Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/QPusgTTEf8Wg1WVLNKmPSmYCqFU.roa
File:                     QPusgTTEf8Wg1WVLNKmPSmYCqFU.roa (raw, json)
Hash identifier:          06h/pyTSclOFt6N4vyOy5CCJkDE5PrqzeDGGP4Ri+K0=
Subject key identifier:   40:FB:AC:81:34:C4:7F:C5:A0:D5:65:4B:34:A9:8F:4A:66:02:A8:55
Certificate issuer:       /CN=c738807abb9ce15b7a892592b6f003f1a3e16b60
Certificate serial:       0194266A52E153064A8585D5C0941CE71D31
Authority key identifier: C7:38:80:7A:BB:9C:E1:5B:7A:89:25:92:B6:F0:03:F1:A3:E1:6B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xziAeruc4Vt6iSWStvAD8aPha2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/QPusgTTEf8Wg1WVLNKmPSmYCqFU.roa
Signing time:             Thu 02 Jan 2025 09:48:09 +0000
ROA not before:           Thu 02 Jan 2025 09:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35732
IP address blocks:        45.84.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/xziAeruc4Vt6iSWStvAD8aPha2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/xziAeruc4Vt6iSWStvAD8aPha2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xziAeruc4Vt6iSWStvAD8aPha2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:52:e1:53:06:4a:85:85:d5:c0:94:1c:e7:1d:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c738807abb9ce15b7a892592b6f003f1a3e16b60
        Validity
            Not Before: Jan  2 09:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40fbac8134c47fc5a0d5654b34a98f4a6602a855
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:37:4b:e6:71:78:b0:a7:7c:5b:f2:02:ff:de:
                    e0:55:bf:c1:dc:55:b0:2b:58:40:44:85:e6:5c:46:
                    47:39:6e:95:7c:93:07:b0:77:74:09:a1:f9:2b:5d:
                    b3:ea:3b:7a:2b:7e:c2:7b:fd:9e:b0:2e:18:53:9f:
                    c5:27:dd:e3:a1:7e:88:08:01:c7:07:1b:90:ed:75:
                    7d:48:53:a3:0c:43:1a:32:84:c8:6b:bd:42:20:3e:
                    6e:8e:3d:ce:6f:7f:e3:03:de:c3:06:a6:55:61:43:
                    a4:b8:f9:a6:8a:a1:e0:1b:04:79:d4:b3:f2:a7:06:
                    d1:9a:f9:6c:1d:68:90:74:f2:98:37:f1:db:97:14:
                    81:22:16:58:a1:bb:18:66:43:06:ea:03:30:e8:67:
                    f6:4c:d2:a6:2c:d8:bc:c7:44:a0:23:fa:4a:27:df:
                    40:59:da:e1:d6:91:fe:c9:a5:83:1d:93:8a:82:b7:
                    6f:7c:2d:60:da:11:a1:c1:12:38:ec:0b:18:27:dc:
                    bb:ec:2d:5f:4b:22:40:fe:e3:e8:bb:16:12:96:32:
                    66:ce:30:76:40:6c:d0:30:38:b2:85:e7:37:6c:d1:
                    e2:48:0d:71:d8:67:de:fd:82:b9:fe:39:dc:4b:04:
                    af:65:f7:77:5c:5f:ef:05:af:44:fe:da:c6:5d:0c:
                    5e:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:FB:AC:81:34:C4:7F:C5:A0:D5:65:4B:34:A9:8F:4A:66:02:A8:55
            X509v3 Authority Key Identifier:
                keyid:C7:38:80:7A:BB:9C:E1:5B:7A:89:25:92:B6:F0:03:F1:A3:E1:6B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xziAeruc4Vt6iSWStvAD8aPha2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/QPusgTTEf8Wg1WVLNKmPSmYCqFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/1f45e9-e839-467b-b5ab-3d1f30e0923b/1/xziAeruc4Vt6iSWStvAD8aPha2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:26:57:e2:a8:dd:0c:c8:ab:f1:58:4f:42:d6:c4:fa:73:94:
         ff:86:93:27:db:df:d8:ad:e4:93:ab:ec:f1:92:a1:7b:f3:09:
         33:d1:93:da:14:77:6a:52:25:10:d5:8d:1b:1b:10:b6:f4:df:
         7f:3e:43:94:6a:fc:28:14:e7:51:eb:7e:40:7e:fa:d4:1e:28:
         c0:27:f8:36:66:ac:75:59:6c:bb:8f:9c:5d:39:7e:df:3f:b0:
         4a:21:cd:46:79:d7:f2:4b:28:55:8b:fa:ad:bf:6f:46:9f:5b:
         68:2d:87:49:23:cd:0c:90:e2:88:9d:ad:ed:4b:e7:77:4c:d4:
         61:72:88:74:54:ce:83:33:99:fc:6c:71:3f:aa:07:32:17:11:
         da:7f:32:08:8e:74:eb:eb:69:41:ae:41:34:31:af:b5:c1:ec:
         a1:99:47:cc:c7:58:90:22:36:fe:e1:2e:51:e4:9a:a7:d8:a6:
         7b:17:93:98:70:b9:09:8d:aa:71:50:8a:fe:76:a6:9b:47:11:
         51:fd:dd:9a:22:44:ae:89:40:d5:28:7d:58:af:f8:0a:c8:37:
         73:e4:c8:f9:12:f8:1a:51:fe:9e:cb:26:62:97:9a:be:65:17:
         6a:38:78:70:08:88:90:36:9e:2c:6a:9f:8f:f8:28:bb:61:09:
         9a:6b:f4:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmalLhUwZKhYXVwJQc5x0xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3Mzg4MDdhYmI5Y2UxNWI3YTg5MjU5MmI2ZjAwM2YxYTNl
MTZiNjAwHhcNMjUwMTAyMDk0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGZiYWM4MTM0YzQ3ZmM1YTBkNTY1NGIzNGE5OGY0YTY2MDJhODU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzdL5nF4sKd8W/IC/97gVb/B3FWw
K1hARIXmXEZHOW6VfJMHsHd0CaH5K12z6jt6K37Ce/2esC4YU5/FJ93joX6ICAHH
BxuQ7XV9SFOjDEMaMoTIa71CID5ujj3Ob3/jA97DBqZVYUOkuPmmiqHgGwR51LPy
pwbRmvlsHWiQdPKYN/HblxSBIhZYobsYZkMG6gMw6Gf2TNKmLNi8x0SgI/pKJ99A
Wdrh1pH+yaWDHZOKgrdvfC1g2hGhwRI47AsYJ9y77C1fSyJA/uPouxYSljJmzjB2
QGzQMDiyhec3bNHiSA1x2Gfe/YK5/jncSwSvZfd3XF/vBa9E/trGXQxeowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFED7rIE0xH/FoNVlSzSpj0pmAqhVMB8GA1UdIwQY
MBaAFMc4gHq7nOFbeoklkrbwA/Gj4WtgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHppQWVydWM0VnQ2aVNXU3R2QUQ4YVBoYTJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8xZjQ1ZTktZTgzOS00NjdiLWI1YWIt
M2QxZjMwZTA5MjNiLzEvUVB1c2dUVEVmOFdnMVdWTE5LbVBTbVlDcUZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8xZjQ1ZTktZTgzOS00NjdiLWI1YWItM2QxZjMwZTA5MjNi
LzEveHppQWVydWM0VnQ2aVNXU3R2QUQ4YVBoYTJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVQkMA0G
CSqGSIb3DQEBCwUAA4IBAQBoJlfiqN0MyKvxWE9C1sT6c5T/hpMn29/YreSTq+zx
kqF78wkz0ZPaFHdqUiUQ1Y0bGxC29N9/PkOUavwoFOdR635AfvrUHijAJ/g2Zqx1
WWy7j5xdOX7fP7BKIc1GedfySyhVi/qtv29Gn1toLYdJI80MkOKIna3tS+d3TNRh
coh0VM6DM5n8bHE/qgcyFxHafzIIjnTr62lBrkE0Ma+1weyhmUfMx1iQIjb+4S5R
5Jqn2KZ7F5OYcLkJjapxUIr+dqabRxFR/d2aIkSuiUDVKH1Yr/gKyDdz5Mj5Evga
Uf6eyyZil5q+ZRdqOHhwCIiQNp4sap+P+Ci7YQmaa/QW
-----END CERTIFICATE-----