Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/9Eq955-NETqLd0ESzaaEHSY9EAE.roa
File:                     9Eq955-NETqLd0ESzaaEHSY9EAE.roa (raw, json)
Hash identifier:          UbL+xeWrQF6ihNLH0GAN5oALAZPJPoBhxV9UxRSbNX0=
Subject key identifier:   F4:4A:BD:E7:9F:8D:11:3A:8B:77:41:12:CD:A6:84:1D:26:3D:10:01
Certificate issuer:       /CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
Certificate serial:       018CC9BBB640B0589BB8083B52D95A15497E
Authority key identifier: 72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/9Eq955-NETqLd0ESzaaEHSY9EAE.roa
Signing time:             Tue 02 Jan 2024 10:32:51 +0000
ROA not before:           Tue 02 Jan 2024 10:32:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202834
IP address blocks:        45.94.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:b6:40:b0:58:9b:b8:08:3b:52:d9:5a:15:49:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
        Validity
            Not Before: Jan  2 10:32:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f44abde79f8d113a8b774112cda6841d263d1001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:72:c0:6e:3b:6a:39:4c:de:79:55:45:44:e3:
                    d8:d5:f6:16:5f:ad:05:9b:59:46:ab:d5:0e:11:a3:
                    aa:bf:34:99:66:ec:0c:00:84:36:d0:74:81:c4:1b:
                    cc:9e:d8:cd:07:7d:b4:7b:36:f3:87:6f:59:41:40:
                    77:10:33:cd:94:18:85:be:8c:b0:41:8e:28:62:9d:
                    8c:6c:9e:58:ad:6e:d9:16:68:74:f6:a6:11:14:00:
                    f8:f6:c6:b9:93:bc:4e:dc:6a:cc:8f:fb:01:84:81:
                    6c:75:dc:50:2b:a1:53:9a:71:66:95:d9:2b:f2:aa:
                    06:ae:a0:e5:12:ee:2f:4a:d6:f4:a3:cc:38:2b:1e:
                    71:af:eb:0e:39:88:ff:e0:7e:a6:71:90:de:02:50:
                    2a:7a:66:c0:65:2a:dc:c7:07:66:54:ee:43:55:cc:
                    91:30:c5:ef:78:8b:4c:83:24:bc:2d:83:bd:f2:e7:
                    c7:7c:c9:9b:08:e2:24:6f:d7:80:03:bd:33:8f:85:
                    18:23:62:05:76:cf:38:53:b2:4c:bf:1a:c2:87:68:
                    a7:62:ee:dd:7c:20:80:c3:98:b5:e1:58:59:93:96:
                    ac:d3:ed:8c:f2:7f:9f:4a:d1:9e:c9:98:6a:f9:c7:
                    fe:b6:03:c0:d8:35:fb:f1:4b:c3:1f:f1:7c:17:81:
                    81:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:4A:BD:E7:9F:8D:11:3A:8B:77:41:12:CD:A6:84:1D:26:3D:10:01
            X509v3 Authority Key Identifier:
                keyid:72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/9Eq955-NETqLd0ESzaaEHSY9EAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:27:84:11:df:d6:72:de:b0:a4:21:7c:41:7e:8f:ab:64:b8:
         0c:20:60:4d:c1:99:2f:4a:69:1c:74:2d:d7:c2:10:f4:40:af:
         78:ec:f6:3c:e9:33:22:25:88:fa:13:35:ab:c7:d2:55:e5:a4:
         4c:9e:72:e2:81:77:bf:cc:1d:e6:84:d6:2c:2f:fe:c0:05:cd:
         41:1b:9b:e0:a8:9a:c5:18:35:88:2c:2c:18:a1:45:29:32:1e:
         54:d4:61:1f:f6:cc:21:5e:1e:6b:8e:38:3a:ef:b0:70:f5:ba:
         22:4d:8b:ac:2f:27:b9:72:79:48:52:72:5a:3b:ad:e8:a8:8f:
         19:3e:9e:06:b8:b1:06:da:94:d7:ae:79:ad:3b:17:0e:5d:1e:
         83:20:fd:73:81:d0:de:c5:5a:39:98:c0:03:b7:d8:3d:18:04:
         9d:16:30:38:d2:c0:b2:47:ac:e2:2a:02:11:3c:08:7b:5e:47:
         32:fe:fc:16:3d:9b:5e:4c:e4:af:78:dd:4e:53:06:fc:f2:e1:
         53:bf:13:34:21:9f:f3:30:e3:8d:84:67:d2:05:59:4e:84:ca:
         24:61:9e:08:b2:a6:34:7a:3f:ce:0f:63:8f:c0:63:29:94:04:
         8e:37:17:d1:f2:1d:c1:ad:3f:50:e6:d1:37:56:63:2a:eb:29:
         17:13:08:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu7ZAsFibuAg7UtlaFUl+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZWQyZmJiNzIxM2ZiZjMyYWQ0YzA4N2Y4YjBiMjJjZWNl
ZjRmZWEwHhcNMjQwMTAyMTAzMjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDRhYmRlNzlmOGQxMTNhOGI3NzQxMTJjZGE2ODQxZDI2M2QxMDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXLAbjtqOUzeeVVFROPY1fYWX60F
m1lGq9UOEaOqvzSZZuwMAIQ20HSBxBvMntjNB320ezbzh29ZQUB3EDPNlBiFvoyw
QY4oYp2MbJ5YrW7ZFmh09qYRFAD49sa5k7xO3GrMj/sBhIFsddxQK6FTmnFmldkr
8qoGrqDlEu4vStb0o8w4Kx5xr+sOOYj/4H6mcZDeAlAqembAZSrcxwdmVO5DVcyR
MMXveItMgyS8LYO98ufHfMmbCOIkb9eAA70zj4UYI2IFds84U7JMvxrCh2inYu7d
fCCAw5i14VhZk5as0+2M8n+fStGeyZhq+cf+tgPA2DX78UvDH/F8F4GB1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPRKveefjRE6i3dBEs2mhB0mPRABMB8GA1UdIwQY
MBaAFHLtL7tyE/vzKtTAh/iwsizs70/qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3UwdnUzSVQtX01xMU1DSC1MQ3lMT3p2VC1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9lNWE4OTItMjNmNS00OWZhLWI2YTkt
YTY1MjMzYjNlOTc1LzEvOUVxOTU1LU5FVHFMZDBFU3phYUVIU1k5RUFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9lNWE4OTItMjNmNS00OWZhLWI2YTktYTY1MjMzYjNlOTc1
LzEvY3UwdnUzSVQtX01xMU1DSC1MQ3lMT3p2VC1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV4QMA0G
CSqGSIb3DQEBCwUAA4IBAQBsJ4QR39Zy3rCkIXxBfo+rZLgMIGBNwZkvSmkcdC3X
whD0QK947PY86TMiJYj6EzWrx9JV5aRMnnLigXe/zB3mhNYsL/7ABc1BG5vgqJrF
GDWILCwYoUUpMh5U1GEf9swhXh5rjjg677Bw9boiTYusLye5cnlIUnJaO63oqI8Z
Pp4GuLEG2pTXrnmtOxcOXR6DIP1zgdDexVo5mMADt9g9GASdFjA40sCyR6ziKgIR
PAh7Xkcy/vwWPZteTOSveN1OUwb88uFTvxM0IZ/zMOONhGfSBVlOhMokYZ4IsqY0
ej/OD2OPwGMplASONxfR8h3BrT9Q5tE3VmMq6ykXEwjI
-----END CERTIFICATE-----