Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/17fV7J1sUSY1xSBKNCCtp8XrfrY.roa
File:                     17fV7J1sUSY1xSBKNCCtp8XrfrY.roa (raw, json)
Hash identifier:          tn1WT4iGbJWUlyoeqxr1m+CQ41qkvZZzHJ4mFmVyxY4=
Subject key identifier:   D7:B7:D5:EC:9D:6C:51:26:35:C5:20:4A:34:20:AD:A7:C5:EB:7E:B6
Certificate issuer:       /CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
Certificate serial:       019291D3865130E072A623DCCB597EC9972D
Authority key identifier: 1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/17fV7J1sUSY1xSBKNCCtp8XrfrY.roa
Signing time:             Tue 15 Oct 2024 20:16:51 +0000
ROA not before:           Tue 15 Oct 2024 20:16:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        45.95.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:91:d3:86:51:30:e0:72:a6:23:dc:cb:59:7e:c9:97:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
        Validity
            Not Before: Oct 15 20:16:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7b7d5ec9d6c512635c5204a3420ada7c5eb7eb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e0:23:37:7f:e3:e5:0b:95:d1:c1:dc:ce:ff:
                    90:eb:66:9f:65:5b:01:95:42:77:bb:a8:1d:d9:9f:
                    bc:d6:17:08:33:04:ef:81:1b:41:6f:de:f6:30:61:
                    60:ee:ea:29:ca:18:3f:2c:d5:81:b4:a6:0c:e8:5a:
                    b5:02:86:8c:4b:94:92:69:c0:8e:c2:8e:a7:e7:87:
                    b5:40:23:b9:56:a5:07:eb:2d:f0:b6:46:1f:7c:87:
                    e6:df:97:e9:4f:dc:18:0d:38:3c:5d:83:8f:de:0e:
                    fe:31:e7:0e:2e:d5:30:1a:5c:fd:03:50:61:64:b0:
                    e6:57:85:3a:cf:fc:09:9b:3b:2d:59:ed:fd:fa:81:
                    52:85:3a:61:93:3a:2c:81:c8:74:e0:30:f5:75:5c:
                    fe:cd:16:7f:76:98:9f:de:86:e5:43:64:c2:98:f7:
                    8a:55:a5:2b:3f:c3:75:c2:b3:4a:be:57:94:4c:a2:
                    40:a9:96:2c:53:de:f4:19:b3:4e:32:c1:26:85:94:
                    e6:20:93:e6:61:7e:6f:91:93:3f:71:d2:58:36:3b:
                    0d:d7:1c:dc:14:82:58:71:72:82:9a:db:5e:2e:e2:
                    9d:47:0f:5c:87:24:84:27:2c:34:cf:2c:25:4c:07:
                    46:12:20:7d:ee:3f:ab:81:9e:58:68:10:db:a1:8e:
                    56:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:B7:D5:EC:9D:6C:51:26:35:C5:20:4A:34:20:AD:A7:C5:EB:7E:B6
            X509v3 Authority Key Identifier:
                keyid:1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/17fV7J1sUSY1xSBKNCCtp8XrfrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:41:37:38:58:56:ec:8b:3f:b6:ab:29:92:62:85:f6:7b:28:
         36:2c:07:98:1c:c0:12:67:2e:a6:06:86:54:84:4e:53:a7:a6:
         a2:f6:fe:05:bf:7b:1a:44:e8:0d:92:49:fc:eb:9e:f2:aa:d3:
         3c:ba:20:a6:d8:f9:bd:b2:d8:9d:a1:41:36:00:3c:f8:17:63:
         4e:ab:c7:71:ed:c6:48:d0:67:59:67:20:a6:72:46:9e:49:78:
         5e:cd:67:f1:fa:00:b5:12:2d:17:37:8a:18:83:fa:81:25:fe:
         21:c8:d8:ac:79:13:1d:7d:89:66:0e:9e:e4:f7:a8:7a:6a:f9:
         e8:fb:51:d9:94:3a:4a:88:fe:40:76:1c:3d:86:12:80:33:85:
         e6:92:20:3b:3f:cd:cc:08:c6:98:27:9c:3f:dd:ad:13:9c:58:
         ab:c8:46:53:30:91:eb:c0:5b:ba:04:c4:82:d3:cd:fb:16:a3:
         75:92:40:99:07:1a:67:8c:43:93:ea:c3:39:8e:17:54:a9:00:
         2d:84:21:84:f0:d5:94:7d:25:4c:86:0e:b0:da:43:b2:6c:7a:
         bf:5a:aa:95:fb:0f:30:7d:ae:f0:e7:12:9d:fe:39:30:99:46:
         ef:95:2c:e6:d9:5a:9a:81:06:0c:fc:f6:eb:c9:c7:ff:8b:c6:
         4c:87:e7:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKR04ZRMOBypiPcy1l+yZctMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjFhYTVkMWJlZmQ3YTBmZTNlNGRmZTNhYThkYTczZWZj
ZmJhMzQwHhcNMjQxMDE1MjAxNjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2I3ZDVlYzlkNmM1MTI2MzVjNTIwNGEzNDIwYWRhN2M1ZWI3ZWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuAjN3/j5QuV0cHczv+Q62afZVsB
lUJ3u6gd2Z+81hcIMwTvgRtBb972MGFg7uopyhg/LNWBtKYM6Fq1AoaMS5SSacCO
wo6n54e1QCO5VqUH6y3wtkYffIfm35fpT9wYDTg8XYOP3g7+MecOLtUwGlz9A1Bh
ZLDmV4U6z/wJmzstWe39+oFShTphkzosgch04DD1dVz+zRZ/dpif3oblQ2TCmPeK
VaUrP8N1wrNKvleUTKJAqZYsU970GbNOMsEmhZTmIJPmYX5vkZM/cdJYNjsN1xzc
FIJYcXKCmtteLuKdRw9chySEJyw0zywlTAdGEiB97j+rgZ5YaBDboY5WzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNe31eydbFEmNcUgSjQgrafF6362MB8GA1UdIwQY
MBaAFB9hql0b79eg/j5N/jqo2nPvz7o0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJHcVhSdnYxNkQtUGszLU9xamFjLV9QdWpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wYWQ0MTQtM2RmMS00YjM4LTg2OWUt
YzYyMWU4ZGY5NWZmLzEvMTdmVjdKMXNVU1kxeFNCS05DQ3RwOFhyZnJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wYWQ0MTQtM2RmMS00YjM4LTg2OWUtYzYyMWU4ZGY5NWZm
LzEvSDJHcVhSdnYxNkQtUGszLU9xamFjLV9QdWpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV/PMA0G
CSqGSIb3DQEBCwUAA4IBAQAWQTc4WFbsiz+2qymSYoX2eyg2LAeYHMASZy6mBoZU
hE5Tp6ai9v4Fv3saROgNkkn8657yqtM8uiCm2Pm9stidoUE2ADz4F2NOq8dx7cZI
0GdZZyCmckaeSXhezWfx+gC1Ei0XN4oYg/qBJf4hyNiseRMdfYlmDp7k96h6avno
+1HZlDpKiP5Adhw9hhKAM4XmkiA7P83MCMaYJ5w/3a0TnFiryEZTMJHrwFu6BMSC
0837FqN1kkCZBxpnjEOT6sM5jhdUqQAthCGE8NWUfSVMhg6w2kOybHq/WqqV+w8w
fa7w5xKd/jkwmUbvlSzm2VqagQYM/Pbrycf/i8ZMh+d9
-----END CERTIFICATE-----