Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/eRUACPCXV-4Ib9JOJdpUbWI_TYw.roa
File:                     eRUACPCXV-4Ib9JOJdpUbWI_TYw.roa (raw, json)
Hash identifier:          h9bviEq7QynmkHeqFVqOAhXJmtcEK3L94GyVb2n9ZXc=
Subject key identifier:   79:15:00:08:F0:97:57:EE:08:6F:D2:4E:25:DA:54:6D:62:3F:4D:8C
Certificate issuer:       /CN=b9b0d33432eca77c054e8fa8707248da4e47db0b
Certificate serial:       019420D6555DED05994A0CDAA558A2021D3A
Authority key identifier: B9:B0:D3:34:32:EC:A7:7C:05:4E:8F:A8:70:72:48:DA:4E:47:DB:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ubDTNDLsp3wFTo-ocHJI2k5H2ws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/eRUACPCXV-4Ib9JOJdpUbWI_TYw.roa
Signing time:             Wed 01 Jan 2025 07:48:24 +0000
ROA not before:           Wed 01 Jan 2025 07:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        45.85.94.0/24 maxlen: 24
                          45.85.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/ubDTNDLsp3wFTo-ocHJI2k5H2ws.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/ubDTNDLsp3wFTo-ocHJI2k5H2ws.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ubDTNDLsp3wFTo-ocHJI2k5H2ws.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:55:5d:ed:05:99:4a:0c:da:a5:58:a2:02:1d:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9b0d33432eca77c054e8fa8707248da4e47db0b
        Validity
            Not Before: Jan  1 07:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79150008f09757ee086fd24e25da546d623f4d8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:a7:25:86:04:d1:d8:6b:c2:81:a9:14:69:6c:
                    36:46:ae:40:63:df:8a:44:91:00:7a:aa:d4:cc:14:
                    eb:ee:eb:7c:f9:42:3c:32:d6:11:41:98:61:59:6d:
                    ba:c1:b2:1a:b2:46:1e:d9:86:e2:ba:e4:91:ae:45:
                    ab:a1:18:d6:80:c6:47:ad:50:3d:47:d5:0c:73:7c:
                    da:bd:38:1a:8c:bf:29:cb:ba:5d:3a:b2:42:13:e5:
                    0e:24:aa:41:83:23:39:5f:71:33:35:79:0b:e2:97:
                    57:25:4b:26:b2:b6:d8:e6:ae:94:cf:ba:a2:3f:e9:
                    cf:5e:78:54:3a:1c:ad:ff:d9:f1:69:fd:36:9e:98:
                    f2:61:f0:7b:2b:62:37:4d:bb:39:df:6d:f9:5c:d3:
                    fe:89:ad:42:e2:47:61:c5:01:98:8d:7e:d1:04:65:
                    c4:a6:d4:72:db:dd:ea:c6:ea:9f:f5:69:05:40:a1:
                    02:ff:97:40:aa:b5:bc:38:fc:0f:cd:95:5a:3a:92:
                    6e:ab:bb:74:c4:ce:47:71:6a:16:fd:26:cf:d4:6c:
                    09:6c:2a:ad:7d:f1:c1:10:5f:e1:a5:50:a6:f9:0e:
                    bb:2f:7f:33:4d:3a:b9:f0:db:3e:15:de:10:21:14:
                    c4:03:c4:a9:26:2b:48:90:dd:a7:3b:d5:0a:95:73:
                    af:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:15:00:08:F0:97:57:EE:08:6F:D2:4E:25:DA:54:6D:62:3F:4D:8C
            X509v3 Authority Key Identifier:
                keyid:B9:B0:D3:34:32:EC:A7:7C:05:4E:8F:A8:70:72:48:DA:4E:47:DB:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ubDTNDLsp3wFTo-ocHJI2k5H2ws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/eRUACPCXV-4Ib9JOJdpUbWI_TYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/ubDTNDLsp3wFTo-ocHJI2k5H2ws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:ac:4e:07:46:44:de:d7:42:44:b9:ce:39:fa:b1:a3:ba:80:
         bb:d1:cd:0f:5c:a8:31:4a:aa:ff:af:7d:87:36:8c:e8:8b:39:
         9c:fe:a6:2a:45:b2:c8:32:dd:40:8f:45:43:d8:7e:e1:95:95:
         27:d9:11:b6:5a:a0:76:34:83:93:5d:a7:3a:4b:ad:90:8a:58:
         62:e6:e8:21:6f:60:d9:96:27:59:1f:4c:1d:43:c7:65:71:31:
         d1:c9:b8:df:a7:5e:2c:e8:4c:a9:9a:56:3d:8c:5e:97:e0:3a:
         8a:1e:5b:8f:d5:b7:69:0f:e7:08:4b:b8:95:a2:fd:b1:de:3c:
         7f:ab:53:ec:e9:b2:0b:4d:c8:7c:4e:d1:47:f8:0f:de:e9:ac:
         20:56:45:9a:e5:a4:69:17:6a:83:8b:49:27:56:67:bf:b1:50:
         0f:90:da:b6:f9:82:35:ca:9b:74:ca:7e:af:71:ea:28:43:cd:
         42:20:09:46:4b:64:1d:5f:a9:a3:b7:6f:3e:06:a0:b1:8f:25:
         bf:47:38:78:29:c9:be:7a:13:2a:87:dd:35:6d:29:72:c2:23:
         6f:f7:e3:c9:95:19:cd:ea:a4:a0:f3:92:dc:fc:35:e2:45:73:
         b2:ce:15:12:d1:92:56:df:6f:31:90:ea:3d:3f:40:20:d2:b8:
         86:23:84:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1lVd7QWZSgzapViiAh06MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5YjBkMzM0MzJlY2E3N2MwNTRlOGZhODcwNzI0OGRhNGU0
N2RiMGIwHhcNMjUwMTAxMDc0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTE1MDAwOGYwOTc1N2VlMDg2ZmQyNGUyNWRhNTQ2ZDYyM2Y0ZDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzaclhgTR2GvCgakUaWw2Rq5AY9+K
RJEAeqrUzBTr7ut8+UI8MtYRQZhhWW26wbIaskYe2YbiuuSRrkWroRjWgMZHrVA9
R9UMc3zavTgajL8py7pdOrJCE+UOJKpBgyM5X3EzNXkL4pdXJUsmsrbY5q6Uz7qi
P+nPXnhUOhyt/9nxaf02npjyYfB7K2I3Tbs53235XNP+ia1C4kdhxQGYjX7RBGXE
ptRy293qxuqf9WkFQKEC/5dAqrW8OPwPzZVaOpJuq7t0xM5HcWoW/SbP1GwJbCqt
ffHBEF/hpVCm+Q67L38zTTq58Ns+Fd4QIRTEA8SpJitIkN2nO9UKlXOvPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHkVAAjwl1fuCG/STiXaVG1iP02MMB8GA1UdIwQY
MBaAFLmw0zQy7Kd8BU6PqHBySNpOR9sLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWJEVE5ETHNwM3dGVG8tb2NISkkyazVIMndzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9iNDMxY2EtNTI3NS00MmI1LThkNTQt
ZDE5NmY5MjkxNzMyLzEvZVJVQUNQQ1hWLTRJYjlKT0pkcFViV0lfVFl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9iNDMxY2EtNTI3NS00MmI1LThkNTQtZDE5NmY5MjkxNzMy
LzEvdWJEVE5ETHNwM3dGVG8tb2NISkkyazVIMndzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVVeMA0G
CSqGSIb3DQEBCwUAA4IBAQAWrE4HRkTe10JEuc45+rGjuoC70c0PXKgxSqr/r32H
Nozoizmc/qYqRbLIMt1Aj0VD2H7hlZUn2RG2WqB2NIOTXac6S62Qilhi5ughb2DZ
lidZH0wdQ8dlcTHRybjfp14s6EypmlY9jF6X4DqKHluP1bdpD+cIS7iVov2x3jx/
q1Ps6bILTch8TtFH+A/e6awgVkWa5aRpF2qDi0knVme/sVAPkNq2+YI1ypt0yn6v
ceooQ81CIAlGS2QdX6mjt28+BqCxjyW/Rzh4Kcm+ehMqh901bSlywiNv9+PJlRnN
6qSg85Lc/DXiRXOyzhUS0ZJW328xkOo9P0Ag0riGI4T3
-----END CERTIFICATE-----