Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/t0LizRcpCedVGV7G-fII8jBvx0A.roa
File:                     t0LizRcpCedVGV7G-fII8jBvx0A.roa (raw, json)
Hash identifier:          ZN5BTBda6bGmBj8NTopRMZUMlk+FQ8YAMSGu4VazGr8=
Subject key identifier:   B7:42:E2:CD:17:29:09:E7:55:19:5E:C6:F9:F2:08:F2:30:6F:C7:40
Certificate issuer:       /CN=40d55b78836a93fb6f9ec9fa7a79ed9b8bea2ba1
Certificate serial:       019427B5937253260DF9A2F47382B67CB5E6
Authority key identifier: 40:D5:5B:78:83:6A:93:FB:6F:9E:C9:FA:7A:79:ED:9B:8B:EA:2B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QNVbeINqk_tvnsn6enntm4vqK6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/t0LizRcpCedVGV7G-fII8jBvx0A.roa
Signing time:             Thu 02 Jan 2025 15:49:58 +0000
ROA not before:           Thu 02 Jan 2025 15:49:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        45.129.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/QNVbeINqk_tvnsn6enntm4vqK6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/QNVbeINqk_tvnsn6enntm4vqK6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QNVbeINqk_tvnsn6enntm4vqK6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:93:72:53:26:0d:f9:a2:f4:73:82:b6:7c:b5:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40d55b78836a93fb6f9ec9fa7a79ed9b8bea2ba1
        Validity
            Not Before: Jan  2 15:49:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b742e2cd172909e755195ec6f9f208f2306fc740
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b5:80:a3:c4:e1:d5:ec:48:3c:57:f1:8a:d6:
                    d3:2f:13:41:9f:d8:37:fb:9f:8e:64:21:6d:1e:81:
                    90:6c:3c:a5:01:c2:ee:c0:cd:06:e7:78:5a:81:1a:
                    cf:28:6f:fd:86:c0:a3:57:2a:57:23:ad:64:c0:6c:
                    04:2e:61:8c:47:b5:a4:c9:0e:e5:15:98:b8:07:9a:
                    77:ea:e8:3f:9a:7a:b7:34:e7:67:03:c0:69:d8:f4:
                    dc:02:58:59:52:96:2f:6a:ef:cb:0d:0a:b6:88:d8:
                    39:f1:d0:9a:be:ac:25:6e:e4:88:f0:56:4b:5e:c8:
                    72:04:79:b8:53:19:d0:30:8b:27:cd:f7:6c:f6:49:
                    ae:c2:ca:99:a6:b5:4a:ac:23:84:06:c1:8a:de:dc:
                    34:65:6e:c2:cf:9d:5e:c3:3b:f1:6a:4c:6c:b8:72:
                    82:98:73:7d:9f:89:f2:21:74:0b:dc:5a:d9:30:b0:
                    14:c3:89:ec:45:13:83:de:1e:33:66:70:cd:bf:6d:
                    29:32:22:fb:70:68:95:98:27:cf:b5:85:b2:92:ea:
                    7a:73:ef:71:eb:7a:4c:a7:b6:7f:35:cb:2e:61:00:
                    0c:89:12:a4:d3:4b:f7:71:d3:bd:ff:ac:60:96:b5:
                    98:ee:ce:b2:3d:92:fd:f3:d6:76:a9:7a:01:31:bb:
                    65:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:42:E2:CD:17:29:09:E7:55:19:5E:C6:F9:F2:08:F2:30:6F:C7:40
            X509v3 Authority Key Identifier:
                keyid:40:D5:5B:78:83:6A:93:FB:6F:9E:C9:FA:7A:79:ED:9B:8B:EA:2B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QNVbeINqk_tvnsn6enntm4vqK6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/t0LizRcpCedVGV7G-fII8jBvx0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/QNVbeINqk_tvnsn6enntm4vqK6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:c9:9a:cf:13:75:33:af:c2:76:59:4c:c7:bd:d2:44:7f:7a:
         1f:ee:5a:15:b9:c2:49:1e:58:03:af:94:07:53:60:4b:4d:22:
         0c:35:63:bf:84:2d:6f:cc:84:11:c7:ba:c1:cc:51:e5:30:6f:
         48:9d:61:0c:4b:a7:7a:08:d9:a9:38:24:b0:cd:72:c0:df:f0:
         27:ac:3f:1d:9e:35:2f:2b:4e:5a:1f:16:d9:38:ef:86:cc:1b:
         f2:a7:7a:d0:a3:57:c1:15:22:11:d5:05:c2:7d:ca:ed:28:52:
         f3:e9:a7:0c:a4:19:78:4e:6a:44:0b:db:2c:b7:bd:c7:85:88:
         c7:c3:28:c7:1b:75:78:f1:c4:bc:9f:f1:1d:b7:06:ce:bb:88:
         c8:2a:83:d6:ff:de:46:83:51:af:15:7c:0d:5e:c0:81:33:e4:
         8d:26:15:e5:0e:fd:60:04:af:d7:19:1c:65:d1:b7:7d:b1:0c:
         2a:a6:0c:88:f4:89:43:54:76:c9:1a:97:c1:47:26:60:af:32:
         13:cb:a8:ff:78:94:9b:a6:5a:2b:3f:96:f7:4b:0a:9d:6d:9b:
         fa:4a:a4:fc:cd:9d:2a:84:e8:c2:88:7e:7d:f8:e3:25:89:b4:
         d4:d9:2a:e8:a9:47:00:9d:6a:2d:89:14:24:6f:95:c7:ca:9b:
         a3:35:0f:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntZNyUyYN+aL0c4K2fLXmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZDU1Yjc4ODM2YTkzZmI2ZjllYzlmYTdhNzllZDliOGJl
YTJiYTEwHhcNMjUwMTAyMTU0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzQyZTJjZDE3MjkwOWU3NTUxOTVlYzZmOWYyMDhmMjMwNmZjNzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrWAo8Th1exIPFfxitbTLxNBn9g3
+5+OZCFtHoGQbDylAcLuwM0G53hagRrPKG/9hsCjVypXI61kwGwELmGMR7WkyQ7l
FZi4B5p36ug/mnq3NOdnA8Bp2PTcAlhZUpYvau/LDQq2iNg58dCavqwlbuSI8FZL
XshyBHm4UxnQMIsnzfds9kmuwsqZprVKrCOEBsGK3tw0ZW7Cz51ewzvxakxsuHKC
mHN9n4nyIXQL3FrZMLAUw4nsRROD3h4zZnDNv20pMiL7cGiVmCfPtYWykup6c+9x
63pMp7Z/NcsuYQAMiRKk00v3cdO9/6xglrWY7s6yPZL989Z2qXoBMbtlxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLdC4s0XKQnnVRlexvnyCPIwb8dAMB8GA1UdIwQY
MBaAFEDVW3iDapP7b57J+np57ZuL6iuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU5WYmVJTnFrX3R2bnNuNmVubnRtNHZxSzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNzZkODUtNjg2NC00YjM3LWJkYjMt
OTJlOGJlNjI3OWJiLzEvdDBMaXpSY3BDZWRWR1Y3Ry1mSUk4akJ2eDBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNzZkODUtNjg2NC00YjM3LWJkYjMtOTJlOGJlNjI3OWJi
LzEvUU5WYmVJTnFrX3R2bnNuNmVubnRtNHZxSzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYHAMA0G
CSqGSIb3DQEBCwUAA4IBAQBzyZrPE3Uzr8J2WUzHvdJEf3of7loVucJJHlgDr5QH
U2BLTSIMNWO/hC1vzIQRx7rBzFHlMG9InWEMS6d6CNmpOCSwzXLA3/AnrD8dnjUv
K05aHxbZOO+GzBvyp3rQo1fBFSIR1QXCfcrtKFLz6acMpBl4TmpEC9sst73HhYjH
wyjHG3V48cS8n/EdtwbOu4jIKoPW/95Gg1GvFXwNXsCBM+SNJhXlDv1gBK/XGRxl
0bd9sQwqpgyI9IlDVHbJGpfBRyZgrzITy6j/eJSbplorP5b3SwqdbZv6SqT8zZ0q
hOjCiH59+OMlibTU2SroqUcAnWotiRQkb5XHypujNQ+0
-----END CERTIFICATE-----