Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/4d53e5-6e0c-46d5-9a88-ce9c149f889b/1/40mfpLltAhLjXnapAezRqTQiqoI.roa
File:                     40mfpLltAhLjXnapAezRqTQiqoI.roa (raw, json)
Hash identifier:          eFhP/0Zq0mDiDISFiGo1BoODulMuLP7NJYBfuwdpkS0=
Subject key identifier:   E3:49:9F:A4:B9:6D:02:12:E3:5E:76:A9:01:EC:D1:A9:34:22:AA:82
Certificate issuer:       /CN=6a7a2c6dbe511a07472437a9a0fb4fccd12be89f
Certificate serial:       0191DFBA376D798B5C62E73F31B82251E25E
Authority key identifier: 6A:7A:2C:6D:BE:51:1A:07:47:24:37:A9:A0:FB:4F:CC:D1:2B:E8:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/anosbb5RGgdHJDepoPtPzNEr6J8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/4d53e5-6e0c-46d5-9a88-ce9c149f889b/1/40mfpLltAhLjXnapAezRqTQiqoI.roa
Signing time:             Wed 11 Sep 2024 06:16:48 +0000
ROA not before:           Wed 11 Sep 2024 06:16:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        185.218.36.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/4d53e5-6e0c-46d5-9a88-ce9c149f889b/1/anosbb5RGgdHJDepoPtPzNEr6J8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/4d53e5-6e0c-46d5-9a88-ce9c149f889b/1/anosbb5RGgdHJDepoPtPzNEr6J8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/anosbb5RGgdHJDepoPtPzNEr6J8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:df:ba:37:6d:79:8b:5c:62:e7:3f:31:b8:22:51:e2:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a7a2c6dbe511a07472437a9a0fb4fccd12be89f
        Validity
            Not Before: Sep 11 06:16:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3499fa4b96d0212e35e76a901ecd1a93422aa82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:ef:cd:7a:e8:62:d7:50:0d:10:3b:81:a9:a9:
                    86:b2:fa:82:cd:e0:19:38:91:c6:c4:a0:56:14:e4:
                    92:2e:55:fc:fe:65:56:c8:95:a2:a0:aa:e6:6d:58:
                    4c:dc:e5:d7:72:67:30:14:39:04:c4:a6:ef:48:f4:
                    20:8b:6f:4a:88:df:6c:8d:cf:7c:73:4c:ec:33:c3:
                    9d:c6:69:a7:5d:0f:1c:ff:f6:91:10:eb:fa:03:47:
                    a0:5e:3b:3a:f8:b2:ff:14:1a:19:1b:48:0f:e8:84:
                    f2:52:da:bb:a1:bd:12:59:3f:cf:53:ff:20:22:13:
                    aa:df:7b:f8:f4:05:03:20:e6:5f:a8:f4:16:1e:6e:
                    ca:39:dd:58:ac:8f:cd:39:8b:bc:94:de:7d:c7:a2:
                    c4:5f:7e:b1:1e:96:94:92:48:81:89:04:3e:a3:9f:
                    12:7b:67:5a:d1:d4:bc:78:50:f7:e1:92:77:79:83:
                    fe:0e:e3:b7:2b:68:6b:9a:4f:a4:5a:da:fc:02:31:
                    3a:ba:ab:22:16:4f:81:9c:8a:98:7d:5a:ee:ce:f4:
                    37:5a:cb:46:d4:1a:09:1f:69:78:d3:b5:ed:a7:6d:
                    f2:98:0f:76:5f:74:ba:2e:d1:3b:7b:f3:ed:1b:f8:
                    b0:6d:4e:7c:ba:f1:14:3e:4e:19:71:62:3a:c4:32:
                    0d:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:49:9F:A4:B9:6D:02:12:E3:5E:76:A9:01:EC:D1:A9:34:22:AA:82
            X509v3 Authority Key Identifier:
                keyid:6A:7A:2C:6D:BE:51:1A:07:47:24:37:A9:A0:FB:4F:CC:D1:2B:E8:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/anosbb5RGgdHJDepoPtPzNEr6J8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/4d53e5-6e0c-46d5-9a88-ce9c149f889b/1/40mfpLltAhLjXnapAezRqTQiqoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/4d53e5-6e0c-46d5-9a88-ce9c149f889b/1/anosbb5RGgdHJDepoPtPzNEr6J8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:8e:c4:a5:5d:34:a1:94:58:23:7c:4f:0e:0b:45:76:0a:09:
         ce:ba:9a:87:fc:7e:04:e9:5f:f1:86:e5:a2:1f:37:f9:48:86:
         8f:08:a2:ac:e8:e3:2d:41:b3:11:04:6d:f6:08:b8:f2:de:73:
         9c:9e:71:d2:eb:04:c2:76:72:b9:fd:80:14:5f:88:7d:6f:eb:
         6d:77:e8:2c:b0:80:22:86:bc:b0:2d:50:69:8f:8a:33:43:50:
         53:ac:ae:a9:fd:71:be:20:f0:f7:09:b9:0a:82:d9:86:a2:0b:
         54:b6:cb:06:64:66:2d:53:d1:18:f8:6b:40:54:15:bc:56:79:
         6b:e1:12:fd:75:d0:47:e8:0c:d6:93:e3:17:2d:e5:ae:52:d7:
         7b:81:7a:4d:a6:14:a4:7c:34:49:62:0d:07:c2:d4:bf:dd:2d:
         a2:2d:35:f9:11:b4:c9:0a:6e:76:8a:30:59:01:0c:67:0a:a6:
         30:50:fc:43:d3:54:74:36:69:ff:68:1c:e1:9c:c1:7b:eb:bd:
         6f:b7:2d:eb:e9:67:4a:96:b0:72:58:e5:c2:78:61:44:1f:ec:
         10:0e:b5:a9:1c:da:fb:39:b6:2b:4a:82:e7:df:75:04:9d:db:
         d2:aa:90:d2:39:d8:32:98:9d:93:1f:ee:eb:64:45:28:6f:cd:
         be:b5:85:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHfujdteYtcYuc/MbgiUeJeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhN2EyYzZkYmU1MTFhMDc0NzI0MzdhOWEwZmI0ZmNjZDEy
YmU4OWYwHhcNMjQwOTExMDYxNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzQ5OWZhNGI5NmQwMjEyZTM1ZTc2YTkwMWVjZDFhOTM0MjJhYTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyu/Neuhi11ANEDuBqamGsvqCzeAZ
OJHGxKBWFOSSLlX8/mVWyJWioKrmbVhM3OXXcmcwFDkExKbvSPQgi29KiN9sjc98
c0zsM8OdxmmnXQ8c//aREOv6A0egXjs6+LL/FBoZG0gP6ITyUtq7ob0SWT/PU/8g
IhOq33v49AUDIOZfqPQWHm7KOd1YrI/NOYu8lN59x6LEX36xHpaUkkiBiQQ+o58S
e2da0dS8eFD34ZJ3eYP+DuO3K2hrmk+kWtr8AjE6uqsiFk+BnIqYfVruzvQ3WstG
1BoJH2l407Xtp23ymA92X3S6LtE7e/PtG/iwbU58uvEUPk4ZcWI6xDINuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONJn6S5bQIS4152qQHs0ak0IqqCMB8GA1UdIwQY
MBaAFGp6LG2+URoHRyQ3qaD7T8zRK+ifMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYW5vc2JiNVJHZ2RISkRlcG9QdFB6TkVyNko4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS80ZDUzZTUtNmUwYy00NmQ1LTlhODgt
Y2U5YzE0OWY4ODliLzEvNDBtZnBMbHRBaExqWG5hcEFlelJxVFFpcW9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS80ZDUzZTUtNmUwYy00NmQ1LTlhODgtY2U5YzE0OWY4ODli
LzEvYW5vc2JiNVJHZ2RISkRlcG9QdFB6TkVyNko4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudokMA0G
CSqGSIb3DQEBCwUAA4IBAQAJjsSlXTShlFgjfE8OC0V2CgnOupqH/H4E6V/xhuWi
Hzf5SIaPCKKs6OMtQbMRBG32CLjy3nOcnnHS6wTCdnK5/YAUX4h9b+ttd+gssIAi
hrywLVBpj4ozQ1BTrK6p/XG+IPD3CbkKgtmGogtUtssGZGYtU9EY+GtAVBW8Vnlr
4RL9ddBH6AzWk+MXLeWuUtd7gXpNphSkfDRJYg0HwtS/3S2iLTX5EbTJCm52ijBZ
AQxnCqYwUPxD01R0Nmn/aBzhnMF7671vty3r6WdKlrByWOXCeGFEH+wQDrWpHNr7
ObYrSoLn33UEndvSqpDSOdgymJ2TH+7rZEUob82+tYVP
-----END CERTIFICATE-----