Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/On5lyzSET0ydKmVVOBEDylk81C0.roa
File:                     On5lyzSET0ydKmVVOBEDylk81C0.roa (raw, json)
Hash identifier:          pnnvW0nlSJDPJK8HFPyIdW6FPPTBrIYteIEK/Q4CTBU=
Subject key identifier:   3A:7E:65:CB:34:84:4F:4C:9D:2A:65:55:38:11:03:CA:59:3C:D4:2D
Certificate issuer:       /CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
Certificate serial:       0194266B583601D9EF4315BD625042E24F08
Authority key identifier: 6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/On5lyzSET0ydKmVVOBEDylk81C0.roa
Signing time:             Thu 02 Jan 2025 09:49:16 +0000
ROA not before:           Thu 02 Jan 2025 09:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198510
IP address blocks:        45.140.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:58:36:01:d9:ef:43:15:bd:62:50:42:e2:4f:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
        Validity
            Not Before: Jan  2 09:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a7e65cb34844f4c9d2a6555381103ca593cd42d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:4f:58:bb:0d:91:a2:45:d3:83:f4:70:33:e0:
                    cf:49:96:8c:c4:21:83:c8:f8:c7:6a:14:19:a9:7e:
                    e3:de:34:d0:d7:ab:8e:03:a4:c9:df:78:47:21:bc:
                    f5:3c:d3:86:f7:77:70:c6:96:b7:15:68:20:4f:bd:
                    2d:00:8c:f0:cf:3c:f6:6d:5f:e4:00:46:35:a8:1c:
                    82:54:fb:ac:4c:48:6f:54:dd:a4:eb:42:ee:c1:2f:
                    bf:15:8f:41:24:98:4c:2f:82:58:6e:90:43:1d:67:
                    19:98:2d:9b:04:89:f7:e5:b3:29:bf:43:20:d5:1c:
                    2a:72:55:5b:46:06:70:be:02:55:c0:98:12:78:55:
                    ef:09:71:b9:81:7b:89:8c:e9:87:85:16:d5:c1:c6:
                    fd:45:b8:99:d7:e5:dc:f7:86:6f:aa:57:8b:d6:26:
                    96:fb:df:40:bc:ed:be:c4:a8:e4:b0:38:54:f1:5b:
                    4f:16:e0:e7:f5:96:91:42:23:76:36:95:b4:7f:e9:
                    70:31:8e:dc:32:d5:37:cf:86:0d:13:5c:0e:9b:eb:
                    3e:53:fd:98:13:54:4f:41:85:a4:dd:68:5c:4d:b9:
                    d4:4b:bc:ca:8c:46:e4:21:86:39:98:ad:93:07:05:
                    0c:f2:53:a5:2f:0c:12:c7:49:12:dc:13:02:ef:d9:
                    72:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:7E:65:CB:34:84:4F:4C:9D:2A:65:55:38:11:03:CA:59:3C:D4:2D
            X509v3 Authority Key Identifier:
                keyid:6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/On5lyzSET0ydKmVVOBEDylk81C0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:d8:e9:92:0e:1d:75:67:2e:ff:41:72:bd:1f:2b:18:50:ee:
         b5:dd:d8:f9:2c:09:8a:a4:64:af:d8:9c:16:a2:66:36:86:81:
         3e:9d:69:34:4b:75:17:46:b9:31:e2:77:24:8c:f3:2a:97:c3:
         ba:46:c2:26:46:bb:e6:e7:b2:ac:e0:67:da:29:f5:23:bf:3c:
         18:21:70:5d:7f:30:81:11:6f:55:2b:24:aa:7f:18:a7:5e:55:
         a0:4f:d3:9e:ee:c8:77:b1:9d:2d:96:22:37:76:b5:8d:47:05:
         8c:93:5e:a2:c5:29:c6:31:77:ab:53:89:cc:ac:f8:16:21:8a:
         6d:db:b3:eb:aa:52:24:e5:f3:99:b1:b4:a3:81:bd:7f:ae:79:
         9d:91:62:41:51:7d:b5:47:14:56:0a:23:d8:4b:b6:10:15:2e:
         07:98:3d:33:f6:13:06:e6:6b:4b:93:bb:ff:94:2f:fc:29:18:
         6e:aa:61:dd:82:6d:6f:b6:df:33:0a:48:2a:80:a5:c0:01:22:
         33:0a:8a:d9:0d:50:51:34:13:63:19:6e:e6:3a:53:24:6a:1f:
         6d:f1:f7:4d:95:da:c1:16:aa:2c:85:6c:71:46:fb:4f:df:6d:
         63:a9:89:ca:d1:9f:1b:c5:76:60:5b:26:b1:b8:7b:07:a7:83:
         96:76:3d:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma1g2AdnvQxW9YlBC4k8IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZDk4YzJjNTRiMGNiZWExMzRlMjdhOTgxY2ZkZGU3MzIz
NmUwNTUwHhcNMjUwMTAyMDk0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTdlNjVjYjM0ODQ0ZjRjOWQyYTY1NTUzODExMDNjYTU5M2NkNDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2E9Yuw2RokXTg/RwM+DPSZaMxCGD
yPjHahQZqX7j3jTQ16uOA6TJ33hHIbz1PNOG93dwxpa3FWggT70tAIzwzzz2bV/k
AEY1qByCVPusTEhvVN2k60LuwS+/FY9BJJhML4JYbpBDHWcZmC2bBIn35bMpv0Mg
1RwqclVbRgZwvgJVwJgSeFXvCXG5gXuJjOmHhRbVwcb9RbiZ1+Xc94ZvqleL1iaW
+99AvO2+xKjksDhU8VtPFuDn9ZaRQiN2NpW0f+lwMY7cMtU3z4YNE1wOm+s+U/2Y
E1RPQYWk3WhcTbnUS7zKjEbkIYY5mK2TBwUM8lOlLwwSx0kS3BMC79lymQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDp+Zcs0hE9MnSplVTgRA8pZPNQtMB8GA1UdIwQY
MBaAFGzZjCxUsMvqE04nqYHP3ecyNuBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWIt
ZDM3ZGY2MzRhOTI5LzEvT241bHl6U0VUMHlkS21WVk9CRUR5bGs4MUMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWItZDM3ZGY2MzRhOTI5
LzEvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYzCMA0G
CSqGSIb3DQEBCwUAA4IBAQCZ2OmSDh11Zy7/QXK9HysYUO613dj5LAmKpGSv2JwW
omY2hoE+nWk0S3UXRrkx4nckjPMql8O6RsImRrvm57Ks4GfaKfUjvzwYIXBdfzCB
EW9VKySqfxinXlWgT9Oe7sh3sZ0tliI3drWNRwWMk16ixSnGMXerU4nMrPgWIYpt
27PrqlIk5fOZsbSjgb1/rnmdkWJBUX21RxRWCiPYS7YQFS4HmD0z9hMG5mtLk7v/
lC/8KRhuqmHdgm1vtt8zCkgqgKXAASIzCorZDVBRNBNjGW7mOlMkah9t8fdNldrB
FqoshWxxRvtP321jqYnK0Z8bxXZgWyaxuHsHp4OWdj2n
-----END CERTIFICATE-----