Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/WCp4IlJNMB0VyhUOQnfRPLX95Zk.roa
File:                     WCp4IlJNMB0VyhUOQnfRPLX95Zk.roa (raw, json)
Hash identifier:          3f7CNvnJfvjHXVxhTO+MGMQ3QMXuaTaxcl1PJO69/D0=
Subject key identifier:   58:2A:78:22:52:4D:30:1D:15:CA:15:0E:42:77:D1:3C:B5:FD:E5:99
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018DB059A0FAB7954ECC4200FADF1B659B77
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/WCp4IlJNMB0VyhUOQnfRPLX95Zk.roa
Signing time:             Fri 16 Feb 2024 05:18:00 +0000
ROA not before:           Fri 16 Feb 2024 05:18:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     141718
IP address blocks:        45.155.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b0:59:a0:fa:b7:95:4e:cc:42:00:fa:df:1b:65:9b:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Feb 16 05:18:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=582a7822524d301d15ca150e4277d13cb5fde599
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e3:06:ed:fc:f8:a6:0d:8d:1e:23:77:2a:da:
                    ee:4a:a0:6a:47:06:9a:30:47:75:ec:a2:29:8c:c0:
                    a4:4e:89:23:1d:07:83:bb:f2:8c:3e:6e:ee:22:66:
                    33:22:5d:c9:f2:e2:90:0f:9b:60:03:ee:34:fa:15:
                    08:10:76:74:22:bc:24:7a:ff:89:3b:67:b1:2b:bb:
                    89:4a:c9:d6:fe:21:6f:94:8c:45:55:53:8b:f3:3d:
                    2c:9b:da:79:d5:10:24:37:97:19:7e:5f:40:3e:f4:
                    b3:72:5d:ba:af:5f:13:2c:0a:9e:f1:94:08:18:e1:
                    ed:26:1e:03:68:55:14:d7:fb:44:8e:26:19:d9:5d:
                    e1:d0:4e:2d:c9:e4:a9:89:6c:8e:48:47:3b:cc:54:
                    b6:c3:7b:12:5b:dc:1a:90:2d:96:aa:e7:33:4c:e7:
                    6a:0c:97:ab:91:06:d4:57:ee:63:93:c2:90:f0:45:
                    aa:48:c6:25:0c:e1:78:3a:f2:52:10:8b:e5:2c:fa:
                    06:75:05:2d:9a:d6:d8:89:f5:53:25:ee:37:f1:a2:
                    00:1b:3c:79:2e:7c:ab:0a:c9:72:12:79:5f:43:d9:
                    f5:96:24:d1:18:8f:3d:61:3e:16:e2:40:74:72:1d:
                    00:55:59:a2:a0:5f:7a:c1:db:32:d8:b4:19:a6:1b:
                    29:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:2A:78:22:52:4D:30:1D:15:CA:15:0E:42:77:D1:3C:B5:FD:E5:99
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/WCp4IlJNMB0VyhUOQnfRPLX95Zk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:31:65:ab:0a:c7:ea:a1:2b:27:a5:dd:47:cf:83:3e:e6:8b:
         66:09:e3:f7:45:9e:ce:99:b9:f3:99:67:fe:ea:cf:13:98:bb:
         90:ea:2b:67:96:65:2b:d2:11:e1:87:29:70:bc:8f:69:3a:d3:
         30:c0:3d:7b:dc:00:6e:41:e9:a0:38:04:f5:d8:4c:7c:d3:4a:
         b6:b8:f1:f1:e3:15:a8:d4:05:00:73:ca:29:dc:b6:11:d2:c9:
         ee:8b:3d:75:1f:21:d7:86:ce:2d:97:6d:2e:8e:da:3f:0d:0f:
         4a:f7:0f:05:1e:76:61:1c:d0:6a:07:73:00:98:e7:fa:2a:50:
         6a:50:ce:f2:34:cb:b3:a2:05:b2:ad:a3:bf:a4:13:6c:0e:53:
         f3:e3:af:46:d6:a1:f3:34:44:11:eb:89:9f:85:f5:2a:f6:6e:
         5e:42:b5:2c:88:45:d7:3b:ad:70:77:46:13:fc:f5:52:53:3f:
         ce:f4:37:d6:16:10:fe:d6:2c:26:8c:dc:ba:75:56:1d:a9:26:
         1e:b3:ed:4d:c1:f7:6c:38:77:9e:0c:58:89:c8:68:c9:09:7d:
         dc:3c:0f:bc:d3:ad:73:bf:68:a0:35:aa:82:91:8c:8a:ab:49:
         0b:7d:a7:f0:55:4e:1d:31:db:8e:db:1c:6b:41:ce:61:78:1c:
         bf:b1:ec:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2wWaD6t5VOzEIA+t8bZZt3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwMjE2MDUxODAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODJhNzgyMjUyNGQzMDFkMTVjYTE1MGU0Mjc3ZDEzY2I1ZmRlNTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+MG7fz4pg2NHiN3KtruSqBqRwaa
MEd17KIpjMCkTokjHQeDu/KMPm7uImYzIl3J8uKQD5tgA+40+hUIEHZ0Irwkev+J
O2exK7uJSsnW/iFvlIxFVVOL8z0sm9p51RAkN5cZfl9APvSzcl26r18TLAqe8ZQI
GOHtJh4DaFUU1/tEjiYZ2V3h0E4tyeSpiWyOSEc7zFS2w3sSW9wakC2WquczTOdq
DJerkQbUV+5jk8KQ8EWqSMYlDOF4OvJSEIvlLPoGdQUtmtbYifVTJe438aIAGzx5
LnyrCslyEnlfQ9n1liTRGI89YT4W4kB0ch0AVVmioF96wdsy2LQZphspvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFgqeCJSTTAdFcoVDkJ30Ty1/eWZMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvV0NwNElsSk5NQjBWeWhVT1FuZlJQTFg5NVprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZviMA0G
CSqGSIb3DQEBCwUAA4IBAQCGMWWrCsfqoSsnpd1Hz4M+5otmCeP3RZ7OmbnzmWf+
6s8TmLuQ6itnlmUr0hHhhylwvI9pOtMwwD173ABuQemgOAT12Ex800q2uPHx4xWo
1AUAc8op3LYR0snuiz11HyHXhs4tl20ujto/DQ9K9w8FHnZhHNBqB3MAmOf6KlBq
UM7yNMuzogWyraO/pBNsDlPz469G1qHzNEQR64mfhfUq9m5eQrUsiEXXO61wd0YT
/PVSUz/O9DfWFhD+1iwmjNy6dVYdqSYes+1NwfdsOHeeDFiJyGjJCX3cPA+8061z
v2igNaqCkYyKq0kLfafwVU4dMduO2xxrQc5heBy/sezI
-----END CERTIFICATE-----