Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/QxGFNF72x4BqsfaQ6jtAOQBOPno.roa
File:                     QxGFNF72x4BqsfaQ6jtAOQBOPno.roa (raw, json)
Hash identifier:          65riUzSqL2rM8j5Yrj0UOmDbiXGurF7dxCWBn61aeEc=
Subject key identifier:   43:11:85:34:5E:F6:C7:80:6A:B1:F6:90:EA:3B:40:39:00:4E:3E:7A
Certificate issuer:       /CN=1e14eb1eef66c2d349f3f7d7bafa68e49fbfec9c
Certificate serial:       01941F8C18AA44B3E17576A63D22D2509FAE
Authority key identifier: 1E:14:EB:1E:EF:66:C2:D3:49:F3:F7:D7:BA:FA:68:E4:9F:BF:EC:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/QxGFNF72x4BqsfaQ6jtAOQBOPno.roa
Signing time:             Wed 01 Jan 2025 01:47:42 +0000
ROA not before:           Wed 01 Jan 2025 01:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210368
IP address blocks:        94.45.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:18:aa:44:b3:e1:75:76:a6:3d:22:d2:50:9f:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e14eb1eef66c2d349f3f7d7bafa68e49fbfec9c
        Validity
            Not Before: Jan  1 01:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=431185345ef6c7806ab1f690ea3b4039004e3e7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:bf:0d:f8:c1:38:b9:e0:8b:46:a8:d1:0a:b8:
                    ea:84:59:8f:68:e3:fb:48:03:f2:81:65:9d:af:cb:
                    89:fb:9e:20:8e:0b:7a:07:4c:8b:6d:93:4b:b4:09:
                    30:c7:31:af:f6:06:63:53:60:21:bd:fe:f4:64:d4:
                    2f:c1:be:f0:38:14:f5:73:c2:7e:bc:03:1d:79:34:
                    fd:d4:08:98:8c:58:79:32:2c:6f:c4:ff:48:b3:f2:
                    48:d5:0c:86:e5:ef:c1:19:ed:31:39:57:b2:93:9f:
                    10:0f:9d:d7:61:55:bd:55:64:19:86:49:bb:4f:15:
                    44:f5:50:af:51:41:f1:a3:51:92:7c:b8:26:8c:f4:
                    39:30:f0:a7:b4:fe:3e:4e:f4:4a:93:42:8f:c4:4c:
                    75:3a:a1:d5:00:97:4d:45:d5:3c:fa:2b:1e:30:92:
                    5d:69:07:45:2e:c3:9d:89:aa:3b:69:34:83:2c:c1:
                    72:11:cd:eb:db:72:27:7b:5c:86:2e:79:ba:39:ad:
                    57:39:e0:27:03:42:c6:ac:db:bc:b2:8e:75:a6:83:
                    55:46:4a:16:d4:5c:52:70:31:e9:3f:3f:aa:1a:04:
                    ea:0b:a0:c9:c2:b7:f1:b3:ae:ce:b3:6f:a2:8e:f9:
                    61:a6:45:22:71:af:f1:2d:f1:d1:67:f7:01:f4:e6:
                    69:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:11:85:34:5E:F6:C7:80:6A:B1:F6:90:EA:3B:40:39:00:4E:3E:7A
            X509v3 Authority Key Identifier:
                keyid:1E:14:EB:1E:EF:66:C2:D3:49:F3:F7:D7:BA:FA:68:E4:9F:BF:EC:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/QxGFNF72x4BqsfaQ6jtAOQBOPno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.45.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:5c:b1:24:07:ef:ae:77:9a:ac:e1:92:0f:6c:d3:8b:44:68:
         95:df:0a:57:77:af:32:98:b4:0b:a9:0b:00:67:91:30:73:dc:
         08:a3:df:01:12:ca:24:e1:4b:7d:7f:61:e4:cb:6c:f7:3a:bd:
         e2:b8:eb:92:86:c2:09:cc:17:1b:fb:f8:24:50:0a:fc:75:84:
         03:08:f9:76:f3:f6:26:c5:2a:cb:cc:f1:37:05:d8:29:e7:7f:
         ca:88:52:1a:a4:5f:c1:7f:0b:f5:8f:fa:d9:44:98:d5:f8:12:
         2a:de:6e:e9:84:f3:bd:09:b3:c1:c6:a8:e2:61:74:2b:0e:cb:
         0f:32:cd:26:7e:44:26:cd:b5:73:7c:06:00:81:ef:c3:77:c0:
         e9:09:b1:55:59:68:79:a0:21:96:99:f3:91:da:e5:15:79:49:
         3f:fd:e3:84:00:60:03:e5:c7:51:27:eb:c2:82:a0:09:dc:72:
         bd:f6:b2:aa:45:74:96:e2:5a:57:13:f8:46:33:a7:ba:c9:63:
         71:8e:b9:da:8b:eb:97:09:e5:71:d6:04:91:ff:4d:1f:5f:05:
         1e:f0:e1:7c:c3:bc:3b:98:b9:92:fd:1d:76:19:9d:84:7b:fe:
         fd:49:39:3c:89:72:9d:2f:d4:07:39:14:c2:0a:4e:17:5f:ca:
         b2:3a:db:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjBiqRLPhdXamPSLSUJ+uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMTRlYjFlZWY2NmMyZDM0OWYzZjdkN2JhZmE2OGU0OWZi
ZmVjOWMwHhcNMjUwMTAxMDE0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzExODUzNDVlZjZjNzgwNmFiMWY2OTBlYTNiNDAzOTAwNGUzZTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxr8N+ME4ueCLRqjRCrjqhFmPaOP7
SAPygWWdr8uJ+54gjgt6B0yLbZNLtAkwxzGv9gZjU2Ahvf70ZNQvwb7wOBT1c8J+
vAMdeTT91AiYjFh5MixvxP9Is/JI1QyG5e/BGe0xOVeyk58QD53XYVW9VWQZhkm7
TxVE9VCvUUHxo1GSfLgmjPQ5MPCntP4+TvRKk0KPxEx1OqHVAJdNRdU8+iseMJJd
aQdFLsOdiao7aTSDLMFyEc3r23Ine1yGLnm6Oa1XOeAnA0LGrNu8so51poNVRkoW
1FxScDHpPz+qGgTqC6DJwrfxs67Os2+ijvlhpkUica/xLfHRZ/cB9OZpAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEMRhTRe9seAarH2kOo7QDkATj56MB8GA1UdIwQY
MBaAFB4U6x7vZsLTSfP317r6aOSfv+ycMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGhUckh1OW13dE5KOF9mWHV2cG81Si1fN0p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8zMzNhYjEtYWY5Yi00MzRjLThkMTMt
OWNhOThmNDk1MGNmLzEvUXhHRk5GNzJ4NEJxc2ZhUTZqdEFPUUJPUG5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8zMzNhYjEtYWY5Yi00MzRjLThkMTMtOWNhOThmNDk1MGNm
LzEvSGhUckh1OW13dE5KOF9mWHV2cG81Si1fN0p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXi2QMA0G
CSqGSIb3DQEBCwUAA4IBAQCNXLEkB++ud5qs4ZIPbNOLRGiV3wpXd68ymLQLqQsA
Z5Ewc9wIo98BEsok4Ut9f2Hky2z3Or3iuOuShsIJzBcb+/gkUAr8dYQDCPl28/Ym
xSrLzPE3Bdgp53/KiFIapF/Bfwv1j/rZRJjV+BIq3m7phPO9CbPBxqjiYXQrDssP
Ms0mfkQmzbVzfAYAge/Dd8DpCbFVWWh5oCGWmfOR2uUVeUk//eOEAGAD5cdRJ+vC
gqAJ3HK99rKqRXSW4lpXE/hGM6e6yWNxjrnai+uXCeVx1gSR/00fXwUe8OF8w7w7
mLmS/R12GZ2Ee/79STk8iXKdL9QHORTCCk4XX8qyOttP
-----END CERTIFICATE-----