Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/08f9b4-115c-4488-b567-5cf7c0621065/1/RQIIwfPKKX5p7u0Y-C_D5Y-bKBI.roa
File:                     RQIIwfPKKX5p7u0Y-C_D5Y-bKBI.roa (raw, json)
Hash identifier:          KiLJtwlRDmcGob+kpYuioRY1Q/RLPjcl0rdsa4MFnrs=
Subject key identifier:   45:02:08:C1:F3:CA:29:7E:69:EE:ED:18:F8:2F:C3:E5:8F:9B:28:12
Certificate issuer:       /CN=f3751cf8c3a2d36c9744c96519899945ac607820
Certificate serial:       01941FFA976C83F2D75C19F3D27A2C67076A
Authority key identifier: F3:75:1C:F8:C3:A2:D3:6C:97:44:C9:65:19:89:99:45:AC:60:78:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/83Uc-MOi02yXRMllGYmZRaxgeCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/08f9b4-115c-4488-b567-5cf7c0621065/1/RQIIwfPKKX5p7u0Y-C_D5Y-bKBI.roa
Signing time:             Wed 01 Jan 2025 03:48:23 +0000
ROA not before:           Wed 01 Jan 2025 03:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209749
IP address blocks:        37.46.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/08f9b4-115c-4488-b567-5cf7c0621065/1/83Uc-MOi02yXRMllGYmZRaxgeCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/08f9b4-115c-4488-b567-5cf7c0621065/1/83Uc-MOi02yXRMllGYmZRaxgeCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/83Uc-MOi02yXRMllGYmZRaxgeCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:97:6c:83:f2:d7:5c:19:f3:d2:7a:2c:67:07:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3751cf8c3a2d36c9744c96519899945ac607820
        Validity
            Not Before: Jan  1 03:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=450208c1f3ca297e69eeed18f82fc3e58f9b2812
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:c5:13:ba:75:48:90:90:98:ba:1d:7a:5b:71:
                    e9:c5:b6:1f:bc:53:b6:3d:12:f6:f4:91:96:59:3f:
                    b0:a2:e1:80:43:fb:b0:31:cd:09:c3:c0:ab:81:a2:
                    75:3e:6e:e7:76:16:23:16:e8:0a:d2:08:41:02:aa:
                    de:5c:c9:5d:34:11:f0:5e:63:cc:04:b2:b6:cd:19:
                    36:34:e3:f2:0d:cd:2b:3f:e2:7f:c1:91:9c:06:37:
                    23:7b:56:d6:79:38:7b:68:9d:cd:9d:31:d3:30:ce:
                    74:81:6c:d8:40:eb:d8:30:e0:26:57:b2:a9:43:5a:
                    d6:18:fb:37:25:0e:c3:27:88:0a:12:47:96:a1:5a:
                    4c:bd:9c:26:a9:21:c3:0a:49:0e:c2:72:e7:d2:ba:
                    43:4a:28:ac:bb:e9:e0:5c:96:f2:9e:95:78:6c:df:
                    d0:98:b5:1e:28:4b:74:c0:55:98:3f:f0:26:26:63:
                    2f:77:03:73:e9:e5:de:11:46:eb:05:e5:8d:56:f4:
                    69:29:bb:b5:bf:8c:aa:6b:47:33:d9:ae:1f:6f:d2:
                    3b:f7:bb:67:f8:a2:2b:7c:8e:46:3c:78:42:1a:c5:
                    d3:cf:74:f5:a0:37:45:4f:6c:5b:1a:15:f3:26:dd:
                    29:cf:21:06:c7:a7:e1:29:38:07:1d:6b:ec:64:17:
                    1b:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:02:08:C1:F3:CA:29:7E:69:EE:ED:18:F8:2F:C3:E5:8F:9B:28:12
            X509v3 Authority Key Identifier:
                keyid:F3:75:1C:F8:C3:A2:D3:6C:97:44:C9:65:19:89:99:45:AC:60:78:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/83Uc-MOi02yXRMllGYmZRaxgeCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/08f9b4-115c-4488-b567-5cf7c0621065/1/RQIIwfPKKX5p7u0Y-C_D5Y-bKBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/08f9b4-115c-4488-b567-5cf7c0621065/1/83Uc-MOi02yXRMllGYmZRaxgeCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.46.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:e0:1c:b1:42:ab:c2:2f:2d:85:bf:21:8f:b7:76:0a:35:18:
         69:3f:da:8e:11:27:6f:1d:1c:a8:ff:52:ff:2c:58:00:da:6c:
         e1:73:fa:bf:7c:5e:c5:e8:93:46:8e:06:93:08:fa:ad:fe:94:
         ea:51:73:8d:32:f1:68:a4:63:37:69:8f:d2:61:ae:55:dd:ce:
         0c:0c:f4:b1:78:dc:74:bb:ef:06:07:4a:f3:28:80:cf:37:0b:
         b4:c8:67:03:5e:58:a7:35:07:d5:43:8a:7a:a7:07:ba:69:3a:
         ea:ad:a8:67:15:06:3f:e2:71:8c:83:d2:73:f4:a6:67:ce:2b:
         17:64:b0:4a:b3:67:cc:6e:f8:6d:67:bf:c2:0c:2d:3d:d0:29:
         79:58:f1:3b:a6:ad:0f:35:96:08:61:43:3f:d3:0b:08:a4:2f:
         d9:6b:2c:99:4f:7b:a1:d6:90:1a:b8:85:db:45:b8:6d:b9:b3:
         71:2e:f3:d9:8f:e6:c5:28:33:1b:43:c3:fa:d4:a8:ff:b9:8f:
         b3:6e:d5:02:9d:05:75:81:7b:26:30:41:c0:3f:ea:8a:43:ea:
         e4:7a:64:ea:7c:3c:93:af:02:99:c2:cc:80:87:3b:47:17:c7:
         d8:52:33:01:45:3a:68:d2:01:56:39:a8:cc:f1:4a:9b:52:b6:
         3e:fd:59:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+pdsg/LXXBnz0nosZwdqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNzUxY2Y4YzNhMmQzNmM5NzQ0Yzk2NTE5ODk5OTQ1YWM2
MDc4MjAwHhcNMjUwMTAxMDM0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTAyMDhjMWYzY2EyOTdlNjllZWVkMThmODJmYzNlNThmOWIyODEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcUTunVIkJCYuh16W3HpxbYfvFO2
PRL29JGWWT+wouGAQ/uwMc0Jw8CrgaJ1Pm7ndhYjFugK0ghBAqreXMldNBHwXmPM
BLK2zRk2NOPyDc0rP+J/wZGcBjcje1bWeTh7aJ3NnTHTMM50gWzYQOvYMOAmV7Kp
Q1rWGPs3JQ7DJ4gKEkeWoVpMvZwmqSHDCkkOwnLn0rpDSiisu+ngXJbynpV4bN/Q
mLUeKEt0wFWYP/AmJmMvdwNz6eXeEUbrBeWNVvRpKbu1v4yqa0cz2a4fb9I797tn
+KIrfI5GPHhCGsXTz3T1oDdFT2xbGhXzJt0pzyEGx6fhKTgHHWvsZBcbGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEUCCMHzyil+ae7tGPgvw+WPmygSMB8GA1UdIwQY
MBaAFPN1HPjDotNsl0TJZRmJmUWsYHggMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODNVYy1NT2kwMnlYUk1sbEdZbVpSYXhnZUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi8wOGY5YjQtMTE1Yy00NDg4LWI1Njct
NWNmN2MwNjIxMDY1LzEvUlFJSXdmUEtLWDVwN3UwWS1DX0Q1WS1iS0JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi8wOGY5YjQtMTE1Yy00NDg4LWI1NjctNWNmN2MwNjIxMDY1
LzEvODNVYy1NT2kwMnlYUk1sbEdZbVpSYXhnZUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJS4MMA0G
CSqGSIb3DQEBCwUAA4IBAQBj4ByxQqvCLy2FvyGPt3YKNRhpP9qOESdvHRyo/1L/
LFgA2mzhc/q/fF7F6JNGjgaTCPqt/pTqUXONMvFopGM3aY/SYa5V3c4MDPSxeNx0
u+8GB0rzKIDPNwu0yGcDXlinNQfVQ4p6pwe6aTrqrahnFQY/4nGMg9Jz9KZnzisX
ZLBKs2fMbvhtZ7/CDC090Cl5WPE7pq0PNZYIYUM/0wsIpC/ZayyZT3uh1pAauIXb
RbhtubNxLvPZj+bFKDMbQ8P61Kj/uY+zbtUCnQV1gXsmMEHAP+qKQ+rkemTqfDyT
rwKZwsyAhztHF8fYUjMBRTpo0gFWOajM8UqbUrY+/VnB
-----END CERTIFICATE-----