Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/neGGwHeo0i0C5uST-ngtmZnDdtg.roa
File:                     neGGwHeo0i0C5uST-ngtmZnDdtg.roa (raw, json)
Hash identifier:          0Ko//uGrPQcwGK+qTU2xAsrpw/3r8SuqsQv3rAlInt4=
Subject key identifier:   9D:E1:86:C0:77:A8:D2:2D:02:E6:E4:93:FA:78:2D:99:99:C3:76:D8
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019422FBC22B6193CAE30EDED799A79047AC
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/neGGwHeo0i0C5uST-ngtmZnDdtg.roa
Signing time:             Wed 01 Jan 2025 17:48:32 +0000
ROA not before:           Wed 01 Jan 2025 17:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        45.13.189.0/24 maxlen: 24
                          195.211.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:c2:2b:61:93:ca:e3:0e:de:d7:99:a7:90:47:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  1 17:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9de186c077a8d22d02e6e493fa782d9999c376d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:6a:08:28:58:e3:43:15:34:c5:61:c5:85:e7:
                    a4:f6:dc:58:8e:a3:65:74:10:a2:de:68:93:0a:2c:
                    3d:e4:f2:da:53:61:7a:35:0e:6a:8b:95:b5:9e:f9:
                    7d:12:99:4b:c2:05:32:20:b8:6b:0a:d3:ea:46:f3:
                    81:e7:90:bf:bd:b9:61:d8:8c:72:95:d0:78:bc:73:
                    d9:6d:5e:f2:cb:28:cb:96:15:eb:1d:28:8b:4e:33:
                    ae:d6:79:73:42:aa:39:db:29:e0:99:6e:2e:09:2a:
                    8f:5b:ec:87:36:52:a6:a0:65:13:61:07:32:fb:c3:
                    08:f9:c9:b0:92:f5:66:d6:81:fe:f9:8a:ca:0c:ec:
                    22:02:ed:98:e4:64:94:0e:7c:83:36:fa:ff:fb:40:
                    eb:68:5a:03:b7:5e:00:96:30:8a:17:a0:08:fe:4a:
                    0b:8f:44:c8:b6:48:22:43:ce:6b:1d:a3:87:b5:c9:
                    1b:11:49:06:fb:94:9d:1b:e1:6c:78:71:85:cb:a4:
                    e3:8f:a1:ed:12:3a:de:1e:58:ad:3f:e7:a3:d3:d2:
                    5a:c6:2a:cc:84:f6:b6:ce:3d:c2:e6:97:2c:fd:4a:
                    5d:6e:17:11:09:5e:87:0f:62:25:b3:c2:90:22:50:
                    17:01:13:76:1f:c2:63:e4:43:81:66:27:63:f7:5a:
                    0a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:E1:86:C0:77:A8:D2:2D:02:E6:E4:93:FA:78:2D:99:99:C3:76:D8
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/neGGwHeo0i0C5uST-ngtmZnDdtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.189.0/24
                  195.211.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:cd:d4:43:1e:e0:1c:21:89:7b:94:69:8b:a7:03:42:12:53:
         a0:fe:35:82:3c:dc:56:98:cc:f6:9f:03:84:1a:0c:5c:30:b9:
         8b:3e:ed:67:d4:47:d8:00:d3:e3:1d:69:c0:d3:ac:cb:f8:18:
         3b:51:32:f1:7d:34:5b:69:ec:fa:b1:f3:7b:40:e6:d9:df:fb:
         68:13:40:75:c6:9b:01:33:bc:6c:89:0c:76:8d:97:7d:ff:88:
         4f:3f:b2:dd:ff:a8:1b:f9:f1:6f:f1:3c:bc:ee:1c:45:41:44:
         95:14:d1:0e:6a:be:2e:6b:4a:3f:39:7d:21:ca:da:6f:5f:e4:
         01:70:ef:ec:47:a5:3c:d6:3d:22:38:b1:c2:94:d7:90:e5:bc:
         57:5b:43:da:da:14:01:89:f2:9a:b1:69:ec:37:be:e4:38:3a:
         99:a6:56:f0:3d:07:8b:11:20:72:a0:15:27:79:54:88:44:a1:
         9e:e5:41:9b:2f:73:72:36:c7:db:40:53:7f:9d:83:70:88:74:
         52:e8:c4:2c:60:b0:1a:bc:32:f3:3b:60:f1:3d:08:4f:f9:e4:
         f2:f0:dc:b0:88:1c:e5:19:ef:12:a2:0c:83:e2:f9:f2:de:44:
         72:a0:1a:93:21:50:f9:3c:34:5b:7d:7c:37:1c:da:8e:f2:db:
         1c:72:70:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+8IrYZPK4w7e15mnkEesMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwMTAxMTc0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGUxODZjMDc3YThkMjJkMDJlNmU0OTNmYTc4MmQ5OTk5YzM3NmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWoIKFjjQxU0xWHFheek9txYjqNl
dBCi3miTCiw95PLaU2F6NQ5qi5W1nvl9EplLwgUyILhrCtPqRvOB55C/vblh2Ixy
ldB4vHPZbV7yyyjLlhXrHSiLTjOu1nlzQqo52yngmW4uCSqPW+yHNlKmoGUTYQcy
+8MI+cmwkvVm1oH++YrKDOwiAu2Y5GSUDnyDNvr/+0DraFoDt14AljCKF6AI/koL
j0TItkgiQ85rHaOHtckbEUkG+5SdG+FseHGFy6Tjj6HtEjreHlitP+ej09JaxirM
hPa2zj3C5pcs/UpdbhcRCV6HD2Ils8KQIlAXARN2H8Jj5EOBZidj91oKcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ3hhsB3qNItAubkk/p4LZmZw3bYMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvbmVHR3dIZW8waTBDNXVTVC1uZ3RtWm5EZHRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQ29AwQA
w9O9MA0GCSqGSIb3DQEBCwUAA4IBAQA9zdRDHuAcIYl7lGmLpwNCElOg/jWCPNxW
mMz2nwOEGgxcMLmLPu1n1EfYANPjHWnA06zL+Bg7UTLxfTRbaez6sfN7QObZ3/to
E0B1xpsBM7xsiQx2jZd9/4hPP7Ld/6gb+fFv8Ty87hxFQUSVFNEOar4ua0o/OX0h
ytpvX+QBcO/sR6U81j0iOLHClNeQ5bxXW0Pa2hQBifKasWnsN77kODqZplbwPQeL
ESByoBUneVSIRKGe5UGbL3NyNsfbQFN/nYNwiHRS6MQsYLAavDLzO2DxPQhP+eTy
8NywiBzlGe8SogyD4vny3kRyoBqTIVD5PDRbfXw3HNqO8tsccnDe
-----END CERTIFICATE-----