Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/15f95c-b0b6-4522-8ea0-55beafa4bb29/1/QSjkZq8_AJ0B8g7dlzd0nA4JsWQ.roa
File:                     QSjkZq8_AJ0B8g7dlzd0nA4JsWQ.roa (raw, json)
Hash identifier:          YMcvfk9S0D5BI+lBDXlsaUm2v/yIEV2HtkKOAQ1Y0Xo=
Subject key identifier:   41:28:E4:66:AF:3F:00:9D:01:F2:0E:DD:97:37:74:9C:0E:09:B1:64
Certificate issuer:       /CN=ee9ccd38a5d6496880bc094706e68fa04fa2cd96
Certificate serial:       01956A0B1A0027471A867C8DE045E83895EF
Authority key identifier: EE:9C:CD:38:A5:D6:49:68:80:BC:09:47:06:E6:8F:A0:4F:A2:CD:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7pzNOKXWSWiAvAlHBuaPoE-izZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/15f95c-b0b6-4522-8ea0-55beafa4bb29/1/QSjkZq8_AJ0B8g7dlzd0nA4JsWQ.roa
Signing time:             Thu 06 Mar 2025 06:01:07 +0000
ROA not before:           Thu 06 Mar 2025 06:01:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213417
IP address blocks:        45.10.56.0/24 maxlen: 24
                          2a14:ff00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/15f95c-b0b6-4522-8ea0-55beafa4bb29/1/7pzNOKXWSWiAvAlHBuaPoE-izZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/15f95c-b0b6-4522-8ea0-55beafa4bb29/1/7pzNOKXWSWiAvAlHBuaPoE-izZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7pzNOKXWSWiAvAlHBuaPoE-izZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6a:0b:1a:00:27:47:1a:86:7c:8d:e0:45:e8:38:95:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee9ccd38a5d6496880bc094706e68fa04fa2cd96
        Validity
            Not Before: Mar  6 06:01:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4128e466af3f009d01f20edd9737749c0e09b164
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:33:c3:e3:5f:fb:f0:a0:a5:23:2e:96:f4:a0:
                    21:2b:43:e6:47:34:47:69:cd:da:88:e5:3c:3b:f2:
                    93:6e:e1:0b:69:75:63:91:43:eb:95:74:f3:8f:44:
                    a3:6a:bd:e5:5d:b2:8d:06:2f:f6:1b:6f:cc:b4:2e:
                    47:8b:21:fd:d3:fd:3f:92:31:14:62:4d:6f:09:e7:
                    20:72:8c:86:ed:80:3d:ef:63:f6:94:ef:23:97:54:
                    79:99:65:6a:dd:5c:51:4d:48:72:2f:b9:f9:36:69:
                    6c:8b:f2:5e:22:42:42:46:07:eb:af:48:48:6b:dc:
                    d9:57:2f:41:ba:4b:47:4a:35:5a:de:e5:a1:13:ae:
                    55:6a:a9:0c:a8:25:8a:e1:ea:bf:18:05:9f:53:ea:
                    74:31:36:0a:3f:62:04:aa:77:79:47:01:46:1b:cc:
                    ce:35:8d:a9:5c:47:d4:0a:39:05:6f:db:f5:ad:d0:
                    ce:65:bd:f3:ad:ea:ff:49:4e:dd:1e:45:a8:85:39:
                    8b:47:52:7a:99:0c:f2:03:05:f5:27:fe:b6:17:88:
                    73:dc:2f:31:6b:6c:48:52:57:9d:f9:a9:11:44:08:
                    95:24:7e:17:3c:84:08:e5:1a:88:e2:fe:ee:12:0f:
                    04:93:91:f9:c5:6b:13:f6:46:e6:44:26:d7:ad:d7:
                    34:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:28:E4:66:AF:3F:00:9D:01:F2:0E:DD:97:37:74:9C:0E:09:B1:64
            X509v3 Authority Key Identifier:
                keyid:EE:9C:CD:38:A5:D6:49:68:80:BC:09:47:06:E6:8F:A0:4F:A2:CD:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7pzNOKXWSWiAvAlHBuaPoE-izZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/15f95c-b0b6-4522-8ea0-55beafa4bb29/1/QSjkZq8_AJ0B8g7dlzd0nA4JsWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/15f95c-b0b6-4522-8ea0-55beafa4bb29/1/7pzNOKXWSWiAvAlHBuaPoE-izZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.56.0/24
                IPv6:
                  2a14:ff00::/29

    Signature Algorithm: sha256WithRSAEncryption
         bb:04:13:4f:ae:9a:f3:80:26:f7:b3:c7:4c:6b:52:d7:b4:9e:
         cb:e8:bf:9d:be:88:fd:f3:6d:98:0a:0b:ed:94:a7:3b:d0:08:
         80:b4:d2:e2:8c:c4:e1:ad:7a:35:d4:5c:da:6a:e9:34:c7:1b:
         43:6b:70:6a:a6:04:b8:07:c9:27:23:8f:c1:47:24:e7:31:92:
         86:42:57:82:4d:c5:05:c4:ca:91:95:0c:6f:2b:0e:a7:9e:d4:
         56:c0:ae:68:29:b6:3f:e7:d7:a6:d7:ec:e2:1c:59:24:7f:74:
         03:db:54:ec:41:1d:f1:84:5d:43:b1:8c:2a:21:db:37:16:7a:
         6e:c7:0b:4b:c2:eb:5e:2a:e3:fd:b1:25:68:6f:d4:29:0e:0f:
         15:7a:30:54:57:2b:21:73:26:19:f6:7f:66:21:2a:b8:45:f4:
         7c:b9:4d:53:08:64:42:8d:03:0b:1c:a1:25:b6:95:9b:eb:d1:
         08:42:3d:c8:66:9a:2b:f7:c0:67:01:5d:f1:20:66:54:a5:6d:
         89:82:f9:9e:b2:4c:60:36:29:48:99:b7:c2:0e:8d:1b:ad:b4:
         7f:67:5a:cb:d9:96:81:15:5e:ea:8e:fa:c1:f5:eb:60:1d:0c:
         4c:a6:87:dc:9b:b8:c7:89:33:02:6f:86:f7:be:26:fa:43:e2:
         cb:b6:e4:70
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZVqCxoAJ0cahnyN4EXoOJXvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlOWNjZDM4YTVkNjQ5Njg4MGJjMDk0NzA2ZTY4ZmEwNGZh
MmNkOTYwHhcNMjUwMzA2MDYwMTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTI4ZTQ2NmFmM2YwMDlkMDFmMjBlZGQ5NzM3NzQ5YzBlMDliMTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTPD41/78KClIy6W9KAhK0PmRzRH
ac3aiOU8O/KTbuELaXVjkUPrlXTzj0Sjar3lXbKNBi/2G2/MtC5HiyH90/0/kjEU
Yk1vCecgcoyG7YA972P2lO8jl1R5mWVq3VxRTUhyL7n5Nmlsi/JeIkJCRgfrr0hI
a9zZVy9BuktHSjVa3uWhE65VaqkMqCWK4eq/GAWfU+p0MTYKP2IEqnd5RwFGG8zO
NY2pXEfUCjkFb9v1rdDOZb3zrer/SU7dHkWohTmLR1J6mQzyAwX1J/62F4hz3C8x
a2xIUled+akRRAiVJH4XPIQI5RqI4v7uEg8Ek5H5xWsT9kbmRCbXrdc0oQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEEo5GavPwCdAfIO3Zc3dJwOCbFkMB8GA1UdIwQY
MBaAFO6czTil1klogLwJRwbmj6BPos2WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3B6Tk9LWFdTV2lBdkFsSEJ1YVBvRS1pelpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8xNWY5NWMtYjBiNi00NTIyLThlYTAt
NTViZWFmYTRiYjI5LzEvUVNqa1pxOF9BSjBCOGc3ZGx6ZDBuQTRKc1dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8xNWY5NWMtYjBiNi00NTIyLThlYTAtNTViZWFmYTRiYjI5
LzEvN3B6Tk9LWFdTV2lBdkFsSEJ1YVBvRS1pelpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALQo4MA0E
AgACMAcDBQMqFP8AMA0GCSqGSIb3DQEBCwUAA4IBAQC7BBNPrprzgCb3s8dMa1LX
tJ7L6L+dvoj9822YCgvtlKc70AiAtNLijMThrXo11Fzaauk0xxtDa3BqpgS4B8kn
I4/BRyTnMZKGQleCTcUFxMqRlQxvKw6nntRWwK5oKbY/59em1+ziHFkkf3QD21Ts
QR3xhF1DsYwqIds3FnpuxwtLwuteKuP9sSVob9QpDg8VejBUVyshcyYZ9n9mISq4
RfR8uU1TCGRCjQMLHKEltpWb69EIQj3IZpor98BnAV3xIGZUpW2JgvmeskxgNilI
mbfCDo0brbR/Z1rL2ZaBFV7qjvrB9etgHQxMpofcm7jHiTMCb4b3vib6Q+LLtuRw
-----END CERTIFICATE-----