Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/cl8_jWzBxjCShlJMeeIttXOL64Q.roa
File:                     cl8_jWzBxjCShlJMeeIttXOL64Q.roa (raw, json)
Hash identifier:          BQJaEZiBBg1esIKHzxhByRVsNORQoUZcmz3q689WihU=
Subject key identifier:   72:5F:3F:8D:6C:C1:C6:30:92:86:52:4C:79:E2:2D:B5:73:8B:EB:84
Certificate issuer:       /CN=40d55b78836a93fb6f9ec9fa7a79ed9b8bea2ba1
Certificate serial:       01916BC2EEFAACCE31B2AD2834EB2208A175
Authority key identifier: 40:D5:5B:78:83:6A:93:FB:6F:9E:C9:FA:7A:79:ED:9B:8B:EA:2B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QNVbeINqk_tvnsn6enntm4vqK6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/cl8_jWzBxjCShlJMeeIttXOL64Q.roa
Signing time:             Mon 19 Aug 2024 17:50:22 +0000
ROA not before:           Mon 19 Aug 2024 17:50:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.129.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/QNVbeINqk_tvnsn6enntm4vqK6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/QNVbeINqk_tvnsn6enntm4vqK6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QNVbeINqk_tvnsn6enntm4vqK6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6b:c2:ee:fa:ac:ce:31:b2:ad:28:34:eb:22:08:a1:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40d55b78836a93fb6f9ec9fa7a79ed9b8bea2ba1
        Validity
            Not Before: Aug 19 17:50:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=725f3f8d6cc1c6309286524c79e22db5738beb84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d2:6a:34:9f:a8:90:d1:07:aa:1c:3c:11:f4:
                    07:6e:bb:33:6c:7b:38:47:f3:6a:c5:d9:2b:1d:3f:
                    0a:47:c2:3b:67:bf:68:6b:29:cd:dc:c7:fc:c0:79:
                    d6:9f:c2:1d:48:22:1b:47:3b:4f:f7:94:19:38:8f:
                    d5:c5:7f:9f:2e:2e:e2:a0:6a:e2:9d:5b:92:ba:40:
                    d7:ab:a4:e7:03:a8:ad:75:40:58:5e:87:3a:97:44:
                    2b:72:33:07:9f:ca:b6:b2:9f:a2:b4:d1:ad:2f:48:
                    48:5f:c7:2f:4c:59:b4:4c:9a:7b:1d:68:4c:03:7c:
                    0e:3b:6b:94:e8:ef:d1:b9:f5:24:6a:8f:31:ae:39:
                    f9:b9:22:d6:58:65:2b:8f:14:6e:87:9f:11:92:11:
                    8c:e4:cd:7c:26:f2:3e:f6:b8:c4:dd:5c:82:52:13:
                    05:66:88:48:71:0d:72:3d:3d:e6:d9:4e:67:a9:53:
                    bf:ba:3b:9d:d6:13:d9:d3:b1:46:fc:ea:6f:33:97:
                    4f:ad:3d:63:43:cd:42:a2:74:54:98:86:48:75:72:
                    45:df:e0:fd:d0:f1:88:91:01:c5:c9:65:39:09:e6:
                    72:5b:52:9e:d9:16:12:67:6d:69:83:8f:24:ba:62:
                    6b:6d:ef:0c:5a:d8:63:c0:e4:18:93:26:7a:c3:23:
                    60:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:5F:3F:8D:6C:C1:C6:30:92:86:52:4C:79:E2:2D:B5:73:8B:EB:84
            X509v3 Authority Key Identifier:
                keyid:40:D5:5B:78:83:6A:93:FB:6F:9E:C9:FA:7A:79:ED:9B:8B:EA:2B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QNVbeINqk_tvnsn6enntm4vqK6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/cl8_jWzBxjCShlJMeeIttXOL64Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/QNVbeINqk_tvnsn6enntm4vqK6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:4e:be:e2:6c:64:dd:8f:f4:1a:20:77:90:21:13:d1:8d:9b:
         1e:85:b7:94:73:22:eb:26:49:98:ff:5c:e9:d9:fd:bb:25:d5:
         7c:09:4a:cd:ee:b3:04:82:e3:26:87:55:77:82:29:f0:d0:92:
         52:b0:1f:ee:07:3b:96:f0:cd:05:6a:44:19:a1:30:9a:10:f1:
         45:c2:1c:a0:ed:92:87:f8:e9:3a:a6:08:a9:58:ea:4d:46:c8:
         62:5e:bd:10:e5:85:9d:39:fc:b1:a0:12:b8:ef:c1:78:34:7a:
         0b:53:58:de:8e:c3:b2:5e:a7:98:1b:9a:59:d6:e5:a5:97:92:
         e9:b3:9a:24:ea:b2:67:6e:00:e0:2a:e5:1f:6b:70:12:b0:54:
         94:c6:c0:5e:a0:8b:f0:ab:b6:a4:a8:11:7d:79:85:d7:a1:1c:
         70:47:8b:1e:03:57:7c:30:1f:04:b6:1c:b3:b5:01:cb:ad:76:
         b8:ed:d5:c3:73:ca:56:55:8b:a9:46:64:cf:22:57:bd:8e:61:
         64:44:29:bc:70:46:0c:fa:dd:f4:45:ea:9a:52:59:0d:14:51:
         03:57:2b:b7:a5:68:28:91:3a:7f:13:4e:e0:37:d2:98:45:b8:
         21:a4:2a:2c:0f:8d:1f:8c:cc:f9:92:54:e5:14:9d:f0:05:40:
         de:36:54:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFrwu76rM4xsq0oNOsiCKF1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZDU1Yjc4ODM2YTkzZmI2ZjllYzlmYTdhNzllZDliOGJl
YTJiYTEwHhcNMjQwODE5MTc1MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjVmM2Y4ZDZjYzFjNjMwOTI4NjUyNGM3OWUyMmRiNTczOGJlYjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9JqNJ+okNEHqhw8EfQHbrszbHs4
R/NqxdkrHT8KR8I7Z79oaynN3Mf8wHnWn8IdSCIbRztP95QZOI/VxX+fLi7ioGri
nVuSukDXq6TnA6itdUBYXoc6l0QrcjMHn8q2sp+itNGtL0hIX8cvTFm0TJp7HWhM
A3wOO2uU6O/RufUkao8xrjn5uSLWWGUrjxRuh58RkhGM5M18JvI+9rjE3VyCUhMF
ZohIcQ1yPT3m2U5nqVO/ujud1hPZ07FG/OpvM5dPrT1jQ81ConRUmIZIdXJF3+D9
0PGIkQHFyWU5CeZyW1Ke2RYSZ21pg48kumJrbe8MWthjwOQYkyZ6wyNg6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHJfP41swcYwkoZSTHniLbVzi+uEMB8GA1UdIwQY
MBaAFEDVW3iDapP7b57J+np57ZuL6iuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU5WYmVJTnFrX3R2bnNuNmVubnRtNHZxSzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNzZkODUtNjg2NC00YjM3LWJkYjMt
OTJlOGJlNjI3OWJiLzEvY2w4X2pXekJ4akNTaGxKTWVlSXR0WE9MNjRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNzZkODUtNjg2NC00YjM3LWJkYjMtOTJlOGJlNjI3OWJi
LzEvUU5WYmVJTnFrX3R2bnNuNmVubnRtNHZxSzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYHCMA0G
CSqGSIb3DQEBCwUAA4IBAQBPTr7ibGTdj/QaIHeQIRPRjZsehbeUcyLrJkmY/1zp
2f27JdV8CUrN7rMEguMmh1V3ginw0JJSsB/uBzuW8M0FakQZoTCaEPFFwhyg7ZKH
+Ok6pgipWOpNRshiXr0Q5YWdOfyxoBK478F4NHoLU1jejsOyXqeYG5pZ1uWll5Lp
s5ok6rJnbgDgKuUfa3ASsFSUxsBeoIvwq7akqBF9eYXXoRxwR4seA1d8MB8Ethyz
tQHLrXa47dXDc8pWVYupRmTPIle9jmFkRCm8cEYM+t30ReqaUlkNFFEDVyu3pWgo
kTp/E07gN9KYRbghpCosD40fjMz5klTlFJ3wBUDeNlTf
-----END CERTIFICATE-----