Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/9PtaBYfTDTsLZ0nM4lGzRGZ22Bc.roa
File:                     9PtaBYfTDTsLZ0nM4lGzRGZ22Bc.roa (raw, json)
Hash identifier:          YokKOvUBxeb5qB1louMnbCUJShjRY8D33JM/JJxcXvg=
Subject key identifier:   F4:FB:5A:05:87:D3:0D:3B:0B:67:49:CC:E2:51:B3:44:66:76:D8:17
Certificate issuer:       /CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
Certificate serial:       018D426B680B8E9A6C91024BB0A5AEB930AA
Authority key identifier: 1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/9PtaBYfTDTsLZ0nM4lGzRGZ22Bc.roa
Signing time:             Thu 25 Jan 2024 20:59:11 +0000
ROA not before:           Thu 25 Jan 2024 20:59:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54252
IP address blocks:        45.95.205.0/24 maxlen: 24
                          45.95.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:42:6b:68:0b:8e:9a:6c:91:02:4b:b0:a5:ae:b9:30:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
        Validity
            Not Before: Jan 25 20:59:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4fb5a0587d30d3b0b6749cce251b3446676d817
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:39:e9:5a:c2:ee:d7:3e:b8:1d:d1:35:06:61:
                    12:de:83:f5:9f:b9:1f:19:2d:68:57:27:1b:06:78:
                    06:5a:fa:33:0b:b6:f9:41:4f:36:ae:be:73:09:c0:
                    65:38:8f:ac:a4:2f:a5:aa:e5:75:93:e8:65:16:24:
                    27:75:d8:d5:b1:1f:38:1d:db:9e:16:57:5e:d9:18:
                    17:5f:2b:04:c5:c3:b4:e1:ca:57:e0:1d:b9:bd:f7:
                    91:91:0e:ab:9f:55:74:a4:d7:c7:89:cc:1b:9c:88:
                    d4:e0:99:78:0f:d0:ff:db:81:73:c0:75:b7:16:ce:
                    1a:39:a7:62:c7:e2:3e:72:0e:92:89:97:e6:a4:9c:
                    ad:ec:95:4e:15:b7:31:3c:f5:fd:27:9a:cd:ed:0a:
                    9b:85:93:6f:70:42:24:21:32:06:09:fa:02:89:7a:
                    38:95:c3:43:a8:d8:04:10:fd:6c:48:47:1e:53:ac:
                    a3:84:50:e0:d3:eb:e0:2b:97:64:34:ba:f9:3e:3e:
                    f1:cd:71:6e:7d:79:b1:39:db:a4:a8:7d:a6:ba:03:
                    ac:24:23:45:a1:23:8a:f1:8f:4f:3e:28:35:c7:49:
                    6c:4b:b8:8d:0a:93:8a:87:d1:b5:b9:7c:cd:dc:f8:
                    17:ef:37:08:da:64:b8:46:03:64:be:8a:89:16:7b:
                    fc:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:FB:5A:05:87:D3:0D:3B:0B:67:49:CC:E2:51:B3:44:66:76:D8:17
            X509v3 Authority Key Identifier:
                keyid:1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/9PtaBYfTDTsLZ0nM4lGzRGZ22Bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.205.0-45.95.206.255

    Signature Algorithm: sha256WithRSAEncryption
         36:ef:fe:d7:84:83:a9:4f:1d:96:06:ac:e1:81:8c:25:25:b6:
         da:ac:2f:42:01:3b:14:15:98:ef:bd:ab:dc:20:ca:7f:d2:0d:
         24:57:71:68:84:da:fb:4f:64:a2:cb:ad:73:18:a4:ee:ed:aa:
         b5:68:4f:ba:8d:cc:fa:d0:f5:69:1a:92:11:d0:70:5c:a0:95:
         3e:c2:d5:6f:6d:5c:7a:a3:4b:7f:bb:25:83:f0:42:a6:38:1d:
         c5:67:ed:0a:b3:47:eb:17:e1:ef:d2:36:6b:d2:8a:9c:0d:fc:
         8e:1e:05:65:59:bc:8c:8c:55:89:02:7f:83:56:35:8c:55:81:
         33:7d:54:ab:ea:32:e2:72:b6:d6:f8:30:0d:16:3b:5e:4f:ab:
         9e:a4:e3:96:34:d7:80:f4:72:e0:cf:60:bf:46:a5:c8:ba:46:
         b0:dc:7f:be:55:ec:cf:b1:53:04:d2:9e:a2:df:0a:ad:dd:9d:
         ba:2a:9c:ee:b4:96:7b:13:03:cd:38:73:8f:17:9d:58:53:36:
         95:98:80:1b:85:0f:62:d9:d3:8c:ee:be:3b:a6:f1:3e:b8:a2:
         2e:a7:0a:9b:74:33:01:9f:c1:a3:75:df:3e:36:5f:eb:94:3c:
         ff:6f:83:b5:0f:26:0b:fd:01:50:77:5f:f3:4b:20:80:9b:2a:
         a8:bf:87:44
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY1Ca2gLjppskQJLsKWuuTCqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjFhYTVkMWJlZmQ3YTBmZTNlNGRmZTNhYThkYTczZWZj
ZmJhMzQwHhcNMjQwMTI1MjA1OTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGZiNWEwNTg3ZDMwZDNiMGI2NzQ5Y2NlMjUxYjM0NDY2NzZkODE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDnpWsLu1z64HdE1BmES3oP1n7kf
GS1oVycbBngGWvozC7b5QU82rr5zCcBlOI+spC+lquV1k+hlFiQnddjVsR84Hdue
Flde2RgXXysExcO04cpX4B25vfeRkQ6rn1V0pNfHicwbnIjU4Jl4D9D/24FzwHW3
Fs4aOadix+I+cg6SiZfmpJyt7JVOFbcxPPX9J5rN7QqbhZNvcEIkITIGCfoCiXo4
lcNDqNgEEP1sSEceU6yjhFDg0+vgK5dkNLr5Pj7xzXFufXmxOdukqH2mugOsJCNF
oSOK8Y9PPig1x0lsS7iNCpOKh9G1uXzN3PgX7zcI2mS4RgNkvoqJFnv8mwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPT7WgWH0w07C2dJzOJRs0RmdtgXMB8GA1UdIwQY
MBaAFB9hql0b79eg/j5N/jqo2nPvz7o0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJHcVhSdnYxNkQtUGszLU9xamFjLV9QdWpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wYWQ0MTQtM2RmMS00YjM4LTg2OWUt
YzYyMWU4ZGY5NWZmLzEvOVB0YUJZZlREVHNMWjBuTTRsR3pSR1oyMkJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wYWQ0MTQtM2RmMS00YjM4LTg2OWUtYzYyMWU4ZGY5NWZm
LzEvSDJHcVhSdnYxNkQtUGszLU9xamFjLV9QdWpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtX80D
BAAtX84wDQYJKoZIhvcNAQELBQADggEBADbv/teEg6lPHZYGrOGBjCUlttqsL0IB
OxQVmO+9q9wgyn/SDSRXcWiE2vtPZKLLrXMYpO7tqrVoT7qNzPrQ9WkakhHQcFyg
lT7C1W9tXHqjS3+7JYPwQqY4HcVn7QqzR+sX4e/SNmvSipwN/I4eBWVZvIyMVYkC
f4NWNYxVgTN9VKvqMuJyttb4MA0WO15Pq56k45Y014D0cuDPYL9Gpci6RrDcf75V
7M+xUwTSnqLfCq3dnboqnO60lnsTA804c48XnVhTNpWYgBuFD2LZ04zuvjum8T64
oi6nCpt0MwGfwaN13z42X+uUPP9vg7UPJgv9AVB3X/NLIICbKqi/h0Q=
-----END CERTIFICATE-----