Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/AIEW49j5InMuprcIv1re5ELo7Mg.roa
File:                     AIEW49j5InMuprcIv1re5ELo7Mg.roa (raw, json)
Hash identifier:          CspD88WXE/VTrfWO2t59apJyKXsmRJQByqBIfAYqYok=
Subject key identifier:   00:81:16:E3:D8:F9:22:73:2E:A6:B7:08:BF:5A:DE:E4:42:E8:EC:C8
Certificate issuer:       /CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
Certificate serial:       0194266B58FB996284292336E33FDE6F3B04
Authority key identifier: 6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/AIEW49j5InMuprcIv1re5ELo7Mg.roa
Signing time:             Thu 02 Jan 2025 09:49:16 +0000
ROA not before:           Thu 02 Jan 2025 09:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200017
IP address blocks:        45.140.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:58:fb:99:62:84:29:23:36:e3:3f:de:6f:3b:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
        Validity
            Not Before: Jan  2 09:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=008116e3d8f922732ea6b708bf5adee442e8ecc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:cb:8d:f0:a2:5e:0e:cc:9f:8b:e1:c9:1c:47:
                    09:80:e4:fd:19:17:b4:08:08:0a:87:ea:9c:fe:8c:
                    2d:86:30:d8:f8:9c:78:b7:9a:ab:fa:7f:47:b3:b6:
                    96:10:d8:6e:2b:23:db:b7:dd:73:e2:b9:d6:c5:01:
                    48:40:2e:fd:57:f8:d0:db:61:11:5d:c8:dd:07:00:
                    55:41:a7:99:b3:4d:4d:3f:98:9f:30:57:12:fb:24:
                    f1:b0:c5:c9:5d:8c:bf:d6:3d:09:0f:ad:c5:24:09:
                    3d:93:6b:c5:98:76:b8:1e:29:a0:a5:3d:4c:d2:cd:
                    c5:5b:dc:42:cb:e4:44:0a:b3:06:e4:ba:d1:7e:14:
                    bb:ce:fa:cc:f8:33:86:30:9e:6e:e3:78:23:e0:9e:
                    3f:27:25:0e:c7:3a:94:ce:f5:23:7c:58:2e:7d:f7:
                    e5:0c:1d:ef:82:52:03:29:1c:28:f9:e9:80:7d:b3:
                    32:5c:60:6c:ca:79:4e:99:38:03:e0:33:7f:00:1d:
                    f9:18:10:93:24:0d:67:73:56:a1:ea:aa:c4:8b:49:
                    01:bb:09:3b:72:97:b1:4e:46:0b:dd:4e:dc:42:2c:
                    d7:24:8d:1f:30:1a:f8:95:c2:59:36:e6:8f:8a:7e:
                    a1:ec:a1:1e:e8:d5:d2:86:ad:a3:0e:4a:24:db:1a:
                    e3:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:81:16:E3:D8:F9:22:73:2E:A6:B7:08:BF:5A:DE:E4:42:E8:EC:C8
            X509v3 Authority Key Identifier:
                keyid:6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/AIEW49j5InMuprcIv1re5ELo7Mg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:8d:13:93:ac:e8:57:0e:5f:86:f3:53:ee:c7:c4:be:b8:f9:
         cd:3b:9b:ed:cb:49:9d:ea:e9:e8:3b:8c:7a:c2:a9:1e:49:95:
         23:dd:03:3c:b2:5a:f6:df:f9:88:91:e7:65:b8:c9:57:e6:e2:
         5d:d1:0c:b1:4c:82:c7:04:42:19:30:14:93:ca:d1:96:0c:d8:
         04:dc:7e:ed:6f:38:86:4c:a7:71:64:c8:5f:3a:06:ba:89:b8:
         3d:2f:23:b9:69:6f:be:41:59:f9:bf:f0:bb:64:3f:a6:a5:a6:
         53:42:19:6a:24:e1:79:93:f5:35:b8:13:2a:f4:83:cd:69:a6:
         cd:72:0d:bf:22:2a:6c:b9:ad:69:de:f4:fa:06:e1:61:b3:bb:
         78:15:ad:9c:13:39:d4:a5:2e:d5:72:d7:5e:bc:8d:7f:85:94:
         f9:bd:4a:3b:00:23:cc:eb:e1:f7:c0:49:27:52:36:80:c6:63:
         fd:1a:46:2e:d2:25:37:3e:31:f0:34:f2:85:c2:c0:ef:42:fc:
         50:6b:3b:5a:b6:ce:e5:b7:47:c6:07:30:21:a7:d3:37:c5:8c:
         63:89:8a:00:c2:b4:e2:1a:41:74:ca:86:63:e4:ff:0a:33:ef:
         6a:f3:d3:f0:43:25:00:7d:19:da:b3:cc:40:e2:eb:e3:6e:90:
         68:31:39:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma1j7mWKEKSM24z/ebzsEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZDk4YzJjNTRiMGNiZWExMzRlMjdhOTgxY2ZkZGU3MzIz
NmUwNTUwHhcNMjUwMTAyMDk0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDgxMTZlM2Q4ZjkyMjczMmVhNmI3MDhiZjVhZGVlNDQyZThlY2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8uN8KJeDsyfi+HJHEcJgOT9GRe0
CAgKh+qc/owthjDY+Jx4t5qr+n9Hs7aWENhuKyPbt91z4rnWxQFIQC79V/jQ22ER
XcjdBwBVQaeZs01NP5ifMFcS+yTxsMXJXYy/1j0JD63FJAk9k2vFmHa4HimgpT1M
0s3FW9xCy+RECrMG5LrRfhS7zvrM+DOGMJ5u43gj4J4/JyUOxzqUzvUjfFgufffl
DB3vglIDKRwo+emAfbMyXGBsynlOmTgD4DN/AB35GBCTJA1nc1ah6qrEi0kBuwk7
cpexTkYL3U7cQizXJI0fMBr4lcJZNuaPin6h7KEe6NXShq2jDkok2xrjpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFACBFuPY+SJzLqa3CL9a3uRC6OzIMB8GA1UdIwQY
MBaAFGzZjCxUsMvqE04nqYHP3ecyNuBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWIt
ZDM3ZGY2MzRhOTI5LzEvQUlFVzQ5ajVJbk11cHJjSXYxcmU1RUxvN01nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWItZDM3ZGY2MzRhOTI5
LzEvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYzDMA0G
CSqGSIb3DQEBCwUAA4IBAQCNjROTrOhXDl+G81Pux8S+uPnNO5vty0md6unoO4x6
wqkeSZUj3QM8slr23/mIkedluMlX5uJd0QyxTILHBEIZMBSTytGWDNgE3H7tbziG
TKdxZMhfOga6ibg9LyO5aW++QVn5v/C7ZD+mpaZTQhlqJOF5k/U1uBMq9IPNaabN
cg2/Iipsua1p3vT6BuFhs7t4Fa2cEznUpS7VctdevI1/hZT5vUo7ACPM6+H3wEkn
UjaAxmP9GkYu0iU3PjHwNPKFwsDvQvxQaztats7lt0fGBzAhp9M3xYxjiYoAwrTi
GkF0yoZj5P8KM+9q89PwQyUAfRnas8xA4uvjbpBoMTnN
-----END CERTIFICATE-----