Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/n_rguI91omyc-eyAcWdptZpZ2v0.roa
File:                     n_rguI91omyc-eyAcWdptZpZ2v0.roa (raw, json)
Hash identifier:          5qucZvPcbJONsTvBmob5sKl0hgaRaEAD62TPVPVGtO4=
Subject key identifier:   9F:FA:E0:B8:8F:75:A2:6C:9C:F9:EC:80:71:67:69:B5:9A:59:DA:FD
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018CC8DFA536B2A4A9421CBAA5D0066EC581
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/n_rguI91omyc-eyAcWdptZpZ2v0.roa
Signing time:             Tue 02 Jan 2024 06:32:29 +0000
ROA not before:           Tue 02 Jan 2024 06:32:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62390
IP address blocks:        45.155.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a5:36:b2:a4:a9:42:1c:ba:a5:d0:06:6e:c5:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  2 06:32:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ffae0b88f75a26c9cf9ec80716769b59a59dafd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ed:d0:39:fe:02:d5:db:6f:da:e5:e4:02:30:
                    b2:28:f8:dc:72:43:46:f1:df:fa:69:b8:68:05:65:
                    ab:df:d9:2c:e6:b3:c2:d4:9f:a2:91:0e:23:18:87:
                    4e:21:6a:45:ac:7c:d2:93:5f:b1:15:e8:e6:e5:2f:
                    72:5a:00:73:91:62:8d:3b:2c:7a:1f:3c:e9:9b:b4:
                    27:e0:b9:70:b4:4a:a1:4f:1d:6f:a0:bf:fd:32:ca:
                    91:df:e3:bf:0e:64:d1:17:37:fe:d3:32:03:4b:56:
                    c4:89:1f:c7:70:4e:c5:f6:9d:e0:42:3e:55:e8:76:
                    a2:65:79:a6:97:f4:24:4a:dc:a8:e7:60:e2:48:93:
                    09:b3:33:be:87:30:22:ee:54:36:ce:09:55:79:4f:
                    43:3e:9b:c3:c1:e3:81:01:0f:70:a0:73:46:14:bd:
                    ee:d6:31:da:05:2c:09:7b:b0:b6:ea:fc:37:ae:63:
                    46:ce:f6:2d:87:6a:d2:cc:e7:11:e9:87:25:a1:2e:
                    c8:27:e5:2a:84:ce:15:31:84:f4:76:72:11:7d:b3:
                    17:3a:e9:fb:5b:5b:d5:d5:3d:81:90:4b:ba:f3:f3:
                    40:25:15:fe:9f:18:6f:bd:f8:87:2b:71:bc:65:65:
                    37:56:98:a1:38:37:a5:e5:f1:71:c1:ff:7d:ec:47:
                    ef:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:FA:E0:B8:8F:75:A2:6C:9C:F9:EC:80:71:67:69:B5:9A:59:DA:FD
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/n_rguI91omyc-eyAcWdptZpZ2v0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:c8:8c:ac:5f:7f:75:46:c3:98:f3:16:f3:b3:c7:c1:aa:9f:
         9d:d5:6f:06:44:c1:fc:16:d7:5f:34:9c:74:8d:9d:69:6a:5e:
         7c:dc:fb:68:38:26:f8:5c:00:ad:49:3f:2c:d1:51:78:44:d1:
         c6:96:b2:52:38:79:4b:05:e3:0c:29:00:1f:b9:7d:c3:e4:55:
         a9:b3:51:4e:db:e6:39:4c:b8:c3:d7:8a:39:b6:8e:9d:a9:cc:
         cd:e7:a7:33:3d:c7:16:9e:33:d9:a3:8d:c2:4c:16:ad:a4:69:
         cb:d6:6d:22:74:3b:cd:e6:d7:3d:e6:14:ca:35:76:1f:4d:aa:
         69:0a:4b:07:bb:7b:cc:0a:ae:f5:32:3b:79:c6:90:34:91:a6:
         e2:f8:8c:f0:99:f2:d8:e3:0e:63:81:c1:16:5e:bb:6d:c5:6e:
         00:27:cb:03:60:df:18:59:9a:92:49:e7:49:3e:38:0e:2f:4f:
         08:92:07:65:a9:87:4f:6d:51:7d:9f:a9:44:59:f9:e1:38:b7:
         8a:a4:a4:b5:5a:3f:09:be:2b:82:c6:c2:1a:26:21:b9:04:8d:
         1f:71:d9:af:2e:35:53:91:14:26:f7:ad:93:a6:9d:7a:b3:d6:
         21:92:0c:81:ed:b3:c4:a4:11:a1:bb:c8:1c:80:f6:a2:0f:f5:
         b3:b8:54:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36U2sqSpQhy6pdAGbsWBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwMTAyMDYzMjI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmZhZTBiODhmNzVhMjZjOWNmOWVjODA3MTY3NjliNTlhNTlkYWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoe3QOf4C1dtv2uXkAjCyKPjcckNG
8d/6abhoBWWr39ks5rPC1J+ikQ4jGIdOIWpFrHzSk1+xFejm5S9yWgBzkWKNOyx6
Hzzpm7Qn4LlwtEqhTx1voL/9MsqR3+O/DmTRFzf+0zIDS1bEiR/HcE7F9p3gQj5V
6HaiZXmml/QkStyo52DiSJMJszO+hzAi7lQ2zglVeU9DPpvDweOBAQ9woHNGFL3u
1jHaBSwJe7C26vw3rmNGzvYth2rSzOcR6YcloS7IJ+UqhM4VMYT0dnIRfbMXOun7
W1vV1T2BkEu68/NAJRX+nxhvvfiHK3G8ZWU3VpihODel5fFxwf997Efv8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ/64LiPdaJsnPnsgHFnabWaWdr9MB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvbl9yZ3VJOTFvbXljLWV5QWNXZHB0WnBaMnYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZtYMA0G
CSqGSIb3DQEBCwUAA4IBAQBFyIysX391RsOY8xbzs8fBqp+d1W8GRMH8FtdfNJx0
jZ1pal583PtoOCb4XACtST8s0VF4RNHGlrJSOHlLBeMMKQAfuX3D5FWps1FO2+Y5
TLjD14o5to6dqczN56czPccWnjPZo43CTBatpGnL1m0idDvN5tc95hTKNXYfTapp
CksHu3vMCq71Mjt5xpA0kabi+IzwmfLY4w5jgcEWXrttxW4AJ8sDYN8YWZqSSedJ
PjgOL08IkgdlqYdPbVF9n6lEWfnhOLeKpKS1Wj8JviuCxsIaJiG5BI0fcdmvLjVT
kRQm962Tpp16s9YhkgyB7bPEpBGhu8gcgPaiD/WzuFSL
-----END CERTIFICATE-----