Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/40-Fe0ClJjM3rGq3tKMY4lgTO0c.roa
File:                     40-Fe0ClJjM3rGq3tKMY4lgTO0c.roa (raw, json)
Hash identifier:          lMieyX7jH2Flr7s7p5R5H9gYjE+H53LSKunrL+hZLEw=
Subject key identifier:   E3:4F:85:7B:40:A5:26:33:37:AC:6A:B7:B4:A3:18:E2:58:13:3B:47
Certificate issuer:       /CN=29a9964e0cd35fb36757e5653ffa7626ac5deee8
Certificate serial:       01980CEE1E74EB7AF4A86222AD7326600418
Authority key identifier: 29:A9:96:4E:0C:D3:5F:B3:67:57:E5:65:3F:FA:76:26:AC:5D:EE:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/40-Fe0ClJjM3rGq3tKMY4lgTO0c.roa
Signing time:             Tue 15 Jul 2025 07:13:08 +0000
ROA not before:           Tue 15 Jul 2025 07:13:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48708
IP address blocks:        89.111.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0c:ee:1e:74:eb:7a:f4:a8:62:22:ad:73:26:60:04:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29a9964e0cd35fb36757e5653ffa7626ac5deee8
        Validity
            Not Before: Jul 15 07:13:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e34f857b40a5263337ac6ab7b4a318e258133b47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7a:2b:2e:67:df:2a:db:1a:e3:73:b3:5a:f6:
                    96:69:ec:b0:5b:7a:90:1f:ad:19:f8:f1:c6:d8:e7:
                    d0:4c:70:d4:c7:20:8d:b8:fa:19:e7:9f:0c:b3:26:
                    86:2c:63:9d:2c:ba:bf:e2:f8:f5:fa:ec:a0:e3:bf:
                    6d:d9:69:bc:bc:a6:3f:e6:81:a8:98:66:78:cb:1a:
                    40:10:50:64:d4:8a:a1:f7:55:3c:5c:5a:ff:bc:d6:
                    70:5c:4e:c8:32:3a:6b:78:ac:b6:93:58:11:3e:e0:
                    cf:53:fb:84:d5:86:81:1c:14:5f:2b:19:bf:c7:52:
                    45:03:56:cf:fc:ed:e9:c4:77:24:ae:2d:9d:2f:93:
                    53:ca:67:6d:ce:7b:d0:cd:02:79:4c:d7:9b:6e:b6:
                    70:a1:73:cc:ea:c5:a8:5b:6e:6e:02:79:e2:80:32:
                    a9:f4:08:6b:de:05:3e:56:63:b4:5b:de:bf:6e:24:
                    e4:eb:18:00:64:7c:93:fa:90:85:7d:0e:ec:e4:91:
                    40:7f:9d:b4:2f:23:f7:a2:db:c5:6d:3f:ee:cd:f0:
                    6a:70:89:da:a4:a1:42:53:7c:82:64:6d:66:d3:b0:
                    03:8a:40:1e:5a:33:68:25:c8:43:67:77:b7:fa:a4:
                    69:18:81:95:dc:03:70:17:20:75:ef:a3:c4:30:c0:
                    f2:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:4F:85:7B:40:A5:26:33:37:AC:6A:B7:B4:A3:18:E2:58:13:3B:47
            X509v3 Authority Key Identifier:
                keyid:29:A9:96:4E:0C:D3:5F:B3:67:57:E5:65:3F:FA:76:26:AC:5D:EE:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/40-Fe0ClJjM3rGq3tKMY4lgTO0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.111.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:c5:83:a1:de:ac:3f:3d:08:5c:a9:59:e4:e1:86:ca:d6:a8:
         72:10:39:8c:e0:8b:1d:88:21:6d:50:69:47:66:4c:5b:90:d6:
         a3:b2:c4:54:1a:db:a8:48:9a:61:a9:17:d3:7f:2a:31:e2:03:
         13:1c:46:43:de:be:fe:51:94:df:62:b1:f9:9e:40:82:19:32:
         52:ea:35:03:6d:95:9d:e4:d5:0c:d9:44:0c:25:c2:bf:3c:c6:
         b1:eb:59:39:43:55:4a:e8:d2:70:1c:a1:a7:38:75:f6:2b:95:
         8b:00:a9:4e:c3:6d:ac:00:60:4a:31:8e:72:60:39:ca:6c:c7:
         1e:6b:4c:0a:8b:d0:a9:a2:41:db:2c:4f:fb:8e:da:8c:16:8c:
         de:98:c3:87:cb:35:8a:83:e2:11:45:8a:96:8f:fc:71:9d:d5:
         63:7e:17:b4:15:17:1d:4a:b2:95:eb:7f:46:52:8c:6c:ff:69:
         46:92:0e:cd:96:97:25:12:f5:b2:cd:20:51:5c:81:a6:a7:a4:
         a7:a1:03:58:0a:f4:4d:06:03:11:21:bd:2b:80:37:39:00:27:
         80:f0:56:76:13:42:70:09:db:97:44:9d:1d:86:75:79:78:81:
         d1:43:b1:31:fd:2d:77:51:33:16:43:11:8b:56:b4:47:52:57:
         5f:e0:11:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgM7h5063r0qGIirXMmYAQYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YTk5NjRlMGNkMzVmYjM2NzU3ZTU2NTNmZmE3NjI2YWM1
ZGVlZTgwHhcNMjUwNzE1MDcxMzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzRmODU3YjQwYTUyNjMzMzdhYzZhYjdiNGEzMThlMjU4MTMzYjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3orLmffKtsa43OzWvaWaeywW3qQ
H60Z+PHG2OfQTHDUxyCNuPoZ558MsyaGLGOdLLq/4vj1+uyg479t2Wm8vKY/5oGo
mGZ4yxpAEFBk1Iqh91U8XFr/vNZwXE7IMjpreKy2k1gRPuDPU/uE1YaBHBRfKxm/
x1JFA1bP/O3pxHckri2dL5NTymdtznvQzQJ5TNebbrZwoXPM6sWoW25uAnnigDKp
9Ahr3gU+VmO0W96/biTk6xgAZHyT+pCFfQ7s5JFAf520LyP3otvFbT/uzfBqcIna
pKFCU3yCZG1m07ADikAeWjNoJchDZ3e3+qRpGIGV3ANwFyB176PEMMDyrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONPhXtApSYzN6xqt7SjGOJYEztHMB8GA1UdIwQY
MBaAFCmplk4M01+zZ1flZT/6diasXe7oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2FtV1RnelRYN05uVi1WbFBfcDJKcXhkN3VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8yMTQwNjMtZjg4Zi00OTU4LWFlNTIt
ZDliNTMzZjdmYmMzLzEvNDAtRmUwQ2xKak0zckdxM3RLTVk0bGdUTzBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8yMTQwNjMtZjg4Zi00OTU4LWFlNTItZDliNTMzZjdmYmMz
LzEvS2FtV1RnelRYN05uVi1WbFBfcDJKcXhkN3VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWW/wMA0G
CSqGSIb3DQEBCwUAA4IBAQArxYOh3qw/PQhcqVnk4YbK1qhyEDmM4IsdiCFtUGlH
ZkxbkNajssRUGtuoSJphqRfTfyox4gMTHEZD3r7+UZTfYrH5nkCCGTJS6jUDbZWd
5NUM2UQMJcK/PMax61k5Q1VK6NJwHKGnOHX2K5WLAKlOw22sAGBKMY5yYDnKbMce
a0wKi9CpokHbLE/7jtqMFozemMOHyzWKg+IRRYqWj/xxndVjfhe0FRcdSrKV639G
Uoxs/2lGkg7NlpclEvWyzSBRXIGmp6SnoQNYCvRNBgMRIb0rgDc5ACeA8FZ2E0Jw
CduXRJ0dhnV5eIHRQ7Ex/S13UTMWQxGLVrRHUldf4BEC
-----END CERTIFICATE-----