Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/QWM4nrBr-pa9JzWD2Zz8wHHbmCU.roa
File:                     QWM4nrBr-pa9JzWD2Zz8wHHbmCU.roa (raw, json)
Hash identifier:          VKweVNYicugh0mCYY3yIR2LnHnKsWIZPY+G4TQfXJ6E=
Subject key identifier:   41:63:38:9E:B0:6B:FA:96:BD:27:35:83:D9:9C:FC:C0:71:DB:98:25
Certificate issuer:       /CN=3e7156abee6ba238b907315df9c552865adcdae8
Certificate serial:       0197404BC956F7A5602E00007DFDF4953F5C
Authority key identifier: 3E:71:56:AB:EE:6B:A2:38:B9:07:31:5D:F9:C5:52:86:5A:DC:DA:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PnFWq-5roji5BzFd-cVShlrc2ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/QWM4nrBr-pa9JzWD2Zz8wHHbmCU.roa
Signing time:             Thu 05 Jun 2025 13:33:17 +0000
ROA not before:           Thu 05 Jun 2025 13:33:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49775
IP address blocks:        45.15.40.0/24 maxlen: 24
                          2a0c:7d80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/PnFWq-5roji5BzFd-cVShlrc2ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/PnFWq-5roji5BzFd-cVShlrc2ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PnFWq-5roji5BzFd-cVShlrc2ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:40:4b:c9:56:f7:a5:60:2e:00:00:7d:fd:f4:95:3f:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e7156abee6ba238b907315df9c552865adcdae8
        Validity
            Not Before: Jun  5 13:33:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4163389eb06bfa96bd273583d99cfcc071db9825
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:69:b7:93:95:1a:f4:db:3e:8e:2c:6a:c5:51:
                    ab:62:8d:41:63:63:63:2e:75:54:44:e3:85:cf:5c:
                    6e:c2:55:8e:79:2e:bc:99:21:89:2a:74:ef:6d:31:
                    db:52:21:35:b5:ca:68:a8:b8:0d:da:60:65:d6:16:
                    84:ed:fb:aa:f5:5f:7d:17:e3:99:cc:1a:11:aa:c8:
                    72:a4:27:16:33:70:97:53:46:ad:17:a3:cd:b2:6b:
                    ca:b6:fd:64:be:78:a8:76:88:fe:24:2d:83:77:d9:
                    41:1c:04:ee:35:e0:a4:de:2a:15:b6:c7:9e:6c:47:
                    64:53:13:11:22:53:75:6d:e5:7b:51:2a:f4:99:d4:
                    7f:b4:c8:bb:29:f0:60:77:40:82:55:9c:1b:b0:11:
                    03:68:4d:bb:7a:89:cc:fa:dd:d1:52:ee:e9:ed:5f:
                    e1:a0:29:48:7f:a7:91:17:c7:45:dd:40:5f:b1:e6:
                    c6:3a:0f:47:41:ca:e9:32:ec:e5:c5:02:61:21:23:
                    23:3d:0a:c1:1c:b7:8e:41:14:2b:0a:76:03:19:e5:
                    aa:6f:c4:d7:b8:0b:6a:2f:26:87:ca:bb:05:b7:6c:
                    3a:53:c6:15:2f:e4:15:c2:75:c6:4c:46:e6:7a:51:
                    6f:de:85:eb:2f:9d:f1:65:02:42:cd:a7:a3:25:15:
                    53:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:63:38:9E:B0:6B:FA:96:BD:27:35:83:D9:9C:FC:C0:71:DB:98:25
            X509v3 Authority Key Identifier:
                keyid:3E:71:56:AB:EE:6B:A2:38:B9:07:31:5D:F9:C5:52:86:5A:DC:DA:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PnFWq-5roji5BzFd-cVShlrc2ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/QWM4nrBr-pa9JzWD2Zz8wHHbmCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/PnFWq-5roji5BzFd-cVShlrc2ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.40.0/24
                IPv6:
                  2a0c:7d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         52:df:80:00:03:fb:47:5e:cd:c3:e6:dd:48:16:2b:aa:9a:df:
         66:51:8e:d8:44:80:f8:e7:a1:31:61:84:2f:9d:56:b0:52:99:
         20:9d:d7:95:b1:95:04:bc:f5:fc:f7:cf:92:2f:49:9c:a6:4b:
         6f:de:09:dd:94:6d:6c:77:27:74:a0:ae:f5:aa:b7:ee:6f:e0:
         68:4e:c5:fc:18:98:fc:14:29:9e:0c:56:db:f5:a9:d4:4d:54:
         de:15:31:21:c9:a2:e2:84:9e:11:e8:8a:21:46:14:f3:1c:2c:
         df:b5:3a:67:c3:3b:58:59:13:77:42:f3:b1:33:1d:30:de:f2:
         9a:3d:36:6b:e6:e8:7d:5d:1f:5b:65:ae:ec:50:d3:0e:4d:41:
         8c:c6:15:27:d8:b5:09:f2:c8:78:3a:0c:56:d3:59:d0:a2:21:
         f1:b8:61:26:e5:5d:98:fc:31:32:de:d1:da:ef:18:b1:60:b3:
         d5:12:a6:c8:2f:aa:ee:5b:70:1e:e7:c4:de:2c:bf:78:99:c7:
         79:25:e0:b1:52:12:a2:07:49:01:d1:08:88:f5:e5:be:ff:f8:
         0f:b5:8e:c9:1a:06:8e:e9:10:15:f2:f1:f6:1f:0a:fd:31:76:
         88:e2:ad:86:d7:05:0a:8a:7c:ae:ed:af:9c:c4:f3:4d:83:b2:
         91:b2:e3:2b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZdAS8lW96VgLgAAff30lT9cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNzE1NmFiZWU2YmEyMzhiOTA3MzE1ZGY5YzU1Mjg2NWFk
Y2RhZTgwHhcNMjUwNjA1MTMzMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTYzMzg5ZWIwNmJmYTk2YmQyNzM1ODNkOTljZmNjMDcxZGI5ODI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Gm3k5Ua9Ns+jixqxVGrYo1BY2Nj
LnVUROOFz1xuwlWOeS68mSGJKnTvbTHbUiE1tcpoqLgN2mBl1haE7fuq9V99F+OZ
zBoRqshypCcWM3CXU0atF6PNsmvKtv1kvniodoj+JC2Dd9lBHATuNeCk3ioVtsee
bEdkUxMRIlN1beV7USr0mdR/tMi7KfBgd0CCVZwbsBEDaE27eonM+t3RUu7p7V/h
oClIf6eRF8dF3UBfsebGOg9HQcrpMuzlxQJhISMjPQrBHLeOQRQrCnYDGeWqb8TX
uAtqLyaHyrsFt2w6U8YVL+QVwnXGTEbmelFv3oXrL53xZQJCzaejJRVTEwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEFjOJ6wa/qWvSc1g9mc/MBx25glMB8GA1UdIwQY
MBaAFD5xVqvua6I4uQcxXfnFUoZa3NroMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG5GV3EtNXJvamk1QnpGZC1jVlNobHJjMnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9hNGEwZjctN2RiZC00YjAzLWI3Zjkt
NThmMmQ0NGZmMjgxLzEvUVdNNG5yQnItcGE5SnpXRDJaejh3SEhibUNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9hNGEwZjctN2RiZC00YjAzLWI3ZjktNThmMmQ0NGZmMjgx
LzEvUG5GV3EtNXJvamk1QnpGZC1jVlNobHJjMnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALQ8oMA0E
AgACMAcDBQMqDH2AMA0GCSqGSIb3DQEBCwUAA4IBAQBS34AAA/tHXs3D5t1IFiuq
mt9mUY7YRID456ExYYQvnVawUpkgndeVsZUEvPX898+SL0mcpktv3gndlG1sdyd0
oK71qrfub+BoTsX8GJj8FCmeDFbb9anUTVTeFTEhyaLihJ4R6IohRhTzHCzftTpn
wztYWRN3QvOxMx0w3vKaPTZr5uh9XR9bZa7sUNMOTUGMxhUn2LUJ8sh4OgxW01nQ
oiHxuGEm5V2Y/DEy3tHa7xixYLPVEqbIL6ruW3Ae58TeLL94mcd5JeCxUhKiB0kB
0QiI9eW+//gPtY7JGgaO6RAV8vH2Hwr9MXaI4q2G1wUKinyu7a+cxPNNg7KRsuMr
-----END CERTIFICATE-----