Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/j_egABFNr1K2LTpRG1UMe7-ipW8.roa
File:                     j_egABFNr1K2LTpRG1UMe7-ipW8.roa (raw, json)
Hash identifier:          1TfY438KwrYp3M5xxWGBqz7KhLwZZMCY1kuX1te8wCA=
Subject key identifier:   8F:F7:A0:00:11:4D:AF:52:B6:2D:3A:51:1B:55:0C:7B:BF:A2:A5:6F
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018CC8DFA3D7C6A321C3530C769DAB504E2B
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/j_egABFNr1K2LTpRG1UMe7-ipW8.roa
Signing time:             Tue 02 Jan 2024 06:32:28 +0000
ROA not before:           Tue 02 Jan 2024 06:32:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47154
IP address blocks:        45.155.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a3:d7:c6:a3:21:c3:53:0c:76:9d:ab:50:4e:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  2 06:32:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ff7a000114daf52b62d3a511b550c7bbfa2a56f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:52:c3:d3:66:58:f4:70:b6:cd:50:9b:21:7f:
                    93:59:a4:00:97:29:75:76:86:d3:f0:07:f1:84:23:
                    1b:a5:a3:05:4e:12:37:c9:76:64:dc:1c:1d:60:ef:
                    15:64:59:08:50:bd:5b:75:83:27:5f:41:9f:0a:d3:
                    bf:07:72:c2:fd:cb:ab:b5:68:62:3c:d1:37:38:82:
                    22:39:30:11:c5:2f:d2:7f:c2:3f:58:fb:80:81:52:
                    7b:eb:b1:2b:c1:c1:cb:2c:e3:bb:1d:eb:9a:eb:46:
                    f2:74:d4:81:03:0d:3c:45:b9:02:fe:2c:2f:76:d1:
                    79:61:9e:29:37:30:cb:8d:6a:c2:23:2d:2b:2d:da:
                    40:2a:74:0c:c9:ca:ad:6c:7e:4b:e2:a4:3f:1a:f5:
                    3e:ec:ee:8c:0a:c7:e8:d1:ed:bf:a0:3c:7f:50:db:
                    fc:de:23:fc:62:e1:b1:cb:05:1d:33:84:8d:bb:0d:
                    93:84:3c:ce:b2:27:20:27:d1:9f:f7:09:d3:3a:f6:
                    14:0b:4d:aa:0b:d0:58:f4:29:65:01:c6:c9:06:b6:
                    5c:39:84:de:e2:c6:31:1e:c2:1a:01:b9:7a:92:2c:
                    68:b5:23:43:e3:de:aa:7b:cd:94:bc:ab:3d:af:2c:
                    1f:6a:80:17:15:5c:0d:cf:a8:0a:6d:b4:c2:7c:6f:
                    89:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:F7:A0:00:11:4D:AF:52:B6:2D:3A:51:1B:55:0C:7B:BF:A2:A5:6F
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/j_egABFNr1K2LTpRG1UMe7-ipW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:6a:11:85:09:79:cd:b4:7f:dc:dd:32:f3:c0:b6:33:b3:85:
         1e:ae:fa:f9:77:d6:fd:64:d5:7b:bc:8e:66:d2:f9:b8:12:26:
         46:9a:42:d5:48:19:8e:f1:28:df:18:26:98:01:0d:80:fa:c8:
         08:b9:7a:01:66:68:75:90:3b:43:b7:c9:d9:2c:d5:15:1b:81:
         3a:ec:5b:10:de:97:04:bb:0c:2a:d0:44:16:80:1a:c6:a6:4a:
         ca:53:af:e2:f3:d4:92:c0:de:3e:65:86:45:b8:fc:ff:70:61:
         bf:66:66:c0:3f:2e:ea:ed:e3:bf:90:09:da:a5:07:5b:19:40:
         d2:9f:15:42:16:90:27:37:f4:4f:31:17:0e:ab:23:88:50:4f:
         64:f5:16:f2:f5:c7:5b:06:f2:43:da:7a:db:d0:40:51:96:60:
         83:80:c7:76:12:35:fd:42:7b:6d:0e:99:ab:e0:11:28:e5:18:
         1a:18:48:4d:3e:41:0d:07:d6:4d:4a:b6:1e:ed:59:13:bd:b0:
         5f:39:57:e2:70:7a:e8:ff:f1:8f:4f:af:74:23:f9:6b:1b:30:
         09:78:04:8c:e2:bc:47:4f:9d:6a:e8:43:40:57:d9:37:41:7d:
         3e:5d:c6:d3:29:a1:48:a5:c3:54:f7:21:32:71:7c:c7:1a:7e:
         43:12:d1:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36PXxqMhw1MMdp2rUE4rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwMTAyMDYzMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmY3YTAwMDExNGRhZjUyYjYyZDNhNTExYjU1MGM3YmJmYTJhNTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1LD02ZY9HC2zVCbIX+TWaQAlyl1
dobT8AfxhCMbpaMFThI3yXZk3BwdYO8VZFkIUL1bdYMnX0GfCtO/B3LC/curtWhi
PNE3OIIiOTARxS/Sf8I/WPuAgVJ767ErwcHLLOO7Heua60bydNSBAw08RbkC/iwv
dtF5YZ4pNzDLjWrCIy0rLdpAKnQMycqtbH5L4qQ/GvU+7O6MCsfo0e2/oDx/UNv8
3iP8YuGxywUdM4SNuw2ThDzOsicgJ9Gf9wnTOvYUC02qC9BY9CllAcbJBrZcOYTe
4sYxHsIaAbl6kixotSND496qe82UvKs9rywfaoAXFVwNz6gKbbTCfG+JEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI/3oAARTa9Sti06URtVDHu/oqVvMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEval9lZ0FCRk5yMUsyTFRwUkcxVU1lNy1pcFc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZtbMA0G
CSqGSIb3DQEBCwUAA4IBAQAQahGFCXnNtH/c3TLzwLYzs4Uervr5d9b9ZNV7vI5m
0vm4EiZGmkLVSBmO8SjfGCaYAQ2A+sgIuXoBZmh1kDtDt8nZLNUVG4E67FsQ3pcE
uwwq0EQWgBrGpkrKU6/i89SSwN4+ZYZFuPz/cGG/ZmbAPy7q7eO/kAnapQdbGUDS
nxVCFpAnN/RPMRcOqyOIUE9k9Rby9cdbBvJD2nrb0EBRlmCDgMd2EjX9QnttDpmr
4BEo5RgaGEhNPkENB9ZNSrYe7VkTvbBfOVficHro//GPT690I/lrGzAJeASM4rxH
T51q6ENAV9k3QX0+XcbTKaFIpcNU9yEycXzHGn5DEtEr
-----END CERTIFICATE-----