Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/7HZX6zw326F03SwJth3ZU5XdyXk.roa
File:                     7HZX6zw326F03SwJth3ZU5XdyXk.roa (raw, json)
Hash identifier:          wZdyJjO5eRSMjQ7onq5POv0RLM2rd80LctWNU3JzGPo=
Subject key identifier:   EC:76:57:EB:3C:37:DB:A1:74:DD:2C:09:B6:1D:D9:53:95:DD:C9:79
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       0191EE7BAFAA916A9D9A028CE15DA19CD3FB
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/7HZX6zw326F03SwJth3ZU5XdyXk.roa
Signing time:             Sat 14 Sep 2024 03:02:48 +0000
ROA not before:           Sat 14 Sep 2024 03:02:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214766
IP address blocks:        45.134.146.0/23 maxlen: 23
                          45.134.146.0/24 maxlen: 24
                          45.134.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ee:7b:af:aa:91:6a:9d:9a:02:8c:e1:5d:a1:9c:d3:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Sep 14 03:02:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec7657eb3c37dba174dd2c09b61dd95395ddc979
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:66:b8:ff:12:92:34:1b:86:32:23:34:56:71:
                    62:85:9e:cf:34:17:5d:c3:32:5c:42:f8:5d:ce:36:
                    28:04:15:1f:d3:f4:6f:4a:55:de:a8:92:51:20:26:
                    1c:a3:ba:0b:b0:1e:ab:84:a6:d8:83:4d:7f:85:ff:
                    ba:ab:55:59:5b:2a:b1:25:0d:ee:11:4c:f5:16:f1:
                    b3:4a:2d:96:d0:6f:4a:04:a0:44:ec:4a:8c:84:7a:
                    2b:eb:69:88:69:d3:67:73:95:08:6c:b2:af:e9:e9:
                    72:65:04:91:e5:3e:7c:41:7c:93:fb:ac:c5:70:ed:
                    d2:1c:ae:da:2a:58:1f:29:ea:42:57:7e:62:4b:06:
                    32:93:5a:b8:72:08:19:61:e0:b9:dc:41:eb:ff:4e:
                    1f:f0:19:df:a3:97:4a:f9:a1:b2:95:3e:f7:f7:28:
                    77:e0:93:db:d9:9b:54:95:33:e0:1f:e7:8d:92:f5:
                    a3:06:8f:2f:4c:6f:26:c5:2a:0c:56:30:17:86:cc:
                    a0:65:15:28:54:6c:1a:fc:de:58:71:e8:4a:e2:39:
                    1f:e3:23:34:07:0b:01:3e:5c:e0:2d:25:95:25:6d:
                    0e:26:25:aa:47:7f:66:3c:60:77:66:aa:35:d4:3f:
                    6c:f5:24:e1:df:fa:d6:76:da:51:77:01:e3:f2:34:
                    5e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:76:57:EB:3C:37:DB:A1:74:DD:2C:09:B6:1D:D9:53:95:DD:C9:79
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/7HZX6zw326F03SwJth3ZU5XdyXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b9:06:27:8c:95:4b:19:cd:e2:c9:6c:af:69:b1:7a:db:50:6d:
         ac:fe:72:c8:8a:1c:59:a8:00:0f:ab:8b:a5:37:2f:f5:dd:ff:
         af:28:12:cb:14:0b:77:a3:fc:aa:21:b4:31:6b:11:f6:e0:e4:
         a8:c2:06:55:1b:cf:a6:26:f4:7a:a1:0f:80:43:0d:82:8e:84:
         ef:be:ca:ed:a4:8e:3d:f8:64:f4:e3:59:05:94:10:89:6d:d6:
         77:ab:be:46:24:c5:8c:44:55:04:cc:7b:23:f9:9a:0f:35:df:
         7d:33:94:3b:3c:ce:de:bb:ea:95:dd:8e:04:58:4f:70:63:8b:
         cd:cf:14:5b:f1:1c:d9:6e:99:ed:73:22:6d:57:86:67:a6:7c:
         05:03:81:6b:1e:69:d9:c9:a2:58:9d:04:4e:3e:45:aa:89:bb:
         89:3d:6c:bf:c6:66:ce:56:32:4c:c8:a4:d3:da:f2:20:eb:a3:
         ff:6b:e7:3d:53:1d:2a:86:ff:37:f3:d9:32:07:e1:14:26:8b:
         ff:6a:0a:df:99:d8:7c:b1:43:f9:da:e2:56:e6:d4:f4:d9:35:
         69:4c:53:45:0a:72:f7:66:08:61:9d:b3:bf:3f:64:68:ef:87:
         c8:84:b7:e9:41:47:61:b4:ae:17:b4:f2:18:b2:ae:d3:06:96:
         4f:e2:a5:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHue6+qkWqdmgKM4V2hnNP7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwOTE0MDMwMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzc2NTdlYjNjMzdkYmExNzRkZDJjMDliNjFkZDk1Mzk1ZGRjOTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2a4/xKSNBuGMiM0VnFihZ7PNBdd
wzJcQvhdzjYoBBUf0/RvSlXeqJJRICYco7oLsB6rhKbYg01/hf+6q1VZWyqxJQ3u
EUz1FvGzSi2W0G9KBKBE7EqMhHor62mIadNnc5UIbLKv6elyZQSR5T58QXyT+6zF
cO3SHK7aKlgfKepCV35iSwYyk1q4cggZYeC53EHr/04f8Bnfo5dK+aGylT739yh3
4JPb2ZtUlTPgH+eNkvWjBo8vTG8mxSoMVjAXhsygZRUoVGwa/N5YcehK4jkf4yM0
BwsBPlzgLSWVJW0OJiWqR39mPGB3Zqo11D9s9STh3/rWdtpRdwHj8jRehQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOx2V+s8N9uhdN0sCbYd2VOV3cl5MB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvN0haWDZ6dzMyNkYwM1N3SnRoM1pVNVhkeVhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYaSMA0G
CSqGSIb3DQEBCwUAA4IBAQC5BieMlUsZzeLJbK9psXrbUG2s/nLIihxZqAAPq4ul
Ny/13f+vKBLLFAt3o/yqIbQxaxH24OSowgZVG8+mJvR6oQ+AQw2CjoTvvsrtpI49
+GT041kFlBCJbdZ3q75GJMWMRFUEzHsj+ZoPNd99M5Q7PM7eu+qV3Y4EWE9wY4vN
zxRb8RzZbpntcyJtV4ZnpnwFA4FrHmnZyaJYnQROPkWqibuJPWy/xmbOVjJMyKTT
2vIg66P/a+c9Ux0qhv8389kyB+EUJov/agrfmdh8sUP52uJW5tT02TVpTFNFCnL3
ZghhnbO/P2Ro74fIhLfpQUdhtK4XtPIYsq7TBpZP4qW1
-----END CERTIFICATE-----