Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/RV95HMnGrJSH6R13BYTApcw5VQE.roa
File:                     RV95HMnGrJSH6R13BYTApcw5VQE.roa (raw, json)
Hash identifier:          OCGu39xDZSl3EactuFgzu+oeqkGxYuePRbccAhiaclk=
Subject key identifier:   45:5F:79:1C:C9:C6:AC:94:87:E9:1D:77:05:84:C0:A5:CC:39:55:01
Certificate issuer:       /CN=42ce759320195b9cc18ccfcb1b532aea949258f1
Certificate serial:       019427B613CD6B2C1EB1C42BE24DC0FA9DA8
Authority key identifier: 42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/RV95HMnGrJSH6R13BYTApcw5VQE.roa
Signing time:             Thu 02 Jan 2025 15:50:31 +0000
ROA not before:           Thu 02 Jan 2025 15:50:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209018
IP address blocks:        2a0e:800:ff10::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:13:cd:6b:2c:1e:b1:c4:2b:e2:4d:c0:fa:9d:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42ce759320195b9cc18ccfcb1b532aea949258f1
        Validity
            Not Before: Jan  2 15:50:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=455f791cc9c6ac9487e91d770584c0a5cc395501
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c0:25:04:32:76:1a:62:19:90:76:b3:3e:a0:
                    65:ad:99:e4:73:cf:39:80:67:df:a2:96:c4:70:f6:
                    01:db:f9:4a:fc:48:4f:3f:61:0d:9e:47:6f:60:6a:
                    bc:82:f5:55:ea:fe:68:70:75:28:2b:b1:dd:7f:73:
                    54:c9:8d:1d:a2:25:c1:40:f5:a4:91:c2:b5:3b:fb:
                    52:b1:5c:ec:07:fb:e1:ed:ac:df:1a:0b:57:f6:78:
                    77:1b:1a:c6:bd:cd:5d:9d:08:2f:54:05:9a:5f:4e:
                    de:9a:d9:b3:25:0b:87:47:b0:61:7e:55:ac:6d:a0:
                    cb:26:2c:64:26:d2:54:14:b6:50:be:1c:46:74:21:
                    2c:06:b8:41:42:be:b4:23:8d:91:4f:20:e8:79:c9:
                    9e:b5:48:fe:0f:a5:26:ea:fe:dd:d8:e4:e3:4f:d0:
                    2e:11:65:27:30:7a:ce:d9:70:b7:aa:97:a4:45:cb:
                    a2:59:fd:78:75:27:03:eb:b4:a3:1d:f3:11:e7:08:
                    64:38:ab:f5:13:e4:6e:53:dd:db:f1:c0:13:c5:0f:
                    eb:78:bb:7b:21:19:0b:d0:96:63:bc:0b:64:ba:28:
                    eb:e3:2f:98:b5:9d:47:92:f1:a4:f1:a4:ff:b4:07:
                    b4:bc:89:d6:5d:45:34:98:3b:22:e8:fa:fc:74:4b:
                    fb:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:5F:79:1C:C9:C6:AC:94:87:E9:1D:77:05:84:C0:A5:CC:39:55:01
            X509v3 Authority Key Identifier:
                keyid:42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/RV95HMnGrJSH6R13BYTApcw5VQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:800:ff10::/44

    Signature Algorithm: sha256WithRSAEncryption
         59:ea:31:11:d3:7d:27:f9:f3:aa:16:f3:a5:10:54:c3:98:a6:
         52:55:26:11:e0:4c:8f:ee:05:3f:d9:d6:20:7f:d7:9e:cd:03:
         c3:9d:f0:0c:b8:12:e4:87:88:17:cb:e4:36:51:21:7a:4e:8d:
         8a:fb:9f:82:45:3a:ed:25:43:71:df:9e:94:ea:2e:9a:af:75:
         35:64:ec:65:b9:bd:7d:4c:fa:55:d4:b4:e0:5d:5c:27:5c:89:
         3f:72:62:a5:7e:17:8c:84:87:6b:8e:c0:79:04:2b:59:60:7f:
         73:cd:83:4d:50:bf:48:c5:ca:56:b1:28:59:41:b5:4f:72:a5:
         ef:30:ce:e0:a0:1d:71:b0:1c:e9:e0:d3:ae:c8:a9:0a:58:0c:
         10:2e:27:22:d6:8c:e5:2d:de:d1:ef:7c:56:8f:0b:d1:27:52:
         cd:e8:61:84:64:fb:e2:3e:43:33:e1:89:23:60:02:a9:40:75:
         e7:1e:f0:43:d6:da:4e:6d:a4:b7:07:cf:7f:c2:1c:1f:0e:68:
         ea:09:f3:f0:15:cc:cb:b1:52:42:ea:22:19:ee:32:95:6a:a8:
         cf:13:3f:3a:f7:3e:0c:b7:21:47:bb:99:ae:cd:62:69:39:7d:
         dd:95:40:5c:33:37:5d:1c:73:f4:a2:36:11:29:9f:ad:b0:3c:
         72:63:21:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnthPNaywescQr4k3A+p2oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyY2U3NTkzMjAxOTViOWNjMThjY2ZjYjFiNTMyYWVhOTQ5
MjU4ZjEwHhcNMjUwMTAyMTU1MDMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTVmNzkxY2M5YzZhYzk0ODdlOTFkNzcwNTg0YzBhNWNjMzk1NTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMAlBDJ2GmIZkHazPqBlrZnkc885
gGffopbEcPYB2/lK/EhPP2ENnkdvYGq8gvVV6v5ocHUoK7Hdf3NUyY0doiXBQPWk
kcK1O/tSsVzsB/vh7azfGgtX9nh3GxrGvc1dnQgvVAWaX07emtmzJQuHR7BhflWs
baDLJixkJtJUFLZQvhxGdCEsBrhBQr60I42RTyDoecmetUj+D6Um6v7d2OTjT9Au
EWUnMHrO2XC3qpekRcuiWf14dScD67SjHfMR5whkOKv1E+RuU93b8cATxQ/reLt7
IRkL0JZjvAtkuijr4y+YtZ1HkvGk8aT/tAe0vInWXUU0mDsi6Pr8dEv7UwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEVfeRzJxqyUh+kddwWEwKXMOVUBMB8GA1UdIwQY
MBaAFELOdZMgGVucwYzPyxtTKuqUkljxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUt
Njk3OTQ4ZWE3MWY1LzEvUlY5NUhNbkdySlNINlIxM0JZVEFwY3c1VlFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUtNjk3OTQ4ZWE3MWY1
LzEvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg4IAP8Q
MA0GCSqGSIb3DQEBCwUAA4IBAQBZ6jER030n+fOqFvOlEFTDmKZSVSYR4EyP7gU/
2dYgf9eezQPDnfAMuBLkh4gXy+Q2USF6To2K+5+CRTrtJUNx356U6i6ar3U1ZOxl
ub19TPpV1LTgXVwnXIk/cmKlfheMhIdrjsB5BCtZYH9zzYNNUL9IxcpWsShZQbVP
cqXvMM7goB1xsBzp4NOuyKkKWAwQLici1ozlLd7R73xWjwvRJ1LN6GGEZPviPkMz
4YkjYAKpQHXnHvBD1tpObaS3B89/whwfDmjqCfPwFczLsVJC6iIZ7jKVaqjPEz86
9z4MtyFHu5muzWJpOX3dlUBcMzddHHP0ojYRKZ+tsDxyYyE8
-----END CERTIFICATE-----