Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/7XcmBjm9ZinORKyCe_HBQ0B7L94.roa
File:                     7XcmBjm9ZinORKyCe_HBQ0B7L94.roa (raw, json)
Hash identifier:          JomY+HLzu2O5mf6CAIykVql1H5RscB6S6maowT8GMTc=
Subject key identifier:   ED:77:26:06:39:BD:66:29:CE:44:AC:82:7B:F1:C1:43:40:7B:2F:DE
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       019207BEF81FDB3BAAF07B6E8A1DC5C836AE
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/7XcmBjm9ZinORKyCe_HBQ0B7L94.roa
Signing time:             Thu 19 Sep 2024 00:46:48 +0000
ROA not before:           Thu 19 Sep 2024 00:46:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213205
IP address blocks:        45.155.89.0/24 maxlen: 24
                          45.156.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:07:be:f8:1f:db:3b:aa:f0:7b:6e:8a:1d:c5:c8:36:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Sep 19 00:46:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed77260639bd6629ce44ac827bf1c143407b2fde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:05:70:2f:fb:31:d6:41:85:e0:67:c0:13:bd:
                    6b:05:6d:04:37:6b:be:01:34:7e:55:79:f8:73:1d:
                    d4:fc:d4:31:48:63:a4:3e:6e:9d:22:d7:3b:cc:6b:
                    1e:d4:4d:bf:ab:56:a1:72:d7:67:f3:ec:0a:28:d1:
                    e2:f5:b5:69:01:50:43:cd:a5:b0:4c:a2:c1:8e:6c:
                    e0:33:50:5a:10:8d:be:d4:d9:bb:18:6c:83:e2:9c:
                    9a:19:2e:34:88:1b:7d:5f:9e:ad:be:91:f0:56:be:
                    43:b7:a3:0c:cc:e0:3d:0b:66:3b:4e:d2:27:fc:c5:
                    68:32:c1:a1:35:78:06:55:cc:21:0d:92:79:59:3f:
                    fc:75:5a:e4:43:c2:7b:c1:eb:d0:ee:a1:78:aa:16:
                    e3:c5:d2:58:95:30:33:ef:88:7e:ec:59:27:8b:db:
                    52:33:19:b2:fd:28:cf:83:20:16:4d:29:33:61:36:
                    5e:db:99:62:a9:c5:4c:09:5a:00:70:5f:f8:89:ec:
                    57:3c:7e:05:70:6d:b1:92:95:08:be:6a:15:f9:87:
                    6d:b6:56:a9:51:15:62:a7:30:d3:8c:0e:ac:a2:59:
                    6b:e1:b7:95:8e:4b:6f:20:90:07:5a:f1:db:ed:24:
                    34:58:7e:3f:55:a8:3c:a1:da:07:c8:03:1a:73:db:
                    e4:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:77:26:06:39:BD:66:29:CE:44:AC:82:7B:F1:C1:43:40:7B:2F:DE
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/7XcmBjm9ZinORKyCe_HBQ0B7L94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.89.0/24
                  45.156.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:9e:8c:4d:13:9c:1d:49:97:55:e9:f6:43:12:81:cc:ed:56:
         05:40:4a:d5:2d:c1:a6:5b:24:40:9e:22:0c:60:66:1b:2c:26:
         a6:64:9e:29:35:e7:c3:9b:10:86:39:0c:f8:f5:ba:6c:51:f0:
         e6:d3:a9:f5:ea:e2:c0:48:32:65:3e:1a:c0:d5:38:79:f5:f4:
         6c:d7:57:0b:c4:48:64:ea:8e:a7:93:07:cb:33:8b:05:08:e2:
         ff:92:36:40:f7:5d:77:62:bd:49:29:e4:f7:4d:a8:18:9b:88:
         14:c0:72:b4:29:fa:2f:df:be:0e:65:4e:ad:25:0e:5f:06:dd:
         61:0c:3a:c3:69:16:0f:59:35:61:40:2a:7e:38:ec:18:b4:bb:
         9d:0d:5c:25:e3:44:1f:60:5a:4f:99:ba:25:38:3d:c8:bb:cc:
         c6:e7:12:9e:9f:02:91:fc:1c:fb:1c:9b:96:bf:22:9e:1e:a4:
         8a:d5:b4:2f:52:5e:eb:81:f9:d4:ea:f0:75:1d:82:5a:b2:37:
         3c:6f:dc:29:42:eb:d9:07:8b:fd:70:38:e3:ee:5c:56:08:f0:
         90:1d:a6:fe:2a:10:d5:e7:3f:7b:e8:c9:75:27:11:a2:be:82:
         a0:33:97:86:3c:9d:e4:86:61:55:d8:91:b9:9b:98:54:f5:5a:
         b7:cb:9f:79
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZIHvvgf2zuq8Htuih3FyDauMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwOTE5MDA0NjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDc3MjYwNjM5YmQ2NjI5Y2U0NGFjODI3YmYxYzE0MzQwN2IyZmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAVwL/sx1kGF4GfAE71rBW0EN2u+
ATR+VXn4cx3U/NQxSGOkPm6dItc7zGse1E2/q1ahctdn8+wKKNHi9bVpAVBDzaWw
TKLBjmzgM1BaEI2+1Nm7GGyD4pyaGS40iBt9X56tvpHwVr5Dt6MMzOA9C2Y7TtIn
/MVoMsGhNXgGVcwhDZJ5WT/8dVrkQ8J7wevQ7qF4qhbjxdJYlTAz74h+7Fkni9tS
Mxmy/SjPgyAWTSkzYTZe25liqcVMCVoAcF/4iexXPH4FcG2xkpUIvmoV+Ydttlap
URVipzDTjA6sollr4beVjktvIJAHWvHb7SQ0WH4/Vag8odoHyAMac9vkYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO13JgY5vWYpzkSsgnvxwUNAey/eMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvN1hjbUJqbTlaaW5PUkt5Q2VfSEJRMEI3TDk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZtZAwQA
LZzcMA0GCSqGSIb3DQEBCwUAA4IBAQAvnoxNE5wdSZdV6fZDEoHM7VYFQErVLcGm
WyRAniIMYGYbLCamZJ4pNefDmxCGOQz49bpsUfDm06n16uLASDJlPhrA1Th59fRs
11cLxEhk6o6nkwfLM4sFCOL/kjZA9113Yr1JKeT3TagYm4gUwHK0Kfov374OZU6t
JQ5fBt1hDDrDaRYPWTVhQCp+OOwYtLudDVwl40QfYFpPmbolOD3Iu8zG5xKenwKR
/Bz7HJuWvyKeHqSK1bQvUl7rgfnU6vB1HYJasjc8b9wpQuvZB4v9cDjj7lxWCPCQ
Hab+KhDV5z976Ml1JxGivoKgM5eGPJ3khmFV2JG5m5hU9Vq3y595
-----END CERTIFICATE-----