Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hnJD43UXtuGnKFz4OEYl0nDFfpE.roa
File:                     hnJD43UXtuGnKFz4OEYl0nDFfpE.roa (raw, json)
Hash identifier:          CFEPMzPgBypv/56G2ZnAfXRnUQZZRmOeEVZHeEPB4AI=
Subject key identifier:   86:72:43:E3:75:17:B6:E1:A7:28:5C:F8:38:46:25:D2:70:C5:7E:91
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019329762A87E324DA39C2D0891191786666
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hnJD43UXtuGnKFz4OEYl0nDFfpE.roa
Signing time:             Thu 14 Nov 2024 06:57:10 +0000
ROA not before:           Thu 14 Nov 2024 06:57:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210848
IP address blocks:        45.95.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:29:76:2a:87:e3:24:da:39:c2:d0:89:11:91:78:66:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov 14 06:57:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=867243e37517b6e1a7285cf8384625d270c57e91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:15:8b:b8:18:11:92:b2:90:2a:87:39:3f:f5:
                    f0:4d:2e:e5:08:65:2e:9c:8b:7e:02:9f:74:21:97:
                    4c:74:fa:1b:f3:72:29:35:48:46:6c:20:d0:96:c9:
                    f4:a0:35:ae:a3:9f:a3:ec:ca:14:25:b3:56:16:e7:
                    7d:b2:ab:ee:5b:23:cd:97:ff:c8:41:df:e0:75:69:
                    b2:7e:7c:77:f2:6a:6d:85:0b:12:37:84:5e:73:a4:
                    48:bb:0b:6c:97:c1:6a:d0:2d:ef:be:6d:e8:a2:ff:
                    2b:b8:21:e5:62:12:7a:e5:d8:95:3e:c1:c8:da:b9:
                    18:e6:14:14:7e:b7:b7:77:5c:cd:cd:70:57:49:f1:
                    e2:20:c4:97:28:43:58:13:ac:b5:0e:2f:41:82:91:
                    57:73:ed:ad:85:07:56:57:0f:03:7b:9e:40:e2:09:
                    60:af:03:d5:94:9c:9e:0e:0b:58:3c:0f:2b:c0:3e:
                    dd:b3:a0:06:c9:e3:ce:44:62:54:69:b0:39:a9:72:
                    c3:4a:8d:a0:f5:91:dc:34:d4:76:68:83:96:6f:7b:
                    dc:78:cf:46:64:f8:d4:3e:e4:99:ee:bf:75:88:a8:
                    8a:99:8e:16:48:18:34:cf:26:c6:00:ea:59:4e:fe:
                    0f:9b:94:8a:6e:e7:48:85:50:3c:33:1d:35:df:f3:
                    ba:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:72:43:E3:75:17:B6:E1:A7:28:5C:F8:38:46:25:D2:70:C5:7E:91
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hnJD43UXtuGnKFz4OEYl0nDFfpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:58:6c:4b:cd:fd:ec:8f:dd:0e:fc:4b:b5:67:f0:b2:70:2d:
         be:09:41:b5:91:8f:e2:74:b4:c2:07:a0:19:db:f9:30:36:a6:
         5b:c4:5a:76:a4:b8:dd:22:2e:e7:a0:b6:02:6c:79:60:14:ac:
         6f:e0:10:81:8d:06:73:8e:e6:58:44:f9:6a:9f:37:9c:a2:17:
         0c:b0:c3:4e:b1:1c:18:68:29:31:c4:9c:e2:0d:83:c5:8d:41:
         0b:7d:23:03:40:7a:17:b3:fa:19:a1:f6:b8:4e:56:90:02:e4:
         6f:a7:93:1f:3f:e7:b5:81:17:30:87:a0:26:47:b5:23:0a:01:
         cf:64:de:5b:d2:cb:87:2f:9b:fd:2c:c5:92:27:f3:26:e6:f4:
         2a:a4:1c:06:35:de:28:20:97:ac:15:d1:4c:f6:08:d2:67:d9:
         5a:39:bc:7b:68:0e:3d:9d:94:83:79:8c:f4:ea:09:b8:11:f9:
         8e:78:ff:20:64:49:3e:3f:26:ef:f9:4a:00:73:46:87:c3:54:
         7a:e4:51:00:6e:a4:19:d1:c9:47:19:e1:57:73:e7:fd:2c:df:
         fb:d1:17:61:82:59:d8:42:6a:93:45:b6:64:bd:fb:ba:3b:e4:
         a1:17:a7:82:f2:f1:38:23:a8:ba:22:06:94:7d:cc:53:a5:4a:
         79:9b:21:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMpdiqH4yTaOcLQiRGReGZmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMTE0MDY1NzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjcyNDNlMzc1MTdiNmUxYTcyODVjZjgzODQ2MjVkMjcwYzU3ZTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRWLuBgRkrKQKoc5P/XwTS7lCGUu
nIt+Ap90IZdMdPob83IpNUhGbCDQlsn0oDWuo5+j7MoUJbNWFud9sqvuWyPNl//I
Qd/gdWmyfnx38mpthQsSN4Rec6RIuwtsl8Fq0C3vvm3oov8ruCHlYhJ65diVPsHI
2rkY5hQUfre3d1zNzXBXSfHiIMSXKENYE6y1Di9BgpFXc+2thQdWVw8De55A4glg
rwPVlJyeDgtYPA8rwD7ds6AGyePORGJUabA5qXLDSo2g9ZHcNNR2aIOWb3vceM9G
ZPjUPuSZ7r91iKiKmY4WSBg0zybGAOpZTv4Pm5SKbudIhVA8Mx013/O6IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZyQ+N1F7bhpyhc+DhGJdJwxX6RMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaG5KRDQzVVh0dUduS0Z6NE9FWWwwbkRGZnBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV8DMA0G
CSqGSIb3DQEBCwUAA4IBAQAVWGxLzf3sj90O/Eu1Z/CycC2+CUG1kY/idLTCB6AZ
2/kwNqZbxFp2pLjdIi7noLYCbHlgFKxv4BCBjQZzjuZYRPlqnzecohcMsMNOsRwY
aCkxxJziDYPFjUELfSMDQHoXs/oZofa4TlaQAuRvp5MfP+e1gRcwh6AmR7UjCgHP
ZN5b0suHL5v9LMWSJ/Mm5vQqpBwGNd4oIJesFdFM9gjSZ9laObx7aA49nZSDeYz0
6gm4EfmOeP8gZEk+Pybv+UoAc0aHw1R65FEAbqQZ0clHGeFXc+f9LN/70RdhglnY
QmqTRbZkvfu6O+ShF6eC8vE4I6i6IgaUfcxTpUp5myG/
-----END CERTIFICATE-----