Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/652780-3ea1-415e-839e-844729137ee5/1/HqDRIksWN36QXauqYoD2knIGjbc.roa
File:                     HqDRIksWN36QXauqYoD2knIGjbc.roa (raw, json)
Hash identifier:          05DMa/ontaHtCWdbIzNxIFAgYET2ZoK4nwid3joHlm8=
Subject key identifier:   1E:A0:D1:22:4B:16:37:7E:90:5D:AB:AA:62:80:F6:92:72:06:8D:B7
Certificate issuer:       /CN=5f673d2f621ae31407001748bbde638acbd86050
Certificate serial:       0194B25CB16BCFA0DCDAE2FD45DC29F3504C
Authority key identifier: 5F:67:3D:2F:62:1A:E3:14:07:00:17:48:BB:DE:63:8A:CB:D8:60:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X2c9L2Ia4xQHABdIu95jisvYYFA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/652780-3ea1-415e-839e-844729137ee5/1/HqDRIksWN36QXauqYoD2knIGjbc.roa
Signing time:             Wed 29 Jan 2025 14:00:06 +0000
ROA not before:           Wed 29 Jan 2025 14:00:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12650
IP address blocks:        212.45.96.0/21 maxlen: 21
                          212.45.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/652780-3ea1-415e-839e-844729137ee5/1/X2c9L2Ia4xQHABdIu95jisvYYFA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/652780-3ea1-415e-839e-844729137ee5/1/X2c9L2Ia4xQHABdIu95jisvYYFA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X2c9L2Ia4xQHABdIu95jisvYYFA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 13:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b2:5c:b1:6b:cf:a0:dc:da:e2:fd:45:dc:29:f3:50:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f673d2f621ae31407001748bbde638acbd86050
        Validity
            Not Before: Jan 29 14:00:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ea0d1224b16377e905dabaa6280f69272068db7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:42:28:10:05:d3:59:04:37:60:50:59:c1:70:
                    c1:18:7a:27:55:c4:e3:91:09:aa:eb:ca:f3:0b:db:
                    47:11:15:85:1d:05:63:3f:d8:05:23:74:01:91:0b:
                    0a:79:0b:3b:93:7d:bd:b9:6a:7f:d7:2b:c7:d8:b9:
                    82:55:18:b1:71:73:68:82:c4:38:db:7d:0e:5a:5c:
                    0e:0b:dd:47:20:e4:1b:22:20:c0:05:92:1b:39:c5:
                    8a:17:d6:67:76:07:84:24:80:28:21:7e:47:8c:f8:
                    16:6b:b9:e5:38:51:5e:cf:c0:2c:8c:88:30:15:a2:
                    f4:8a:26:a8:bc:1e:8f:f8:a3:a4:1e:c4:c1:44:cd:
                    96:30:99:52:c5:2f:cc:54:0b:1c:90:17:94:6d:7a:
                    e8:65:00:4c:e9:e1:38:2f:a4:0b:47:86:a4:7b:39:
                    7a:a5:c9:7e:95:33:02:c6:97:57:09:7f:7f:c2:38:
                    87:dc:df:b8:ec:bf:93:57:c5:b2:71:a7:ad:53:9a:
                    c8:65:b6:54:f5:2c:44:c1:b4:59:a8:ae:09:6b:bf:
                    c6:a3:f0:08:2f:01:4c:19:7c:ff:22:a9:4b:fd:76:
                    3a:ad:20:eb:64:25:58:73:6e:0f:22:cb:2e:29:ad:
                    49:81:e5:bb:30:18:51:55:8b:89:6e:ec:60:5c:6b:
                    ac:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:A0:D1:22:4B:16:37:7E:90:5D:AB:AA:62:80:F6:92:72:06:8D:B7
            X509v3 Authority Key Identifier:
                keyid:5F:67:3D:2F:62:1A:E3:14:07:00:17:48:BB:DE:63:8A:CB:D8:60:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X2c9L2Ia4xQHABdIu95jisvYYFA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/652780-3ea1-415e-839e-844729137ee5/1/HqDRIksWN36QXauqYoD2knIGjbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/652780-3ea1-415e-839e-844729137ee5/1/X2c9L2Ia4xQHABdIu95jisvYYFA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.45.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         64:7e:9d:72:a7:28:34:ba:ce:72:fe:cd:a8:a1:e5:ba:db:b4:
         51:c4:cc:b1:2a:53:a1:66:df:70:2a:d7:c8:bd:1a:ab:bd:fe:
         cc:15:26:c6:5a:d6:0c:b4:a3:42:02:5f:34:a8:bf:8f:8f:1f:
         31:38:63:53:7a:84:76:78:57:f2:d1:6e:fc:76:cb:18:d8:d1:
         39:b0:ed:d9:33:b3:11:6e:26:a4:90:d1:96:95:43:83:0c:76:
         5d:87:f8:e0:43:4b:52:fe:9b:5b:5f:85:9c:58:83:8f:59:44:
         1b:41:b1:a3:80:6a:e1:a1:dd:aa:33:f2:76:d7:0b:32:3a:aa:
         5f:01:45:01:51:da:5f:cc:3e:ba:60:c3:41:9e:74:86:41:6a:
         ef:13:43:09:a8:75:f1:c1:f6:68:35:af:ca:61:e4:45:d7:b1:
         3b:43:81:fa:25:26:97:3b:ea:8c:3d:44:b1:f5:a3:a8:17:94:
         59:85:f9:23:ee:73:a4:95:36:87:bb:a2:30:30:4b:ae:8b:33:
         7b:00:19:74:b7:c6:73:e1:30:38:89:20:6f:55:bc:00:2f:4b:
         68:db:b2:23:c6:e8:e6:1e:12:af:f4:99:a4:3c:91:ae:df:c3:
         57:d2:f4:c4:14:d9:06:09:8c:bd:c0:d6:d1:4d:c5:78:68:c2:
         28:df:bb:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSyXLFrz6Dc2uL9Rdwp81BMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmNjczZDJmNjIxYWUzMTQwNzAwMTc0OGJiZGU2MzhhY2Jk
ODYwNTAwHhcNMjUwMTI5MTQwMDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWEwZDEyMjRiMTYzNzdlOTA1ZGFiYWE2MjgwZjY5MjcyMDY4ZGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkIoEAXTWQQ3YFBZwXDBGHonVcTj
kQmq68rzC9tHERWFHQVjP9gFI3QBkQsKeQs7k329uWp/1yvH2LmCVRixcXNogsQ4
230OWlwOC91HIOQbIiDABZIbOcWKF9ZndgeEJIAoIX5HjPgWa7nlOFFez8AsjIgw
FaL0iiaovB6P+KOkHsTBRM2WMJlSxS/MVAsckBeUbXroZQBM6eE4L6QLR4akezl6
pcl+lTMCxpdXCX9/wjiH3N+47L+TV8WycaetU5rIZbZU9SxEwbRZqK4Ja7/Go/AI
LwFMGXz/IqlL/XY6rSDrZCVYc24PIssuKa1JgeW7MBhRVYuJbuxgXGusqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6g0SJLFjd+kF2rqmKA9pJyBo23MB8GA1UdIwQY
MBaAFF9nPS9iGuMUBwAXSLveY4rL2GBQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDJjOUwySWE0eFFIQUJkSXU5NWppc3ZZWUZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC82NTI3ODAtM2VhMS00MTVlLTgzOWUt
ODQ0NzI5MTM3ZWU1LzEvSHFEUklrc1dOMzZRWGF1cVlvRDJrbklHamJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC82NTI3ODAtM2VhMS00MTVlLTgzOWUtODQ0NzI5MTM3ZWU1
LzEvWDJjOUwySWE0eFFIQUJkSXU5NWppc3ZZWUZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD1C1gMA0G
CSqGSIb3DQEBCwUAA4IBAQBkfp1ypyg0us5y/s2ooeW627RRxMyxKlOhZt9wKtfI
vRqrvf7MFSbGWtYMtKNCAl80qL+Pjx8xOGNTeoR2eFfy0W78dssY2NE5sO3ZM7MR
biakkNGWlUODDHZdh/jgQ0tS/ptbX4WcWIOPWUQbQbGjgGrhod2qM/J21wsyOqpf
AUUBUdpfzD66YMNBnnSGQWrvE0MJqHXxwfZoNa/KYeRF17E7Q4H6JSaXO+qMPUSx
9aOoF5RZhfkj7nOklTaHu6IwMEuuizN7ABl0t8Zz4TA4iSBvVbwAL0to27Ijxujm
HhKv9JmkPJGu38NX0vTEFNkGCYy9wNbRTcV4aMIo37sp
-----END CERTIFICATE-----