Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/8e23e5-db28-45ed-b67f-2add5e797c75/1/40_j8EnMOslOGeaUGeLQNCGHg64.roa
File:                     40_j8EnMOslOGeaUGeLQNCGHg64.roa (raw, json)
Hash identifier:          BOU6u1kQjKsVBkJf+h9lI/7YbpbYLn1ZXJQhHit/Gyg=
Subject key identifier:   E3:4F:E3:F0:49:CC:3A:C9:4E:19:E6:94:19:E2:D0:34:21:87:83:AE
Certificate issuer:       /CN=cdda5b4ce95fa0bdf6054169e77aefc8265ddbc4
Certificate serial:       0194266C3910F4FCDE2B50F57FEA5AD9D178
Authority key identifier: CD:DA:5B:4C:E9:5F:A0:BD:F6:05:41:69:E7:7A:EF:C8:26:5D:DB:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zdpbTOlfoL32BUFp53rvyCZd28Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/8e23e5-db28-45ed-b67f-2add5e797c75/1/40_j8EnMOslOGeaUGeLQNCGHg64.roa
Signing time:             Thu 02 Jan 2025 09:50:14 +0000
ROA not before:           Thu 02 Jan 2025 09:50:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25581
IP address blocks:        91.224.94.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/8e23e5-db28-45ed-b67f-2add5e797c75/1/zdpbTOlfoL32BUFp53rvyCZd28Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/8e23e5-db28-45ed-b67f-2add5e797c75/1/zdpbTOlfoL32BUFp53rvyCZd28Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zdpbTOlfoL32BUFp53rvyCZd28Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:39:10:f4:fc:de:2b:50:f5:7f:ea:5a:d9:d1:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdda5b4ce95fa0bdf6054169e77aefc8265ddbc4
        Validity
            Not Before: Jan  2 09:50:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e34fe3f049cc3ac94e19e69419e2d034218783ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:31:5c:a7:52:9e:3f:c3:0f:73:67:03:12:0d:
                    10:3f:32:88:aa:8e:33:fb:a4:ab:dd:78:6a:1f:f7:
                    c1:9e:21:e3:0f:d9:9b:50:c1:ba:a6:c4:f1:15:6a:
                    d6:3a:a1:82:6f:2f:de:66:5e:d2:4d:4d:b8:7c:27:
                    ac:12:4f:fc:79:d9:af:ad:69:37:d6:5e:7c:3b:cb:
                    65:d7:a8:a7:81:65:18:dc:35:b7:cf:d2:c1:c3:45:
                    c3:4a:0d:55:67:af:84:a2:86:18:0c:ca:fa:1f:f0:
                    33:65:73:c6:e8:66:b7:fc:98:a4:b0:0d:c7:cb:46:
                    db:f8:ce:8a:a2:73:e8:a9:5b:c5:18:03:37:3d:d0:
                    0c:ac:d0:90:cb:9e:d9:d2:90:8e:bb:01:6a:4f:7b:
                    66:35:83:57:fe:da:01:22:6c:2c:37:ff:87:75:1f:
                    c8:a9:4b:0b:5f:de:a5:29:50:2a:ff:6b:d4:66:9e:
                    39:b7:c6:f5:82:d3:42:1f:3a:f6:29:83:2f:0f:9b:
                    9d:a1:aa:67:44:ab:3f:da:33:25:00:09:ad:f2:d2:
                    e8:1f:19:38:dc:9c:c6:2b:82:30:30:e1:c1:1c:2b:
                    ba:64:d3:7e:bf:51:26:dc:a2:f5:01:fd:39:18:bb:
                    c2:2c:b6:c9:17:5a:b2:92:eb:ce:88:6f:2f:30:da:
                    e3:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:4F:E3:F0:49:CC:3A:C9:4E:19:E6:94:19:E2:D0:34:21:87:83:AE
            X509v3 Authority Key Identifier:
                keyid:CD:DA:5B:4C:E9:5F:A0:BD:F6:05:41:69:E7:7A:EF:C8:26:5D:DB:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zdpbTOlfoL32BUFp53rvyCZd28Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/8e23e5-db28-45ed-b67f-2add5e797c75/1/40_j8EnMOslOGeaUGeLQNCGHg64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/8e23e5-db28-45ed-b67f-2add5e797c75/1/zdpbTOlfoL32BUFp53rvyCZd28Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3b:2b:a0:d8:42:a5:9f:bf:88:de:92:fc:73:43:32:62:8a:f8:
         9a:85:28:2d:7d:56:5c:89:4a:6b:df:67:5d:de:b8:46:72:70:
         3d:47:4b:71:13:1e:f4:8e:a3:88:3d:f8:f9:d4:64:68:22:82:
         86:dd:55:85:c4:b1:f0:42:31:ff:f8:68:a8:21:98:0b:ed:78:
         6c:69:da:f6:e5:37:39:23:a4:5d:a5:f3:f6:66:01:3f:7f:4b:
         19:65:6d:8c:92:bd:30:48:8b:1e:cd:74:cc:4a:24:e4:7f:ff:
         58:8e:db:f5:80:aa:31:21:18:53:ac:db:d6:c4:d7:4f:0b:89:
         3c:76:52:4a:fc:f4:d1:a8:80:86:2d:34:47:8b:07:73:d7:61:
         ac:a6:3e:9b:4c:6d:aa:47:5c:95:63:f3:11:31:21:65:e9:c6:
         a1:70:e2:74:c3:44:7e:15:9a:df:38:76:88:5d:3d:e2:ea:bb:
         75:ed:3b:50:4f:74:8a:67:dd:51:82:d2:91:aa:09:ab:b0:03:
         43:b8:01:b1:dc:22:dc:6d:7e:9f:67:c4:74:c5:cb:7b:99:21:
         4e:08:de:4e:88:43:e7:5f:21:f1:d6:3a:94:bf:2c:01:b0:d7:
         cd:4e:c7:d9:fe:05:b8:49:e7:3d:a6:02:d8:75:0f:e0:63:2f:
         65:ae:f6:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbDkQ9PzeK1D1f+pa2dF4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZGE1YjRjZTk1ZmEwYmRmNjA1NDE2OWU3N2FlZmM4MjY1
ZGRiYzQwHhcNMjUwMTAyMDk1MDE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzRmZTNmMDQ5Y2MzYWM5NGUxOWU2OTQxOWUyZDAzNDIxODc4M2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjFcp1KeP8MPc2cDEg0QPzKIqo4z
+6Sr3XhqH/fBniHjD9mbUMG6psTxFWrWOqGCby/eZl7STU24fCesEk/8edmvrWk3
1l58O8tl16ingWUY3DW3z9LBw0XDSg1VZ6+EooYYDMr6H/AzZXPG6Ga3/JiksA3H
y0bb+M6KonPoqVvFGAM3PdAMrNCQy57Z0pCOuwFqT3tmNYNX/toBImwsN/+HdR/I
qUsLX96lKVAq/2vUZp45t8b1gtNCHzr2KYMvD5udoapnRKs/2jMlAAmt8tLoHxk4
3JzGK4IwMOHBHCu6ZNN+v1Em3KL1Af05GLvCLLbJF1qykuvOiG8vMNrjAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONP4/BJzDrJThnmlBni0DQhh4OuMB8GA1UdIwQY
MBaAFM3aW0zpX6C99gVBaed678gmXdvEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemRwYlRPbGZvTDMyQlVGcDUzcnZ5Q1pkMjhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC84ZTIzZTUtZGIyOC00NWVkLWI2N2Yt
MmFkZDVlNzk3Yzc1LzEvNDBfajhFbk1Pc2xPR2VhVUdlTFFOQ0dIZzY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC84ZTIzZTUtZGIyOC00NWVkLWI2N2YtMmFkZDVlNzk3Yzc1
LzEvemRwYlRPbGZvTDMyQlVGcDUzcnZ5Q1pkMjhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+BeMA0G
CSqGSIb3DQEBCwUAA4IBAQA7K6DYQqWfv4jekvxzQzJiiviahSgtfVZciUpr32dd
3rhGcnA9R0txEx70jqOIPfj51GRoIoKG3VWFxLHwQjH/+GioIZgL7Xhsadr25Tc5
I6RdpfP2ZgE/f0sZZW2Mkr0wSIsezXTMSiTkf/9Yjtv1gKoxIRhTrNvWxNdPC4k8
dlJK/PTRqICGLTRHiwdz12Gspj6bTG2qR1yVY/MRMSFl6cahcOJ0w0R+FZrfOHaI
XT3i6rt17TtQT3SKZ91RgtKRqgmrsANDuAGx3CLcbX6fZ8R0xct7mSFOCN5OiEPn
XyHx1jqUvywBsNfNTsfZ/gW4Sec9pgLYdQ/gYy9lrvYI
-----END CERTIFICATE-----