Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/68f44b-3675-4ad8-a0ca-74ba26aaf1f6/1/LuqTaLAIb1FyHM5wmPs1YLA-1NQ.roa
File:                     LuqTaLAIb1FyHM5wmPs1YLA-1NQ.roa (raw, json)
Hash identifier:          qV1VopZp94X/gYFO14Dpzbo5vZkWKbjRJxqhcQk1sTY=
Subject key identifier:   2E:EA:93:68:B0:08:6F:51:72:1C:CE:70:98:FB:35:60:B0:3E:D4:D4
Certificate issuer:       /CN=36980b4863a4c0fc109e933a9f8f7892e42622f8
Certificate serial:       019423D7113DB20AB33EF6E6F1923DD79F82
Authority key identifier: 36:98:0B:48:63:A4:C0:FC:10:9E:93:3A:9F:8F:78:92:E4:26:22:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpgLSGOkwPwQnpM6n494kuQmIvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/68f44b-3675-4ad8-a0ca-74ba26aaf1f6/1/LuqTaLAIb1FyHM5wmPs1YLA-1NQ.roa
Signing time:             Wed 01 Jan 2025 21:48:04 +0000
ROA not before:           Wed 01 Jan 2025 21:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212041
IP address blocks:        45.130.24.0/24 maxlen: 31
                          45.130.25.0/24 maxlen: 31
                          45.130.26.0/24 maxlen: 31
                          45.130.27.0/24 maxlen: 31
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/68f44b-3675-4ad8-a0ca-74ba26aaf1f6/1/NpgLSGOkwPwQnpM6n494kuQmIvg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/68f44b-3675-4ad8-a0ca-74ba26aaf1f6/1/NpgLSGOkwPwQnpM6n494kuQmIvg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NpgLSGOkwPwQnpM6n494kuQmIvg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:11:3d:b2:0a:b3:3e:f6:e6:f1:92:3d:d7:9f:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36980b4863a4c0fc109e933a9f8f7892e42622f8
        Validity
            Not Before: Jan  1 21:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2eea9368b0086f51721cce7098fb3560b03ed4d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:4e:e5:05:63:69:02:03:8f:a4:f9:3c:49:61:
                    e8:0c:ad:aa:c0:d2:f2:fb:60:ac:d2:f0:86:99:53:
                    a4:28:ba:22:cc:aa:cf:8c:cf:a9:b4:19:7e:ba:d6:
                    de:f7:dd:15:d3:74:e5:fa:41:3d:ac:86:74:3b:f0:
                    65:f5:e6:3a:3b:02:4f:5b:5d:9d:3d:e1:6e:4d:b7:
                    a8:c6:38:d1:0e:59:3b:96:55:7c:04:e3:e4:e8:57:
                    28:6f:39:ab:c1:a4:13:2b:d2:33:9b:f3:8e:3c:ec:
                    2e:7b:1c:65:2c:2d:cd:4d:50:b5:04:d9:7a:09:8d:
                    49:cd:2f:ce:dc:f3:de:eb:e5:aa:39:3a:a2:64:4e:
                    35:8f:e4:21:a3:b9:58:69:b3:06:2d:c7:39:23:8b:
                    78:6b:13:f5:80:fc:a1:0d:bb:04:09:e1:f0:7c:f5:
                    56:53:e2:8f:40:db:94:44:48:cf:a3:10:31:2e:0a:
                    19:35:f6:f6:d2:93:cf:01:77:e8:21:5c:7e:ee:84:
                    37:79:6b:1e:6b:27:a9:c5:56:8f:c5:8e:f6:04:18:
                    a9:ce:ee:8d:0f:2c:bc:c4:66:6e:1f:b1:a2:e9:0a:
                    69:fe:56:13:b1:34:ba:d5:e7:ae:69:bc:47:61:46:
                    52:32:0b:53:41:a2:3f:c2:45:07:2c:bd:2f:73:65:
                    5e:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:EA:93:68:B0:08:6F:51:72:1C:CE:70:98:FB:35:60:B0:3E:D4:D4
            X509v3 Authority Key Identifier:
                keyid:36:98:0B:48:63:A4:C0:FC:10:9E:93:3A:9F:8F:78:92:E4:26:22:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpgLSGOkwPwQnpM6n494kuQmIvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/68f44b-3675-4ad8-a0ca-74ba26aaf1f6/1/LuqTaLAIb1FyHM5wmPs1YLA-1NQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/68f44b-3675-4ad8-a0ca-74ba26aaf1f6/1/NpgLSGOkwPwQnpM6n494kuQmIvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:bf:bd:55:1c:55:62:09:54:5e:76:27:6c:7f:27:01:b2:24:
         11:57:a9:60:a5:05:49:c7:bc:fe:2c:f3:71:17:50:9c:74:9d:
         4f:da:8d:bc:d9:9d:5c:da:00:38:c3:e0:76:d5:a3:47:da:7c:
         63:32:cd:80:54:46:e6:d0:96:e2:e0:2b:7b:bb:a5:83:68:74:
         9c:a8:ce:36:02:8c:2a:56:99:44:a7:6e:9c:6c:ce:83:77:5c:
         e4:8a:c1:16:a2:ee:02:2b:6c:18:67:1e:fa:d0:9b:4d:5c:0b:
         87:33:70:0c:5f:69:be:8b:29:e7:53:cf:40:94:fb:bf:fa:e0:
         33:24:8f:c7:48:df:01:0b:0d:81:b9:59:1a:ec:64:57:34:6d:
         d0:ef:25:59:9c:8d:35:aa:72:b5:d2:ea:a4:48:e4:e1:f7:a3:
         bb:4e:ae:76:a3:6e:c2:98:75:cf:ee:c7:5c:4d:a4:7c:ad:5a:
         fd:77:06:92:db:f4:3c:42:18:d6:d0:06:0b:f2:73:7f:55:e2:
         16:7a:44:30:ce:ea:33:8f:2a:05:58:8b:78:5e:48:81:16:9a:
         01:80:96:22:38:98:cd:5b:ad:6b:88:02:34:b0:08:7e:ed:1d:
         46:77:44:08:dc:30:48:f8:fd:48:d2:02:b2:fd:c3:8d:d8:c8:
         d9:bc:d5:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1xE9sgqzPvbm8ZI915+CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OTgwYjQ4NjNhNGMwZmMxMDllOTMzYTlmOGY3ODkyZTQy
NjIyZjgwHhcNMjUwMTAxMjE0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWVhOTM2OGIwMDg2ZjUxNzIxY2NlNzA5OGZiMzU2MGIwM2VkNGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApE7lBWNpAgOPpPk8SWHoDK2qwNLy
+2Cs0vCGmVOkKLoizKrPjM+ptBl+utbe990V03Tl+kE9rIZ0O/Bl9eY6OwJPW12d
PeFuTbeoxjjRDlk7llV8BOPk6FcobzmrwaQTK9Izm/OOPOwuexxlLC3NTVC1BNl6
CY1JzS/O3PPe6+WqOTqiZE41j+Qho7lYabMGLcc5I4t4axP1gPyhDbsECeHwfPVW
U+KPQNuUREjPoxAxLgoZNfb20pPPAXfoIVx+7oQ3eWseayepxVaPxY72BBipzu6N
Dyy8xGZuH7Gi6Qpp/lYTsTS61eeuabxHYUZSMgtTQaI/wkUHLL0vc2VeDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7qk2iwCG9RchzOcJj7NWCwPtTUMB8GA1UdIwQY
MBaAFDaYC0hjpMD8EJ6TOp+PeJLkJiL4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnBnTFNHT2t3UHdRbnBNNm40OTRrdVFtSXZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82OGY0NGItMzY3NS00YWQ4LWEwY2Et
NzRiYTI2YWFmMWY2LzEvTHVxVGFMQUliMUZ5SE01d21QczFZTEEtMU5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82OGY0NGItMzY3NS00YWQ4LWEwY2EtNzRiYTI2YWFmMWY2
LzEvTnBnTFNHT2t3UHdRbnBNNm40OTRrdVFtSXZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYIYMA0G
CSqGSIb3DQEBCwUAA4IBAQAfv71VHFViCVRedidsfycBsiQRV6lgpQVJx7z+LPNx
F1CcdJ1P2o282Z1c2gA4w+B21aNH2nxjMs2AVEbm0Jbi4Ct7u6WDaHScqM42Aowq
VplEp26cbM6Dd1zkisEWou4CK2wYZx760JtNXAuHM3AMX2m+iynnU89AlPu/+uAz
JI/HSN8BCw2BuVka7GRXNG3Q7yVZnI01qnK10uqkSOTh96O7Tq52o27CmHXP7sdc
TaR8rVr9dwaS2/Q8QhjW0AYL8nN/VeIWekQwzuozjyoFWIt4XkiBFpoBgJYiOJjN
W61riAI0sAh+7R1Gd0QI3DBI+P1I0gKy/cON2MjZvNXT
-----END CERTIFICATE-----