Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/aouWF1EL5PqaDekCOWFKRFFElco.roa
File:                     aouWF1EL5PqaDekCOWFKRFFElco.roa (raw, json)
Hash identifier:          meYwuUzRknXw4amv6l3WdhCHcJ6/5boQjSOQLig1VyA=
Subject key identifier:   6A:8B:96:17:51:0B:E4:FA:9A:0D:E9:02:39:61:4A:44:51:44:95:CA
Certificate issuer:       /CN=40d55b78836a93fb6f9ec9fa7a79ed9b8bea2ba1
Certificate serial:       019427B5943CC1AF28B907831276F22EB98A
Authority key identifier: 40:D5:5B:78:83:6A:93:FB:6F:9E:C9:FA:7A:79:ED:9B:8B:EA:2B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QNVbeINqk_tvnsn6enntm4vqK6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/aouWF1EL5PqaDekCOWFKRFFElco.roa
Signing time:             Thu 02 Jan 2025 15:49:58 +0000
ROA not before:           Thu 02 Jan 2025 15:49:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43090
IP address blocks:        45.129.192.0/24 maxlen: 24
                          2a0e:4dc0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/QNVbeINqk_tvnsn6enntm4vqK6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/QNVbeINqk_tvnsn6enntm4vqK6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QNVbeINqk_tvnsn6enntm4vqK6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:94:3c:c1:af:28:b9:07:83:12:76:f2:2e:b9:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40d55b78836a93fb6f9ec9fa7a79ed9b8bea2ba1
        Validity
            Not Before: Jan  2 15:49:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a8b9617510be4fa9a0de90239614a44514495ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:a4:6b:25:b4:4a:a6:68:bb:c8:56:da:a1:2a:
                    f7:c9:66:18:09:37:42:18:8f:a0:5b:01:3f:89:09:
                    16:23:07:20:21:ab:e5:4e:88:d9:95:fe:29:16:6b:
                    60:fe:59:9a:f2:87:27:db:a0:e6:6f:de:2a:04:3e:
                    83:71:49:27:cd:7d:cb:6a:c2:3c:40:85:26:e1:6d:
                    fa:85:14:56:b9:00:c4:e7:79:7f:38:23:d4:f4:47:
                    4b:06:98:0a:a7:e4:e2:37:dc:06:e5:de:d5:e3:29:
                    95:ee:66:fc:00:57:c3:cf:9d:6a:0f:e2:e8:c4:c2:
                    0f:cb:d7:02:8a:5c:4f:e8:1f:d1:ce:eb:6d:f1:5a:
                    b3:6d:8f:bc:e7:49:90:1d:01:a4:e8:b3:6b:47:ec:
                    c8:98:66:dc:b7:89:4c:b0:29:86:78:49:de:5b:67:
                    a5:c7:78:61:76:a6:a0:96:62:8a:34:03:ba:cd:8d:
                    41:84:c0:62:a2:8e:40:ea:87:59:48:59:1c:1a:f8:
                    ce:54:da:c3:f6:f9:5f:06:ff:e2:f5:ce:65:23:4b:
                    26:33:a1:09:94:e1:6d:0b:64:39:61:af:67:1c:8c:
                    ef:22:30:08:7f:2c:6b:e1:76:9a:46:72:34:d0:4f:
                    9a:ca:23:c7:07:11:58:12:45:b0:3a:2c:72:c1:a7:
                    cb:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:8B:96:17:51:0B:E4:FA:9A:0D:E9:02:39:61:4A:44:51:44:95:CA
            X509v3 Authority Key Identifier:
                keyid:40:D5:5B:78:83:6A:93:FB:6F:9E:C9:FA:7A:79:ED:9B:8B:EA:2B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QNVbeINqk_tvnsn6enntm4vqK6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/aouWF1EL5PqaDekCOWFKRFFElco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/QNVbeINqk_tvnsn6enntm4vqK6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.192.0/24
                IPv6:
                  2a0e:4dc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:58:49:4c:e3:c2:47:86:3b:a1:fc:02:a4:ea:07:0a:a3:4e:
         82:2a:c6:43:c5:2c:dd:da:84:e4:c9:c6:03:2c:ae:91:a2:19:
         57:b6:13:86:61:78:e4:cc:0c:4c:bd:ab:fe:3b:dc:33:c4:aa:
         9e:73:a9:1c:20:19:1a:3f:3e:37:75:11:47:c8:88:ed:94:01:
         92:00:c8:5b:56:e3:ad:c4:67:f4:95:19:21:65:90:86:9d:89:
         25:87:50:15:37:fd:7a:de:f6:4c:db:09:86:f7:eb:16:fb:d2:
         f3:79:43:49:5f:2a:71:4d:54:37:b9:68:26:ca:f6:9a:75:14:
         37:6e:35:76:81:e0:9a:04:25:1f:12:1d:3d:9e:8e:88:aa:a3:
         de:7c:26:a3:76:0e:8c:dd:59:ed:73:a5:af:d3:2a:94:71:5c:
         7f:77:4c:6e:a4:9d:9e:92:c8:f4:d7:44:25:07:90:fd:79:41:
         e4:e6:b1:65:80:ae:e7:44:91:45:2c:00:75:20:d1:0a:4c:e5:
         71:ff:f6:4e:2e:8d:c8:d9:89:8f:df:7a:1f:f3:b1:58:f3:57:
         97:58:77:56:10:a8:7e:81:7c:c0:52:5c:2c:35:7b:d5:a8:33:
         60:f5:9c:6f:3c:bf:bd:34:fc:8d:fa:48:af:96:cf:41:17:f5:
         9e:ec:f0:cf
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntZQ8wa8ouQeDEnbyLrmKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZDU1Yjc4ODM2YTkzZmI2ZjllYzlmYTdhNzllZDliOGJl
YTJiYTEwHhcNMjUwMTAyMTU0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YThiOTYxNzUxMGJlNGZhOWEwZGU5MDIzOTYxNGE0NDUxNDQ5NWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmaRrJbRKpmi7yFbaoSr3yWYYCTdC
GI+gWwE/iQkWIwcgIavlTojZlf4pFmtg/lma8ocn26Dmb94qBD6DcUknzX3LasI8
QIUm4W36hRRWuQDE53l/OCPU9EdLBpgKp+TiN9wG5d7V4ymV7mb8AFfDz51qD+Lo
xMIPy9cCilxP6B/Rzutt8VqzbY+850mQHQGk6LNrR+zImGbct4lMsCmGeEneW2el
x3hhdqaglmKKNAO6zY1BhMBioo5A6odZSFkcGvjOVNrD9vlfBv/i9c5lI0smM6EJ
lOFtC2Q5Ya9nHIzvIjAIfyxr4XaaRnI00E+ayiPHBxFYEkWwOixywafLXQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGqLlhdRC+T6mg3pAjlhSkRRRJXKMB8GA1UdIwQY
MBaAFEDVW3iDapP7b57J+np57ZuL6iuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU5WYmVJTnFrX3R2bnNuNmVubnRtNHZxSzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNzZkODUtNjg2NC00YjM3LWJkYjMt
OTJlOGJlNjI3OWJiLzEvYW91V0YxRUw1UHFhRGVrQ09XRktSRkZFbGNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNzZkODUtNjg2NC00YjM3LWJkYjMtOTJlOGJlNjI3OWJi
LzEvUU5WYmVJTnFrX3R2bnNuNmVubnRtNHZxSzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALYHAMA0E
AgACMAcDBQMqDk3AMA0GCSqGSIb3DQEBCwUAA4IBAQCYWElM48JHhjuh/AKk6gcK
o06CKsZDxSzd2oTkycYDLK6RohlXthOGYXjkzAxMvav+O9wzxKqec6kcIBkaPz43
dRFHyIjtlAGSAMhbVuOtxGf0lRkhZZCGnYklh1AVN/163vZM2wmG9+sW+9LzeUNJ
XypxTVQ3uWgmyvaadRQ3bjV2geCaBCUfEh09no6IqqPefCajdg6M3Vntc6Wv0yqU
cVx/d0xupJ2eksj010QlB5D9eUHk5rFlgK7nRJFFLAB1INEKTOVx//ZOLo3I2YmP
33of87FY81eXWHdWEKh+gXzAUlwsNXvVqDNg9ZxvPL+9NPyN+kivls9BF/We7PDP
-----END CERTIFICATE-----