Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/9S6VN8W0AB42Tjfsy_52eVj_HF8.roa
File:                     9S6VN8W0AB42Tjfsy_52eVj_HF8.roa (raw, json)
Hash identifier:          U/0clwp2HZIEVyJ8jDxjulKSBf1aha8MkLQgHpOloog=
Subject key identifier:   F5:2E:95:37:C5:B4:00:1E:36:4E:37:EC:CB:FE:76:79:58:FF:1C:5F
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       0194258F5FF66F076D3EFA1BB775D60B1CA5
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/9S6VN8W0AB42Tjfsy_52eVj_HF8.roa
Signing time:             Thu 02 Jan 2025 05:49:00 +0000
ROA not before:           Thu 02 Jan 2025 05:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44103
IP address blocks:        45.94.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:5f:f6:6f:07:6d:3e:fa:1b:b7:75:d6:0b:1c:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: Jan  2 05:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f52e9537c5b4001e364e37eccbfe767958ff1c5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:bc:c8:e0:58:24:1e:63:03:b3:06:0a:09:4a:
                    38:0a:6e:e4:f8:2a:31:c5:01:1d:48:6f:46:63:4b:
                    1a:a7:49:3c:12:a9:50:37:82:7c:5c:5c:ef:39:85:
                    18:fa:6e:f9:bc:d5:64:dc:22:13:2c:a1:b2:1c:ad:
                    7e:7d:8d:a5:a2:c3:f7:13:84:7b:96:c8:dc:5a:59:
                    3e:72:3a:cb:0c:e7:4e:bf:1d:7b:5a:de:f9:e3:ed:
                    30:cf:26:5f:82:7f:61:04:2f:ba:9b:7a:77:be:1a:
                    38:5d:12:84:76:ee:77:be:be:6f:2e:0c:0b:31:1e:
                    7b:b0:1f:c1:0f:2c:18:77:3e:9c:b1:a8:b6:08:44:
                    e6:02:c2:95:e9:f9:f4:27:48:13:12:63:85:50:b7:
                    74:3f:76:ad:2c:31:36:24:cb:ac:bc:0f:b8:56:ff:
                    f8:20:c4:ac:14:6d:e6:57:6a:88:68:96:db:cd:c5:
                    c8:46:e1:b2:74:27:f6:40:d2:fb:40:de:c6:7a:2b:
                    4d:12:c3:c5:b7:f4:e4:10:21:fe:4e:8a:41:a3:b3:
                    0a:07:11:5a:7e:31:81:f0:39:69:13:d4:75:14:e9:
                    f1:81:96:64:a1:0b:00:38:30:5d:48:7e:29:db:f1:
                    12:c7:15:db:91:cf:78:bf:e4:57:9f:60:66:f0:64:
                    7f:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:2E:95:37:C5:B4:00:1E:36:4E:37:EC:CB:FE:76:79:58:FF:1C:5F
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/9S6VN8W0AB42Tjfsy_52eVj_HF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:2e:38:e9:8b:37:0d:fa:f5:31:e7:75:a5:a4:bc:9d:35:e4:
         85:a9:00:1c:7b:19:f2:24:b1:12:e4:3b:a9:43:35:92:9b:67:
         3e:4f:41:87:e5:ea:bb:dd:bb:f6:db:4a:5c:05:94:1c:a8:29:
         6b:1a:5f:e4:ee:d8:bc:3c:d0:64:20:82:40:1f:d2:29:98:85:
         b0:dd:e5:f2:7a:63:5b:40:6c:75:93:80:1f:43:ee:57:44:53:
         b9:c9:b5:d1:71:60:d4:c7:90:9f:76:82:c9:f3:39:c0:a8:f2:
         9f:63:c1:cd:93:2c:a2:dd:72:3a:42:7a:b7:f3:0c:0e:be:7c:
         60:9b:e0:9d:5d:4c:0e:b7:30:b3:17:cc:a5:38:df:c7:11:77:
         14:ae:ad:70:81:84:c5:91:22:63:66:7c:5b:5a:98:40:2b:ab:
         4c:d8:32:58:ee:38:36:e8:1e:5c:d0:24:e0:49:ff:f8:0e:73:
         0f:32:6d:93:94:f2:de:fa:ab:06:c6:74:77:e9:21:39:9b:30:
         f7:7f:19:9b:5a:e6:a8:96:f8:51:0d:a7:d1:2e:be:25:b9:a5:
         1a:dd:95:a8:98:a3:08:d3:b2:de:88:d0:a1:68:4c:57:a7:e3:
         37:db:59:08:85:cc:2b:b5:7e:22:cf:df:f0:e2:ad:ff:30:80:
         96:91:7d:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj1/2bwdtPvobt3XWCxylMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTVkN2ZlZTRhNDk5ZWNhZjExZDJkM2RhOGUzODlkZTMy
MzQxMmYwHhcNMjUwMTAyMDU0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTJlOTUzN2M1YjQwMDFlMzY0ZTM3ZWNjYmZlNzY3OTU4ZmYxYzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrzI4FgkHmMDswYKCUo4Cm7k+Cox
xQEdSG9GY0sap0k8EqlQN4J8XFzvOYUY+m75vNVk3CITLKGyHK1+fY2losP3E4R7
lsjcWlk+cjrLDOdOvx17Wt754+0wzyZfgn9hBC+6m3p3vho4XRKEdu53vr5vLgwL
MR57sB/BDywYdz6csai2CETmAsKV6fn0J0gTEmOFULd0P3atLDE2JMusvA+4Vv/4
IMSsFG3mV2qIaJbbzcXIRuGydCf2QNL7QN7GeitNEsPFt/TkECH+TopBo7MKBxFa
fjGB8DlpE9R1FOnxgZZkoQsAODBdSH4p2/ESxxXbkc94v+RXn2Bm8GR//QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPUulTfFtAAeNk437Mv+dnlY/xxfMB8GA1UdIwQY
MBaAFCRV1/7kpJnsrxHS09qOOJ3jI0EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEt
MWUwNDY1NTEzYjYzLzEvOVM2Vk44VzBBQjQyVGpmc3lfNTJlVmpfSEY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEtMWUwNDY1NTEzYjYz
LzEvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV41MA0G
CSqGSIb3DQEBCwUAA4IBAQB3LjjpizcN+vUx53WlpLydNeSFqQAcexnyJLES5Dup
QzWSm2c+T0GH5eq73bv220pcBZQcqClrGl/k7ti8PNBkIIJAH9IpmIWw3eXyemNb
QGx1k4AfQ+5XRFO5ybXRcWDUx5CfdoLJ8znAqPKfY8HNkyyi3XI6Qnq38wwOvnxg
m+CdXUwOtzCzF8ylON/HEXcUrq1wgYTFkSJjZnxbWphAK6tM2DJY7jg26B5c0CTg
Sf/4DnMPMm2TlPLe+qsGxnR36SE5mzD3fxmbWuaolvhRDafRLr4luaUa3ZWomKMI
07LeiNChaExXp+M321kIhcwrtX4iz9/w4q3/MICWkX1M
-----END CERTIFICATE-----