Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/Ni-Fp4_j67fDXsFhqeAtqlBDVMk.roa
File:                     Ni-Fp4_j67fDXsFhqeAtqlBDVMk.roa (raw, json)
Hash identifier:          9tgqY57FLat9I59Y+ts7KO1YugeEb5mFhO4VhQMSpuE=
Subject key identifier:   36:2F:85:A7:8F:E3:EB:B7:C3:5E:C1:61:A9:E0:2D:AA:50:43:54:C9
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       0194266BC9F7DABE0D14DAF6072729CEEC42
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/Ni-Fp4_j67fDXsFhqeAtqlBDVMk.roa
Signing time:             Thu 02 Jan 2025 09:49:45 +0000
ROA not before:           Thu 02 Jan 2025 09:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212822
IP address blocks:        45.95.34.0/24 maxlen: 24
                          185.216.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c9:f7:da:be:0d:14:da:f6:07:27:29:ce:ec:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Jan  2 09:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=362f85a78fe3ebb7c35ec161a9e02daa504354c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c3:ed:ae:eb:00:2d:56:b0:dd:bd:ae:8e:36:
                    f1:0a:96:81:9f:1a:b7:fa:e3:e1:4c:11:67:50:e2:
                    64:42:6d:5d:a5:a5:6f:fe:f6:da:ca:62:53:a5:0f:
                    e7:97:2d:4c:1a:ba:09:83:d8:b4:2a:f4:df:2d:7d:
                    9d:46:0c:23:4b:b4:5b:db:2b:b0:38:76:6f:f6:d0:
                    08:97:e3:ea:ee:1f:c5:d2:d0:8f:a3:fa:6b:38:e2:
                    b0:8e:39:9b:33:65:8b:04:f7:64:fe:31:2d:cc:6b:
                    3e:cd:c9:ff:76:be:fb:cb:13:81:b1:1c:9a:2b:12:
                    ca:ee:f5:44:24:7b:6d:f4:fb:9d:4f:b7:62:9b:71:
                    0e:51:d5:4a:63:c8:4b:5b:d8:93:25:c2:07:10:a1:
                    9b:e9:e2:ea:6d:88:a5:69:2d:c8:55:3e:d8:d5:7c:
                    ed:e6:eb:69:4c:46:80:fd:a0:3a:06:9d:cf:e8:9a:
                    81:7f:b8:9e:e1:29:03:88:af:2f:38:7c:50:01:54:
                    18:7e:c3:72:d1:78:7b:80:d5:be:3f:95:ec:90:8b:
                    52:22:f0:ce:c0:6f:0f:20:8c:1f:1e:ba:13:53:8f:
                    7a:0b:de:50:b7:bb:56:e6:f8:c8:ab:b3:4e:27:e8:
                    cc:52:54:a3:66:27:a0:93:86:3f:db:91:af:7f:85:
                    f5:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:2F:85:A7:8F:E3:EB:B7:C3:5E:C1:61:A9:E0:2D:AA:50:43:54:C9
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/Ni-Fp4_j67fDXsFhqeAtqlBDVMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.34.0/24
                  185.216.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:2d:08:6e:be:0e:45:8f:96:5c:1e:80:10:2d:af:c2:30:ca:
         d2:96:b3:b4:79:99:2e:c3:33:69:00:82:c2:1e:37:40:2a:19:
         8f:c1:7c:95:ff:d0:20:8a:7f:b5:45:c9:8f:62:e1:ce:42:e9:
         0e:76:97:c0:4a:12:c6:b3:fd:a2:c4:e7:3d:5e:54:d3:30:71:
         ab:86:53:63:90:01:a8:eb:ae:46:0e:48:16:4c:87:b8:67:66:
         5f:8a:fa:39:ed:fb:65:e1:ec:44:ce:01:5b:08:64:21:e3:20:
         f6:46:6c:30:8c:b7:cb:08:50:dc:47:d2:ba:77:ea:19:fd:a6:
         42:65:99:8a:fc:07:39:7f:66:bf:bd:27:ec:e6:5f:5c:75:d6:
         c6:5d:33:0c:4b:55:3b:ae:00:61:12:21:1d:2c:5c:0b:03:4e:
         04:ac:fa:d9:65:f4:6c:72:03:4e:07:f3:61:37:2e:3b:d3:ba:
         31:f9:5c:0a:92:0a:d2:7c:99:20:08:9a:f7:1c:87:a0:49:c1:
         73:ae:79:84:1a:1c:11:41:e4:be:e2:d0:b6:6c:17:bc:75:ac:
         e0:d5:c2:74:93:21:c2:2a:13:d0:ab:cd:da:ac:9f:70:56:1e:
         67:03:9c:1f:f9:07:84:d4:02:f7:6f:84:1f:be:1a:2d:74:22:
         ea:e9:ca:fd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQma8n32r4NFNr2BycpzuxCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjUwMTAyMDk0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjJmODVhNzhmZTNlYmI3YzM1ZWMxNjFhOWUwMmRhYTUwNDM1NGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMPtrusALVaw3b2ujjbxCpaBnxq3
+uPhTBFnUOJkQm1dpaVv/vbaymJTpQ/nly1MGroJg9i0KvTfLX2dRgwjS7Rb2yuw
OHZv9tAIl+Pq7h/F0tCPo/prOOKwjjmbM2WLBPdk/jEtzGs+zcn/dr77yxOBsRya
KxLK7vVEJHtt9PudT7dim3EOUdVKY8hLW9iTJcIHEKGb6eLqbYilaS3IVT7Y1Xzt
5utpTEaA/aA6Bp3P6JqBf7ie4SkDiK8vOHxQAVQYfsNy0Xh7gNW+P5XskItSIvDO
wG8PIIwfHroTU496C95Qt7tW5vjIq7NOJ+jMUlSjZiegk4Y/25Gvf4X13QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDYvhaeP4+u3w17BYangLapQQ1TJMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvTmktRnA0X2o2N2ZEWHNGaHFlQXRxbEJEVk1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALV8iAwQA
udjSMA0GCSqGSIb3DQEBCwUAA4IBAQBCLQhuvg5Fj5ZcHoAQLa/CMMrSlrO0eZku
wzNpAILCHjdAKhmPwXyV/9Agin+1RcmPYuHOQukOdpfAShLGs/2ixOc9XlTTMHGr
hlNjkAGo665GDkgWTIe4Z2Zfivo57ftl4exEzgFbCGQh4yD2RmwwjLfLCFDcR9K6
d+oZ/aZCZZmK/Ac5f2a/vSfs5l9cddbGXTMMS1U7rgBhEiEdLFwLA04ErPrZZfRs
cgNOB/NhNy4707ox+VwKkgrSfJkgCJr3HIegScFzrnmEGhwRQeS+4tC2bBe8dazg
1cJ0kyHCKhPQq83arJ9wVh5nA5wf+QeE1AL3b4QfvhotdCLq6cr9
-----END CERTIFICATE-----