Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/xql_-P-OAPxsw0DYqDMeVv_ouM0.roa
File:                     xql_-P-OAPxsw0DYqDMeVv_ouM0.roa (raw, json)
Hash identifier:          z3TNfUg7hcPhHMAkA1yXUFzFfkViIiMqGb4M5hsyxWc=
Subject key identifier:   C6:A9:7F:F8:FF:8E:00:FC:6C:C3:40:D8:A8:33:1E:56:FF:E8:B8:CD
Certificate issuer:       /CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
Certificate serial:       0198D7F2B51745C1B3026FBA93D6EF922F57
Authority key identifier: 32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/xql_-P-OAPxsw0DYqDMeVv_ouM0.roa
Signing time:             Sat 23 Aug 2025 17:21:04 +0000
ROA not before:           Sat 23 Aug 2025 17:21:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198584
IP address blocks:        45.141.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 17:19:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d7:f2:b5:17:45:c1:b3:02:6f:ba:93:d6:ef:92:2f:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
        Validity
            Not Before: Aug 23 17:21:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c6a97ff8ff8e00fc6cc340d8a8331e56ffe8b8cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:88:a3:15:f8:63:76:68:de:7d:1a:f5:6a:fd:
                    95:d2:d9:8c:8c:01:cc:8f:a4:17:69:29:73:65:ba:
                    37:d7:2e:6f:2d:3d:ce:3c:c7:27:28:0d:32:d5:2a:
                    35:a5:cb:ce:8a:0f:73:14:02:2d:92:f1:d2:a0:ef:
                    18:2b:a0:8f:40:4f:4a:a6:b4:f7:ba:c6:eb:97:90:
                    50:19:59:7e:3a:61:89:67:c8:a3:78:37:39:c1:70:
                    a5:6e:13:fc:f7:ef:6d:6f:02:f3:80:1b:24:af:92:
                    e8:b4:ec:8e:19:f9:13:64:31:7f:01:11:c4:fe:e4:
                    68:27:ed:a7:ce:0d:26:0b:2c:3d:dd:3a:29:cb:73:
                    d5:2b:c3:c0:7b:2a:19:04:94:de:c2:4a:7d:ee:62:
                    b2:42:b4:8d:d4:07:48:29:ff:e8:e3:6c:ab:b9:a8:
                    f3:b5:0e:fd:d5:51:2a:12:8d:fa:09:f8:e0:b5:f2:
                    6d:b4:ac:da:63:a0:4c:d6:41:33:b8:d2:d9:92:76:
                    33:4e:0d:74:96:f2:75:20:1c:8f:eb:dc:a8:4b:74:
                    41:78:9e:03:c9:88:c6:a6:dd:06:df:a9:68:cf:ad:
                    36:50:ff:e3:ad:45:c5:5c:c1:06:c6:d3:34:89:2b:
                    76:90:04:15:30:7a:1f:e8:d1:99:47:d3:81:dc:2a:
                    ae:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:A9:7F:F8:FF:8E:00:FC:6C:C3:40:D8:A8:33:1E:56:FF:E8:B8:CD
            X509v3 Authority Key Identifier:
                keyid:32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/xql_-P-OAPxsw0DYqDMeVv_ouM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:c8:9c:43:f1:dd:e0:df:c1:81:15:b0:2b:33:cd:0f:0c:d0:
         1e:90:40:e2:e6:55:57:d1:8c:dc:2b:75:61:11:f4:79:17:7e:
         5f:b2:a8:1f:48:71:4a:de:51:49:fe:4e:73:62:c6:32:71:64:
         52:42:17:f5:00:88:db:d4:60:3d:df:52:63:79:f2:25:5b:7e:
         b6:65:dc:01:cb:a0:4b:af:91:29:84:41:03:b9:82:79:8b:a5:
         e8:b9:40:19:d1:ed:2c:d5:86:3a:e2:32:db:d3:0d:46:ae:ca:
         2f:00:14:99:46:92:5a:d2:09:dc:33:29:2e:75:a4:a3:e3:96:
         8f:55:9c:6e:c7:ed:f5:0c:04:58:24:bf:55:52:8a:7f:b9:dc:
         03:d4:79:d7:4a:73:9c:18:e5:bb:f6:37:5e:50:8c:39:c5:9c:
         a6:bb:36:70:51:ce:bd:21:7d:47:a7:eb:7c:1d:cb:4b:59:bf:
         f5:18:41:e8:5e:e3:d8:41:6a:33:92:e2:6c:90:37:04:f1:bc:
         58:cb:c8:e5:d7:0e:7f:e5:d0:7b:9d:1b:d0:7a:ed:16:ff:7b:
         4b:3e:57:73:cc:1a:c8:d4:03:d5:87:f2:99:c9:ea:2e:ad:b7:
         7c:b2:7d:4b:3c:da:34:0a:1f:78:c2:af:e6:10:30:c8:7d:17:
         2d:35:a5:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjX8rUXRcGzAm+6k9bvki9XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNDc0YWM3Y2E4NWUwOWMyZDQ4YjMzZTdiZjY2ZjhlZDc2
NGRlMGYwHhcNMjUwODIzMTcyMTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmE5N2ZmOGZmOGUwMGZjNmNjMzQwZDhhODMzMWU1NmZmZThiOGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4ijFfhjdmjefRr1av2V0tmMjAHM
j6QXaSlzZbo31y5vLT3OPMcnKA0y1So1pcvOig9zFAItkvHSoO8YK6CPQE9KprT3
usbrl5BQGVl+OmGJZ8ijeDc5wXClbhP89+9tbwLzgBskr5LotOyOGfkTZDF/ARHE
/uRoJ+2nzg0mCyw93Topy3PVK8PAeyoZBJTewkp97mKyQrSN1AdIKf/o42yruajz
tQ791VEqEo36CfjgtfJttKzaY6BM1kEzuNLZknYzTg10lvJ1IByP69yoS3RBeJ4D
yYjGpt0G36loz602UP/jrUXFXMEGxtM0iSt2kAQVMHof6NGZR9OB3CquYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMapf/j/jgD8bMNA2KgzHlb/6LjNMB8GA1UdIwQY
MBaAFDJHSsfKheCcLUizPnv2b47XZN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzkt
MTJlYzIyYzljNWEyLzEveHFsXy1QLU9BUHhzdzBEWXFETWVWdl9vdU0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzktMTJlYzIyYzljNWEy
LzEvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY00MA0G
CSqGSIb3DQEBCwUAA4IBAQC7yJxD8d3g38GBFbArM80PDNAekEDi5lVX0YzcK3Vh
EfR5F35fsqgfSHFK3lFJ/k5zYsYycWRSQhf1AIjb1GA931JjefIlW362ZdwBy6BL
r5EphEEDuYJ5i6XouUAZ0e0s1YY64jLb0w1GrsovABSZRpJa0gncMykudaSj45aP
VZxux+31DARYJL9VUop/udwD1HnXSnOcGOW79jdeUIw5xZymuzZwUc69IX1Hp+t8
HctLWb/1GEHoXuPYQWozkuJskDcE8bxYy8jl1w5/5dB7nRvQeu0W/3tLPldzzBrI
1APVh/KZyeourbd8sn1LPNo0Ch94wq/mEDDIfRctNaV0
-----END CERTIFICATE-----