Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/17UHBIT92F76HVR-3RJHEI5WQE0.roa
File:                     17UHBIT92F76HVR-3RJHEI5WQE0.roa (raw, json)
Hash identifier:          Rlcau6GlCvADfCD4cE6O1/Rt/3tNVBGSdIr0knAfAyA=
Subject key identifier:   D7:B5:07:04:84:FD:D8:5E:FA:1D:54:7E:DD:12:47:10:8E:56:40:4D
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0195C97C70786DDE9265CA057529E2636A98
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/17UHBIT92F76HVR-3RJHEI5WQE0.roa
Signing time:             Mon 24 Mar 2025 18:48:50 +0000
ROA not before:           Mon 24 Mar 2025 18:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211619
IP address blocks:        45.9.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:c9:7c:70:78:6d:de:92:65:ca:05:75:29:e2:63:6a:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 24 18:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7b5070484fdd85efa1d547edd1247108e56404d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a0:bd:8c:6f:e5:7d:0e:13:3f:6c:1b:78:61:
                    49:28:a2:17:4c:cc:10:f3:31:92:27:88:e1:2e:7a:
                    e3:d4:1b:8d:a7:43:a5:97:64:ba:1a:c5:60:f3:ea:
                    3f:75:71:8f:17:b1:d5:08:1c:79:32:6f:39:e2:43:
                    3c:a9:a1:35:05:87:79:c2:f7:4c:ef:3b:d3:67:97:
                    01:96:a3:50:50:d2:3a:73:bf:e1:8a:6f:08:76:96:
                    5c:63:46:b0:43:54:4e:a4:af:9d:6e:ac:91:fa:8b:
                    4f:18:3d:42:c4:ef:f7:bb:17:2f:24:62:ba:3c:56:
                    ad:3e:47:e2:48:49:eb:3b:e1:36:7a:dd:2b:28:ff:
                    59:62:3a:47:9d:44:e7:7b:bf:77:de:d6:e3:f1:31:
                    1b:54:8d:00:ac:f3:a0:29:43:a7:cd:f3:5e:a2:af:
                    94:3b:64:15:4c:6b:b7:6a:cc:2d:52:37:e1:22:b8:
                    3b:26:d0:06:a9:e6:20:e2:2d:3e:48:5e:c7:89:2a:
                    e0:66:c6:7a:d7:da:e1:ca:92:3e:d3:47:a9:41:e8:
                    28:61:7c:12:40:2c:f9:02:43:0f:cd:06:3f:54:d7:
                    95:d1:f7:f9:20:b0:95:4e:92:15:c8:23:08:4c:64:
                    e1:4c:3e:59:ec:51:94:87:73:e7:60:5d:1c:aa:00:
                    a6:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:B5:07:04:84:FD:D8:5E:FA:1D:54:7E:DD:12:47:10:8E:56:40:4D
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/17UHBIT92F76HVR-3RJHEI5WQE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:0f:66:d4:cd:71:f1:c3:65:8f:9b:68:fe:b9:6e:2b:dd:2c:
         5b:71:cc:48:5c:d6:36:dc:2e:43:39:80:91:63:a3:df:98:6a:
         16:df:5e:ee:3c:fb:da:f9:51:da:f9:8a:c3:fd:c3:f6:a5:0b:
         e2:0d:59:ab:64:c0:c3:97:7a:2e:c2:2e:de:c6:b4:62:21:4e:
         90:50:65:90:94:52:1c:57:a8:ed:a6:95:7e:1d:bd:93:2e:2e:
         9b:f6:77:9b:8c:e4:f8:d6:23:9a:38:b2:05:ef:17:89:41:29:
         8d:b8:08:7f:eb:a4:f9:06:90:20:29:23:43:6b:34:79:ff:78:
         42:da:b9:a5:d4:23:26:23:cf:6c:88:46:0d:12:a2:97:34:46:
         fc:49:6e:45:85:53:e5:ac:cd:54:9d:df:ed:f1:af:89:72:cd:
         13:a5:50:2d:c0:2e:5e:df:f5:c8:0f:0e:71:9e:f9:46:b8:d8:
         59:00:ac:bf:2d:a3:00:40:c5:ce:c5:7c:27:68:4d:46:55:a6:
         ec:a5:d9:e0:12:ee:ec:b0:94:40:10:63:63:f4:f8:56:10:57:
         f6:3a:c4:bc:7a:9e:db:c4:48:6a:15:3a:ac:f6:19:48:57:c1:
         f6:21:6e:9a:97:e8:31:de:d9:8f:ec:8a:bb:ba:b6:52:56:cd:
         75:d6:7f:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXJfHB4bd6SZcoFdSniY2qYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzI0MTg0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2I1MDcwNDg0ZmRkODVlZmExZDU0N2VkZDEyNDcxMDhlNTY0MDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKC9jG/lfQ4TP2wbeGFJKKIXTMwQ
8zGSJ4jhLnrj1BuNp0Oll2S6GsVg8+o/dXGPF7HVCBx5Mm854kM8qaE1BYd5wvdM
7zvTZ5cBlqNQUNI6c7/him8IdpZcY0awQ1ROpK+dbqyR+otPGD1CxO/3uxcvJGK6
PFatPkfiSEnrO+E2et0rKP9ZYjpHnUTne7933tbj8TEbVI0ArPOgKUOnzfNeoq+U
O2QVTGu3aswtUjfhIrg7JtAGqeYg4i0+SF7HiSrgZsZ619rhypI+00epQegoYXwS
QCz5AkMPzQY/VNeV0ff5ILCVTpIVyCMITGThTD5Z7FGUh3PnYF0cqgCm8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNe1BwSE/dhe+h1Uft0SRxCOVkBNMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMTdVSEJJVDkyRjc2SFZSLTNSSkhFSTVXUUUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQmcMA0G
CSqGSIb3DQEBCwUAA4IBAQBrD2bUzXHxw2WPm2j+uW4r3SxbccxIXNY23C5DOYCR
Y6PfmGoW317uPPva+VHa+YrD/cP2pQviDVmrZMDDl3ouwi7exrRiIU6QUGWQlFIc
V6jtppV+Hb2TLi6b9nebjOT41iOaOLIF7xeJQSmNuAh/66T5BpAgKSNDazR5/3hC
2rml1CMmI89siEYNEqKXNEb8SW5FhVPlrM1Und/t8a+Jcs0TpVAtwC5e3/XIDw5x
nvlGuNhZAKy/LaMAQMXOxXwnaE1GVabspdngEu7ssJRAEGNj9PhWEFf2OsS8ep7b
xEhqFTqs9hlIV8H2IW6al+gx3tmP7Iq7urZSVs111n8L
-----END CERTIFICATE-----