Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/REZ0NpPBjGGfW-r4srK-nZ7pIxs.roa
File:                     REZ0NpPBjGGfW-r4srK-nZ7pIxs.roa (raw, json)
Hash identifier:          MuYH/7w/mWGbEmMQOXNZukdf1YhNpFabJ7ySway6ji8=
Subject key identifier:   44:46:74:36:93:C1:8C:61:9F:5B:EA:F8:B2:B2:BE:9D:9E:E9:23:1B
Certificate issuer:       /CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
Certificate serial:       01924717B478AFDDEEDF56C18FF250769545
Authority key identifier: 1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/REZ0NpPBjGGfW-r4srK-nZ7pIxs.roa
Signing time:             Tue 01 Oct 2024 07:59:48 +0000
ROA not before:           Tue 01 Oct 2024 07:59:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207821
IP address blocks:        45.95.205.0/24 maxlen: 24
                          45.95.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:47:17:b4:78:af:dd:ee:df:56:c1:8f:f2:50:76:95:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
        Validity
            Not Before: Oct  1 07:59:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4446743693c18c619f5beaf8b2b2be9d9ee9231b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:49:ab:fa:d7:76:09:13:4f:e9:87:0c:a1:f6:
                    fc:2b:b0:33:00:b2:e4:d3:33:c1:94:60:94:bb:db:
                    58:33:a6:d0:30:f3:5c:57:74:6d:89:4f:3a:70:bf:
                    a6:bb:fb:95:b1:0b:60:f7:22:34:b6:41:b8:d6:79:
                    3d:59:57:eb:63:02:11:69:b3:73:03:c8:12:6f:65:
                    69:89:86:e8:88:2c:eb:dc:46:0a:d7:8d:9c:56:fe:
                    90:34:57:ae:00:76:a2:a1:1c:e1:49:c6:d2:f7:09:
                    be:95:3f:64:9f:d5:cc:24:b3:f7:88:dd:b5:1d:af:
                    20:69:4c:e3:51:e8:4b:7f:56:ee:b8:60:5b:fc:e0:
                    69:b4:c2:a6:aa:7f:03:42:ef:85:b5:8e:d3:50:d9:
                    8c:3d:db:8b:da:6a:70:36:11:cb:ba:f9:13:f4:2f:
                    bf:77:bf:78:27:77:b4:e9:6d:97:46:b6:f4:37:40:
                    89:4b:17:55:9d:06:ec:e5:b8:08:c8:f9:3c:ac:52:
                    18:c7:81:7b:6d:c7:12:57:28:33:5c:4a:a6:86:a3:
                    58:b6:d9:22:ec:f1:d6:80:07:e0:4d:56:c4:87:de:
                    c7:ba:f2:74:ef:17:24:b2:3b:ac:d2:46:55:07:2d:
                    82:5d:c3:e7:6c:1c:27:dd:03:aa:fd:fd:e4:f9:fa:
                    59:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:46:74:36:93:C1:8C:61:9F:5B:EA:F8:B2:B2:BE:9D:9E:E9:23:1B
            X509v3 Authority Key Identifier:
                keyid:1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/REZ0NpPBjGGfW-r4srK-nZ7pIxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.205.0-45.95.206.255

    Signature Algorithm: sha256WithRSAEncryption
         7d:4e:bd:e5:c9:9d:00:0b:1a:da:de:75:97:0f:d6:1e:24:25:
         ae:a6:71:fa:d1:59:0d:35:0a:19:7f:a3:ff:ac:01:3b:8c:33:
         a5:1b:7c:62:76:a9:73:2b:00:ca:f9:1d:fb:04:75:7c:32:18:
         6f:bf:32:9f:3d:fa:da:20:a2:26:46:ba:3c:c6:18:82:11:51:
         50:51:e7:97:8f:4b:4c:dd:3f:20:58:2b:d9:4f:fc:49:62:81:
         89:d0:14:71:16:ec:32:b4:45:25:5d:c8:54:9a:be:df:e5:05:
         85:62:c1:a8:ee:fb:a9:45:d8:ea:e0:fc:62:4d:87:26:7f:93:
         40:2e:f9:03:3c:58:b8:4a:4b:c2:c9:9f:f4:28:46:91:81:06:
         97:96:5c:43:ea:51:a7:d8:f4:0b:66:a2:a8:25:47:f6:15:ee:
         1d:db:c4:e2:52:9d:e2:28:e7:1c:d1:6f:21:ef:6f:5f:69:49:
         77:9e:5c:41:a0:6b:5e:42:bf:a9:73:f9:23:13:8c:53:56:d9:
         a2:26:2f:73:10:fc:e0:7e:d9:df:85:14:ae:64:70:37:a9:c1:
         3a:36:f6:df:74:7b:f1:06:02:37:a5:2e:7a:8f:fa:ec:bd:73:
         28:1f:1c:f7:cd:64:17:80:bc:8b:da:5e:dc:40:05:04:6e:f2:
         72:51:61:4e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZJHF7R4r93u31bBj/JQdpVFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjFhYTVkMWJlZmQ3YTBmZTNlNGRmZTNhYThkYTczZWZj
ZmJhMzQwHhcNMjQxMDAxMDc1OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDQ2NzQzNjkzYzE4YzYxOWY1YmVhZjhiMmIyYmU5ZDllZTkyMzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0mr+td2CRNP6YcMofb8K7AzALLk
0zPBlGCUu9tYM6bQMPNcV3RtiU86cL+mu/uVsQtg9yI0tkG41nk9WVfrYwIRabNz
A8gSb2VpiYboiCzr3EYK142cVv6QNFeuAHaioRzhScbS9wm+lT9kn9XMJLP3iN21
Ha8gaUzjUehLf1buuGBb/OBptMKmqn8DQu+FtY7TUNmMPduL2mpwNhHLuvkT9C+/
d794J3e06W2XRrb0N0CJSxdVnQbs5bgIyPk8rFIYx4F7bccSVygzXEqmhqNYttki
7PHWgAfgTVbEh97HuvJ07xcksjus0kZVBy2CXcPnbBwn3QOq/f3k+fpZAwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFERGdDaTwYxhn1vq+LKyvp2e6SMbMB8GA1UdIwQY
MBaAFB9hql0b79eg/j5N/jqo2nPvz7o0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJHcVhSdnYxNkQtUGszLU9xamFjLV9QdWpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wYWQ0MTQtM2RmMS00YjM4LTg2OWUt
YzYyMWU4ZGY5NWZmLzEvUkVaME5wUEJqR0dmVy1yNHNySy1uWjdwSXhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wYWQ0MTQtM2RmMS00YjM4LTg2OWUtYzYyMWU4ZGY5NWZm
LzEvSDJHcVhSdnYxNkQtUGszLU9xamFjLV9QdWpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtX80D
BAAtX84wDQYJKoZIhvcNAQELBQADggEBAH1OveXJnQALGtredZcP1h4kJa6mcfrR
WQ01Chl/o/+sATuMM6UbfGJ2qXMrAMr5HfsEdXwyGG+/Mp89+togoiZGujzGGIIR
UVBR55ePS0zdPyBYK9lP/EligYnQFHEW7DK0RSVdyFSavt/lBYViwaju+6lF2Org
/GJNhyZ/k0Au+QM8WLhKS8LJn/QoRpGBBpeWXEPqUafY9AtmoqglR/YV7h3bxOJS
neIo5xzRbyHvb19pSXeeXEGga15Cv6lz+SMTjFNW2aImL3MQ/OB+2d+FFK5kcDep
wTo29t90e/EGAjelLnqP+uy9cygfHPfNZBeAvIvaXtxABQRu8nJRYU4=
-----END CERTIFICATE-----