Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/NuHik6seRrJpGJ5bX_CsrIhY3zU.roa
File:                     NuHik6seRrJpGJ5bX_CsrIhY3zU.roa (raw, json)
Hash identifier:          XhwvgWvGJ+x8g9oj4CIMVsKuWXxNSgrsroLsfVnE6Dw=
Subject key identifier:   36:E1:E2:93:AB:1E:46:B2:69:18:9E:5B:5F:F0:AC:AC:88:58:DF:35
Certificate issuer:       /CN=c2c12b527a5d1f8b8bcf230eb611f52f11d52bbf
Certificate serial:       019881D9EDDF8DCF39B6C0CE04C3BE19D2AE
Authority key identifier: C2:C1:2B:52:7A:5D:1F:8B:8B:CF:23:0E:B6:11:F5:2F:11:D5:2B:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wsErUnpdH4uLzyMOthH1LxHVK78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/NuHik6seRrJpGJ5bX_CsrIhY3zU.roa
Signing time:             Thu 07 Aug 2025 00:06:39 +0000
ROA not before:           Thu 07 Aug 2025 00:06:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215929
IP address blocks:        45.13.212.0/24 maxlen: 24
                          45.142.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/wsErUnpdH4uLzyMOthH1LxHVK78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/wsErUnpdH4uLzyMOthH1LxHVK78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wsErUnpdH4uLzyMOthH1LxHVK78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:81:d9:ed:df:8d:cf:39:b6:c0:ce:04:c3:be:19:d2:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2c12b527a5d1f8b8bcf230eb611f52f11d52bbf
        Validity
            Not Before: Aug  7 00:06:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36e1e293ab1e46b269189e5b5ff0acac8858df35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:5b:26:b4:72:0a:3c:dc:47:f5:cb:2e:8e:99:
                    4c:d9:4f:66:7e:a7:56:19:4a:59:41:36:b8:26:92:
                    a4:a1:0b:33:88:b7:5e:c8:72:ba:bd:19:ee:a5:22:
                    cc:6c:aa:55:34:d6:d5:52:b0:4f:5e:af:16:e2:88:
                    7d:4c:61:24:4e:2f:6f:c6:0d:a6:83:aa:f8:dc:36:
                    a9:a0:e7:b2:3d:60:3e:14:c0:d2:0e:94:7c:b2:90:
                    a9:ad:79:7f:f5:2c:68:aa:1c:29:f5:78:d9:8b:9e:
                    b1:d3:c7:42:21:09:2b:59:d4:ee:07:3b:ff:7d:af:
                    2c:49:d2:80:00:10:c6:02:0b:20:95:a9:d3:80:ef:
                    e5:ee:d1:5c:de:10:4b:59:b5:db:2a:48:07:e5:c6:
                    be:4f:35:54:c0:2c:7a:a7:db:a0:ce:51:01:40:3c:
                    6c:67:5b:3d:a5:0a:d4:39:8a:a6:3a:9e:56:f4:9e:
                    68:bd:4e:17:86:4c:74:3b:82:59:e5:ed:77:12:1c:
                    bf:c3:d6:14:77:67:12:7d:bc:58:ea:53:5a:f2:8d:
                    f2:00:56:e0:c3:96:6e:53:24:05:5a:f2:82:f7:b3:
                    14:27:57:6f:6b:e4:c6:00:82:4b:e5:de:80:22:44:
                    94:9a:22:10:b0:d2:37:f5:61:ba:c2:e3:3a:d4:bf:
                    60:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:E1:E2:93:AB:1E:46:B2:69:18:9E:5B:5F:F0:AC:AC:88:58:DF:35
            X509v3 Authority Key Identifier:
                keyid:C2:C1:2B:52:7A:5D:1F:8B:8B:CF:23:0E:B6:11:F5:2F:11:D5:2B:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wsErUnpdH4uLzyMOthH1LxHVK78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/NuHik6seRrJpGJ5bX_CsrIhY3zU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/wsErUnpdH4uLzyMOthH1LxHVK78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.212.0/24
                  45.142.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:c6:61:5a:e6:be:9b:5d:81:3b:15:f0:a1:c6:b8:27:e8:19:
         53:1c:54:c3:a2:41:44:78:43:93:8b:ef:e7:e5:c4:ca:5f:d5:
         d9:f5:0d:2b:fb:2b:57:4a:8a:26:bf:a6:9b:40:f6:3c:0a:cb:
         84:13:7c:fb:f7:c0:b9:04:e7:1d:b3:79:e6:9a:b0:2f:86:36:
         d6:3e:67:b7:40:17:53:b9:c2:b9:6b:d4:00:61:5e:3e:f7:70:
         a5:72:13:1b:96:c2:7a:11:c9:0e:dc:78:5c:64:37:e5:f3:94:
         62:12:04:d8:75:5e:06:cf:9e:9a:3f:91:7c:f8:04:a4:77:19:
         76:e6:93:e7:80:d1:b9:5b:ce:31:3b:f0:b0:20:1f:f8:16:40:
         f2:1f:db:01:e4:50:96:c2:37:88:37:3c:d3:d1:2b:c4:78:c1:
         b0:a8:c0:da:d8:e8:04:00:32:7e:62:c2:16:94:2b:e1:ab:6f:
         09:ce:ff:7e:df:da:0f:fa:36:7d:ad:43:93:28:50:8e:eb:fa:
         18:06:77:84:43:7d:22:53:60:43:54:57:2a:c2:32:60:3a:d5:
         14:9e:0e:ec:24:3d:df:40:14:26:ff:3e:ee:a6:16:0a:6f:92:
         49:50:85:3b:45:cd:84:20:09:23:da:5b:ee:92:54:73:47:f8:
         df:dd:f5:a7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZiB2e3fjc85tsDOBMO+GdKuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyYzEyYjUyN2E1ZDFmOGI4YmNmMjMwZWI2MTFmNTJmMTFk
NTJiYmYwHhcNMjUwODA3MDAwNjM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmUxZTI5M2FiMWU0NmIyNjkxODllNWI1ZmYwYWNhYzg4NThkZjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3VsmtHIKPNxH9csujplM2U9mfqdW
GUpZQTa4JpKkoQsziLdeyHK6vRnupSLMbKpVNNbVUrBPXq8W4oh9TGEkTi9vxg2m
g6r43DapoOeyPWA+FMDSDpR8spCprXl/9Sxoqhwp9XjZi56x08dCIQkrWdTuBzv/
fa8sSdKAABDGAgsglanTgO/l7tFc3hBLWbXbKkgH5ca+TzVUwCx6p9ugzlEBQDxs
Z1s9pQrUOYqmOp5W9J5ovU4Xhkx0O4JZ5e13Ehy/w9YUd2cSfbxY6lNa8o3yAFbg
w5ZuUyQFWvKC97MUJ1dva+TGAIJL5d6AIkSUmiIQsNI39WG6wuM61L9gowIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDbh4pOrHkayaRieW1/wrKyIWN81MB8GA1UdIwQY
MBaAFMLBK1J6XR+Li88jDrYR9S8R1Su/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3NFclVucGRINHVMenlNT3RoSDFMeEhWSzc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zZWJiNDYtYjlkZC00Njk1LTgxNWMt
NDZlZTU3OGEwYmZlLzEvTnVIaWs2c2VSckpwR0o1YlhfQ3NySWhZM3pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zZWJiNDYtYjlkZC00Njk1LTgxNWMtNDZlZTU3OGEwYmZl
LzEvd3NFclVucGRINHVMenlNT3RoSDFMeEhWSzc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQ3UAwQA
LY7DMA0GCSqGSIb3DQEBCwUAA4IBAQC0xmFa5r6bXYE7FfChxrgn6BlTHFTDokFE
eEOTi+/n5cTKX9XZ9Q0r+ytXSoomv6abQPY8CsuEE3z798C5BOcds3nmmrAvhjbW
Pme3QBdTucK5a9QAYV4+93ClchMblsJ6EckO3HhcZDfl85RiEgTYdV4Gz56aP5F8
+ASkdxl25pPngNG5W84xO/CwIB/4FkDyH9sB5FCWwjeINzzT0SvEeMGwqMDa2OgE
ADJ+YsIWlCvhq28Jzv9+39oP+jZ9rUOTKFCO6/oYBneEQ30iU2BDVFcqwjJgOtUU
ng7sJD3fQBQm/z7uphYKb5JJUIU7Rc2EIAkj2lvuklRzR/jf3fWn
-----END CERTIFICATE-----