Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/MQU85TcJYIMXW0pWf_YLlaO0-eU.roa
File:                     MQU85TcJYIMXW0pWf_YLlaO0-eU.roa (raw, json)
Hash identifier:          rHlEM4vyhcIS8zlUxO6nn6Ke9OKA4sF5AkJto3YUOgs=
Subject key identifier:   31:05:3C:E5:37:09:60:83:17:5B:4A:56:7F:F6:0B:95:A3:B4:F9:E5
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       019427B39BECCF382D67E16F8C1257C18F2D
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/MQU85TcJYIMXW0pWf_YLlaO0-eU.roa
Signing time:             Thu 02 Jan 2025 15:47:49 +0000
ROA not before:           Thu 02 Jan 2025 15:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     45929
IP address blocks:        45.92.4.0/22 maxlen: 22
                          45.92.88.0/22 maxlen: 22
                          45.149.192.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:9b:ec:cf:38:2d:67:e1:6f:8c:12:57:c1:8f:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 15:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31053ce537096083175b4a567ff60b95a3b4f9e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:9b:13:95:70:fb:03:c2:aa:a6:9e:2b:51:ca:
                    5e:84:d6:18:d7:37:eb:ed:a1:59:cc:8d:84:f3:63:
                    85:96:aa:ac:c3:9c:8c:11:b0:0d:45:ce:71:cf:ee:
                    00:13:4c:c7:a0:45:fe:35:e9:d3:28:5e:d2:72:53:
                    71:6c:ff:09:37:7e:99:e5:8e:12:87:10:d4:34:2b:
                    c7:8c:4f:7e:2b:e8:4c:40:88:d5:f6:0e:68:37:7f:
                    c3:68:ea:e8:97:57:b3:86:77:83:38:c3:07:4e:81:
                    71:54:94:47:8b:20:9b:4c:24:71:ab:de:b0:1d:79:
                    a7:df:c6:84:25:b6:24:03:b5:c7:68:17:d6:68:1a:
                    60:19:6b:a0:14:30:fe:21:f5:3a:e3:89:42:f2:db:
                    35:5f:75:2a:cd:76:25:0e:9d:62:00:97:52:b5:1c:
                    2a:d3:7e:e1:98:8e:bb:b3:5f:3a:8d:7a:54:79:cc:
                    67:82:74:c7:23:76:7d:f9:35:41:c6:6e:71:55:d8:
                    37:c9:5a:79:a7:09:26:2b:1d:69:bb:20:01:aa:e5:
                    ec:07:01:5b:ae:10:a1:5e:09:35:a9:23:d3:57:fa:
                    3d:49:5d:e2:8c:36:f0:49:fd:8e:ce:19:77:fb:12:
                    de:45:af:4e:36:e4:da:eb:1f:aa:ad:0f:c3:09:99:
                    22:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:05:3C:E5:37:09:60:83:17:5B:4A:56:7F:F6:0B:95:A3:B4:F9:E5
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/MQU85TcJYIMXW0pWf_YLlaO0-eU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.4.0/22
                  45.92.88.0/22
                  45.149.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:03:7d:44:2e:a0:be:ce:9e:77:a5:a6:bf:ea:ae:fa:bb:3c:
         06:ce:7b:0f:e3:7d:ac:a2:b2:b0:ad:85:fb:b3:4d:12:04:99:
         09:52:9a:5d:7d:46:74:26:b9:f1:39:73:24:52:e8:f9:af:5d:
         68:c9:1e:ac:d6:e6:90:75:f7:06:11:21:4f:d3:d7:a8:37:84:
         d9:69:c7:bc:95:04:9f:70:15:2d:7d:77:ed:2d:97:02:c8:4f:
         21:27:2e:b4:1e:1b:13:a7:0c:9c:ac:70:bf:d0:74:78:8c:17:
         64:57:61:25:6f:29:67:09:bb:e1:be:ed:4a:13:5f:74:00:71:
         8a:75:0b:1b:3b:17:82:2c:d9:4f:2c:47:7e:ea:8b:85:c5:52:
         1d:dd:38:2f:a2:3d:8b:36:79:b0:cc:c2:09:7d:fc:dd:9b:63:
         ce:49:42:3c:30:ba:5e:00:af:eb:b8:4d:2f:3e:41:25:b4:cf:
         77:ba:00:63:59:a6:8c:32:a1:f5:7b:91:08:ef:3c:a2:5b:fe:
         e0:7b:0d:d9:ad:b1:8b:07:67:e9:b7:0d:b2:d5:75:72:69:9b:
         34:52:2f:a4:87:44:33:a4:6d:1b:d8:e5:83:b5:39:49:44:67:
         8b:3f:a9:73:55:4d:2c:ce:58:06:ce:c7:4e:dd:b1:01:ee:a4:
         50:bb:95:ae
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQns5vszzgtZ+FvjBJXwY8tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjUwMTAyMTU0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTA1M2NlNTM3MDk2MDgzMTc1YjRhNTY3ZmY2MGI5NWEzYjRmOWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1psTlXD7A8Kqpp4rUcpehNYY1zfr
7aFZzI2E82OFlqqsw5yMEbANRc5xz+4AE0zHoEX+NenTKF7SclNxbP8JN36Z5Y4S
hxDUNCvHjE9+K+hMQIjV9g5oN3/DaOrol1ezhneDOMMHToFxVJRHiyCbTCRxq96w
HXmn38aEJbYkA7XHaBfWaBpgGWugFDD+IfU644lC8ts1X3UqzXYlDp1iAJdStRwq
037hmI67s186jXpUecxngnTHI3Z9+TVBxm5xVdg3yVp5pwkmKx1puyABquXsBwFb
rhChXgk1qSPTV/o9SV3ijDbwSf2Ozhl3+xLeRa9ONuTa6x+qrQ/DCZkiuwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDEFPOU3CWCDF1tKVn/2C5WjtPnlMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvTVFVODVUY0pZSU1YVzBwV2ZfWUxsYU8wLWVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLVwEAwQC
LVxYAwQCLZXAMA0GCSqGSIb3DQEBCwUAA4IBAQCbA31ELqC+zp53paa/6q76uzwG
znsP432sorKwrYX7s00SBJkJUppdfUZ0JrnxOXMkUuj5r11oyR6s1uaQdfcGESFP
09eoN4TZace8lQSfcBUtfXftLZcCyE8hJy60HhsTpwycrHC/0HR4jBdkV2Elbyln
Cbvhvu1KE190AHGKdQsbOxeCLNlPLEd+6ouFxVId3Tgvoj2LNnmwzMIJffzdm2PO
SUI8MLpeAK/ruE0vPkEltM93ugBjWaaMMqH1e5EI7zyiW/7gew3ZrbGLB2fptw2y
1XVyaZs0Ui+kh0QzpG0b2OWDtTlJRGeLP6lzVU0szlgGzsdO3bEB7qRQu5Wu
-----END CERTIFICATE-----