Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/qZRUKhtlwXj4OrWA8MBU_mzQqJE.roa
File:                     qZRUKhtlwXj4OrWA8MBU_mzQqJE.roa (raw, json)
Hash identifier:          m4ExbXP9WfcgqmfcRkXxxoPJRBeGpqPuyhVZmNOMFB4=
Subject key identifier:   A9:94:54:2A:1B:65:C1:78:F8:3A:B5:80:F0:C0:54:FE:6C:D0:A8:91
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0194236A03474D7A0A77708B81C333C65072
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/qZRUKhtlwXj4OrWA8MBU_mzQqJE.roa
Signing time:             Wed 01 Jan 2025 19:48:57 +0000
ROA not before:           Wed 01 Jan 2025 19:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399641
IP address blocks:        45.155.66.0/24 maxlen: 24
                          45.155.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:03:47:4d:7a:0a:77:70:8b:81:c3:33:c6:50:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 19:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a994542a1b65c178f83ab580f0c054fe6cd0a891
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:a1:e3:61:51:8e:a9:da:d7:51:cf:fe:b6:b3:
                    e2:85:04:5b:68:d5:1a:f8:31:bb:21:e1:9d:8b:3b:
                    02:b6:4d:a9:1e:1c:46:5e:e8:97:ed:64:e6:06:52:
                    24:26:f5:d6:8e:3b:77:5c:8b:54:b4:17:6f:36:a7:
                    95:23:2f:a5:3d:2c:bd:90:16:05:23:62:a1:5c:a6:
                    c5:b5:7e:93:d9:84:cc:61:34:ad:8f:16:70:fa:0c:
                    2d:7a:d3:6a:ac:d1:85:3f:93:fa:04:ba:91:77:7c:
                    b3:f0:e2:f7:d9:11:af:28:72:f9:f3:42:fa:1c:07:
                    7f:c5:fc:a2:13:0c:16:65:c5:c6:41:83:82:a1:df:
                    7c:7f:aa:40:9c:9b:f9:68:1c:93:cf:83:11:07:b5:
                    80:07:20:0f:d8:d3:0a:63:85:05:cb:c3:0b:77:67:
                    17:19:74:f3:64:74:63:c8:a2:86:5a:4d:bf:70:d9:
                    08:34:53:92:55:c8:3f:37:9e:8a:ee:ef:ac:1a:cb:
                    b7:6a:1d:8c:98:72:51:21:2f:c5:06:17:f4:f1:2e:
                    66:f4:4e:72:04:40:1c:da:41:0b:ab:51:7e:53:75:
                    65:ad:42:df:74:83:70:41:9f:f4:cd:95:7d:49:11:
                    34:08:1a:12:f4:03:89:7d:92:da:4f:f0:e2:31:93:
                    e7:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:94:54:2A:1B:65:C1:78:F8:3A:B5:80:F0:C0:54:FE:6C:D0:A8:91
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/qZRUKhtlwXj4OrWA8MBU_mzQqJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:56:be:b6:a4:90:d5:dd:a6:a3:b4:c9:73:c0:6e:a4:d5:1b:
         c7:16:f2:4f:d8:77:71:fb:0e:9f:be:82:a3:d2:ad:79:eb:ed:
         93:74:a7:b3:3b:f8:c0:b2:f5:a8:fb:30:55:11:1b:c8:08:f5:
         79:c2:07:ae:4b:c5:db:65:75:19:3f:47:7a:9e:b3:f3:27:41:
         a4:71:bf:95:7b:7a:cd:b1:33:2c:a7:10:22:1e:14:60:7d:f3:
         ac:6d:95:86:e3:5f:c5:fa:27:4a:97:ef:44:38:98:07:ed:b0:
         a7:46:7e:ad:26:06:00:f1:26:da:3a:11:81:70:fe:a9:d5:11:
         c1:91:7b:fc:c5:83:f6:8f:22:a4:d8:c3:cd:08:cf:c6:8f:0b:
         65:e4:4d:c5:13:75:47:98:fa:df:c3:49:54:a5:92:1d:06:37:
         b4:c2:6a:bb:a0:54:67:b9:51:62:b4:77:b3:67:c6:bb:bf:03:
         3b:c1:05:9b:50:b2:f3:e5:db:20:e1:a2:f6:38:9b:76:92:4f:
         50:1e:75:b0:e1:16:00:6e:a0:30:d6:cc:b7:f8:d0:8f:16:e9:
         30:2a:85:d5:41:04:e9:ff:52:ed:c5:b4:b1:d0:e4:2f:64:fe:
         55:65:1e:f3:d5:4b:6d:b1:53:e5:aa:4d:51:60:cc:8e:b4:e7:
         93:c2:e8:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjagNHTXoKd3CLgcMzxlByMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMTAxMTk0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTk0NTQyYTFiNjVjMTc4ZjgzYWI1ODBmMGMwNTRmZTZjZDBhODkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqHjYVGOqdrXUc/+trPihQRbaNUa
+DG7IeGdizsCtk2pHhxGXuiX7WTmBlIkJvXWjjt3XItUtBdvNqeVIy+lPSy9kBYF
I2KhXKbFtX6T2YTMYTStjxZw+gwtetNqrNGFP5P6BLqRd3yz8OL32RGvKHL580L6
HAd/xfyiEwwWZcXGQYOCod98f6pAnJv5aByTz4MRB7WAByAP2NMKY4UFy8MLd2cX
GXTzZHRjyKKGWk2/cNkINFOSVcg/N56K7u+sGsu3ah2MmHJRIS/FBhf08S5m9E5y
BEAc2kELq1F+U3VlrULfdINwQZ/0zZV9SRE0CBoS9AOJfZLaT/DiMZPnrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKmUVCobZcF4+Dq1gPDAVP5s0KiRMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvcVpSVUtodGx3WGo0T3JXQThNQlVfbXpRcUpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZtCMA0G
CSqGSIb3DQEBCwUAA4IBAQAWVr62pJDV3aajtMlzwG6k1RvHFvJP2Hdx+w6fvoKj
0q156+2TdKezO/jAsvWo+zBVERvICPV5wgeuS8XbZXUZP0d6nrPzJ0Gkcb+Ve3rN
sTMspxAiHhRgffOsbZWG41/F+idKl+9EOJgH7bCnRn6tJgYA8SbaOhGBcP6p1RHB
kXv8xYP2jyKk2MPNCM/Gjwtl5E3FE3VHmPrfw0lUpZIdBje0wmq7oFRnuVFitHez
Z8a7vwM7wQWbULLz5dsg4aL2OJt2kk9QHnWw4RYAbqAw1sy3+NCPFukwKoXVQQTp
/1LtxbSx0OQvZP5VZR7z1UttsVPlqk1RYMyOtOeTwuju
-----END CERTIFICATE-----