZMcFdkZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAIp8ugME
ANQSaDANBgkqhkiG9w0BAQsFAAOCAQEAEgWpgCZAE5WyKfJLQwwtv1XjyFhyJekN
J05PgzCJA5vZGXe3hV+yqoNMfiGtSAvXlQehM1fVuj6T9j6BFbUzDppLYF1MtL4N
uKgRvNS7baoYsDwyWVY7PKZBRGg/Yx+BZIfyEsxFZDIVCtiAbuhWktdJ6jyPMcRk
oX5WrEtZ/H0wK5A0BpPrevRidDDShUtcE17uEX/kBTwcYedpaTvfp6mh5QB41cLo
K91wbE+lIN/Uvon52DpOubwE/todctz5PmLm7fkH61JOD6ELOz0hKcutLblh8G4E
YKUB3lIRC9kkCs0l84dThaUkYbulWYYZOuqgrGp4r4y+YfVpPHY6ZQ==
-----END CERTIFICATE-----