Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/QeerLAK71Qb6z5E5Xy_8YmbLRg4.roa
File:                     QeerLAK71Qb6z5E5Xy_8YmbLRg4.roa (raw, json)
Hash identifier:          bwKmcHpJ8sxr3NY1naeq8+rONlLqqA59Kwxqm3E1UeM=
Subject key identifier:   41:E7:AB:2C:02:BB:D5:06:FA:CF:91:39:5F:2F:FC:62:66:CB:46:0E
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       0195808E8A873D8F75093C2CBE1C1D62E94A
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/QeerLAK71Qb6z5E5Xy_8YmbLRg4.roa
Signing time:             Mon 10 Mar 2025 14:56:19 +0000
ROA not before:           Mon 10 Mar 2025 14:56:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49854
IP address blocks:        45.146.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:80:8e:8a:87:3d:8f:75:09:3c:2c:be:1c:1d:62:e9:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Mar 10 14:56:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41e7ab2c02bbd506facf91395f2ffc6266cb460e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:bc:83:a0:c3:5a:43:61:d5:54:15:0c:9d:f3:
                    07:56:77:e7:bd:ad:5b:19:4f:d4:a4:74:39:15:f6:
                    c9:3c:41:c5:69:c4:cf:05:b6:dc:05:63:f5:61:e0:
                    0a:1e:34:97:8f:35:2d:af:88:e7:e3:49:61:55:b3:
                    d2:0e:e8:30:22:43:89:61:c2:48:80:5f:ec:24:63:
                    f3:2e:40:95:04:06:d3:56:19:75:25:da:6f:b1:13:
                    ac:56:79:0c:e4:5c:29:25:ad:74:56:8c:9e:47:11:
                    6f:fe:9a:01:aa:b0:b5:33:34:87:c1:1c:34:97:f4:
                    5b:75:38:ec:16:37:d9:92:41:4c:29:8c:83:77:13:
                    29:a8:c6:4e:7b:a4:a0:59:c0:bf:81:87:25:fb:0a:
                    c4:62:30:20:5a:01:2b:47:e5:bc:ca:a4:29:80:88:
                    59:ca:24:cb:44:98:f9:74:b7:f1:69:f1:f4:65:71:
                    cc:20:b3:78:79:16:a1:2f:6e:fd:68:73:7c:07:17:
                    f6:11:d4:b7:cd:c9:f2:d4:c2:1b:de:fa:d5:37:ac:
                    7e:39:76:ac:63:10:1a:b8:f0:07:e7:63:ac:87:54:
                    1e:aa:78:11:ba:f3:db:58:ce:ca:63:9a:eb:79:fb:
                    6f:1e:34:30:7d:be:9f:b7:ed:0d:c2:1c:dd:87:fe:
                    dc:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:E7:AB:2C:02:BB:D5:06:FA:CF:91:39:5F:2F:FC:62:66:CB:46:0E
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/QeerLAK71Qb6z5E5Xy_8YmbLRg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:f6:e7:88:05:b6:bf:fb:a8:98:8f:4b:c9:55:52:8f:71:1c:
         7c:0b:4d:3a:16:ad:b6:52:37:99:c1:ed:51:06:a9:32:6a:53:
         4d:8e:e9:69:28:de:b3:e1:16:d9:33:c2:10:2c:65:bb:51:8a:
         41:9b:14:a8:7d:26:c3:32:13:5b:cd:fb:76:64:20:41:76:9d:
         b0:3c:4c:f7:ab:af:9a:bc:51:16:90:2d:1e:f4:ec:3e:76:6a:
         3e:6a:1c:ac:8b:1a:16:0a:4a:3d:c1:69:16:58:5f:2d:34:e2:
         2a:11:36:ec:6a:bd:4b:80:ab:ca:4b:f2:b2:ff:24:95:9f:fc:
         60:bd:57:15:d0:24:39:dc:81:28:79:29:a6:6d:38:34:3a:2b:
         42:a6:d9:c2:9e:43:81:d3:85:e8:9e:06:32:64:eb:31:31:3c:
         d1:d5:5a:64:74:54:7b:c1:1e:ea:fe:c4:88:8d:ae:9f:16:2b:
         e1:27:f2:e8:55:0d:29:f5:18:d4:be:bc:51:8d:47:ea:c0:f2:
         d1:08:c6:3f:08:9b:01:51:7d:90:e8:b3:30:25:ae:75:56:f1:
         20:4d:83:74:9f:d2:68:ac:5d:66:68:5d:c1:04:c2:36:aa:4c:
         b5:0d:5b:d8:22:5f:fc:63:b0:08:e0:88:df:cc:f2:2c:f7:64:
         52:9f:74:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWAjoqHPY91CTwsvhwdYulKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMzEwMTQ1NjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWU3YWIyYzAyYmJkNTA2ZmFjZjkxMzk1ZjJmZmM2MjY2Y2I0NjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiryDoMNaQ2HVVBUMnfMHVnfnva1b
GU/UpHQ5FfbJPEHFacTPBbbcBWP1YeAKHjSXjzUtr4jn40lhVbPSDugwIkOJYcJI
gF/sJGPzLkCVBAbTVhl1JdpvsROsVnkM5FwpJa10VoyeRxFv/poBqrC1MzSHwRw0
l/RbdTjsFjfZkkFMKYyDdxMpqMZOe6SgWcC/gYcl+wrEYjAgWgErR+W8yqQpgIhZ
yiTLRJj5dLfxafH0ZXHMILN4eRahL279aHN8Bxf2EdS3zcny1MIb3vrVN6x+OXas
YxAauPAH52Osh1QeqngRuvPbWM7KY5rreftvHjQwfb6ft+0Nwhzdh/7cfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEHnqywCu9UG+s+ROV8v/GJmy0YOMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvUWVlckxBSzcxUWI2ejVFNVh5XzhZbWJMUmc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZIoMA0G
CSqGSIb3DQEBCwUAA4IBAQBh9ueIBba/+6iYj0vJVVKPcRx8C006Fq22UjeZwe1R
BqkyalNNjulpKN6z4RbZM8IQLGW7UYpBmxSofSbDMhNbzft2ZCBBdp2wPEz3q6+a
vFEWkC0e9Ow+dmo+ahysixoWCko9wWkWWF8tNOIqETbsar1LgKvKS/Ky/ySVn/xg
vVcV0CQ53IEoeSmmbTg0OitCptnCnkOB04XongYyZOsxMTzR1VpkdFR7wR7q/sSI
ja6fFivhJ/LoVQ0p9RjUvrxRjUfqwPLRCMY/CJsBUX2Q6LMwJa51VvEgTYN0n9Jo
rF1maF3BBMI2qky1DVvYIl/8Y7AI4IjfzPIs92RSn3QU
-----END CERTIFICATE-----