Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/tRjkLyLC--HaV6NcWuFGLxVHLUQ.roa
File:                     tRjkLyLC--HaV6NcWuFGLxVHLUQ.roa (raw, json)
Hash identifier:          W6/eiMbwnnO5tx0lNIccNziZp4esvsx84586cppqO84=
Subject key identifier:   B5:18:E4:2F:22:C2:FB:E1:DA:57:A3:5C:5A:E1:46:2F:15:47:2D:44
Certificate issuer:       /CN=40d55b78836a93fb6f9ec9fa7a79ed9b8bea2ba1
Certificate serial:       0196ED3E60C25EA37D49F4BE4526CC1E0169
Authority key identifier: 40:D5:5B:78:83:6A:93:FB:6F:9E:C9:FA:7A:79:ED:9B:8B:EA:2B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QNVbeINqk_tvnsn6enntm4vqK6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/tRjkLyLC--HaV6NcWuFGLxVHLUQ.roa
Signing time:             Tue 20 May 2025 10:30:10 +0000
ROA not before:           Tue 20 May 2025 10:30:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9318
IP address blocks:        45.129.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/QNVbeINqk_tvnsn6enntm4vqK6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/QNVbeINqk_tvnsn6enntm4vqK6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QNVbeINqk_tvnsn6enntm4vqK6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:3e:60:c2:5e:a3:7d:49:f4:be:45:26:cc:1e:01:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40d55b78836a93fb6f9ec9fa7a79ed9b8bea2ba1
        Validity
            Not Before: May 20 10:30:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b518e42f22c2fbe1da57a35c5ae1462f15472d44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5c:94:47:b4:89:9e:72:49:13:73:6c:bd:18:
                    18:07:58:5f:0f:7e:a6:86:6b:e1:d1:31:fb:13:d4:
                    5d:1a:02:ee:0e:14:f4:c8:d3:ce:ac:05:17:09:32:
                    e8:49:73:bb:de:fa:13:28:0e:23:d3:25:1a:fc:a3:
                    f8:ef:f9:b1:fa:a8:27:6a:3e:04:5d:10:2a:59:d2:
                    55:3e:89:b7:c5:e7:99:ec:96:74:83:85:dc:2c:ee:
                    ae:2e:91:c4:7d:30:04:88:60:d6:5c:89:8e:12:f1:
                    2f:35:56:54:0e:32:94:16:46:53:cd:14:30:6b:d0:
                    fe:5b:d2:1a:a9:ba:04:c5:7d:e0:4e:bd:00:f8:8d:
                    f0:a0:15:ce:34:86:39:01:d7:36:0e:e7:9e:a8:b7:
                    de:af:13:ce:dd:d4:25:21:c3:46:92:14:d2:27:73:
                    67:37:4b:ac:dd:ae:77:3b:a1:28:b9:1c:67:1b:aa:
                    f8:90:dd:71:ce:3b:21:6e:a3:ea:e7:1f:3e:d1:47:
                    25:b8:a5:12:db:00:f5:91:a9:a8:b4:02:22:b6:ae:
                    32:31:a4:9a:13:22:53:90:10:cd:f6:5a:4b:f8:bb:
                    52:83:34:c0:c3:c6:24:ed:f2:25:37:6e:8e:57:8f:
                    23:73:61:de:51:5e:64:f5:44:57:36:c8:9a:be:20:
                    fc:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:18:E4:2F:22:C2:FB:E1:DA:57:A3:5C:5A:E1:46:2F:15:47:2D:44
            X509v3 Authority Key Identifier:
                keyid:40:D5:5B:78:83:6A:93:FB:6F:9E:C9:FA:7A:79:ED:9B:8B:EA:2B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QNVbeINqk_tvnsn6enntm4vqK6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/tRjkLyLC--HaV6NcWuFGLxVHLUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/QNVbeINqk_tvnsn6enntm4vqK6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:cf:4e:f0:f3:e8:b5:c2:ec:01:28:2d:5a:5b:26:ff:ef:6b:
         c4:74:2b:ed:a7:ed:c7:33:4e:0a:64:57:f8:27:8e:fe:93:87:
         84:e6:76:76:a9:b2:af:5d:9a:e5:64:12:d7:49:fc:f9:78:54:
         33:b2:39:b4:ba:d5:63:2d:b8:ba:94:90:84:91:bb:07:4e:37:
         01:6b:37:a4:a6:01:86:62:26:c1:77:69:3b:3d:c4:09:80:73:
         aa:73:0a:e0:d1:9b:93:a9:f9:c2:3d:bc:5f:ac:03:a7:6e:61:
         8a:c5:94:ca:1e:11:c4:93:a9:e9:ab:cb:b9:71:31:2c:d5:f9:
         48:b8:8c:ad:9b:e6:06:d5:63:ba:f7:16:e3:86:76:0e:19:e8:
         3d:9d:4d:40:58:d1:66:34:e1:56:d8:5b:99:3a:f3:1b:6a:bb:
         ab:f8:fb:79:89:52:8e:9a:64:85:36:bc:68:a5:df:2c:1b:73:
         e8:2e:7c:de:c0:58:24:0b:64:38:6e:38:bb:f3:d1:56:41:b7:
         13:16:62:4b:90:f0:cf:2a:9c:13:81:a8:fe:ea:a8:09:72:3f:
         c1:ab:5a:92:38:93:ff:ad:de:a2:8f:6b:b1:fd:e4:24:32:f6:
         db:05:aa:bd:2a:41:0d:84:5e:f9:cb:3b:bf:37:72:ba:49:65:
         50:35:fc:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbtPmDCXqN9SfS+RSbMHgFpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZDU1Yjc4ODM2YTkzZmI2ZjllYzlmYTdhNzllZDliOGJl
YTJiYTEwHhcNMjUwNTIwMTAzMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTE4ZTQyZjIyYzJmYmUxZGE1N2EzNWM1YWUxNDYyZjE1NDcyZDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolyUR7SJnnJJE3NsvRgYB1hfD36m
hmvh0TH7E9RdGgLuDhT0yNPOrAUXCTLoSXO73voTKA4j0yUa/KP47/mx+qgnaj4E
XRAqWdJVPom3xeeZ7JZ0g4XcLO6uLpHEfTAEiGDWXImOEvEvNVZUDjKUFkZTzRQw
a9D+W9IaqboExX3gTr0A+I3woBXONIY5Adc2DueeqLferxPO3dQlIcNGkhTSJ3Nn
N0us3a53O6EouRxnG6r4kN1xzjshbqPq5x8+0UcluKUS2wD1kamotAIitq4yMaSa
EyJTkBDN9lpL+LtSgzTAw8Yk7fIlN26OV48jc2HeUV5k9URXNsiaviD8OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLUY5C8iwvvh2lejXFrhRi8VRy1EMB8GA1UdIwQY
MBaAFEDVW3iDapP7b57J+np57ZuL6iuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU5WYmVJTnFrX3R2bnNuNmVubnRtNHZxSzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNzZkODUtNjg2NC00YjM3LWJkYjMt
OTJlOGJlNjI3OWJiLzEvdFJqa0x5TEMtLUhhVjZOY1d1RkdMeFZITFVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNzZkODUtNjg2NC00YjM3LWJkYjMtOTJlOGJlNjI3OWJi
LzEvUU5WYmVJTnFrX3R2bnNuNmVubnRtNHZxSzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYHCMA0G
CSqGSIb3DQEBCwUAA4IBAQBQz07w8+i1wuwBKC1aWyb/72vEdCvtp+3HM04KZFf4
J47+k4eE5nZ2qbKvXZrlZBLXSfz5eFQzsjm0utVjLbi6lJCEkbsHTjcBazekpgGG
YibBd2k7PcQJgHOqcwrg0ZuTqfnCPbxfrAOnbmGKxZTKHhHEk6npq8u5cTEs1flI
uIytm+YG1WO69xbjhnYOGeg9nU1AWNFmNOFW2FuZOvMbarur+Pt5iVKOmmSFNrxo
pd8sG3PoLnzewFgkC2Q4bji789FWQbcTFmJLkPDPKpwTgaj+6qgJcj/Bq1qSOJP/
rd6ij2ux/eQkMvbbBaq9KkENhF75yzu/N3K6SWVQNfy6
-----END CERTIFICATE-----