Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/1f0955-4d62-433b-b18c-7c37e639bf0f/1/_QTwS8nAMSFeKK0ZzzPsIxYgPqo.roa
File:                     _QTwS8nAMSFeKK0ZzzPsIxYgPqo.roa (raw, json)
Hash identifier:          Q/O46iBV3y1aR3ABGTzdA2RTNwov3wLVP1w6lO4+h/M=
Subject key identifier:   FD:04:F0:4B:C9:C0:31:21:5E:28:AD:19:CF:33:EC:23:16:20:3E:AA
Certificate issuer:       /CN=39caa0bd254d1a87f4bb30db3b513fdb9af625f6
Certificate serial:       019420D5ECEADB4054843E7480D5707C6054
Authority key identifier: 39:CA:A0:BD:25:4D:1A:87:F4:BB:30:DB:3B:51:3F:DB:9A:F6:25:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OcqgvSVNGof0uzDbO1E_25r2JfY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/1f0955-4d62-433b-b18c-7c37e639bf0f/1/_QTwS8nAMSFeKK0ZzzPsIxYgPqo.roa
Signing time:             Wed 01 Jan 2025 07:47:58 +0000
ROA not before:           Wed 01 Jan 2025 07:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209046
IP address blocks:        45.9.44.0/22 maxlen: 22
                          45.9.44.0/24 maxlen: 24
                          45.9.45.0/24 maxlen: 24
                          45.9.46.0/24 maxlen: 24
                          45.9.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/1f0955-4d62-433b-b18c-7c37e639bf0f/1/OcqgvSVNGof0uzDbO1E_25r2JfY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/1f0955-4d62-433b-b18c-7c37e639bf0f/1/OcqgvSVNGof0uzDbO1E_25r2JfY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OcqgvSVNGof0uzDbO1E_25r2JfY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:ec:ea:db:40:54:84:3e:74:80:d5:70:7c:60:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39caa0bd254d1a87f4bb30db3b513fdb9af625f6
        Validity
            Not Before: Jan  1 07:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd04f04bc9c031215e28ad19cf33ec2316203eaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:cd:cf:99:56:b4:f8:45:9c:71:e5:fb:1d:52:
                    55:cb:1b:a0:0e:34:1b:6e:1c:45:16:05:97:2d:c5:
                    c3:d5:9d:11:6c:94:51:49:28:0d:77:58:8b:08:6d:
                    e2:ba:35:67:95:b1:6f:54:7e:8f:d9:d7:f8:0a:51:
                    f8:e2:e3:d1:23:97:db:16:56:d1:9b:ba:c1:39:ba:
                    7c:57:a9:07:2e:33:5f:03:a0:8f:00:94:9c:97:10:
                    8f:08:b4:f9:73:d6:a1:50:cc:2c:1f:47:2e:cb:60:
                    c0:fb:17:52:5b:3b:17:41:c0:5d:c1:72:94:81:f3:
                    c0:6e:ec:b0:1f:74:61:71:fc:bf:90:80:73:26:0b:
                    85:c2:2e:33:59:78:5e:13:4e:e1:23:af:50:63:e6:
                    41:96:16:b5:f0:5f:24:da:dc:a5:13:17:6d:71:02:
                    de:2e:56:de:83:17:1c:70:a5:66:b1:ad:c8:e4:98:
                    82:a7:f5:f0:24:01:d0:79:70:2f:e5:9d:38:95:6b:
                    ce:14:41:92:6d:ee:a6:83:71:49:2e:0e:4d:ca:62:
                    7c:c0:90:0b:3b:cb:30:da:37:55:06:b2:42:22:1c:
                    ca:e3:fc:ff:4a:93:30:9b:c8:c3:fe:3f:a5:4f:4a:
                    e8:b2:b7:6e:1e:77:cd:15:41:1d:62:a9:7d:df:e6:
                    19:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:04:F0:4B:C9:C0:31:21:5E:28:AD:19:CF:33:EC:23:16:20:3E:AA
            X509v3 Authority Key Identifier:
                keyid:39:CA:A0:BD:25:4D:1A:87:F4:BB:30:DB:3B:51:3F:DB:9A:F6:25:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OcqgvSVNGof0uzDbO1E_25r2JfY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/1f0955-4d62-433b-b18c-7c37e639bf0f/1/_QTwS8nAMSFeKK0ZzzPsIxYgPqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/1f0955-4d62-433b-b18c-7c37e639bf0f/1/OcqgvSVNGof0uzDbO1E_25r2JfY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b1:c0:d2:b6:5a:17:39:c2:8b:fb:72:0d:46:c1:cc:78:a1:3f:
         97:33:3d:be:0b:ea:d4:86:14:c5:74:fd:c2:ec:ea:04:b3:ec:
         07:04:61:59:47:2f:fd:21:fe:17:d2:f2:9a:16:7b:f4:59:bc:
         9d:06:62:83:de:4b:be:dd:60:5f:56:06:b2:4f:22:03:7a:fe:
         d0:92:85:03:6a:98:e8:6d:ae:13:cd:af:b8:90:34:ca:5c:29:
         b9:67:57:c0:35:e3:84:c4:77:1a:0f:13:6c:6b:70:82:82:ed:
         69:bc:46:86:6a:ce:c9:0a:46:ae:88:68:e4:77:a1:d8:0d:b2:
         2d:99:5f:ae:0a:52:60:90:83:87:77:f1:eb:d4:d1:85:a7:f7:
         ee:9f:72:06:ee:c9:c0:d4:cd:26:67:cb:3a:f3:cd:62:93:b9:
         59:58:77:f8:ce:f2:a3:95:d9:07:7f:5c:12:b9:7e:55:2e:d7:
         4d:fe:4d:67:05:c2:83:a5:3b:3e:99:cb:ff:cf:ba:ac:23:06:
         2d:ea:ba:58:57:10:fd:e8:4d:36:51:97:f1:ac:65:3d:48:0c:
         7f:81:82:05:d3:ad:c7:45:f2:3d:90:2d:de:91:b0:5b:8a:e9:
         65:c3:3f:4d:a5:e0:a4:30:e2:1e:34:be:51:83:47:64:6c:82:
         ab:7a:42:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1ezq20BUhD50gNVwfGBUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5Y2FhMGJkMjU0ZDFhODdmNGJiMzBkYjNiNTEzZmRiOWFm
NjI1ZjYwHhcNMjUwMTAxMDc0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDA0ZjA0YmM5YzAzMTIxNWUyOGFkMTljZjMzZWMyMzE2MjAzZWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn83PmVa0+EWcceX7HVJVyxugDjQb
bhxFFgWXLcXD1Z0RbJRRSSgNd1iLCG3iujVnlbFvVH6P2df4ClH44uPRI5fbFlbR
m7rBObp8V6kHLjNfA6CPAJSclxCPCLT5c9ahUMwsH0cuy2DA+xdSWzsXQcBdwXKU
gfPAbuywH3Rhcfy/kIBzJguFwi4zWXheE07hI69QY+ZBlha18F8k2tylExdtcQLe
LlbegxcccKVmsa3I5JiCp/XwJAHQeXAv5Z04lWvOFEGSbe6mg3FJLg5NymJ8wJAL
O8sw2jdVBrJCIhzK4/z/SpMwm8jD/j+lT0rosrduHnfNFUEdYql93+YZMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0E8EvJwDEhXiitGc8z7CMWID6qMB8GA1UdIwQY
MBaAFDnKoL0lTRqH9Lsw2ztRP9ua9iX2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2NxZ3ZTVk5Hb2YwdXpEYk8xRV8yNXIySmZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8xZjA5NTUtNGQ2Mi00MzNiLWIxOGMt
N2MzN2U2MzliZjBmLzEvX1FUd1M4bkFNU0ZlS0swWnp6UHNJeFlnUHFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8xZjA5NTUtNGQ2Mi00MzNiLWIxOGMtN2MzN2U2MzliZjBm
LzEvT2NxZ3ZTVk5Hb2YwdXpEYk8xRV8yNXIySmZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQksMA0G
CSqGSIb3DQEBCwUAA4IBAQCxwNK2Whc5wov7cg1Gwcx4oT+XMz2+C+rUhhTFdP3C
7OoEs+wHBGFZRy/9If4X0vKaFnv0WbydBmKD3ku+3WBfVgayTyIDev7QkoUDapjo
ba4Tza+4kDTKXCm5Z1fANeOExHcaDxNsa3CCgu1pvEaGas7JCkauiGjkd6HYDbIt
mV+uClJgkIOHd/Hr1NGFp/fun3IG7snA1M0mZ8s6881ik7lZWHf4zvKjldkHf1wS
uX5VLtdN/k1nBcKDpTs+mcv/z7qsIwYt6rpYVxD96E02UZfxrGU9SAx/gYIF063H
RfI9kC3ekbBbiullwz9NpeCkMOIeNL5Rg0dkbIKrekKV
-----END CERTIFICATE-----