Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/bqCIwVZ2XpZx_IfIj7dYA8wJreY.roa
File:                     bqCIwVZ2XpZx_IfIj7dYA8wJreY.roa (raw, json)
Hash identifier:          i6u6U6/gyOnTl0MAd6o9UqfZD0C1nlK3nCbIBUXXrK4=
Subject key identifier:   6E:A0:88:C1:56:76:5E:96:71:FC:87:C8:8F:B7:58:03:CC:09:AD:E6
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       019425FD9E31629883C0C6DEC5FD36B7CB03
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/bqCIwVZ2XpZx_IfIj7dYA8wJreY.roa
Signing time:             Thu 02 Jan 2025 07:49:25 +0000
ROA not before:           Thu 02 Jan 2025 07:49:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35913
IP address blocks:        45.150.224.0/24 maxlen: 32
                          45.150.225.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:9e:31:62:98:83:c0:c6:de:c5:fd:36:b7:cb:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Jan  2 07:49:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ea088c156765e9671fc87c88fb75803cc09ade6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:01:25:28:5f:80:85:fb:78:6a:06:bc:fb:f1:
                    56:9e:eb:01:ce:82:3b:32:76:20:8c:bc:1a:6c:c7:
                    1c:e2:e8:2a:f6:9c:49:a8:8d:c9:ee:4a:21:a6:6b:
                    88:d2:82:4d:2e:af:d7:00:7d:a2:29:88:43:38:c4:
                    64:8d:07:45:28:01:18:e0:9f:b2:cb:c5:43:8d:6a:
                    78:09:2b:ce:08:21:86:b9:68:11:e9:83:49:6d:9f:
                    89:a5:d4:1f:2b:58:b2:39:7e:5b:52:ab:16:bd:f0:
                    74:97:08:35:11:fb:7f:82:56:ac:16:87:fb:84:db:
                    60:2e:2e:4f:28:f6:69:92:ab:96:33:eb:81:31:90:
                    89:15:c4:60:2b:a9:de:ac:56:c8:f8:ef:44:ad:aa:
                    bd:af:81:52:b9:30:38:40:0d:96:d1:d4:bc:5c:97:
                    87:2d:c4:dc:fc:55:55:9f:8f:88:4e:80:42:e9:2a:
                    1e:b3:74:80:5e:bc:1d:a2:11:71:da:50:a3:3a:09:
                    54:bf:ef:2a:08:2b:80:1e:0d:b6:26:fa:bc:a0:c3:
                    7a:e3:58:2a:9a:59:a7:c2:7f:35:88:b1:8b:c2:1e:
                    9c:f4:64:4f:a6:6e:6e:9d:35:69:c1:38:94:5f:d6:
                    2f:db:7b:b4:e9:ec:74:cd:fb:98:de:fe:24:fb:b2:
                    08:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:A0:88:C1:56:76:5E:96:71:FC:87:C8:8F:B7:58:03:CC:09:AD:E6
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/bqCIwVZ2XpZx_IfIj7dYA8wJreY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:5d:08:6c:be:92:d1:de:7b:90:6b:3d:05:ba:10:ac:cf:76:
         26:c1:60:2e:b4:8c:4e:77:e6:45:a5:20:79:ef:47:6f:6f:e2:
         58:7b:75:d5:41:0f:3a:ec:02:b7:e3:4c:de:b7:8e:13:06:5b:
         4e:0e:cb:04:2d:29:b5:55:f1:7c:b0:e1:e9:1f:bb:99:50:b5:
         f9:5d:cd:8d:4f:12:e4:f8:da:4b:44:bc:4c:e2:be:72:16:bc:
         a9:12:4a:3b:69:eb:f2:4c:24:a5:85:2a:c3:71:3d:a3:8c:80:
         b8:19:40:88:0a:ea:89:24:78:b0:3e:05:6e:2c:45:a3:88:fa:
         73:16:1d:f5:18:b2:79:67:c2:88:c6:9f:9e:74:d2:a3:22:b0:
         e2:16:d8:2a:c7:fb:7e:14:66:32:47:8a:03:97:21:5f:fa:98:
         15:53:84:d5:fc:ac:47:6e:01:56:b0:65:31:b6:42:fa:79:43:
         18:6d:e6:54:2e:32:c6:90:5c:1c:6d:9f:40:23:5e:37:f5:74:
         2a:17:17:4c:b1:23:85:41:80:c2:85:e7:12:5a:8e:8c:fc:ee:
         eb:72:21:1d:81:b2:bc:27:17:58:67:e5:7a:42:8f:13:8e:e2:
         0d:27:64:f3:aa:ee:6a:ba:24:31:1b:ac:07:1c:d4:a1:1a:8e:
         6f:07:a1:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/Z4xYpiDwMbexf02t8sDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjUwMTAyMDc0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWEwODhjMTU2NzY1ZTk2NzFmYzg3Yzg4ZmI3NTgwM2NjMDlhZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQElKF+Ahft4aga8+/FWnusBzoI7
MnYgjLwabMcc4ugq9pxJqI3J7kohpmuI0oJNLq/XAH2iKYhDOMRkjQdFKAEY4J+y
y8VDjWp4CSvOCCGGuWgR6YNJbZ+JpdQfK1iyOX5bUqsWvfB0lwg1Eft/glasFof7
hNtgLi5PKPZpkquWM+uBMZCJFcRgK6nerFbI+O9Eraq9r4FSuTA4QA2W0dS8XJeH
LcTc/FVVn4+IToBC6Soes3SAXrwdohFx2lCjOglUv+8qCCuAHg22Jvq8oMN641gq
mlmnwn81iLGLwh6c9GRPpm5unTVpwTiUX9Yv23u06ex0zfuY3v4k+7IIvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG6giMFWdl6WcfyHyI+3WAPMCa3mMB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEvYnFDSXdWWjJYcFp4X0lmSWo3ZFlBOHdKcmVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZbgMA0G
CSqGSIb3DQEBCwUAA4IBAQBKXQhsvpLR3nuQaz0FuhCsz3YmwWAutIxOd+ZFpSB5
70dvb+JYe3XVQQ867AK340zet44TBltODssELSm1VfF8sOHpH7uZULX5Xc2NTxLk
+NpLRLxM4r5yFrypEko7aevyTCSlhSrDcT2jjIC4GUCICuqJJHiwPgVuLEWjiPpz
Fh31GLJ5Z8KIxp+edNKjIrDiFtgqx/t+FGYyR4oDlyFf+pgVU4TV/KxHbgFWsGUx
tkL6eUMYbeZULjLGkFwcbZ9AI1439XQqFxdMsSOFQYDChecSWo6M/O7rciEdgbK8
JxdYZ+V6Qo8TjuINJ2Tzqu5quiQxG6wHHNShGo5vB6HP
-----END CERTIFICATE-----