Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/3hMaHzXe4LiFftoitJO_mkffdQQ.roa
File:                     3hMaHzXe4LiFftoitJO_mkffdQQ.roa (raw, json)
Hash identifier:          ReD4cMIohZpT0r3tcFOjop5SjVzc1b18CqRcWBiQXec=
Subject key identifier:   DE:13:1A:1F:35:DE:E0:B8:85:7E:DA:22:B4:93:BF:9A:47:DF:75:04
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019422FBCA3A4658B84C438C6E7AF77F8369
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/3hMaHzXe4LiFftoitJO_mkffdQQ.roa
Signing time:             Wed 01 Jan 2025 17:48:34 +0000
ROA not before:           Wed 01 Jan 2025 17:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400810
IP address blocks:        45.94.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:ca:3a:46:58:b8:4c:43:8c:6e:7a:f7:7f:83:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  1 17:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de131a1f35dee0b8857eda22b493bf9a47df7504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:74:7e:61:50:34:2c:46:6e:ee:cf:f5:26:fa:
                    18:b3:cf:a8:c4:dd:10:33:fa:4a:98:65:83:de:a1:
                    56:f0:71:77:9b:67:b6:07:81:de:8b:3f:a3:73:15:
                    7d:e9:bb:e0:93:64:8d:10:fc:b0:1e:6f:4a:65:b0:
                    54:25:63:ad:19:fe:3c:65:09:15:be:ce:d2:48:c0:
                    a1:be:b6:fb:0a:a0:61:29:64:8e:23:ae:0a:6d:57:
                    c9:53:f6:3c:ac:b7:c1:38:28:93:75:d8:2a:20:42:
                    55:f3:c2:a8:73:f2:b4:b1:7d:20:81:28:59:65:62:
                    a7:8e:02:3c:6d:ba:20:f8:88:b3:75:8b:b1:ab:62:
                    af:2c:d5:b2:5c:c2:c0:fa:ba:05:0e:22:56:95:74:
                    26:e1:3a:1c:ee:b0:3f:0d:fb:17:8a:95:7d:6f:41:
                    33:0f:da:38:d4:ec:e5:8c:be:b6:88:36:49:cd:9c:
                    b4:d2:7d:e6:5a:d7:c0:a9:e8:e3:4a:43:69:40:1d:
                    a3:cb:6a:7e:f0:e2:3c:56:ca:78:29:f1:6d:9e:b1:
                    9e:20:b1:ee:d4:c5:4d:37:9b:7e:98:ab:c4:78:17:
                    92:ab:8c:a8:ec:54:3a:87:d0:55:1c:2c:41:1f:fd:
                    81:7e:3e:19:81:e7:a1:38:90:cc:51:83:a6:56:f0:
                    fd:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:13:1A:1F:35:DE:E0:B8:85:7E:DA:22:B4:93:BF:9A:47:DF:75:04
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/3hMaHzXe4LiFftoitJO_mkffdQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:cf:cd:b4:9d:16:58:e9:96:12:30:2b:cd:7b:33:0f:ba:58:
         7d:15:1f:73:a8:d8:58:2f:b9:5c:fe:b1:7f:a2:52:04:e9:94:
         8a:31:a9:b2:c4:64:c5:bf:69:96:92:93:ba:76:1c:41:f1:ff:
         fc:61:a0:51:8c:c6:63:f4:c6:0d:b9:00:15:f9:6a:4c:14:cf:
         d3:89:5a:dd:be:0d:d5:7e:55:ae:d3:5b:83:86:31:3a:67:98:
         fc:66:51:9d:67:3b:e8:5a:26:b3:fe:8f:b4:ad:6f:72:26:1b:
         bf:2d:47:10:9a:9b:c9:5c:d6:12:c1:9f:a8:38:9a:1f:8c:4a:
         1c:fd:b3:06:30:85:07:d2:d9:69:a8:59:0c:56:2b:be:d2:09:
         6d:b2:7a:ac:25:ae:ba:ca:80:c6:7a:9d:3a:1e:6c:64:c3:11:
         3b:9a:41:7c:1e:e9:95:91:49:cc:22:aa:9a:53:18:4e:02:59:
         d0:5e:dc:7c:24:cf:ff:08:f8:6d:44:b1:7d:2e:da:0b:dd:3b:
         b0:71:ad:2b:94:d0:1e:0a:ee:37:e5:09:53:65:fe:f0:24:c5:
         98:e7:e1:79:82:78:fd:ec:14:4c:b6:0d:2f:a2:cb:b6:ac:e7:
         12:71:a2:82:44:27:9f:e7:08:2d:68:16:7d:7f:14:94:71:3f:
         9e:8d:b4:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+8o6Rli4TEOMbnr3f4NpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwMTAxMTc0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTEzMWExZjM1ZGVlMGI4ODU3ZWRhMjJiNDkzYmY5YTQ3ZGY3NTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA03R+YVA0LEZu7s/1JvoYs8+oxN0Q
M/pKmGWD3qFW8HF3m2e2B4Heiz+jcxV96bvgk2SNEPywHm9KZbBUJWOtGf48ZQkV
vs7SSMChvrb7CqBhKWSOI64KbVfJU/Y8rLfBOCiTddgqIEJV88Koc/K0sX0ggShZ
ZWKnjgI8bbog+IizdYuxq2KvLNWyXMLA+roFDiJWlXQm4Toc7rA/DfsXipV9b0Ez
D9o41OzljL62iDZJzZy00n3mWtfAqejjSkNpQB2jy2p+8OI8Vsp4KfFtnrGeILHu
1MVNN5t+mKvEeBeSq4yo7FQ6h9BVHCxBH/2Bfj4ZgeehOJDMUYOmVvD9qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN4TGh813uC4hX7aIrSTv5pH33UEMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvM2hNYUh6WGU0TGlGZnRvaXRKT19ta2ZmZFFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV6oMA0G
CSqGSIb3DQEBCwUAA4IBAQC6z820nRZY6ZYSMCvNezMPulh9FR9zqNhYL7lc/rF/
olIE6ZSKMamyxGTFv2mWkpO6dhxB8f/8YaBRjMZj9MYNuQAV+WpMFM/TiVrdvg3V
flWu01uDhjE6Z5j8ZlGdZzvoWiaz/o+0rW9yJhu/LUcQmpvJXNYSwZ+oOJofjEoc
/bMGMIUH0tlpqFkMViu+0gltsnqsJa66yoDGep06HmxkwxE7mkF8HumVkUnMIqqa
UxhOAlnQXtx8JM//CPhtRLF9LtoL3Tuwca0rlNAeCu435QlTZf7wJMWY5+F5gnj9
7BRMtg0vosu2rOcScaKCRCef5wgtaBZ9fxSUcT+ejbT/
-----END CERTIFICATE-----