Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/30af46-27ed-4482-840e-65f856f1249e/1/lJmvvXMVP9NKaYHWsyd-BJftiCc.roa
File:                     lJmvvXMVP9NKaYHWsyd-BJftiCc.roa (raw, json)
Hash identifier:          eBBiq38eKi7tQKUMPizst8SumCc0cZEMghR739L+M0A=
Subject key identifier:   94:99:AF:BD:73:15:3F:D3:4A:69:81:D6:B3:27:7E:04:97:ED:88:27
Certificate issuer:       /CN=84284d67c9abaf6fa8fea6142a5b2558c9cbcf74
Certificate serial:       019427480EC7546CE9FFBA261FDC14072169
Authority key identifier: 84:28:4D:67:C9:AB:AF:6F:A8:FE:A6:14:2A:5B:25:58:C9:CB:CF:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hChNZ8mrr2-o_qYUKlslWMnLz3Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/30af46-27ed-4482-840e-65f856f1249e/1/lJmvvXMVP9NKaYHWsyd-BJftiCc.roa
Signing time:             Thu 02 Jan 2025 13:50:21 +0000
ROA not before:           Thu 02 Jan 2025 13:50:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211136
IP address blocks:        185.15.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/30af46-27ed-4482-840e-65f856f1249e/1/hChNZ8mrr2-o_qYUKlslWMnLz3Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/30af46-27ed-4482-840e-65f856f1249e/1/hChNZ8mrr2-o_qYUKlslWMnLz3Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hChNZ8mrr2-o_qYUKlslWMnLz3Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:0e:c7:54:6c:e9:ff:ba:26:1f:dc:14:07:21:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84284d67c9abaf6fa8fea6142a5b2558c9cbcf74
        Validity
            Not Before: Jan  2 13:50:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9499afbd73153fd34a6981d6b3277e0497ed8827
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d6:c4:74:08:3f:6b:44:16:42:67:47:c0:36:
                    02:6a:d3:77:08:c9:fb:10:8b:27:a8:3f:f0:7f:d9:
                    a1:f4:1d:21:a2:34:78:58:26:9e:01:63:80:80:11:
                    db:d4:5a:dd:f4:9b:4c:52:f0:16:36:7b:c6:dc:af:
                    ed:ed:6d:83:42:e5:a4:85:c5:5d:0c:ac:e8:33:2d:
                    75:b4:9e:0b:a9:fe:97:96:f0:a3:84:3b:d9:92:71:
                    75:61:03:fb:8a:a9:ff:99:9c:54:73:04:ad:01:09:
                    eb:71:c3:fd:d9:df:b9:4b:20:55:3c:58:04:ca:5c:
                    0b:5e:75:29:da:e4:67:36:fa:8c:09:ff:82:48:e2:
                    7b:07:97:47:1c:35:f3:41:b7:0d:ad:b9:a0:c1:9b:
                    35:d6:8e:ad:8d:fb:7d:8a:c6:21:ec:c9:0d:18:61:
                    22:e4:ad:dc:24:d0:d7:a5:8c:a6:3d:b8:3b:a5:48:
                    27:56:4a:b1:e0:a3:55:ad:de:be:b1:a6:77:d0:36:
                    6b:b7:52:61:19:b8:75:99:66:d5:78:7c:41:3e:8f:
                    fe:b8:69:c4:93:64:df:ef:12:69:85:b1:11:ab:80:
                    81:0b:d6:a2:f4:ae:07:fe:05:19:0e:3b:ed:0f:a9:
                    50:de:1b:f0:88:0c:c4:b1:3f:6b:e6:82:ae:5d:12:
                    78:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:99:AF:BD:73:15:3F:D3:4A:69:81:D6:B3:27:7E:04:97:ED:88:27
            X509v3 Authority Key Identifier:
                keyid:84:28:4D:67:C9:AB:AF:6F:A8:FE:A6:14:2A:5B:25:58:C9:CB:CF:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hChNZ8mrr2-o_qYUKlslWMnLz3Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/30af46-27ed-4482-840e-65f856f1249e/1/lJmvvXMVP9NKaYHWsyd-BJftiCc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/30af46-27ed-4482-840e-65f856f1249e/1/hChNZ8mrr2-o_qYUKlslWMnLz3Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.15.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:13:51:c0:59:bf:b8:07:e1:f9:ba:32:40:00:27:bf:a4:6d:
         65:ff:d6:d0:8f:0b:87:da:a2:db:3e:2a:6a:9a:fc:5f:27:e6:
         ab:52:64:6b:e5:bb:04:00:a6:43:ed:35:8a:bd:55:af:86:a5:
         1e:df:f6:46:69:e0:49:9f:93:e3:7f:f1:9c:8f:0b:7e:47:1f:
         fe:df:26:91:bd:63:c2:b9:b4:55:5b:8d:40:06:03:63:1b:f4:
         6b:e8:62:d8:10:1a:29:2e:13:d8:b9:fe:a4:26:61:d4:7d:6e:
         dc:b9:84:27:90:53:99:65:32:71:c7:88:e4:6d:f3:68:2b:6d:
         cc:ea:ef:f5:a2:d8:11:7d:0b:64:53:ea:8e:63:65:7a:9d:f3:
         98:7e:c8:99:bb:30:0c:8a:f6:75:e0:df:4d:a0:78:b1:d7:35:
         ec:bd:5e:7f:07:55:2e:d3:bf:25:b1:fb:90:8d:5a:c1:aa:76:
         e7:35:5b:5c:45:d3:be:d3:9b:68:ce:6f:ac:7d:39:ca:99:41:
         e4:24:a3:52:fc:e6:89:a5:83:bb:2e:f3:4e:10:b1:62:07:54:
         f5:0f:d7:b4:b2:6a:f9:71:13:ea:96:e5:5b:af:50:5f:ae:52:
         91:59:1e:61:02:af:41:63:eb:42:06:e8:81:04:cb:68:f0:76:
         3c:72:e7:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSA7HVGzp/7omH9wUByFpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0Mjg0ZDY3YzlhYmFmNmZhOGZlYTYxNDJhNWIyNTU4Yzlj
YmNmNzQwHhcNMjUwMTAyMTM1MDIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDk5YWZiZDczMTUzZmQzNGE2OTgxZDZiMzI3N2UwNDk3ZWQ4ODI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltbEdAg/a0QWQmdHwDYCatN3CMn7
EIsnqD/wf9mh9B0hojR4WCaeAWOAgBHb1Frd9JtMUvAWNnvG3K/t7W2DQuWkhcVd
DKzoMy11tJ4Lqf6XlvCjhDvZknF1YQP7iqn/mZxUcwStAQnrccP92d+5SyBVPFgE
ylwLXnUp2uRnNvqMCf+CSOJ7B5dHHDXzQbcNrbmgwZs11o6tjft9isYh7MkNGGEi
5K3cJNDXpYymPbg7pUgnVkqx4KNVrd6+saZ30DZrt1JhGbh1mWbVeHxBPo/+uGnE
k2Tf7xJphbERq4CBC9ai9K4H/gUZDjvtD6lQ3hvwiAzEsT9r5oKuXRJ4QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJSZr71zFT/TSmmB1rMnfgSX7YgnMB8GA1UdIwQY
MBaAFIQoTWfJq69vqP6mFCpbJVjJy890MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaENoTlo4bXJyMi1vX3FZVUtsc2xXTW5MejNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8zMGFmNDYtMjdlZC00NDgyLTg0MGUt
NjVmODU2ZjEyNDllLzEvbEptdnZYTVZQOU5LYVlIV3N5ZC1CSmZ0aUNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8zMGFmNDYtMjdlZC00NDgyLTg0MGUtNjVmODU2ZjEyNDll
LzEvaENoTlo4bXJyMi1vX3FZVUtsc2xXTW5MejNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ+KMA0G
CSqGSIb3DQEBCwUAA4IBAQCIE1HAWb+4B+H5ujJAACe/pG1l/9bQjwuH2qLbPipq
mvxfJ+arUmRr5bsEAKZD7TWKvVWvhqUe3/ZGaeBJn5Pjf/Gcjwt+Rx/+3yaRvWPC
ubRVW41ABgNjG/Rr6GLYEBopLhPYuf6kJmHUfW7cuYQnkFOZZTJxx4jkbfNoK23M
6u/1otgRfQtkU+qOY2V6nfOYfsiZuzAMivZ14N9NoHix1zXsvV5/B1Uu078lsfuQ
jVrBqnbnNVtcRdO+05tozm+sfTnKmUHkJKNS/OaJpYO7LvNOELFiB1T1D9e0smr5
cRPqluVbr1BfrlKRWR5hAq9BY+tCBuiBBMto8HY8cude
-----END CERTIFICATE-----