Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/502f50d1NmQlr_QgXEe6FmpQuXs.roa
File:                     502f50d1NmQlr_QgXEe6FmpQuXs.roa (raw, json)
Hash identifier:          /FaifmzpLcs3/LqoeHJo9JuiLbqNAC7mFVWjJRhMRO0=
Subject key identifier:   E7:4D:9F:E7:47:75:36:64:25:AF:F4:20:5C:47:BA:16:6A:50:B9:7B
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       01955C70A1415DCBF655CBD5EE99678AF85B
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/502f50d1NmQlr_QgXEe6FmpQuXs.roa
Signing time:             Mon 03 Mar 2025 14:37:19 +0000
ROA not before:           Mon 03 Mar 2025 14:37:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     150179
IP address blocks:        45.155.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:5c:70:a1:41:5d:cb:f6:55:cb:d5:ee:99:67:8a:f8:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Mar  3 14:37:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e74d9fe74775366425aff4205c47ba166a50b97b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e9:07:35:68:84:08:03:54:57:1d:6d:d9:6a:
                    5b:3e:2f:aa:a7:40:d8:bb:43:f6:3b:8a:b5:aa:57:
                    f0:82:57:16:52:cb:c5:de:35:a6:2d:5d:62:c2:4c:
                    1d:43:dc:9f:1d:09:30:cd:77:5c:7d:4f:e0:dd:a0:
                    ef:c4:f6:36:ed:be:c1:a8:67:98:fa:53:20:27:46:
                    e9:07:50:7b:10:37:b8:a7:45:1f:a1:75:80:1f:20:
                    d9:ed:1e:e2:85:f2:99:93:ce:db:20:97:70:7d:c7:
                    b1:64:ec:5c:d2:47:38:a2:f8:83:0b:80:ab:62:18:
                    9e:39:91:8f:3b:e5:7f:a5:03:b4:5f:42:2e:3d:9a:
                    bd:58:07:6f:9d:d2:87:47:7b:90:b9:15:ae:98:51:
                    6a:b9:4e:78:b3:9e:e9:7b:f4:b8:20:47:68:df:a1:
                    82:4e:a4:40:14:28:1e:5b:ae:a4:68:89:fb:ad:26:
                    0b:36:b9:6d:28:15:75:2d:06:97:33:44:5c:f0:cb:
                    42:a2:0f:2a:5c:4c:ea:81:d2:65:7f:9b:91:3b:55:
                    c3:d7:36:0b:b1:d3:e7:9d:5a:a6:1d:b7:1b:6a:77:
                    38:fa:03:0d:98:80:61:04:e8:35:24:a2:0a:a7:dc:
                    62:3d:09:d4:84:01:e5:66:5a:91:f8:56:81:6a:6e:
                    40:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:4D:9F:E7:47:75:36:64:25:AF:F4:20:5C:47:BA:16:6A:50:B9:7B
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/502f50d1NmQlr_QgXEe6FmpQuXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:c0:8f:cf:87:e1:2d:19:00:43:1e:2b:bd:e8:2b:26:38:cb:
         67:f5:b9:47:eb:0d:a9:c5:38:72:5d:4a:e9:dc:85:5d:da:18:
         38:42:89:f4:2b:29:90:d7:ce:36:2b:fb:d1:a8:99:f6:85:37:
         5a:be:7f:2d:d0:a0:c5:98:30:91:df:ba:84:90:c3:6b:95:33:
         8b:a0:00:42:9b:c7:7f:ee:bd:25:89:76:af:2b:f0:11:fe:c3:
         36:43:4c:82:0a:f7:5e:16:46:0a:7e:5e:9f:d0:68:4a:e4:59:
         b6:f1:05:12:86:dd:ce:28:0c:c9:76:39:fa:86:29:fc:f6:fd:
         85:cf:35:7f:bf:1b:90:b2:7e:d3:05:71:86:21:bc:8b:d3:13:
         0f:48:ce:c8:47:87:95:6f:d4:64:dd:44:33:c8:57:ea:70:15:
         8e:0e:fe:77:c1:a6:aa:38:31:24:3d:59:b8:5b:20:95:a4:5b:
         69:19:32:72:56:f2:ba:9a:ef:ec:1b:70:d7:a9:d9:1b:a3:bb:
         a6:0f:bb:cb:04:5e:b3:4a:03:28:55:ad:ef:9c:6f:23:a4:cf:
         75:ae:2e:29:5a:fb:c8:0e:39:6d:da:82:c8:89:63:bd:c7:b1:
         bd:12:10:e2:36:38:0b:74:8f:13:bf:0a:58:22:3a:89:da:4c:
         61:fe:9c:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVccKFBXcv2VcvV7plnivhbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjUwMzAzMTQzNzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzRkOWZlNzQ3NzUzNjY0MjVhZmY0MjA1YzQ3YmExNjZhNTBiOTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuekHNWiECANUVx1t2WpbPi+qp0DY
u0P2O4q1qlfwglcWUsvF3jWmLV1iwkwdQ9yfHQkwzXdcfU/g3aDvxPY27b7BqGeY
+lMgJ0bpB1B7EDe4p0UfoXWAHyDZ7R7ihfKZk87bIJdwfcexZOxc0kc4oviDC4Cr
YhieOZGPO+V/pQO0X0IuPZq9WAdvndKHR3uQuRWumFFquU54s57pe/S4IEdo36GC
TqRAFCgeW66kaIn7rSYLNrltKBV1LQaXM0Rc8MtCog8qXEzqgdJlf5uRO1XD1zYL
sdPnnVqmHbcbanc4+gMNmIBhBOg1JKIKp9xiPQnUhAHlZlqR+FaBam5AzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOdNn+dHdTZkJa/0IFxHuhZqULl7MB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvNTAyZjUwZDFObVFscl9RZ1hFZTZGbXBRdVhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZvjMA0G
CSqGSIb3DQEBCwUAA4IBAQBHwI/Ph+EtGQBDHiu96CsmOMtn9blH6w2pxThyXUrp
3IVd2hg4Qon0KymQ1842K/vRqJn2hTdavn8t0KDFmDCR37qEkMNrlTOLoABCm8d/
7r0liXavK/AR/sM2Q0yCCvdeFkYKfl6f0GhK5Fm28QUSht3OKAzJdjn6hin89v2F
zzV/vxuQsn7TBXGGIbyL0xMPSM7IR4eVb9Rk3UQzyFfqcBWODv53waaqODEkPVm4
WyCVpFtpGTJyVvK6mu/sG3DXqdkbo7umD7vLBF6zSgMoVa3vnG8jpM91ri4pWvvI
Djlt2oLIiWO9x7G9EhDiNjgLdI8TvwpYIjqJ2kxh/pwM
-----END CERTIFICATE-----