Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/qpXqPI2Lm4U2S7PWScdAxzqLkns.roa
File:                     qpXqPI2Lm4U2S7PWScdAxzqLkns.roa (raw, json)
Hash identifier:          Bzilqha0faSvo6uHWLbDknjpYoOKZ5PiVLmh9/Jq3LE=
Subject key identifier:   AA:95:EA:3C:8D:8B:9B:85:36:4B:B3:D6:49:C7:40:C7:3A:8B:92:7B
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       019425FCDA7FFE33C3E53B6BDFF968310D92
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/qpXqPI2Lm4U2S7PWScdAxzqLkns.roa
Signing time:             Thu 02 Jan 2025 07:48:35 +0000
ROA not before:           Thu 02 Jan 2025 07:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        45.67.140.0/24 maxlen: 24
                          94.154.180.0/23 maxlen: 23
                          185.230.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:da:7f:fe:33:c3:e5:3b:6b:df:f9:68:31:0d:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Jan  2 07:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa95ea3c8d8b9b85364bb3d649c740c73a8b927b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:c4:41:5b:80:54:c7:a7:f5:2d:05:5e:24:85:
                    eb:cd:bf:ec:d9:f8:5f:91:59:49:d8:46:1d:0b:0f:
                    79:37:95:5e:2c:65:5a:f0:7b:ff:ea:ac:16:01:cf:
                    2c:1e:ed:69:7a:b7:78:e3:c1:78:e5:9c:15:7f:c4:
                    96:ab:ff:16:08:a0:1c:55:98:15:98:a9:91:34:39:
                    73:d0:65:dd:79:4c:94:86:e2:b9:75:bf:e1:76:e9:
                    e2:3d:8e:17:af:b5:3d:67:bf:ee:83:75:04:e1:f8:
                    8a:12:9c:a3:2a:9e:91:2e:48:c4:bf:ea:86:3d:8d:
                    61:cd:85:74:ff:17:6c:ce:22:c3:51:2c:44:ba:e8:
                    61:ee:fa:6c:d9:e3:db:7d:9d:96:21:f4:a5:65:e1:
                    a8:31:37:95:5d:8d:7c:6a:c0:dc:d4:92:7e:1a:1c:
                    6b:09:db:d5:f1:b8:3b:54:d4:7c:40:d3:c1:a8:6a:
                    09:fe:2c:dd:ec:2f:fa:df:26:7a:ba:62:37:18:12:
                    77:84:4a:37:ef:e6:e7:b6:b6:64:ac:ec:ee:ec:8c:
                    5a:5d:3c:6f:ed:e9:70:d8:4c:7c:74:14:19:f1:a6:
                    6d:4a:ff:ba:56:36:c6:6a:a5:d3:c2:95:37:57:4f:
                    96:60:d6:1f:d7:06:cc:3c:0f:be:83:d8:a4:88:a2:
                    87:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:95:EA:3C:8D:8B:9B:85:36:4B:B3:D6:49:C7:40:C7:3A:8B:92:7B
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/qpXqPI2Lm4U2S7PWScdAxzqLkns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.140.0/24
                  94.154.180.0/23
                  185.230.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:42:ec:91:95:f2:78:8d:bf:f0:9a:ba:3b:bc:f1:ba:c7:4d:
         70:10:74:c1:aa:03:48:55:ad:e0:e0:71:73:08:c4:fc:4a:8e:
         d6:a8:39:0e:f1:13:30:fe:03:87:37:f4:89:c7:c1:18:f5:f6:
         27:57:de:f8:7f:bc:2b:df:10:fd:82:d2:53:f5:f7:ce:88:3a:
         ef:bf:64:49:c5:f3:09:34:5b:84:8c:72:4e:2f:31:e0:29:7b:
         e6:05:38:5a:9a:e9:67:ca:d6:d7:5f:7a:15:8b:92:be:6c:29:
         64:9c:c4:cf:4f:74:aa:de:3e:fe:76:fb:d0:6c:6f:47:da:a6:
         f6:cf:fb:2f:b4:3d:f6:75:b0:7d:1b:59:c9:6e:99:50:f4:09:
         6e:aa:d3:42:be:80:f4:9d:81:80:6e:84:b2:db:6e:7e:f3:2c:
         9c:56:93:dc:ba:83:18:25:41:d9:42:df:46:60:cc:9b:08:cd:
         22:85:62:81:00:13:10:71:da:d7:c9:0c:7b:17:c5:ed:0d:61:
         7c:fb:08:ed:ef:3c:a3:36:ae:0c:ed:da:7c:10:07:37:39:55:
         40:5e:4a:3b:b3:45:9f:87:18:f3:3b:ac:69:f7:e5:0f:b3:12:
         3e:f8:f5:0c:ba:7e:1e:1b:e2:13:ca:51:fe:92:e1:b8:db:8f:
         18:c7:08:cd
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQl/Np//jPD5Ttr3/loMQ2SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjUwMTAyMDc0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTk1ZWEzYzhkOGI5Yjg1MzY0YmIzZDY0OWM3NDBjNzNhOGI5MjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcRBW4BUx6f1LQVeJIXrzb/s2fhf
kVlJ2EYdCw95N5VeLGVa8Hv/6qwWAc8sHu1perd448F45ZwVf8SWq/8WCKAcVZgV
mKmRNDlz0GXdeUyUhuK5db/hduniPY4Xr7U9Z7/ug3UE4fiKEpyjKp6RLkjEv+qG
PY1hzYV0/xdsziLDUSxEuuhh7vps2ePbfZ2WIfSlZeGoMTeVXY18asDc1JJ+Ghxr
CdvV8bg7VNR8QNPBqGoJ/izd7C/63yZ6umI3GBJ3hEo37+bntrZkrOzu7IxaXTxv
7elw2Ex8dBQZ8aZtSv+6VjbGaqXTwpU3V0+WYNYf1wbMPA++g9ikiKKHOwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKqV6jyNi5uFNkuz1knHQMc6i5J7MB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvcXBYcVBJMkxtNFUyUzdQV1NjZEF4enFMa25zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALUOMAwQB
Xpq0AwQAueZ6MA0GCSqGSIb3DQEBCwUAA4IBAQAmQuyRlfJ4jb/wmro7vPG6x01w
EHTBqgNIVa3g4HFzCMT8So7WqDkO8RMw/gOHN/SJx8EY9fYnV974f7wr3xD9gtJT
9ffOiDrvv2RJxfMJNFuEjHJOLzHgKXvmBThamulnytbXX3oVi5K+bClknMTPT3Sq
3j7+dvvQbG9H2qb2z/svtD32dbB9G1nJbplQ9AluqtNCvoD0nYGAboSy225+8yyc
VpPcuoMYJUHZQt9GYMybCM0ihWKBABMQcdrXyQx7F8XtDWF8+wjt7zyjNq4M7dp8
EAc3OVVAXko7s0WfhxjzO6xp9+UPsxI++PUMun4eG+ITylH+kuG4248YxwjN
-----END CERTIFICATE-----