Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/qeW6k62Ova_Op7BhYtzucMuedHs.roa
File:                     qeW6k62Ova_Op7BhYtzucMuedHs.roa (raw, json)
Hash identifier:          iPCOF2sKXY5KaN1yHnhdOMP4cE9n3NAPWSlvKOP6/hY=
Subject key identifier:   A9:E5:BA:93:AD:8E:BD:AF:CE:A7:B0:61:62:DC:EE:70:CB:9E:74:7B
Certificate issuer:       /CN=e15808f3f921bc8c3eea87c7584c584c1000b051
Certificate serial:       01966C27818CB60450240549871DAD572861
Authority key identifier: E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/qeW6k62Ova_Op7BhYtzucMuedHs.roa
Signing time:             Fri 25 Apr 2025 08:54:10 +0000
ROA not before:           Fri 25 Apr 2025 08:54:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398465
IP address blocks:        45.139.36.0/22 maxlen: 24
                          45.139.56.0/22 maxlen: 24
                          45.139.64.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6c:27:81:8c:b6:04:50:24:05:49:87:1d:ad:57:28:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e15808f3f921bc8c3eea87c7584c584c1000b051
        Validity
            Not Before: Apr 25 08:54:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9e5ba93ad8ebdafcea7b06162dcee70cb9e747b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:18:d8:1f:96:4a:1a:78:d9:8f:77:80:81:19:
                    f1:7b:eb:1f:3e:3b:df:d4:c6:be:9f:4b:7d:8c:ae:
                    b9:44:56:b9:00:d5:aa:c3:cb:d8:c2:fa:39:c2:34:
                    bd:77:67:91:dc:1e:58:7b:d9:eb:4a:93:7d:25:d9:
                    54:8f:0e:79:d1:78:0d:dc:4a:9f:cf:f4:72:e3:7a:
                    04:fb:b4:1b:13:0e:50:14:d2:b8:87:30:93:de:41:
                    27:e9:5c:8c:c5:31:29:2d:c8:f1:e4:b2:8e:6a:18:
                    08:8b:c1:60:0b:e6:62:98:0a:33:a6:1f:6b:44:07:
                    1c:5b:28:02:a9:45:08:b8:46:f3:f0:40:25:11:3f:
                    3c:0d:08:17:83:8d:62:58:e8:71:1c:45:83:a2:be:
                    ed:85:f8:13:94:d8:1b:2c:dd:59:b2:66:08:d6:b9:
                    9b:ab:43:d5:02:72:6b:0f:9b:0c:1a:a7:8a:91:a3:
                    ca:3b:9b:d0:cb:2c:47:b9:ff:8f:cf:20:71:c4:5d:
                    3f:2f:c9:a4:8a:67:32:de:e1:61:38:0a:ca:85:75:
                    07:2d:bf:26:d9:fb:76:7d:69:f4:9b:1f:7b:6f:ed:
                    f5:b3:0b:d1:93:a1:e0:17:b0:f4:48:44:07:7b:8d:
                    ac:6b:c1:89:ed:a6:23:70:56:c3:2b:f3:01:8d:d8:
                    8b:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:E5:BA:93:AD:8E:BD:AF:CE:A7:B0:61:62:DC:EE:70:CB:9E:74:7B
            X509v3 Authority Key Identifier:
                keyid:E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/qeW6k62Ova_Op7BhYtzucMuedHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.36.0/22
                  45.139.56.0/22
                  45.139.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:3b:7a:8d:3d:9f:48:b3:9f:29:28:99:a2:88:35:bd:94:a3:
         08:42:db:5e:15:8d:12:fd:f5:8a:15:dd:2a:14:40:cf:72:42:
         09:38:d5:e8:ce:fa:e4:58:04:8a:ef:4e:ed:de:e9:12:f2:2d:
         80:6a:f9:f1:50:d3:35:94:7c:eb:a1:e4:f8:43:08:ae:10:86:
         79:17:11:ef:1f:a4:9b:8a:e6:75:9c:91:62:56:02:63:3e:37:
         7c:13:37:d9:01:24:07:e2:08:91:3d:3e:2b:7b:8b:93:7b:42:
         a0:76:be:82:cf:ff:d4:da:1b:8a:38:a9:64:5c:37:9f:2c:87:
         0c:c0:c7:d6:24:7d:e4:0e:c9:13:66:0f:c3:31:26:be:44:6a:
         ed:0d:94:b3:54:df:bf:15:d8:d0:b8:c9:59:82:09:c4:0c:a3:
         29:bd:d2:a6:1e:88:b2:50:4a:9f:25:00:b0:61:da:85:40:c5:
         2b:d5:90:69:0f:f6:4f:cf:99:a1:af:13:ac:bd:d1:41:74:3e:
         ab:de:2f:7f:a0:c6:66:40:d1:da:b1:66:1b:80:7e:49:2e:11:
         f0:2a:e8:24:f4:23:28:d9:36:c7:3c:35:88:02:8f:d6:f4:06:
         7c:d5:d7:3f:48:97:35:19:75:ef:ea:f0:b3:1d:1c:4f:45:0a:
         96:b2:0b:1e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZZsJ4GMtgRQJAVJhx2tVyhhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNTgwOGYzZjkyMWJjOGMzZWVhODdjNzU4NGM1ODRjMTAw
MGIwNTEwHhcNMjUwNDI1MDg1NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWU1YmE5M2FkOGViZGFmY2VhN2IwNjE2MmRjZWU3MGNiOWU3NDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhjYH5ZKGnjZj3eAgRnxe+sfPjvf
1Ma+n0t9jK65RFa5ANWqw8vYwvo5wjS9d2eR3B5Ye9nrSpN9JdlUjw550XgN3Eqf
z/Ry43oE+7QbEw5QFNK4hzCT3kEn6VyMxTEpLcjx5LKOahgIi8FgC+ZimAozph9r
RAccWygCqUUIuEbz8EAlET88DQgXg41iWOhxHEWDor7thfgTlNgbLN1ZsmYI1rmb
q0PVAnJrD5sMGqeKkaPKO5vQyyxHuf+PzyBxxF0/L8mkimcy3uFhOArKhXUHLb8m
2ft2fWn0mx97b+31swvRk6HgF7D0SEQHe42sa8GJ7aYjcFbDK/MBjdiLZQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKnlupOtjr2vzqewYWLc7nDLnnR7MB8GA1UdIwQY
MBaAFOFYCPP5IbyMPuqHx1hMWEwQALBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAt
YWIxOWZjYjBjZTY0LzEvcWVXNms2Mk92YV9PcDdCaFl0enVjTXVlZEhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAtYWIxOWZjYjBjZTY0
LzEvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLYskAwQC
LYs4AwQCLYtAMA0GCSqGSIb3DQEBCwUAA4IBAQB9O3qNPZ9Is58pKJmiiDW9lKMI
QtteFY0S/fWKFd0qFEDPckIJONXozvrkWASK707t3ukS8i2AavnxUNM1lHzroeT4
QwiuEIZ5FxHvH6SbiuZ1nJFiVgJjPjd8EzfZASQH4giRPT4re4uTe0Kgdr6Cz//U
2huKOKlkXDefLIcMwMfWJH3kDskTZg/DMSa+RGrtDZSzVN+/FdjQuMlZggnEDKMp
vdKmHoiyUEqfJQCwYdqFQMUr1ZBpD/ZPz5mhrxOsvdFBdD6r3i9/oMZmQNHasWYb
gH5JLhHwKugk9CMo2TbHPDWIAo/W9AZ81dc/SJc1GXXv6vCzHRxPRQqWsgse
-----END CERTIFICATE-----