Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/0xZJk9Pu0uMO6BGQ9EI1178pGU0.roa
File:                     0xZJk9Pu0uMO6BGQ9EI1178pGU0.roa (raw, json)
Hash identifier:          uM7eNdz/+SbDCCoLJJEutdm79H8gqOvb9hmqjM+kFvQ=
Subject key identifier:   D3:16:49:93:D3:EE:D2:E3:0E:E8:11:90:F4:42:35:D7:BF:29:19:4D
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018CC8DFAFB5AA3F2D92970673CFF8C2D81C
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/0xZJk9Pu0uMO6BGQ9EI1178pGU0.roa
Signing time:             Tue 02 Jan 2024 06:32:31 +0000
ROA not before:           Tue 02 Jan 2024 06:32:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399626
IP address blocks:        45.155.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:af:b5:aa:3f:2d:92:97:06:73:cf:f8:c2:d8:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  2 06:32:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3164993d3eed2e30ee81190f44235d7bf29194d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:87:62:80:f0:52:92:d7:45:20:90:4a:35:71:
                    d8:a9:07:6d:a6:d4:b7:82:31:c7:c4:e8:cb:df:ae:
                    76:cd:2b:76:4d:1c:2d:b3:a4:fe:15:cd:c8:7a:75:
                    da:9a:9a:58:a2:37:30:2f:19:3f:ff:33:55:08:08:
                    b2:f2:75:c0:55:83:21:fe:d0:02:31:ba:f7:b7:ac:
                    e1:86:95:ef:63:e5:38:2b:94:1e:bb:ab:1e:ac:95:
                    c0:e2:fc:02:93:8f:35:1f:61:0d:ce:1b:4a:62:17:
                    bd:c6:8b:c9:eb:a0:2c:08:1b:69:50:57:57:5d:a1:
                    ad:97:78:e4:73:99:be:6e:d3:52:e8:d6:73:bf:6b:
                    7b:e4:b4:0e:93:6c:5c:01:f2:bb:1a:8f:be:36:32:
                    01:6a:56:9f:27:8b:a2:bb:d1:d0:1a:e7:58:bf:6d:
                    0d:2f:f2:9b:e7:3d:dd:5f:01:ae:14:4e:ce:0f:ad:
                    67:d2:bc:90:7f:b4:6e:78:db:9b:14:b7:aa:ed:2a:
                    40:db:0e:c8:09:3b:46:75:d0:3b:cf:bd:d1:ad:4f:
                    3a:af:ba:db:f1:77:be:35:0c:74:0d:3f:f3:0d:a8:
                    e6:2b:03:94:67:cb:ed:e3:81:0f:2f:76:17:81:69:
                    66:eb:ab:a5:9a:18:a9:5b:89:72:2f:08:b8:f4:ca:
                    95:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:16:49:93:D3:EE:D2:E3:0E:E8:11:90:F4:42:35:D7:BF:29:19:4D
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/0xZJk9Pu0uMO6BGQ9EI1178pGU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:ec:43:fc:a2:fc:a1:72:5f:ff:47:7c:3d:cf:8e:04:23:c5:
         da:7d:c3:bc:5b:26:b7:89:53:72:de:78:ba:b7:c4:52:7c:68:
         8c:57:4b:1a:f2:94:67:fd:cb:5f:87:f3:ee:f5:cb:22:8e:02:
         ba:9c:83:e3:56:c0:79:b2:ef:fa:75:e5:27:c9:31:9c:08:ec:
         7e:54:4a:e4:9a:6c:a8:f9:f5:aa:df:a4:4e:1b:63:a7:b0:a8:
         7d:3b:c3:3c:cd:50:c9:9b:14:a7:af:09:31:0c:32:84:ad:76:
         8c:a0:79:45:a4:ee:b3:13:05:b3:5d:32:0b:0a:1f:79:40:54:
         34:ac:57:94:17:0c:4f:33:a0:9c:d4:d8:01:8d:81:f2:cf:4c:
         1c:06:b8:8c:04:00:75:bb:69:28:51:90:cd:d4:d1:a4:94:02:
         6f:36:62:16:0b:35:b7:dd:82:64:9a:c9:34:1a:b9:a5:7b:48:
         df:3f:8e:62:99:e5:aa:76:ed:b9:3e:6e:c6:53:3a:e7:d0:76:
         4c:b6:70:1a:2b:af:6b:4c:cd:fd:ad:9c:d7:8d:6c:34:cd:35:
         b8:af:25:1d:0c:22:fd:77:b5:73:07:11:1a:9d:ab:87:6b:e4:
         88:9a:a6:e9:8b:4b:a7:04:43:49:df:28:07:0f:ac:da:8c:d1:
         8e:dc:4f:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36+1qj8tkpcGc8/4wtgcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwMTAyMDYzMjMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzE2NDk5M2QzZWVkMmUzMGVlODExOTBmNDQyMzVkN2JmMjkxOTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4digPBSktdFIJBKNXHYqQdtptS3
gjHHxOjL3652zSt2TRwts6T+Fc3IenXamppYojcwLxk//zNVCAiy8nXAVYMh/tAC
Mbr3t6zhhpXvY+U4K5Qeu6serJXA4vwCk481H2ENzhtKYhe9xovJ66AsCBtpUFdX
XaGtl3jkc5m+btNS6NZzv2t75LQOk2xcAfK7Go++NjIBalafJ4uiu9HQGudYv20N
L/Kb5z3dXwGuFE7OD61n0ryQf7RueNubFLeq7SpA2w7ICTtGddA7z73RrU86r7rb
8Xe+NQx0DT/zDajmKwOUZ8vt44EPL3YXgWlm66ulmhipW4lyLwi49MqVjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNMWSZPT7tLjDugRkPRCNde/KRlNMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvMHhaSms5UHUwdU1PNkJHUTlFSTExNzhwR1UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZtaMA0G
CSqGSIb3DQEBCwUAA4IBAQB+7EP8ovyhcl//R3w9z44EI8XafcO8Wya3iVNy3ni6
t8RSfGiMV0sa8pRn/ctfh/Pu9csijgK6nIPjVsB5su/6deUnyTGcCOx+VErkmmyo
+fWq36ROG2OnsKh9O8M8zVDJmxSnrwkxDDKErXaMoHlFpO6zEwWzXTILCh95QFQ0
rFeUFwxPM6Cc1NgBjYHyz0wcBriMBAB1u2koUZDN1NGklAJvNmIWCzW33YJkmsk0
Grmle0jfP45imeWqdu25Pm7GUzrn0HZMtnAaK69rTM39rZzXjWw0zTW4ryUdDCL9
d7VzBxEanauHa+SImqbpi0unBENJ3ygHD6zajNGO3E8J
-----END CERTIFICATE-----