Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/1-RhDcNYEqAV9zgW384agcxQGvVQ.roa
File:                     1-RhDcNYEqAV9zgW384agcxQGvVQ.roa (raw, json)
Hash identifier:          tYpbAh+cAHM1izV/ETf3AANIWRAFx9dkB7c17S/0d5g=
Subject key identifier:   F9:18:43:70:D6:04:A8:05:7D:CE:05:B7:F3:86:A0:73:14:06:BD:54
Certificate issuer:       /CN=40d55b78836a93fb6f9ec9fa7a79ed9b8bea2ba1
Certificate serial:       019427B592BBB132B46564ACF290F9E083D4
Authority key identifier: 40:D5:5B:78:83:6A:93:FB:6F:9E:C9:FA:7A:79:ED:9B:8B:EA:2B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QNVbeINqk_tvnsn6enntm4vqK6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/1-RhDcNYEqAV9zgW384agcxQGvVQ.roa
Signing time:             Thu 02 Jan 2025 15:49:58 +0000
ROA not before:           Thu 02 Jan 2025 15:49:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.129.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/QNVbeINqk_tvnsn6enntm4vqK6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/QNVbeINqk_tvnsn6enntm4vqK6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QNVbeINqk_tvnsn6enntm4vqK6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 12:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:92:bb:b1:32:b4:65:64:ac:f2:90:f9:e0:83:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40d55b78836a93fb6f9ec9fa7a79ed9b8bea2ba1
        Validity
            Not Before: Jan  2 15:49:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9184370d604a8057dce05b7f386a0731406bd54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:0c:a9:dc:b1:b7:02:38:e8:22:06:f9:a6:46:
                    03:2f:8e:83:12:16:cd:0c:e3:c6:9f:fe:b1:6b:21:
                    3e:4e:c1:5f:49:b0:5c:bd:8d:0c:87:36:ec:7a:13:
                    fd:fd:ae:ea:db:59:36:9a:e6:73:81:ab:70:61:01:
                    75:c6:67:50:e0:e8:b2:d7:b5:62:89:21:4e:8c:3a:
                    47:58:04:b0:15:65:26:1c:42:6b:2e:05:33:cd:3a:
                    fd:6b:5d:63:bc:40:e4:9b:d6:53:96:84:72:60:07:
                    a3:be:94:5c:d0:82:07:95:81:69:37:ce:2f:d8:86:
                    46:f2:a1:be:96:64:4e:68:5c:35:08:2d:ab:30:14:
                    ab:c9:1e:7a:62:14:be:d0:8d:27:14:d4:a9:95:77:
                    0a:1a:4f:41:ba:8b:d3:ef:82:a3:ef:a6:13:f0:81:
                    db:3e:e1:32:62:9e:1c:2d:47:4f:59:d8:ef:5e:3c:
                    e0:4a:41:8c:a7:e4:90:98:8c:5f:fe:04:82:fc:77:
                    30:6f:c3:8e:14:cd:3c:7e:3d:d1:d3:6b:00:ce:15:
                    36:cc:a9:6c:85:29:34:51:5c:dd:cc:a2:9c:da:04:
                    50:ca:ad:4d:f9:ad:ba:0e:90:4f:9a:15:36:f2:4a:
                    4a:15:52:b7:79:cd:7d:e9:c7:2d:fb:2b:75:d8:de:
                    73:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:18:43:70:D6:04:A8:05:7D:CE:05:B7:F3:86:A0:73:14:06:BD:54
            X509v3 Authority Key Identifier:
                keyid:40:D5:5B:78:83:6A:93:FB:6F:9E:C9:FA:7A:79:ED:9B:8B:EA:2B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QNVbeINqk_tvnsn6enntm4vqK6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/1-RhDcNYEqAV9zgW384agcxQGvVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/QNVbeINqk_tvnsn6enntm4vqK6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:62:1c:bc:f3:6b:9c:b5:4d:23:ab:b3:05:b7:51:6c:62:fc:
         85:60:ec:17:b4:42:01:98:fb:ab:85:d6:26:1a:3f:a8:44:cf:
         5c:05:6d:ce:b0:75:8d:04:f7:0b:4d:d4:83:68:9d:1d:ca:97:
         63:aa:c2:b8:04:58:49:c6:75:df:8c:1f:4a:9b:47:67:2e:78:
         bb:1d:47:02:90:1b:b8:6d:0e:58:94:46:2d:57:b1:ae:52:8d:
         cf:15:c8:de:97:28:3a:30:cf:44:1a:56:c3:63:52:2c:19:8f:
         a9:b4:48:35:82:76:bf:aa:5a:82:ef:2a:d7:1a:15:00:22:dd:
         55:86:2a:b0:a8:0e:f5:b6:fb:55:c2:a5:a2:da:81:eb:82:50:
         49:b5:a4:46:12:26:6d:3d:66:bc:c0:87:ee:2c:fd:f6:32:53:
         8f:7c:c2:43:00:40:5f:9f:13:c2:cb:d1:00:a8:7a:32:a3:56:
         b8:ab:4a:3b:5c:1b:52:4b:da:39:f2:95:2b:eb:4f:e4:74:12:
         c5:e7:6e:35:b2:8b:7e:ee:6e:c2:d3:35:56:54:a5:e5:d8:07:
         3a:67:71:b3:ed:04:80:ec:42:0f:9a:38:81:e5:a5:bb:a3:75:
         02:fe:94:83:fd:9f:2c:40:95:28:67:31:63:b1:58:13:95:b6:
         bc:b7:c1:ea
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQntZK7sTK0ZWSs8pD54IPUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZDU1Yjc4ODM2YTkzZmI2ZjllYzlmYTdhNzllZDliOGJl
YTJiYTEwHhcNMjUwMTAyMTU0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTE4NDM3MGQ2MDRhODA1N2RjZTA1YjdmMzg2YTA3MzE0MDZiZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzgyp3LG3AjjoIgb5pkYDL46DEhbN
DOPGn/6xayE+TsFfSbBcvY0MhzbsehP9/a7q21k2muZzgatwYQF1xmdQ4Oiy17Vi
iSFOjDpHWASwFWUmHEJrLgUzzTr9a11jvEDkm9ZTloRyYAejvpRc0IIHlYFpN84v
2IZG8qG+lmROaFw1CC2rMBSryR56YhS+0I0nFNSplXcKGk9BuovT74Kj76YT8IHb
PuEyYp4cLUdPWdjvXjzgSkGMp+SQmIxf/gSC/Hcwb8OOFM08fj3R02sAzhU2zKls
hSk0UVzdzKKc2gRQyq1N+a26DpBPmhU28kpKFVK3ec196cct+yt12N5zYQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPkYQ3DWBKgFfc4Ft/OGoHMUBr1UMB8GA1UdIwQY
MBaAFEDVW3iDapP7b57J+np57ZuL6iuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU5WYmVJTnFrX3R2bnNuNmVubnRtNHZxSzZFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNzZkODUtNjg2NC00YjM3LWJkYjMt
OTJlOGJlNjI3OWJiLzEvMS1SaERjTllFcUFWOXpnVzM4NGFnY3hRR3ZWUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvYzc2ZDg1LTY4NjQtNGIzNy1iZGIzLTkyZThiZTYyNzli
Yi8xL1FOVmJlSU5xa190dm5zbjZlbm50bTR2cUs2RS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2BwjAN
BgkqhkiG9w0BAQsFAAOCAQEAhGIcvPNrnLVNI6uzBbdRbGL8hWDsF7RCAZj7q4XW
Jho/qETPXAVtzrB1jQT3C03Ug2idHcqXY6rCuARYScZ134wfSptHZy54ux1HApAb
uG0OWJRGLVexrlKNzxXI3pcoOjDPRBpWw2NSLBmPqbRINYJ2v6pagu8q1xoVACLd
VYYqsKgO9bb7VcKlotqB64JQSbWkRhImbT1mvMCH7iz99jJTj3zCQwBAX58TwsvR
AKh6MqNWuKtKO1wbUkvaOfKVK+tP5HQSxeduNbKLfu5uwtM1VlSl5dgHOmdxs+0E
gOxCD5o4geWlu6N1Av6Ug/2fLECVKGcxY7FYE5W2vLfB6g==
-----END CERTIFICATE-----