Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/qhw2-k4pc-OomGZTR-0gcU0qJiU.roa
File:                     qhw2-k4pc-OomGZTR-0gcU0qJiU.roa (raw, json)
Hash identifier:          dSyy8qQS8AmZQyM+DtloEIufPbGWPh2OLopqAG6IMgg=
Subject key identifier:   AA:1C:36:FA:4E:29:73:E3:A8:98:66:53:47:ED:20:71:4D:2A:26:25
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018EE07942A1DB372FDBB359DE9CD26DDB8D
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/qhw2-k4pc-OomGZTR-0gcU0qJiU.roa
Signing time:             Mon 15 Apr 2024 06:37:07 +0000
ROA not before:           Mon 15 Apr 2024 06:37:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43641
IP address blocks:        45.135.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e0:79:42:a1:db:37:2f:db:b3:59:de:9c:d2:6d:db:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr 15 06:37:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa1c36fa4e2973e3a898665347ed20714d2a2625
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:24:c3:31:16:a1:d1:7c:91:c6:10:79:f3:ab:
                    16:40:00:3f:81:ff:96:e9:91:a3:fd:cc:d9:c9:2d:
                    d0:fb:f2:9e:4c:59:0a:4d:a6:aa:bf:f0:7d:2c:ad:
                    f4:4d:58:03:33:28:48:ff:1e:d8:e5:ff:1b:d7:8b:
                    c0:f5:74:dd:74:d2:ca:bc:4c:82:70:09:13:91:c9:
                    78:0a:3e:69:f8:67:31:b1:c3:0c:a5:3b:31:7a:20:
                    57:17:11:83:cc:bb:39:50:9f:54:52:01:35:a2:b2:
                    6a:68:31:42:dc:b1:27:ac:dd:b5:18:a0:d7:60:24:
                    ca:00:fe:cf:a0:da:4c:2a:72:ad:c5:8d:4f:45:1d:
                    45:66:20:c4:41:33:c0:ef:2c:4f:dc:2d:09:bf:e8:
                    6c:34:17:27:4b:05:06:28:88:3c:ed:46:8d:24:7f:
                    d2:13:a6:19:d7:bc:c8:07:01:e2:91:fd:40:7e:35:
                    e0:35:24:23:72:eb:c8:b9:8c:1c:af:bb:09:3a:90:
                    38:b6:99:c2:ea:01:c0:d6:3f:f6:f7:90:d6:b4:1c:
                    34:f5:5e:0b:69:5a:ad:1c:91:a8:58:85:c6:bc:9e:
                    42:22:79:7d:47:c8:e7:e0:c8:70:90:2d:7d:01:eb:
                    c5:c1:3c:e5:7a:c5:ea:02:73:08:38:7c:78:31:cd:
                    d0:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:1C:36:FA:4E:29:73:E3:A8:98:66:53:47:ED:20:71:4D:2A:26:25
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/qhw2-k4pc-OomGZTR-0gcU0qJiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:40:54:08:10:13:4f:ec:0e:97:04:22:93:e9:31:69:43:8e:
         49:48:9b:ec:9b:b1:5f:4b:e2:02:d0:c5:59:eb:b6:2e:b7:90:
         03:a1:2c:5d:25:28:75:31:82:03:fc:1f:8b:4f:ca:fc:2b:29:
         77:b0:88:28:7a:ed:2f:33:d6:17:f0:31:db:89:d9:3b:1e:87:
         e9:e6:ed:61:fa:a2:4c:aa:e8:c0:af:23:4e:10:a4:39:77:16:
         b4:de:dc:c0:72:7b:44:da:37:ac:ed:c6:7d:fc:c7:0c:20:e3:
         d1:8a:dd:61:b6:03:7a:cc:aa:89:0c:a4:6e:a2:17:88:15:ce:
         99:10:3b:57:9c:1a:2b:d7:6c:32:e1:45:fa:11:6c:80:2a:ae:
         9e:b7:8d:ab:a7:71:71:12:06:d0:8e:8e:7e:bb:41:b1:28:7e:
         be:41:a3:8d:1c:cf:25:8a:bc:ed:34:e4:80:14:66:d8:af:de:
         5a:02:59:07:0c:e8:57:63:cf:86:62:c6:67:33:4e:53:8a:f8:
         64:f6:8b:43:2b:2a:f6:9e:ab:85:5d:eb:0a:ae:8f:2d:c9:c2:
         05:26:94:06:a5:94:85:87:e0:06:22:d2:ab:a5:f8:0a:0a:91:
         02:17:e0:4b:f7:c4:d6:ed:dd:99:b1:95:55:3b:be:4d:24:f8:
         19:56:e2:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7geUKh2zcv27NZ3pzSbduNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwNDE1MDYzNzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTFjMzZmYTRlMjk3M2UzYTg5ODY2NTM0N2VkMjA3MTRkMmEyNjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuiTDMRah0XyRxhB586sWQAA/gf+W
6ZGj/czZyS3Q+/KeTFkKTaaqv/B9LK30TVgDMyhI/x7Y5f8b14vA9XTddNLKvEyC
cAkTkcl4Cj5p+GcxscMMpTsxeiBXFxGDzLs5UJ9UUgE1orJqaDFC3LEnrN21GKDX
YCTKAP7PoNpMKnKtxY1PRR1FZiDEQTPA7yxP3C0Jv+hsNBcnSwUGKIg87UaNJH/S
E6YZ17zIBwHikf1AfjXgNSQjcuvIuYwcr7sJOpA4tpnC6gHA1j/295DWtBw09V4L
aVqtHJGoWIXGvJ5CInl9R8jn4MhwkC19AevFwTzlesXqAnMIOHx4Mc3Q8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKocNvpOKXPjqJhmU0ftIHFNKiYlMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvcWh3Mi1rNHBjLU9vbUdaVFItMGdjVTBxSmlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYe0MA0G
CSqGSIb3DQEBCwUAA4IBAQBiQFQIEBNP7A6XBCKT6TFpQ45JSJvsm7FfS+IC0MVZ
67Yut5ADoSxdJSh1MYID/B+LT8r8Kyl3sIgoeu0vM9YX8DHbidk7Hofp5u1h+qJM
qujAryNOEKQ5dxa03tzAcntE2jes7cZ9/McMIOPRit1htgN6zKqJDKRuoheIFc6Z
EDtXnBor12wy4UX6EWyAKq6et42rp3FxEgbQjo5+u0GxKH6+QaONHM8lirztNOSA
FGbYr95aAlkHDOhXY8+GYsZnM05Tivhk9otDKyr2nquFXesKro8tycIFJpQGpZSF
h+AGItKrpfgKCpECF+BL98TW7d2ZsZVVO75NJPgZVuIe
-----END CERTIFICATE-----