Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/HQRNXHsfn6gVh_mUFTiuf5jKCxw.roa
File:                     HQRNXHsfn6gVh_mUFTiuf5jKCxw.roa (raw, json)
Hash identifier:          yNitZET5RJZkRrmEE7A/phM4T+s+wOhxD4CXOz+3H8s=
Subject key identifier:   1D:04:4D:5C:7B:1F:9F:A8:15:87:F9:94:15:38:AE:7F:98:CA:0B:1C
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       01967BBE4A5FFD1365CDA4241B6B5991D039
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/HQRNXHsfn6gVh_mUFTiuf5jKCxw.roa
Signing time:             Mon 28 Apr 2025 09:33:10 +0000
ROA not before:           Mon 28 Apr 2025 09:33:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60798
IP address blocks:        124.198.130.0/24 maxlen: 24
                          155.2.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 15 May 2025 19:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7b:be:4a:5f:fd:13:65:cd:a4:24:1b:6b:59:91:d0:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Apr 28 09:33:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d044d5c7b1f9fa81587f9941538ae7f98ca0b1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:e7:b8:f1:f1:43:fc:18:87:b3:ea:aa:14:fd:
                    1c:b9:3d:79:c1:df:76:e3:42:db:96:19:f2:6f:dd:
                    8e:c3:4d:55:85:89:cc:62:c0:cc:ad:02:65:3e:47:
                    41:b6:ac:1b:66:59:79:cf:93:33:4f:75:3e:3a:8b:
                    1d:e7:f5:95:c4:a1:49:c4:04:27:61:c1:ca:c3:5d:
                    de:bb:94:f1:1c:3a:86:4e:ef:3e:2a:a6:a6:fa:62:
                    8e:b0:5d:63:48:61:ed:70:05:8d:64:9f:f5:7b:60:
                    e9:95:d3:e0:d7:61:6d:6f:74:66:e8:ba:76:4c:1e:
                    89:ec:a1:8a:1a:a9:e9:d1:1d:ef:2c:3c:eb:1e:1e:
                    42:66:ed:cb:ea:00:03:c3:e1:20:00:a6:c2:d1:4e:
                    49:cc:28:1d:78:d5:16:2c:f2:9c:c6:ee:aa:2c:43:
                    d2:d1:dc:0f:97:91:4a:fb:14:7b:46:d1:22:01:b1:
                    ab:fd:c3:0d:c0:fa:ac:86:89:af:24:b1:13:c1:0b:
                    6e:e1:cb:8f:ab:9f:27:41:be:a9:b6:1c:7b:bf:46:
                    28:8b:8e:13:b5:3c:d0:3c:3d:d8:81:c6:58:2c:33:
                    26:d2:1d:53:a4:13:23:72:03:df:37:1e:04:0b:10:
                    40:3d:c9:f8:11:3c:d0:a3:ec:4a:3b:f7:7e:14:7a:
                    27:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:04:4D:5C:7B:1F:9F:A8:15:87:F9:94:15:38:AE:7F:98:CA:0B:1C
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/HQRNXHsfn6gVh_mUFTiuf5jKCxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  124.198.130.0/24
                  155.2.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:6e:70:c2:69:23:ee:d3:69:2a:6d:06:31:50:df:d3:ac:84:
         a0:a3:57:9b:62:a5:20:82:d7:b1:41:e6:c2:99:68:85:f0:c9:
         a4:7f:17:18:13:e0:74:42:f7:7e:98:88:38:36:6c:38:d8:5b:
         c1:43:13:8f:e7:7c:af:54:21:f3:2b:bc:df:8e:12:fa:e0:16:
         fa:51:ae:7a:8d:79:2e:36:b5:0b:aa:6a:fc:19:0f:dc:cf:99:
         f3:70:2e:d5:07:71:6f:6b:ee:28:ca:9e:3b:e0:d9:a6:b0:d3:
         6b:12:65:f3:6f:8e:57:d5:7d:8e:a5:1f:b4:3f:74:55:14:12:
         5b:c1:6e:06:23:b5:09:5f:25:54:1c:12:98:48:04:1e:27:3e:
         d6:b6:d7:26:a6:be:a9:f5:fc:07:3b:f0:f4:28:26:f7:91:79:
         07:78:f1:42:49:a0:50:22:ad:85:64:67:35:01:49:f2:5f:ef:
         a8:7d:10:b1:99:a5:9a:94:f2:46:c2:29:c8:fa:78:59:f5:6d:
         cd:a7:87:4e:05:04:67:56:d6:26:36:2e:3b:f5:f1:77:de:b1:
         fc:74:13:2d:79:e4:16:54:5a:aa:bc:60:a2:28:48:76:dc:cb:
         a1:ba:88:75:de:dc:3c:bd:bb:35:05:2d:76:e1:03:83:b4:99:
         24:44:7d:36
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZ7vkpf/RNlzaQkG2tZkdA5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwNDI4MDkzMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDA0NGQ1YzdiMWY5ZmE4MTU4N2Y5OTQxNTM4YWU3Zjk4Y2EwYjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ee48fFD/BiHs+qqFP0cuT15wd92
40Lblhnyb92Ow01VhYnMYsDMrQJlPkdBtqwbZll5z5MzT3U+Oosd5/WVxKFJxAQn
YcHKw13eu5TxHDqGTu8+Kqam+mKOsF1jSGHtcAWNZJ/1e2DpldPg12Ftb3Rm6Lp2
TB6J7KGKGqnp0R3vLDzrHh5CZu3L6gADw+EgAKbC0U5JzCgdeNUWLPKcxu6qLEPS
0dwPl5FK+xR7RtEiAbGr/cMNwPqshomvJLETwQtu4cuPq58nQb6pthx7v0Yoi44T
tTzQPD3YgcZYLDMm0h1TpBMjcgPfNx4ECxBAPcn4ETzQo+xKO/d+FHon4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB0ETVx7H5+oFYf5lBU4rn+YygscMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvSFFSTlhIc2ZuNmdWaF9tVUZUaXVmNWpLQ3h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAfMaCAwQA
mwLVMA0GCSqGSIb3DQEBCwUAA4IBAQAZbnDCaSPu02kqbQYxUN/TrISgo1ebYqUg
gtexQebCmWiF8MmkfxcYE+B0Qvd+mIg4Nmw42FvBQxOP53yvVCHzK7zfjhL64Bb6
Ua56jXkuNrULqmr8GQ/cz5nzcC7VB3Fva+4oyp474NmmsNNrEmXzb45X1X2OpR+0
P3RVFBJbwW4GI7UJXyVUHBKYSAQeJz7Wttcmpr6p9fwHO/D0KCb3kXkHePFCSaBQ
Iq2FZGc1AUnyX++ofRCxmaWalPJGwinI+nhZ9W3Np4dOBQRnVtYmNi479fF33rH8
dBMteeQWVFqqvGCiKEh23Muhuoh13tw8vbs1BS124QODtJkkRH02
-----END CERTIFICATE-----