Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/nHbdEVjVQtg8Gh7qktyXpLtubxk.roa
File:                     nHbdEVjVQtg8Gh7qktyXpLtubxk.roa (raw, json)
Hash identifier:          gGrByhIFZiq4uwXWb+N7hRypfLG6zNnkCtnTEKfMQQA=
Subject key identifier:   9C:76:DD:11:58:D5:42:D8:3C:1A:1E:EA:92:DC:97:A4:BB:6E:6F:19
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019421B25229DFC8F8E0637CEE5B898348BA
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/nHbdEVjVQtg8Gh7qktyXpLtubxk.roa
Signing time:             Wed 01 Jan 2025 11:48:42 +0000
ROA not before:           Wed 01 Jan 2025 11:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395003
IP address blocks:        45.82.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:52:29:df:c8:f8:e0:63:7c:ee:5b:89:83:48:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  1 11:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c76dd1158d542d83c1a1eea92dc97a4bb6e6f19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f7:4b:20:2d:8e:b4:6e:e2:62:cf:43:32:51:
                    8c:06:51:98:6e:1b:b6:46:71:4a:bb:04:54:f2:95:
                    2d:81:c2:54:28:f9:eb:07:59:2f:6c:24:24:e9:e2:
                    9c:70:aa:d3:f1:43:36:3c:6c:6d:97:ea:42:c1:8e:
                    5e:9d:f8:9e:8b:89:aa:f5:dd:92:49:fc:05:18:ef:
                    8d:a6:d5:b3:1e:2b:70:b8:5e:72:38:06:5a:cd:3c:
                    a6:e5:6e:64:be:dd:8a:ba:a0:5e:c7:e8:8c:5f:5a:
                    df:8a:e9:3b:2b:79:6d:4b:68:8c:b8:7f:2a:d6:3f:
                    be:f5:c7:4a:b1:23:9e:54:c1:46:40:62:86:96:33:
                    66:ce:48:93:e5:c4:34:79:7b:9f:af:f1:39:da:a2:
                    7e:b3:67:4d:a8:ad:e2:83:16:f4:9a:a1:42:a5:d2:
                    78:22:f7:14:fb:53:76:0b:c8:f5:08:20:db:8f:86:
                    80:07:f8:9b:88:94:39:fc:e7:df:75:e5:73:8a:7b:
                    7e:13:73:81:00:71:d2:4d:dc:ee:ba:2a:d1:dd:66:
                    4d:45:b6:67:68:fa:88:3f:fe:cb:b5:fb:58:1c:ee:
                    72:13:0f:a8:32:43:22:3c:8d:a2:b1:3f:bc:53:54:
                    1f:68:5e:94:08:0d:85:90:61:fc:1a:fb:97:e6:45:
                    dc:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:76:DD:11:58:D5:42:D8:3C:1A:1E:EA:92:DC:97:A4:BB:6E:6F:19
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/nHbdEVjVQtg8Gh7qktyXpLtubxk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:7e:1b:eb:77:d3:fb:f8:aa:cd:63:8f:b1:b4:30:b8:fd:a7:
         6b:df:22:b7:24:fa:1c:9e:25:da:4a:ae:d1:73:ae:74:76:12:
         ed:76:b8:b9:91:47:72:ea:f2:08:21:30:be:31:8f:15:0d:8e:
         ac:4d:bc:2a:41:58:51:b1:75:a2:12:91:1c:96:16:d2:e6:ca:
         ef:79:9a:d2:9d:9b:e4:1e:09:ec:f5:5e:ed:15:f3:75:4a:5f:
         e3:21:84:80:28:f9:36:e1:9a:ee:d6:7c:d7:e5:b6:5e:75:fb:
         09:3b:46:2f:f1:04:dd:5c:37:42:4f:c5:71:e8:29:ae:d8:57:
         06:1c:60:97:a0:47:7e:99:2a:28:c4:6c:97:8f:ed:64:d6:de:
         43:20:22:25:e1:8d:73:fe:44:a1:8c:2d:8c:59:40:cb:76:21:
         ff:a9:46:33:cc:00:e5:0a:01:99:b2:47:c1:58:bb:2a:69:2d:
         b3:13:15:30:61:76:46:67:33:89:83:d0:e7:6a:d2:33:8b:cc:
         73:e7:b9:3c:d9:bc:6a:dd:5d:55:70:0a:62:9f:ad:14:70:7c:
         a2:f2:2a:05:49:aa:15:38:b7:f7:b3:9e:80:40:d7:5c:75:8c:
         e6:a7:53:96:1c:ae:6f:e1:c8:3a:4d:63:42:a8:69:9a:5d:12:
         1f:53:53:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhslIp38j44GN87luJg0i6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwMTAxMTE0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yzc2ZGQxMTU4ZDU0MmQ4M2MxYTFlZWE5MmRjOTdhNGJiNmU2ZjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPdLIC2OtG7iYs9DMlGMBlGYbhu2
RnFKuwRU8pUtgcJUKPnrB1kvbCQk6eKccKrT8UM2PGxtl+pCwY5enfiei4mq9d2S
SfwFGO+NptWzHitwuF5yOAZazTym5W5kvt2KuqBex+iMX1rfiuk7K3ltS2iMuH8q
1j++9cdKsSOeVMFGQGKGljNmzkiT5cQ0eXufr/E52qJ+s2dNqK3igxb0mqFCpdJ4
IvcU+1N2C8j1CCDbj4aAB/ibiJQ5/OffdeVzint+E3OBAHHSTdzuuirR3WZNRbZn
aPqIP/7LtftYHO5yEw+oMkMiPI2isT+8U1QfaF6UCA2FkGH8GvuX5kXcaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJx23RFY1ULYPBoe6pLcl6S7bm8ZMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvbkhiZEVWalZRdGc4R2g3cWt0eVhwTHR1YnhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVL1MA0G
CSqGSIb3DQEBCwUAA4IBAQCofhvrd9P7+KrNY4+xtDC4/adr3yK3JPocniXaSq7R
c650dhLtdri5kUdy6vIIITC+MY8VDY6sTbwqQVhRsXWiEpEclhbS5srveZrSnZvk
Hgns9V7tFfN1Sl/jIYSAKPk24Zru1nzX5bZedfsJO0Yv8QTdXDdCT8Vx6Cmu2FcG
HGCXoEd+mSooxGyXj+1k1t5DICIl4Y1z/kShjC2MWUDLdiH/qUYzzADlCgGZskfB
WLsqaS2zExUwYXZGZzOJg9DnatIzi8xz57k82bxq3V1VcApin60UcHyi8ioFSaoV
OLf3s56AQNdcdYzmp1OWHK5v4cg6TWNCqGmaXRIfU1NV
-----END CERTIFICATE-----