Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/qnoXcobTtJZawYccy6q_j_ktEjQ.roa
File:                     qnoXcobTtJZawYccy6q_j_ktEjQ.roa (raw, json)
Hash identifier:          YgqRq2TALdrM9up57j8hrsz1UPh0HBnD1px4pxGN8rs=
Subject key identifier:   AA:7A:17:72:86:D3:B4:96:5A:C1:87:1C:CB:AA:BF:8F:F9:2D:12:34
Certificate issuer:       /CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
Certificate serial:       01942369BE5B74DA969B9760DEE123002CC1
Authority key identifier: D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/qnoXcobTtJZawYccy6q_j_ktEjQ.roa
Signing time:             Wed 01 Jan 2025 19:48:40 +0000
ROA not before:           Wed 01 Jan 2025 19:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62240
IP address blocks:        45.140.245.0/24 maxlen: 24
                          45.140.246.0/24 maxlen: 24
                          81.199.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 06:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:be:5b:74:da:96:9b:97:60:de:e1:23:00:2c:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
        Validity
            Not Before: Jan  1 19:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa7a177286d3b4965ac1871ccbaabf8ff92d1234
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:b9:90:6e:9c:c1:c8:75:b9:94:00:ee:6d:21:
                    37:3a:55:6d:c7:ca:98:48:b0:a2:40:8a:af:4f:d2:
                    47:21:ee:7f:65:24:55:5b:56:c8:4e:71:24:62:4c:
                    d8:76:65:57:cb:a6:4b:83:70:8d:74:72:ea:04:8f:
                    9c:4b:e0:ce:5d:92:ff:fd:c1:05:cf:66:fd:3b:e7:
                    1e:69:06:a9:12:a3:44:f4:c9:e0:05:30:fa:02:5e:
                    e2:4f:d0:7a:f3:bf:40:d1:fe:ad:7f:ea:a5:8d:ea:
                    05:95:8c:23:18:d4:a1:da:f4:18:25:37:06:75:e4:
                    d2:d2:c4:50:0c:ba:e6:eb:23:ed:22:12:59:01:a3:
                    57:e3:ad:8a:d0:93:8d:62:d8:3a:7a:28:24:a2:50:
                    ac:09:b1:12:fe:81:80:ad:94:66:50:6f:06:0f:dc:
                    47:97:8a:be:cb:ac:b5:d3:1c:c6:40:77:66:c9:5d:
                    a7:50:77:dc:bb:7a:6f:69:42:ce:84:0a:79:ef:42:
                    cb:22:04:09:1b:c0:52:b7:1b:d1:14:86:56:6a:bc:
                    9d:6f:e7:93:e9:5a:c0:db:ce:ac:08:bc:34:d4:f6:
                    97:56:84:a4:b7:0c:89:13:6b:c3:07:f9:45:0e:7e:
                    7f:42:96:ed:71:3e:01:f7:d3:ad:56:e7:19:8f:e3:
                    aa:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:7A:17:72:86:D3:B4:96:5A:C1:87:1C:CB:AA:BF:8F:F9:2D:12:34
            X509v3 Authority Key Identifier:
                keyid:D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/qnoXcobTtJZawYccy6q_j_ktEjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.245.0-45.140.246.255
                  81.199.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:2c:b3:5b:46:12:aa:54:61:fc:1a:27:4d:0f:b8:9a:48:6e:
         e0:f5:e0:b6:c5:14:ee:fa:29:26:0a:65:e0:a0:84:c0:95:e0:
         69:d3:ec:50:39:9a:4b:1b:ca:60:77:3c:52:f3:a2:38:92:05:
         00:b8:80:40:8a:32:9d:e7:ca:38:fa:91:60:11:cb:47:ee:a1:
         84:eb:3d:e0:3a:e2:b6:ce:f3:a0:c6:7b:4f:d6:17:1a:8f:c2:
         d6:a3:eb:c3:d1:26:8a:43:75:55:13:e9:7f:d5:c2:62:3a:40:
         cc:d0:50:63:6f:36:92:9e:f0:da:fe:aa:74:06:a9:e9:70:a9:
         fa:d3:cb:99:e2:36:56:68:b3:5c:d6:70:5e:18:4d:36:c6:5f:
         d3:d5:c9:ca:29:73:65:5a:a1:02:26:e7:21:d1:ad:ea:62:a4:
         1b:96:f6:7c:43:8d:ae:9c:63:2c:03:bb:4a:98:5e:3f:70:9c:
         51:4b:c2:74:36:db:84:a5:c8:1f:6a:aa:c7:5c:8f:bf:d6:2f:
         24:a4:ce:87:83:42:10:18:f7:de:fc:f4:dd:17:9f:56:b0:47:
         6b:b0:af:0f:db:25:bd:98:0c:9d:d5:d3:7e:d0:a7:97:d0:68:
         b6:bb:4d:88:4b:03:f0:3e:0b:bb:db:59:bd:fd:3e:d5:10:f8:
         09:21:49:31
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQjab5bdNqWm5dg3uEjACzBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGUxMjRlMGY4YWRiNGU3ZDk1NzZjZWFlMzI1ZjY2OGRk
MjI0YjEwHhcNMjUwMTAxMTk0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTdhMTc3Mjg2ZDNiNDk2NWFjMTg3MWNjYmFhYmY4ZmY5MmQxMjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5LmQbpzByHW5lADubSE3OlVtx8qY
SLCiQIqvT9JHIe5/ZSRVW1bITnEkYkzYdmVXy6ZLg3CNdHLqBI+cS+DOXZL//cEF
z2b9O+ceaQapEqNE9MngBTD6Al7iT9B6879A0f6tf+qljeoFlYwjGNSh2vQYJTcG
deTS0sRQDLrm6yPtIhJZAaNX462K0JONYtg6eigkolCsCbES/oGArZRmUG8GD9xH
l4q+y6y10xzGQHdmyV2nUHfcu3pvaULOhAp570LLIgQJG8BStxvRFIZWarydb+eT
6VrA286sCLw01PaXVoSktwyJE2vDB/lFDn5/QpbtcT4B99OtVucZj+OqaQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKp6F3KG07SWWsGHHMuqv4/5LRI0MB8GA1UdIwQY
MBaAFNHeEk4PittOfZV2zq4yX2aN0iSxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTct
NGY0YzliMzQzZTkwLzEvcW5vWGNvYlR0Slphd1ljY3k2cV9qX2t0RWpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTctNGY0YzliMzQzZTkw
LzEvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAtjPUD
BAAtjPYDBABRxxowDQYJKoZIhvcNAQELBQADggEBALUss1tGEqpUYfwaJ00PuJpI
buD14LbFFO76KSYKZeCghMCV4GnT7FA5mksbymB3PFLzojiSBQC4gECKMp3nyjj6
kWARy0fuoYTrPeA64rbO86DGe0/WFxqPwtaj68PRJopDdVUT6X/VwmI6QMzQUGNv
NpKe8Nr+qnQGqelwqfrTy5niNlZos1zWcF4YTTbGX9PVycopc2VaoQIm5yHRrepi
pBuW9nxDja6cYywDu0qYXj9wnFFLwnQ224SlyB9qqsdcj7/WLySkzoeDQhAY9978
9N0Xn1awR2uwrw/bJb2YDJ3V037Qp5fQaLa7TYhLA/A+C7vbWb39PtUQ+AkhSTE=
-----END CERTIFICATE-----