Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/f816d6-016a-4135-99e3-8c42bb2231ab/1/hcuixNDtZTOahJr2Izkq1PkvB30.roa
File:                     hcuixNDtZTOahJr2Izkq1PkvB30.roa (raw, json)
Hash identifier:          0Y98rWR7z+ovo4LddJHUN4JqVyjOhGekgLOw4fEG1XU=
Subject key identifier:   85:CB:A2:C4:D0:ED:65:33:9A:84:9A:F6:23:39:2A:D4:F9:2F:07:7D
Certificate issuer:       /CN=72df697430cbb57c49a0a1993024d6d329f7e565
Certificate serial:       01945F75ED2FC0ED6C1A98675305C49AA311
Authority key identifier: 72:DF:69:74:30:CB:B5:7C:49:A0:A1:99:30:24:D6:D3:29:F7:E5:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ct9pdDDLtXxJoKGZMCTW0yn35WU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/f816d6-016a-4135-99e3-8c42bb2231ab/1/hcuixNDtZTOahJr2Izkq1PkvB30.roa
Signing time:             Mon 13 Jan 2025 11:39:11 +0000
ROA not before:           Mon 13 Jan 2025 11:39:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211222
IP address blocks:        45.95.10.0/24 maxlen: 24
                          2a0a:ccc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/f816d6-016a-4135-99e3-8c42bb2231ab/1/ct9pdDDLtXxJoKGZMCTW0yn35WU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/f816d6-016a-4135-99e3-8c42bb2231ab/1/ct9pdDDLtXxJoKGZMCTW0yn35WU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ct9pdDDLtXxJoKGZMCTW0yn35WU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:5f:75:ed:2f:c0:ed:6c:1a:98:67:53:05:c4:9a:a3:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72df697430cbb57c49a0a1993024d6d329f7e565
        Validity
            Not Before: Jan 13 11:39:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85cba2c4d0ed65339a849af623392ad4f92f077d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:11:d3:8a:04:e4:fd:7a:f4:24:c1:b4:fa:e8:
                    26:8a:cb:db:90:72:3d:77:b8:48:5f:1e:99:60:d4:
                    b4:20:5d:f8:7b:9a:64:a7:d8:f2:ca:24:69:1a:0f:
                    8c:cb:01:43:c1:6b:37:4e:a9:56:4c:e6:2b:43:30:
                    78:28:f2:e1:95:4b:dd:9a:95:99:54:fc:9f:72:87:
                    f4:3a:df:bb:8a:1c:d9:98:f7:8a:a5:45:7e:9f:b9:
                    93:66:00:2b:7c:02:18:f6:1c:a9:cd:fe:c4:d4:fa:
                    d5:d3:b3:f6:30:e7:f1:6a:2c:68:b3:f2:62:a0:a0:
                    6f:7a:17:be:a9:6b:bc:14:2f:8b:b7:25:5a:0d:43:
                    03:a4:b5:1f:e6:28:0f:ff:eb:23:36:68:a8:75:82:
                    0c:5b:eb:4e:79:bd:79:77:6c:61:3e:7f:97:5d:be:
                    c2:23:a0:fc:ee:4b:bf:b3:0e:92:2f:29:e4:6c:3b:
                    dd:c5:0c:51:00:a6:64:9a:f1:a2:09:ee:fb:3a:c4:
                    32:e4:04:1e:59:2f:fa:18:0f:b7:74:2d:26:00:54:
                    51:0e:ac:f0:5d:4a:64:54:e3:f4:da:e5:a5:5f:cb:
                    c6:35:88:3f:c5:5f:ac:28:13:f8:da:7d:60:f5:12:
                    68:e7:98:65:a1:34:60:89:da:e1:be:d2:95:39:2d:
                    7b:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:CB:A2:C4:D0:ED:65:33:9A:84:9A:F6:23:39:2A:D4:F9:2F:07:7D
            X509v3 Authority Key Identifier:
                keyid:72:DF:69:74:30:CB:B5:7C:49:A0:A1:99:30:24:D6:D3:29:F7:E5:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ct9pdDDLtXxJoKGZMCTW0yn35WU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/f816d6-016a-4135-99e3-8c42bb2231ab/1/hcuixNDtZTOahJr2Izkq1PkvB30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/f816d6-016a-4135-99e3-8c42bb2231ab/1/ct9pdDDLtXxJoKGZMCTW0yn35WU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.10.0/24
                IPv6:
                  2a0a:ccc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:ac:45:bb:c1:34:bc:4e:36:99:a0:d2:08:8d:c6:53:d8:b6:
         2e:5c:55:0a:a7:fc:2b:85:e8:92:42:1f:68:46:49:a9:94:04:
         a9:d6:c4:4d:fc:5b:6d:8b:2a:17:eb:49:53:6b:5d:2a:52:eb:
         f3:ff:3d:c5:2a:ed:65:ef:74:a1:24:75:de:f3:0c:80:ba:e0:
         38:42:fc:68:a3:3e:de:a4:df:f1:ba:e0:51:e2:5a:8f:13:17:
         1a:78:3e:c2:d5:1e:04:46:2d:ac:a2:81:f7:c6:41:6b:d1:42:
         13:3c:42:c4:c9:9e:7e:21:01:42:f5:88:91:64:0b:05:ff:53:
         af:24:37:ac:69:d8:be:93:60:11:a2:f0:d0:c4:50:2d:30:8e:
         d6:00:c1:e9:3d:c7:44:8e:29:a0:97:40:6f:a7:04:a2:23:84:
         b0:ea:87:65:f9:39:a1:48:5b:24:60:1c:61:fb:4c:2d:8d:08:
         95:9c:42:85:75:53:5f:17:78:49:ef:14:f0:ee:4d:bc:9f:92:
         35:90:0a:22:5b:7a:48:1e:f9:eb:f4:63:e2:cd:a8:ad:47:bd:
         94:53:e9:bd:2b:94:14:dc:00:db:2b:08:fc:f4:07:d1:a9:3a:
         d2:04:11:e4:c0:b3:7c:52:24:88:68:c5:ef:28:a6:3e:d8:0f:
         33:9e:a3:f3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZRfde0vwO1sGphnUwXEmqMRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZGY2OTc0MzBjYmI1N2M0OWEwYTE5OTMwMjRkNmQzMjlm
N2U1NjUwHhcNMjUwMTEzMTEzOTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWNiYTJjNGQwZWQ2NTMzOWE4NDlhZjYyMzM5MmFkNGY5MmYwNzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRHTigTk/Xr0JMG0+ugmisvbkHI9
d7hIXx6ZYNS0IF34e5pkp9jyyiRpGg+MywFDwWs3TqlWTOYrQzB4KPLhlUvdmpWZ
VPyfcof0Ot+7ihzZmPeKpUV+n7mTZgArfAIY9hypzf7E1PrV07P2MOfxaixos/Ji
oKBvehe+qWu8FC+LtyVaDUMDpLUf5igP/+sjNmiodYIMW+tOeb15d2xhPn+XXb7C
I6D87ku/sw6SLynkbDvdxQxRAKZkmvGiCe77OsQy5AQeWS/6GA+3dC0mAFRRDqzw
XUpkVOP02uWlX8vGNYg/xV+sKBP42n1g9RJo55hloTRgidrhvtKVOS17iQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIXLosTQ7WUzmoSa9iM5KtT5Lwd9MB8GA1UdIwQY
MBaAFHLfaXQwy7V8SaChmTAk1tMp9+VlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3Q5cGREREx0WHhKb0tHWk1DVFcweW4zNVdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9mODE2ZDYtMDE2YS00MTM1LTk5ZTMt
OGM0MmJiMjIzMWFiLzEvaGN1aXhORHRaVE9haEpyMkl6a3ExUGt2QjMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9mODE2ZDYtMDE2YS00MTM1LTk5ZTMtOGM0MmJiMjIzMWFi
LzEvY3Q5cGREREx0WHhKb0tHWk1DVFcweW4zNVdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALV8KMA0E
AgACMAcDBQAqCszAMA0GCSqGSIb3DQEBCwUAA4IBAQAyrEW7wTS8TjaZoNIIjcZT
2LYuXFUKp/wrheiSQh9oRkmplASp1sRN/FttiyoX60lTa10qUuvz/z3FKu1l73Sh
JHXe8wyAuuA4Qvxooz7epN/xuuBR4lqPExcaeD7C1R4ERi2sooH3xkFr0UITPELE
yZ5+IQFC9YiRZAsF/1OvJDesadi+k2ARovDQxFAtMI7WAMHpPcdEjimgl0BvpwSi
I4Sw6odl+TmhSFskYBxh+0wtjQiVnEKFdVNfF3hJ7xTw7k28n5I1kAoiW3pIHvnr
9GPizaitR72UU+m9K5QU3ADbKwj89AfRqTrSBBHkwLN8UiSIaMXvKKY+2A8znqPz
-----END CERTIFICATE-----