Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/QqlMdh24Ws5Csf0Uuo2IJQlJoC4.roa
File:                     QqlMdh24Ws5Csf0Uuo2IJQlJoC4.roa (raw, json)
Hash identifier:          /8SKmiBGn8KNuuR9Z6Vc2oYu9cW/r06GpbN1vuAdWAE=
Subject key identifier:   42:A9:4C:76:1D:B8:5A:CE:42:B1:FD:14:BA:8D:88:25:09:49:A0:2E
Certificate issuer:       /CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Certificate serial:       019421B227E7AD26003549DBA78F2E75B82B
Authority key identifier: AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/QqlMdh24Ws5Csf0Uuo2IJQlJoC4.roa
Signing time:             Wed 01 Jan 2025 11:48:31 +0000
ROA not before:           Wed 01 Jan 2025 11:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44477
IP address blocks:        45.147.148.0/22 maxlen: 24
                          77.83.152.0/22 maxlen: 24
                          2a0e:9846::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:27:e7:ad:26:00:35:49:db:a7:8f:2e:75:b8:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
        Validity
            Not Before: Jan  1 11:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42a94c761db85ace42b1fd14ba8d88250949a02e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:98:e2:1c:09:fa:c4:2d:52:d8:ea:dd:31:78:
                    a5:c0:c0:32:39:73:08:5c:7a:9a:f3:87:6c:c4:93:
                    c2:6b:89:40:e8:f3:60:c0:fc:f3:df:4b:48:46:0e:
                    e1:75:47:49:3f:3d:6b:1b:b3:9c:67:54:8a:e9:24:
                    3a:3b:b2:05:87:15:be:9a:0d:3c:d2:88:a7:bd:e9:
                    d9:3a:9f:ca:5d:d0:81:81:01:4c:ba:67:d3:33:56:
                    2c:af:66:ae:11:ec:1d:d7:32:bc:db:45:cd:fe:bd:
                    9a:94:6d:2b:cb:12:87:03:a6:17:43:37:fd:fb:8a:
                    b4:8f:88:24:2a:65:9b:80:52:a6:ef:06:d8:b3:1c:
                    33:0c:f5:f8:3c:c6:46:6b:e0:62:39:5e:fe:71:17:
                    fb:a0:3b:99:9c:da:21:1e:b4:b2:a2:3f:6c:e5:e8:
                    e1:d8:14:c4:c4:2d:40:82:71:7d:fd:72:7e:9b:42:
                    0e:ce:f1:94:12:22:2b:d1:7c:e0:af:a6:58:cc:13:
                    58:cc:00:0b:be:5c:9d:d8:e5:3c:71:7b:34:b3:1b:
                    1d:f2:a7:4f:2f:4d:a3:a0:13:74:f4:8c:9a:24:4f:
                    54:4d:3e:9e:ca:9f:36:f2:55:f9:ca:5d:e7:ee:0c:
                    5e:56:62:9c:35:43:3e:6d:de:46:df:7d:3c:a1:56:
                    33:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:A9:4C:76:1D:B8:5A:CE:42:B1:FD:14:BA:8D:88:25:09:49:A0:2E
            X509v3 Authority Key Identifier:
                keyid:AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/QqlMdh24Ws5Csf0Uuo2IJQlJoC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.148.0/22
                  77.83.152.0/22
                IPv6:
                  2a0e:9846::/32

    Signature Algorithm: sha256WithRSAEncryption
         6c:27:f3:1c:29:b1:4a:c6:13:7a:aa:90:97:64:1b:da:90:6e:
         72:b1:cc:92:ea:61:80:b1:5c:21:9a:c5:6c:fd:e2:ae:7d:24:
         06:7f:30:b4:8a:2c:8e:35:6c:bc:e6:fe:4c:bf:19:8e:9a:54:
         ed:a9:57:8c:0a:61:92:af:ae:f6:8e:46:58:f5:5b:14:8c:f1:
         6d:c7:e6:c4:c9:f7:c9:8a:f9:c6:a1:8e:fb:f4:8b:8f:84:b3:
         d4:a9:9a:fd:2d:7d:5d:28:0d:b7:78:c1:60:c4:3b:1f:72:4e:
         9c:aa:a9:7f:d7:71:37:f3:75:68:55:74:04:f2:41:e4:9d:ed:
         d8:cc:cd:41:2d:c7:27:76:3d:08:4c:9f:f2:0a:db:ea:89:19:
         72:bd:11:ff:54:23:10:31:57:d0:c2:cc:15:86:d0:31:6e:d0:
         cc:cb:ac:ae:7f:d7:30:ca:2c:ee:dc:38:44:33:5d:c7:98:ca:
         a8:03:67:d7:07:93:42:0b:e2:04:68:26:b5:bc:52:1e:04:85:
         42:9c:33:f8:c8:37:5e:7e:53:aa:95:4d:37:b1:a5:5e:f5:ec:
         15:c6:66:9a:e4:84:a8:73:81:13:34:0d:1d:53:aa:95:aa:7d:
         8b:93:cd:b4:d7:ee:a2:15:63:f7:46:d0:a5:7f:8a:b0:54:1a:
         19:20:b8:28
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQhsifnrSYANUnbp48udbgrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYTI1YWFmZTNhOTg3MGU5NTI0YWZhMDI2NTk4N2VkNWE1
YTRkYTMwHhcNMjUwMTAxMTE0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmE5NGM3NjFkYjg1YWNlNDJiMWZkMTRiYThkODgyNTA5NDlhMDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA15jiHAn6xC1S2OrdMXilwMAyOXMI
XHqa84dsxJPCa4lA6PNgwPzz30tIRg7hdUdJPz1rG7OcZ1SK6SQ6O7IFhxW+mg08
0oinvenZOp/KXdCBgQFMumfTM1Ysr2auEewd1zK820XN/r2alG0ryxKHA6YXQzf9
+4q0j4gkKmWbgFKm7wbYsxwzDPX4PMZGa+BiOV7+cRf7oDuZnNohHrSyoj9s5ejh
2BTExC1AgnF9/XJ+m0IOzvGUEiIr0Xzgr6ZYzBNYzAALvlyd2OU8cXs0sxsd8qdP
L02joBN09IyaJE9UTT6eyp828lX5yl3n7gxeVmKcNUM+bd5G3308oVYzRQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEKpTHYduFrOQrH9FLqNiCUJSaAuMB8GA1UdIwQY
MBaAFK2iWq/jqYcOlSSvoCZZh+1aWk2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUt
OWQ1ODc1ZDg2MzczLzEvUXFsTWRoMjRXczVDc2YwVXVvMklKUWxKb0M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUtOWQ1ODc1ZDg2Mzcz
LzEvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLZOUAwQC
TVOYMA0EAgACMAcDBQAqDphGMA0GCSqGSIb3DQEBCwUAA4IBAQBsJ/McKbFKxhN6
qpCXZBvakG5yscyS6mGAsVwhmsVs/eKufSQGfzC0iiyONWy85v5MvxmOmlTtqVeM
CmGSr672jkZY9VsUjPFtx+bEyffJivnGoY779IuPhLPUqZr9LX1dKA23eMFgxDsf
ck6cqql/13E383VoVXQE8kHkne3YzM1BLccndj0ITJ/yCtvqiRlyvRH/VCMQMVfQ
wswVhtAxbtDMy6yuf9cwyizu3DhEM13HmMqoA2fXB5NCC+IEaCa1vFIeBIVCnDP4
yDdeflOqlU03saVe9ewVxmaa5ISoc4ETNA0dU6qVqn2Lk8201+6iFWP3RtClf4qw
VBoZILgo
-----END CERTIFICATE-----