Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/MqhH7LZrBnXXGBOARTaALjBOu0k.roa
File:                     MqhH7LZrBnXXGBOARTaALjBOu0k.roa (raw, json)
Hash identifier:          eb5e3IYtX1JLVkPpTH90MSfTGSJlQRW4w6AkJQsqHDE=
Subject key identifier:   32:A8:47:EC:B6:6B:06:75:D7:18:13:80:45:36:80:2E:30:4E:BB:49
Certificate issuer:       /CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
Certificate serial:       019424448EAD61616099CFEC46BFE49CA250
Authority key identifier: C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/MqhH7LZrBnXXGBOARTaALjBOu0k.roa
Signing time:             Wed 01 Jan 2025 23:47:40 +0000
ROA not before:           Wed 01 Jan 2025 23:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5511
IP address blocks:        45.157.158.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:8e:ad:61:61:60:99:cf:ec:46:bf:e4:9c:a2:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
        Validity
            Not Before: Jan  1 23:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32a847ecb66b0675d71813804536802e304ebb49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:57:03:70:84:4d:13:73:f9:61:4d:9a:8f:5c:
                    8f:c6:7a:00:df:80:9a:e1:c3:a1:05:53:85:c2:1d:
                    4a:6d:01:e1:68:f1:14:a5:24:92:3f:62:80:36:e6:
                    82:73:3a:44:5c:18:4f:2a:0f:e0:02:ed:29:69:51:
                    2e:d1:a3:24:3a:e4:97:62:22:15:47:b6:d4:6c:a7:
                    ea:bd:b3:ce:b2:03:39:22:f2:f6:60:9e:11:b4:d2:
                    c9:24:70:5d:41:83:92:24:1b:7a:76:90:dd:5a:85:
                    aa:43:a6:61:ba:8d:27:7c:56:1a:00:6a:41:3e:d5:
                    3d:dc:4d:93:b3:91:fc:51:47:6a:86:60:09:77:86:
                    7a:13:4e:6f:35:8b:18:7f:b9:14:9d:12:74:8e:b4:
                    03:8e:9d:78:2f:ce:db:5e:ed:77:40:1d:84:00:56:
                    b0:f4:2e:5d:ec:5f:8d:6a:10:fa:1a:8f:13:53:bd:
                    7a:ba:47:83:01:34:cc:d9:b4:9d:82:f5:b2:02:67:
                    ce:99:1e:74:b1:f1:b5:ce:58:2c:0f:db:00:88:f2:
                    5a:40:9c:54:5a:d7:88:74:06:f1:92:46:0f:c7:e1:
                    8c:83:a7:f2:cc:38:eb:9c:b3:ef:90:5a:3b:77:c6:
                    8a:8f:23:3e:08:4f:0f:4a:e9:8a:fa:09:d9:0f:cd:
                    d1:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:A8:47:EC:B6:6B:06:75:D7:18:13:80:45:36:80:2E:30:4E:BB:49
            X509v3 Authority Key Identifier:
                keyid:C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/MqhH7LZrBnXXGBOARTaALjBOu0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:02:94:f2:0d:35:79:6d:5d:22:df:95:8d:bf:43:9b:f7:ec:
         b8:a4:9c:ca:aa:a2:89:54:a1:c8:f4:55:8d:50:af:07:cc:43:
         08:13:34:b1:25:2b:02:48:85:fd:51:ed:46:59:1b:80:84:53:
         3e:f7:f9:60:a5:fe:b7:f3:08:d9:3f:ac:61:1c:94:90:91:b6:
         36:8d:ed:7c:c2:67:32:6a:62:66:5f:9e:a5:70:cc:40:28:37:
         56:66:15:de:70:f6:c8:a3:a7:69:07:c8:5f:87:f8:b4:d6:f2:
         b8:e2:3e:0c:13:13:61:08:11:fc:ee:a9:f6:9d:bb:57:fc:bf:
         fa:9c:d8:78:56:dc:84:38:ca:a7:00:ad:e5:f3:f5:10:f3:2d:
         3a:a6:30:30:13:eb:8f:1d:a7:49:0d:93:db:d5:e8:e8:14:7d:
         40:2f:bc:aa:77:cb:21:16:9b:b4:fd:30:e9:a9:4f:7f:73:5d:
         42:4c:98:97:5c:27:91:b9:93:1a:a9:8a:01:18:02:07:66:6e:
         b9:c3:32:2d:7c:a9:c4:52:36:f1:5c:f2:50:d0:31:e2:0a:94:
         c9:e4:c6:0d:42:3c:da:c3:4b:a6:73:80:fe:ab:5e:da:8d:aa:
         12:d9:67:3d:84:20:a4:c7:7f:5d:8e:9a:61:77:a5:d7:b2:88:
         31:7a:9a:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRI6tYWFgmc/sRr/knKJQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YTI0OWEwZWFjZDhhYmNiZWEwZDgyZWY3MTAxNmQzODZl
OGVmOTQwHhcNMjUwMTAxMjM0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmE4NDdlY2I2NmIwNjc1ZDcxODEzODA0NTM2ODAyZTMwNGViYjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FcDcIRNE3P5YU2aj1yPxnoA34Ca
4cOhBVOFwh1KbQHhaPEUpSSSP2KANuaCczpEXBhPKg/gAu0paVEu0aMkOuSXYiIV
R7bUbKfqvbPOsgM5IvL2YJ4RtNLJJHBdQYOSJBt6dpDdWoWqQ6Zhuo0nfFYaAGpB
PtU93E2Ts5H8UUdqhmAJd4Z6E05vNYsYf7kUnRJ0jrQDjp14L87bXu13QB2EAFaw
9C5d7F+NahD6Go8TU716ukeDATTM2bSdgvWyAmfOmR50sfG1zlgsD9sAiPJaQJxU
WteIdAbxkkYPx+GMg6fyzDjrnLPvkFo7d8aKjyM+CE8PSumK+gnZD83R5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDKoR+y2awZ11xgTgEU2gC4wTrtJMB8GA1UdIwQY
MBaAFMaiSaDqzYq8vqDYLvcQFtOG6O+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2Ut
MjEwNTdkMjI4ZDA1LzEvTXFoSDdMWnJCblhYR0JPQVJUYUFMakJPdTBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2UtMjEwNTdkMjI4ZDA1
LzEveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZ2eMA0G
CSqGSIb3DQEBCwUAA4IBAQArApTyDTV5bV0i35WNv0Ob9+y4pJzKqqKJVKHI9FWN
UK8HzEMIEzSxJSsCSIX9Ue1GWRuAhFM+9/lgpf638wjZP6xhHJSQkbY2je18wmcy
amJmX56lcMxAKDdWZhXecPbIo6dpB8hfh/i01vK44j4MExNhCBH87qn2nbtX/L/6
nNh4VtyEOMqnAK3l8/UQ8y06pjAwE+uPHadJDZPb1ejoFH1AL7yqd8shFpu0/TDp
qU9/c11CTJiXXCeRuZMaqYoBGAIHZm65wzItfKnEUjbxXPJQ0DHiCpTJ5MYNQjza
w0umc4D+q17ajaoS2Wc9hCCkx39djpphd6XXsogxepoE
-----END CERTIFICATE-----