Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/lqMsv4zmgGEEi_2zOGiSJHjxBZg.roa
File:                     lqMsv4zmgGEEi_2zOGiSJHjxBZg.roa (raw, json)
Hash identifier:          fmsH7shO9H7EbPKTgSx+tFPICqoUkJwBNcDArH+sDk0=
Subject key identifier:   96:A3:2C:BF:8C:E6:80:61:04:8B:FD:B3:38:68:92:24:78:F1:05:98
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019696A88D04C644449A5EFD612B39D6D0D6
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/lqMsv4zmgGEEi_2zOGiSJHjxBZg.roa
Signing time:             Sat 03 May 2025 14:59:10 +0000
ROA not before:           Sat 03 May 2025 14:59:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213535
IP address blocks:        45.13.226.0/24 maxlen: 24
                          45.67.139.0/24 maxlen: 24
                          185.117.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 03:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:96:a8:8d:04:c6:44:44:9a:5e:fd:61:2b:39:d6:d0:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: May  3 14:59:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=96a32cbf8ce68061048bfdb33868922478f10598
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:f3:95:e3:50:5a:b2:93:77:bd:ac:ed:0a:d6:
                    91:c7:e7:5d:2b:ed:a9:3d:04:fd:fa:77:76:a7:c3:
                    dc:dd:7a:2b:22:f0:3e:21:5f:be:89:14:ca:50:c9:
                    0f:f0:5c:84:7b:01:8b:b2:7e:c5:a1:32:50:64:bf:
                    24:a0:61:8a:5f:57:c6:6a:1e:a2:cc:96:5c:33:e0:
                    3d:37:1f:ab:77:d2:29:a3:b5:0b:83:c0:7f:94:e6:
                    ea:02:74:cf:7d:56:03:8d:6f:c6:4e:25:e4:d3:60:
                    6f:38:17:29:4b:81:e2:6b:93:bc:34:cb:52:c5:cb:
                    89:06:5b:6e:85:c6:3b:c1:d8:5a:d3:6f:b4:49:f6:
                    7a:07:21:7f:1f:8d:81:58:a7:32:35:16:29:80:c4:
                    3f:0a:ec:aa:16:4c:9d:27:45:2b:44:c8:b9:00:b9:
                    0e:fc:21:f4:c2:63:8c:c4:81:75:0a:fa:94:ca:65:
                    de:e1:9b:af:8b:2c:a2:2e:3e:c4:f9:f2:cf:01:bf:
                    4d:12:39:c7:14:b1:73:71:2a:85:96:8c:76:da:35:
                    dc:fa:11:b2:ff:d4:fc:47:f0:f5:67:c8:ca:db:48:
                    73:d9:38:db:d0:59:c2:aa:a5:5c:f3:e1:fc:3e:2f:
                    f0:a4:0e:4a:aa:f5:36:f2:9b:49:b2:0d:1b:e8:17:
                    cd:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:A3:2C:BF:8C:E6:80:61:04:8B:FD:B3:38:68:92:24:78:F1:05:98
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/lqMsv4zmgGEEi_2zOGiSJHjxBZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.226.0/24
                  45.67.139.0/24
                  185.117.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:1a:da:7b:0c:90:f8:ed:c8:af:b0:b5:f0:b9:2f:df:8e:27:
         4a:2b:90:ad:64:53:e8:42:0b:ff:b9:aa:15:8f:fe:67:b3:09:
         47:a0:85:d3:f6:6e:5d:d9:0d:ee:91:a1:74:85:23:50:ca:7f:
         a8:4c:9f:aa:b5:9d:d4:91:12:f3:d0:c0:ab:3c:75:79:4b:10:
         10:89:a4:af:a5:e0:bb:66:a9:94:de:f9:fe:fc:17:fd:0f:4e:
         83:08:5d:b9:d3:df:d1:0a:58:63:dd:98:57:f0:47:77:d2:3c:
         ea:c0:5e:dc:b6:1f:e1:54:2d:ba:91:90:8d:eb:f5:56:c8:7e:
         f6:9c:bf:e5:62:aa:b1:36:44:e4:ba:76:83:96:dd:6f:1d:f8:
         2b:83:45:da:01:a9:96:09:7c:f6:f2:e4:25:dc:43:d1:97:43:
         59:25:ea:06:2b:f1:72:5a:59:42:89:94:21:43:82:85:27:52:
         f8:29:b0:38:c5:bb:d6:20:f1:f2:c6:c5:b6:44:e8:63:c2:d2:
         97:8b:20:15:ac:73:b4:9d:5b:b0:ae:9f:f5:b9:10:c4:a4:88:
         fc:42:24:a4:f5:4d:a7:95:35:54:8d:f0:e7:e9:10:22:94:29:
         41:d0:2a:7f:c8:1b:9e:90:5d:b1:f4:0a:01:72:31:11:0b:b1:
         9b:c7:6f:3f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZaWqI0ExkREml79YSs51tDWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwNTAzMTQ1OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmEzMmNiZjhjZTY4MDYxMDQ4YmZkYjMzODY4OTIyNDc4ZjEwNTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfOV41BaspN3vaztCtaRx+ddK+2p
PQT9+nd2p8Pc3XorIvA+IV++iRTKUMkP8FyEewGLsn7FoTJQZL8koGGKX1fGah6i
zJZcM+A9Nx+rd9Ipo7ULg8B/lObqAnTPfVYDjW/GTiXk02BvOBcpS4Hia5O8NMtS
xcuJBltuhcY7wdha02+0SfZ6ByF/H42BWKcyNRYpgMQ/CuyqFkydJ0UrRMi5ALkO
/CH0wmOMxIF1CvqUymXe4ZuviyyiLj7E+fLPAb9NEjnHFLFzcSqFlox22jXc+hGy
/9T8R/D1Z8jK20hz2Tjb0FnCqqVc8+H8Pi/wpA5KqvU28ptJsg0b6BfNCQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJajLL+M5oBhBIv9szhokiR48QWYMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvbHFNc3Y0em1nR0VFaV8yek9HaVNKSGp4QlpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALQ3iAwQA
LUOLAwQAuXUAMA0GCSqGSIb3DQEBCwUAA4IBAQAJGtp7DJD47civsLXwuS/fjidK
K5CtZFPoQgv/uaoVj/5nswlHoIXT9m5d2Q3ukaF0hSNQyn+oTJ+qtZ3UkRLz0MCr
PHV5SxAQiaSvpeC7ZqmU3vn+/Bf9D06DCF2509/RClhj3ZhX8Ed30jzqwF7cth/h
VC26kZCN6/VWyH72nL/lYqqxNkTkunaDlt1vHfgrg0XaAamWCXz28uQl3EPRl0NZ
JeoGK/FyWllCiZQhQ4KFJ1L4KbA4xbvWIPHyxsW2ROhjwtKXiyAVrHO0nVuwrp/1
uRDEpIj8QiSk9U2nlTVUjfDn6RAilClB0Cp/yBuekF2x9AoBcjERC7Gbx28/
-----END CERTIFICATE-----