Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/kQo2DYAcLLwMCvHvkmeNNCptQ38.roa
File:                     kQo2DYAcLLwMCvHvkmeNNCptQ38.roa (raw, json)
Hash identifier:          pN3siJqtVZ1X9eRkdLO6Ia0XEUtQ155zbAbYdkJ6TlY=
Subject key identifier:   91:0A:36:0D:80:1C:2C:BC:0C:0A:F1:EF:92:67:8D:34:2A:6D:43:7F
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018CC8DFAE820209DFB59A21FDA7CFD7D421
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/kQo2DYAcLLwMCvHvkmeNNCptQ38.roa
Signing time:             Tue 02 Jan 2024 06:32:31 +0000
ROA not before:           Tue 02 Jan 2024 06:32:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216047
IP address blocks:        45.156.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:ae:82:02:09:df:b5:9a:21:fd:a7:cf:d7:d4:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  2 06:32:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=910a360d801c2cbc0c0af1ef92678d342a6d437f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:64:45:b5:30:9d:f2:78:52:61:29:17:05:8c:
                    8d:4c:60:78:9f:b9:2b:8a:6f:3d:74:db:5e:ab:08:
                    07:b2:ce:0f:14:7d:d7:f1:7b:95:64:85:90:59:e9:
                    de:ef:e6:a4:2b:0a:e1:fe:db:c8:3d:12:03:8f:c2:
                    78:28:31:b6:8b:3d:fb:4f:76:03:e5:05:83:9a:e2:
                    67:7e:d2:b2:63:75:1a:46:1d:01:da:2b:d3:7d:c9:
                    08:73:40:5a:f1:73:2b:0e:50:44:b6:d6:36:9d:a8:
                    f0:e1:ec:70:ab:a1:2a:35:77:ac:cc:95:cf:4a:89:
                    a4:31:ee:99:b8:16:10:84:db:70:aa:65:9b:e3:ca:
                    27:5e:ea:ad:c1:4b:1e:15:d4:b6:d6:d0:7c:73:43:
                    1a:2a:6e:1f:3f:8b:97:74:bd:14:c2:71:e4:54:62:
                    7e:e0:dc:7e:e4:48:03:92:0d:ed:15:b4:a7:34:a8:
                    75:d6:68:4b:1e:08:10:88:de:ef:84:26:d3:d4:0b:
                    0e:21:f7:b2:14:fb:d5:a4:cd:ea:1a:9f:00:3f:19:
                    59:2b:17:49:7a:30:91:c7:30:7c:f3:b7:34:6b:3f:
                    68:67:6d:97:a9:ee:4b:b7:a6:bc:22:1a:6b:69:6f:
                    41:09:bc:ea:2a:7c:a3:f3:6f:98:63:bb:66:77:e0:
                    86:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:0A:36:0D:80:1C:2C:BC:0C:0A:F1:EF:92:67:8D:34:2A:6D:43:7F
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/kQo2DYAcLLwMCvHvkmeNNCptQ38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:08:55:98:ce:79:c4:c4:72:8b:c4:b4:61:b3:c2:22:b1:df:
         85:1e:c2:43:10:a1:39:5c:1f:a2:5f:30:56:67:3c:77:9f:b1:
         bb:46:79:9b:5e:59:62:dc:46:53:44:1c:0e:34:fd:95:47:45:
         0c:db:10:4f:92:98:6e:2d:6d:56:2b:3e:ea:03:f3:9e:c1:6e:
         49:fa:08:16:53:15:af:89:42:bb:13:99:2f:3a:71:40:fa:2a:
         dd:c1:57:ec:66:f4:0e:6f:f7:b3:bf:70:c2:b4:1f:47:0f:23:
         bf:a0:18:db:08:67:81:e8:37:72:7b:93:c5:77:80:67:c5:35:
         ae:7a:d0:2b:31:5c:90:c9:b5:fd:0c:89:52:15:a3:5c:4b:81:
         03:9a:6d:c6:6c:ad:d9:ff:14:cb:07:2e:47:7a:69:9e:38:97:
         3f:c4:79:91:76:eb:b5:13:35:75:90:c2:e5:cd:9b:4e:e0:b6:
         8b:d2:d4:c8:6d:34:a1:5a:5a:0e:b5:e9:38:d5:4d:f5:47:0b:
         99:d0:b3:22:51:25:4b:a0:af:20:ca:42:5c:12:14:66:03:35:
         19:09:22:20:04:5b:c1:9d:6d:45:41:2f:31:72:16:41:8f:57:
         12:70:be:15:51:0c:b8:21:98:7e:f4:5e:0f:b4:6d:f0:f3:cb:
         25:ad:d2:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI366CAgnftZoh/afP19QhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwMTAyMDYzMjMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTBhMzYwZDgwMWMyY2JjMGMwYWYxZWY5MjY3OGQzNDJhNmQ0MzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWRFtTCd8nhSYSkXBYyNTGB4n7kr
im89dNteqwgHss4PFH3X8XuVZIWQWene7+akKwrh/tvIPRIDj8J4KDG2iz37T3YD
5QWDmuJnftKyY3UaRh0B2ivTfckIc0Ba8XMrDlBEttY2najw4exwq6EqNXeszJXP
SomkMe6ZuBYQhNtwqmWb48onXuqtwUseFdS21tB8c0MaKm4fP4uXdL0UwnHkVGJ+
4Nx+5EgDkg3tFbSnNKh11mhLHggQiN7vhCbT1AsOIfeyFPvVpM3qGp8APxlZKxdJ
ejCRxzB887c0az9oZ22Xqe5Lt6a8IhpraW9BCbzqKnyj82+YY7tmd+CG7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJEKNg2AHCy8DArx75JnjTQqbUN/MB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEva1FvMkRZQWNMTHdNQ3ZIdmttZU5OQ3B0UTM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZzdMA0G
CSqGSIb3DQEBCwUAA4IBAQBuCFWYznnExHKLxLRhs8Iisd+FHsJDEKE5XB+iXzBW
Zzx3n7G7RnmbXlli3EZTRBwONP2VR0UM2xBPkphuLW1WKz7qA/OewW5J+ggWUxWv
iUK7E5kvOnFA+irdwVfsZvQOb/ezv3DCtB9HDyO/oBjbCGeB6Ddye5PFd4BnxTWu
etArMVyQybX9DIlSFaNcS4EDmm3GbK3Z/xTLBy5HemmeOJc/xHmRduu1EzV1kMLl
zZtO4LaL0tTIbTShWloOtek41U31RwuZ0LMiUSVLoK8gykJcEhRmAzUZCSIgBFvB
nW1FQS8xchZBj1cScL4VUQy4IZh+9F4PtG3w88slrdKi
-----END CERTIFICATE-----