Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/5b4185-b080-498e-8cc7-6a6af5b74d38/1/QaIK-rl-UO6iCpNPezV_L0xU2YU.roa
File:                     QaIK-rl-UO6iCpNPezV_L0xU2YU.roa (raw, json)
Hash identifier:          xhqiUIeuQiCwC9en8JMr8aD8gps5b0AVPyZ6zETgu08=
Subject key identifier:   41:A2:0A:FA:B9:7E:50:EE:A2:0A:93:4F:7B:35:7F:2F:4C:54:D9:85
Certificate issuer:       /CN=d2323101b29596ff442d3749373b8e9983354670
Certificate serial:       0196A4C62259BAFD9060971B04CF0B292123
Authority key identifier: D2:32:31:01:B2:95:96:FF:44:2D:37:49:37:3B:8E:99:83:35:46:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0jIxAbKVlv9ELTdJNzuOmYM1RnA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/5b4185-b080-498e-8cc7-6a6af5b74d38/1/QaIK-rl-UO6iCpNPezV_L0xU2YU.roa
Signing time:             Tue 06 May 2025 08:46:10 +0000
ROA not before:           Tue 06 May 2025 08:46:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44125
IP address blocks:        45.152.24.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/5b4185-b080-498e-8cc7-6a6af5b74d38/1/0jIxAbKVlv9ELTdJNzuOmYM1RnA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/5b4185-b080-498e-8cc7-6a6af5b74d38/1/0jIxAbKVlv9ELTdJNzuOmYM1RnA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0jIxAbKVlv9ELTdJNzuOmYM1RnA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a4:c6:22:59:ba:fd:90:60:97:1b:04:cf:0b:29:21:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2323101b29596ff442d3749373b8e9983354670
        Validity
            Not Before: May  6 08:46:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41a20afab97e50eea20a934f7b357f2f4c54d985
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:8b:b3:ac:a6:5c:dc:31:0c:36:2f:16:7b:a6:
                    8e:d8:84:10:0c:0f:90:94:d1:b9:57:a4:ac:d8:fc:
                    a2:1d:84:a8:77:f9:2e:10:dc:03:7e:c9:22:67:79:
                    cc:a1:20:0a:6b:87:0b:89:2b:10:38:a0:3e:72:d8:
                    7a:9a:3f:45:27:b3:9f:3e:b1:d2:dc:52:02:b6:6a:
                    c7:0a:9b:ca:fa:c9:5b:1f:a9:ad:6d:ec:31:a8:41:
                    7d:90:c8:1c:15:a9:b4:a4:93:7f:53:18:9d:df:8c:
                    52:ac:84:e3:36:22:b4:48:05:cd:f6:6b:58:8f:fc:
                    8a:d9:78:5e:3d:6e:99:50:a9:b4:13:70:8c:9a:a7:
                    fa:c8:f7:93:c5:65:07:10:c4:7d:98:40:39:80:ba:
                    c4:49:80:2a:67:94:45:d3:d5:7f:b8:0c:b3:2d:16:
                    9b:c6:98:fe:34:c2:a9:63:02:d6:bb:89:3d:0b:ae:
                    62:b8:27:ef:79:b1:04:04:c3:07:65:d5:20:a6:3a:
                    1b:7c:fa:63:61:b3:e8:b5:56:7a:09:b3:30:4d:fc:
                    98:f0:2c:5e:7f:b7:9d:fc:3d:b4:70:73:32:aa:14:
                    14:ac:df:19:58:a7:b5:e6:69:10:40:52:5f:15:71:
                    f7:30:4f:b2:e6:3a:0d:84:6f:8f:41:6c:25:93:e8:
                    79:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:A2:0A:FA:B9:7E:50:EE:A2:0A:93:4F:7B:35:7F:2F:4C:54:D9:85
            X509v3 Authority Key Identifier:
                keyid:D2:32:31:01:B2:95:96:FF:44:2D:37:49:37:3B:8E:99:83:35:46:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0jIxAbKVlv9ELTdJNzuOmYM1RnA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/5b4185-b080-498e-8cc7-6a6af5b74d38/1/QaIK-rl-UO6iCpNPezV_L0xU2YU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/5b4185-b080-498e-8cc7-6a6af5b74d38/1/0jIxAbKVlv9ELTdJNzuOmYM1RnA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:fd:9f:c5:c1:f5:07:a1:be:df:e8:c5:98:c8:96:12:85:f3:
         78:18:22:e6:39:75:ff:96:9a:a2:a6:93:b6:e7:70:1b:57:0f:
         5b:cb:8e:6d:ba:a7:35:21:29:0b:33:92:b1:29:63:85:4a:5d:
         02:72:e0:3f:16:dd:b0:69:8f:06:05:23:c0:a9:e7:d2:4b:41:
         b4:a3:6d:d7:7e:ce:6c:46:89:29:e6:a1:18:4e:7f:9c:82:b0:
         3d:3b:28:56:00:a9:23:8e:19:b3:61:cf:6d:00:dd:31:7a:6b:
         64:5b:22:42:5c:64:62:fa:38:13:93:be:5c:30:7d:01:60:e5:
         ff:7f:af:b1:e0:6c:53:d5:fc:33:d8:32:8e:a8:f6:c0:9b:02:
         fe:cf:a0:18:a7:11:c7:70:30:44:cd:0e:d5:ce:c1:ef:e9:11:
         e6:2a:7e:af:29:ac:99:8d:e6:0b:29:79:46:60:21:6a:f0:a6:
         73:68:5a:a9:5c:ac:23:68:53:be:c1:18:9f:33:df:35:78:6f:
         ec:71:c7:d4:f9:43:27:4b:a4:f5:d0:f9:a4:28:ca:bf:2f:34:
         f2:79:9b:62:7e:83:23:ca:42:3c:c0:fe:7d:70:11:3f:91:8d:
         f4:48:16:ce:cc:38:1b:30:27:fd:ca:44:61:c3:db:5a:84:4b:
         0e:cf:bd:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZakxiJZuv2QYJcbBM8LKSEjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMzIzMTAxYjI5NTk2ZmY0NDJkMzc0OTM3M2I4ZTk5ODMz
NTQ2NzAwHhcNMjUwNTA2MDg0NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWEyMGFmYWI5N2U1MGVlYTIwYTkzNGY3YjM1N2YyZjRjNTRkOTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4uzrKZc3DEMNi8We6aO2IQQDA+Q
lNG5V6Ss2PyiHYSod/kuENwDfskiZ3nMoSAKa4cLiSsQOKA+cth6mj9FJ7OfPrHS
3FICtmrHCpvK+slbH6mtbewxqEF9kMgcFam0pJN/Uxid34xSrITjNiK0SAXN9mtY
j/yK2XhePW6ZUKm0E3CMmqf6yPeTxWUHEMR9mEA5gLrESYAqZ5RF09V/uAyzLRab
xpj+NMKpYwLWu4k9C65iuCfvebEEBMMHZdUgpjobfPpjYbPotVZ6CbMwTfyY8Cxe
f7ed/D20cHMyqhQUrN8ZWKe15mkQQFJfFXH3ME+y5joNhG+PQWwlk+h5mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEGiCvq5flDuogqTT3s1fy9MVNmFMB8GA1UdIwQY
MBaAFNIyMQGylZb/RC03STc7jpmDNUZwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGpJeEFiS1ZsdjlFTFRkSk56dU9tWU0xUm5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS81YjQxODUtYjA4MC00OThlLThjYzct
NmE2YWY1Yjc0ZDM4LzEvUWFJSy1ybC1VTzZpQ3BOUGV6Vl9MMHhVMllVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS81YjQxODUtYjA4MC00OThlLThjYzctNmE2YWY1Yjc0ZDM4
LzEvMGpJeEFiS1ZsdjlFTFRkSk56dU9tWU0xUm5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZgYMA0G
CSqGSIb3DQEBCwUAA4IBAQBo/Z/FwfUHob7f6MWYyJYShfN4GCLmOXX/lpqippO2
53AbVw9by45tuqc1ISkLM5KxKWOFSl0CcuA/Ft2waY8GBSPAqefSS0G0o23Xfs5s
Rokp5qEYTn+cgrA9OyhWAKkjjhmzYc9tAN0xemtkWyJCXGRi+jgTk75cMH0BYOX/
f6+x4GxT1fwz2DKOqPbAmwL+z6AYpxHHcDBEzQ7VzsHv6RHmKn6vKayZjeYLKXlG
YCFq8KZzaFqpXKwjaFO+wRifM981eG/sccfU+UMnS6T10PmkKMq/LzTyeZtifoMj
ykI8wP59cBE/kY30SBbOzDgbMCf9ykRhw9tahEsOz70a
-----END CERTIFICATE-----