Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/iOH1McI9iTFIop-UJ1HA_U9if9E.roa
File:                     iOH1McI9iTFIop-UJ1HA_U9if9E.roa (raw, json)
Hash identifier:          jGsjtR/lt4692ZMHqph22xA5pSDg/jMmydFaGhjVUKo=
Subject key identifier:   88:E1:F5:31:C2:3D:89:31:48:A2:9F:94:27:51:C0:FD:4F:62:7F:D1
Certificate issuer:       /CN=40d55b78836a93fb6f9ec9fa7a79ed9b8bea2ba1
Certificate serial:       019E0E74CF01DBDBE641C385834CA2F6B7CC
Authority key identifier: 40:D5:5B:78:83:6A:93:FB:6F:9E:C9:FA:7A:79:ED:9B:8B:EA:2B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QNVbeINqk_tvnsn6enntm4vqK6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/iOH1McI9iTFIop-UJ1HA_U9if9E.roa
Signing time:             Sat 09 May 2026 20:36:36 +0000
ROA not before:           Sat 09 May 2026 20:36:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        45.129.193.0/24 maxlen: 24
                          45.129.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/QNVbeINqk_tvnsn6enntm4vqK6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/QNVbeINqk_tvnsn6enntm4vqK6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QNVbeINqk_tvnsn6enntm4vqK6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:0e:74:cf:01:db:db:e6:41:c3:85:83:4c:a2:f6:b7:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40d55b78836a93fb6f9ec9fa7a79ed9b8bea2ba1
        Validity
            Not Before: May  9 20:36:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=88e1f531c23d893148a29f942751c0fd4f627fd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:42:0f:6d:0c:5f:70:a9:b0:1b:20:0d:ad:81:
                    ad:43:cd:e4:ed:d9:91:a8:a8:d6:5f:8c:37:9a:7d:
                    47:ea:e7:ca:b0:69:2b:7e:0d:3c:13:b8:04:a2:da:
                    59:cf:e4:fe:2a:64:89:dc:68:de:e0:b5:78:85:f4:
                    8a:2d:bd:d5:ea:55:df:8d:86:9d:f6:98:a6:c5:60:
                    9a:d9:ed:0c:28:66:7a:e2:de:d6:c1:4e:a8:f4:a4:
                    9b:d6:b2:56:17:5d:f2:0e:b9:19:71:eb:f3:00:bd:
                    b0:20:3d:bd:56:49:1f:61:f6:b7:c0:e5:48:24:d2:
                    6d:66:8a:aa:b2:3b:de:e0:98:a2:e6:b6:25:e1:d4:
                    2a:8e:a1:8b:22:18:7c:da:c0:32:bb:8a:04:46:11:
                    9f:bd:43:81:ab:89:38:18:e1:09:16:9b:af:24:9b:
                    5d:fe:04:3b:73:46:e8:1d:e0:7d:d7:f5:97:7b:5e:
                    51:21:cc:a3:72:f7:71:3c:3f:da:91:e9:1b:69:bc:
                    23:4b:f3:43:cf:dc:fc:25:10:0b:9f:8b:68:53:8d:
                    a0:77:d8:34:c9:d9:59:5c:c4:99:f1:2a:0e:55:8f:
                    af:b4:1c:15:fa:be:59:d8:4c:68:2a:6b:60:b2:40:
                    1b:68:5e:51:28:47:ef:f4:08:fc:dd:f4:4c:d8:05:
                    cc:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:E1:F5:31:C2:3D:89:31:48:A2:9F:94:27:51:C0:FD:4F:62:7F:D1
            X509v3 Authority Key Identifier:
                keyid:40:D5:5B:78:83:6A:93:FB:6F:9E:C9:FA:7A:79:ED:9B:8B:EA:2B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QNVbeINqk_tvnsn6enntm4vqK6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/iOH1McI9iTFIop-UJ1HA_U9if9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/QNVbeINqk_tvnsn6enntm4vqK6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.193.0-45.129.194.255

    Signature Algorithm: sha256WithRSAEncryption
         62:35:11:ef:23:c1:54:13:5a:b0:68:c8:5f:35:c5:63:eb:64:
         59:84:60:9d:e5:59:27:46:a7:46:6a:72:de:ce:1a:81:68:21:
         52:08:ea:67:75:b0:ee:bd:a5:46:69:2c:f8:5b:9d:08:b0:62:
         df:13:cc:0f:f7:76:42:81:69:1b:d8:3e:c4:84:d5:29:11:ad:
         09:64:f7:24:b1:53:91:fa:d8:d1:51:c4:70:f7:86:09:80:7c:
         47:5b:ee:75:aa:2f:62:7c:bf:e9:46:54:23:59:b1:bb:72:13:
         53:65:cb:3e:ee:5e:d9:9f:eb:4a:a0:16:95:24:5a:43:0e:f3:
         1d:58:63:89:8b:fb:b2:15:fe:53:5b:6b:29:4b:a3:cb:d2:4a:
         22:1c:a7:89:1e:4a:58:94:55:ad:30:3a:ae:88:53:d0:fa:3c:
         c4:9f:78:71:64:74:05:55:35:66:f3:9b:92:f4:b7:26:b6:10:
         4d:53:ed:53:9e:ef:8c:0c:21:bd:8c:01:0a:6f:5e:fe:24:65:
         e4:13:3a:f1:f1:62:e8:03:b9:ee:27:6b:69:73:bf:aa:f1:9f:
         34:5a:f7:11:9d:41:65:51:f1:92:81:cc:f2:11:2d:e3:ee:0d:
         76:3f:21:40:07:36:8e:52:3d:e2:8f:b8:44:95:ee:9a:5d:34:
         22:32:02:4a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ4OdM8B29vmQcOFg0yi9rfMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZDU1Yjc4ODM2YTkzZmI2ZjllYzlmYTdhNzllZDliOGJl
YTJiYTEwHhcNMjYwNTA5MjAzNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGUxZjUzMWMyM2Q4OTMxNDhhMjlmOTQyNzUxYzBmZDRmNjI3ZmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0IPbQxfcKmwGyANrYGtQ83k7dmR
qKjWX4w3mn1H6ufKsGkrfg08E7gEotpZz+T+KmSJ3Gje4LV4hfSKLb3V6lXfjYad
9pimxWCa2e0MKGZ64t7WwU6o9KSb1rJWF13yDrkZcevzAL2wID29VkkfYfa3wOVI
JNJtZoqqsjve4Jii5rYl4dQqjqGLIhh82sAyu4oERhGfvUOBq4k4GOEJFpuvJJtd
/gQ7c0boHeB91/WXe15RIcyjcvdxPD/akekbabwjS/NDz9z8JRALn4toU42gd9g0
ydlZXMSZ8SoOVY+vtBwV+r5Z2ExoKmtgskAbaF5RKEfv9Aj83fRM2AXMGQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIjh9THCPYkxSKKflCdRwP1PYn/RMB8GA1UdIwQY
MBaAFEDVW3iDapP7b57J+np57ZuL6iuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU5WYmVJTnFrX3R2bnNuNmVubnRtNHZxSzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNzZkODUtNjg2NC00YjM3LWJkYjMt
OTJlOGJlNjI3OWJiLzEvaU9IMU1jSTlpVEZJb3AtVUoxSEFfVTlpZjlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNzZkODUtNjg2NC00YjM3LWJkYjMtOTJlOGJlNjI3OWJi
LzEvUU5WYmVJTnFrX3R2bnNuNmVubnRtNHZxSzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtgcED
BAAtgcIwDQYJKoZIhvcNAQELBQADggEBAGI1Ee8jwVQTWrBoyF81xWPrZFmEYJ3l
WSdGp0Zqct7OGoFoIVII6md1sO69pUZpLPhbnQiwYt8TzA/3dkKBaRvYPsSE1SkR
rQlk9ySxU5H62NFRxHD3hgmAfEdb7nWqL2J8v+lGVCNZsbtyE1Nlyz7uXtmf60qg
FpUkWkMO8x1YY4mL+7IV/lNbaylLo8vSSiIcp4keSliUVa0wOq6IU9D6PMSfeHFk
dAVVNWbzm5L0tya2EE1T7VOe74wMIb2MAQpvXv4kZeQTOvHxYugDue4na2lzv6rx
nzRa9xGdQWVR8ZKBzPIRLePuDXY/IUAHNo5SPeKPuESV7ppdNCIyAko=
-----END CERTIFICATE-----