Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/24df72-fccc-48df-a5ae-1a64a8077b14/1/qamXgGdELqVwuCRXcGaE5fyjphY.roa
File:                     qamXgGdELqVwuCRXcGaE5fyjphY.roa (raw, json)
Hash identifier:          XwiZQCHwX+Vwexgrkkuz5eMSgh62jyoQLxKiqhe1Bqg=
Subject key identifier:   A9:A9:97:80:67:44:2E:A5:70:B8:24:57:70:66:84:E5:FC:A3:A6:16
Certificate issuer:       /CN=49f80697fe2e2d97b591ad5b91580555a44d0388
Certificate serial:       0196DDA04541675CC4C6D66C962E03B60428
Authority key identifier: 49:F8:06:97:FE:2E:2D:97:B5:91:AD:5B:91:58:05:55:A4:4D:03:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SfgGl_4uLZe1ka1bkVgFVaRNA4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/24df72-fccc-48df-a5ae-1a64a8077b14/1/qamXgGdELqVwuCRXcGaE5fyjphY.roa
Signing time:             Sat 17 May 2025 09:43:10 +0000
ROA not before:           Sat 17 May 2025 09:43:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216151
IP address blocks:        45.142.200.0/24 maxlen: 24
                          45.142.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/24df72-fccc-48df-a5ae-1a64a8077b14/1/SfgGl_4uLZe1ka1bkVgFVaRNA4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/24df72-fccc-48df-a5ae-1a64a8077b14/1/SfgGl_4uLZe1ka1bkVgFVaRNA4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SfgGl_4uLZe1ka1bkVgFVaRNA4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:dd:a0:45:41:67:5c:c4:c6:d6:6c:96:2e:03:b6:04:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49f80697fe2e2d97b591ad5b91580555a44d0388
        Validity
            Not Before: May 17 09:43:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9a9978067442ea570b82457706684e5fca3a616
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:92:be:c2:8e:69:19:0c:28:f4:37:3d:2f:5c:
                    c9:b1:36:0d:ee:cb:eb:9c:bb:b4:c4:1c:d6:40:f1:
                    5f:f9:47:b4:b6:18:5a:e2:47:fb:15:89:84:55:5f:
                    2a:19:98:6a:33:ef:28:2c:35:f7:f4:c5:25:8f:cc:
                    54:6a:f0:61:dd:de:71:50:86:f1:41:0c:6b:6a:a2:
                    4d:8c:8d:1b:1b:cb:a1:fe:ef:59:9c:f6:69:13:36:
                    53:1b:01:b6:a2:47:4c:3d:17:ed:11:e1:14:fc:c2:
                    3b:3e:27:a2:3b:e2:8d:90:2c:99:c6:0a:58:e1:f6:
                    94:7b:41:7a:62:fa:a8:eb:e9:d4:b5:27:09:8f:55:
                    24:4b:b3:55:0e:93:0b:2e:c6:1d:16:fa:45:42:35:
                    10:86:4d:ea:21:69:fb:04:66:a3:c1:f0:e7:95:cc:
                    5e:55:af:ed:be:1d:45:69:79:49:64:8b:08:da:42:
                    41:2d:06:a4:63:80:ce:63:78:d1:a3:1a:31:36:5e:
                    bb:f2:03:8b:5e:a8:a8:8c:01:2b:f3:e4:28:30:cc:
                    f6:0c:6d:5c:2a:32:f6:25:ef:0c:43:5e:a8:78:99:
                    21:eb:69:2f:a8:a8:7b:67:a7:66:25:68:d0:e2:2c:
                    f7:69:0f:78:fe:4e:4b:28:5f:ce:46:e9:17:3b:18:
                    4f:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:A9:97:80:67:44:2E:A5:70:B8:24:57:70:66:84:E5:FC:A3:A6:16
            X509v3 Authority Key Identifier:
                keyid:49:F8:06:97:FE:2E:2D:97:B5:91:AD:5B:91:58:05:55:A4:4D:03:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SfgGl_4uLZe1ka1bkVgFVaRNA4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/24df72-fccc-48df-a5ae-1a64a8077b14/1/qamXgGdELqVwuCRXcGaE5fyjphY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/24df72-fccc-48df-a5ae-1a64a8077b14/1/SfgGl_4uLZe1ka1bkVgFVaRNA4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.200.0/24
                  45.142.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:47:b9:3b:6b:af:b6:ab:e2:18:c1:6c:b9:f6:65:e7:78:f0:
         5f:7f:70:ed:3b:59:8a:75:70:be:8a:62:3e:ac:e9:03:ba:22:
         93:c5:c3:01:14:d1:6a:1d:ed:b9:af:f2:0d:ee:ae:bf:a0:61:
         17:72:b8:84:f2:ff:4e:bb:6c:88:1e:ed:3a:90:b0:b3:fc:22:
         5a:89:f1:93:28:54:9f:ae:e4:3a:36:22:97:72:e5:ed:64:d4:
         a8:cc:1d:d2:bd:db:40:f9:17:92:ff:93:62:53:e0:23:5c:1c:
         75:ff:7b:17:bf:89:d4:3f:55:5f:c9:8a:f4:0c:eb:61:25:0a:
         5a:c2:65:01:32:bf:31:5b:1e:00:ec:2a:4c:3d:d0:f8:4e:06:
         6b:ed:fa:34:b8:19:7b:c5:02:bd:88:8a:4f:09:f5:8d:aa:65:
         d7:bf:89:7f:23:3b:d6:8a:b3:1e:01:6c:28:39:34:8f:08:62:
         55:a2:44:54:ec:5c:bb:27:30:a4:6d:09:2b:39:a9:37:3e:d8:
         99:9b:1f:dd:71:f4:9e:fb:78:d7:9e:18:da:91:c8:5b:d6:cc:
         a8:21:74:9d:71:8a:20:e1:28:df:58:de:a5:e3:de:45:26:ad:
         83:4c:f8:61:4d:52:b0:29:c2:4e:af:d3:7e:34:d9:74:3c:55:
         82:1d:c3:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbdoEVBZ1zExtZsli4DtgQoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZjgwNjk3ZmUyZTJkOTdiNTkxYWQ1YjkxNTgwNTU1YTQ0
ZDAzODgwHhcNMjUwNTE3MDk0MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWE5OTc4MDY3NDQyZWE1NzBiODI0NTc3MDY2ODRlNWZjYTNhNjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupK+wo5pGQwo9Dc9L1zJsTYN7svr
nLu0xBzWQPFf+Ue0thha4kf7FYmEVV8qGZhqM+8oLDX39MUlj8xUavBh3d5xUIbx
QQxraqJNjI0bG8uh/u9ZnPZpEzZTGwG2okdMPRftEeEU/MI7PieiO+KNkCyZxgpY
4faUe0F6Yvqo6+nUtScJj1UkS7NVDpMLLsYdFvpFQjUQhk3qIWn7BGajwfDnlcxe
Va/tvh1FaXlJZIsI2kJBLQakY4DOY3jRoxoxNl678gOLXqiojAEr8+QoMMz2DG1c
KjL2Je8MQ16oeJkh62kvqKh7Z6dmJWjQ4iz3aQ94/k5LKF/ORukXOxhPTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKmpl4BnRC6lcLgkV3BmhOX8o6YWMB8GA1UdIwQY
MBaAFEn4Bpf+Li2XtZGtW5FYBVWkTQOIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2ZnR2xfNHVMWmUxa2ExYmtWZ0ZWYVJOQTRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8yNGRmNzItZmNjYy00OGRmLWE1YWUt
MWE2NGE4MDc3YjE0LzEvcWFtWGdHZEVMcVZ3dUNSWGNHYUU1ZnlqcGhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8yNGRmNzItZmNjYy00OGRmLWE1YWUtMWE2NGE4MDc3YjE0
LzEvU2ZnR2xfNHVMWmUxa2ExYmtWZ0ZWYVJOQTRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALY7IAwQA
LY7KMA0GCSqGSIb3DQEBCwUAA4IBAQAZR7k7a6+2q+IYwWy59mXnePBff3DtO1mK
dXC+imI+rOkDuiKTxcMBFNFqHe25r/IN7q6/oGEXcriE8v9Ou2yIHu06kLCz/CJa
ifGTKFSfruQ6NiKXcuXtZNSozB3SvdtA+ReS/5NiU+AjXBx1/3sXv4nUP1VfyYr0
DOthJQpawmUBMr8xWx4A7CpMPdD4TgZr7fo0uBl7xQK9iIpPCfWNqmXXv4l/IzvW
irMeAWwoOTSPCGJVokRU7Fy7JzCkbQkrOak3PtiZmx/dcfSe+3jXnhjakchb1syo
IXSdcYog4SjfWN6l495FJq2DTPhhTVKwKcJOr9N+NNl0PFWCHcM4
-----END CERTIFICATE-----