Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/AqkuMwOWpcjFIQUNACx397i9qMI.roa
File:                     AqkuMwOWpcjFIQUNACx397i9qMI.roa (raw, json)
Hash identifier:          ha/OMr66LwgOd9K7o9DEGPQxt1hmy9/aNOLXxw8wx6w=
Subject key identifier:   02:A9:2E:33:03:96:A5:C8:C5:21:05:0D:00:2C:77:F7:B8:BD:A8:C2
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       019424B39C1137EC90DE9FB09F2AA0C5351B
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/AqkuMwOWpcjFIQUNACx397i9qMI.roa
Signing time:             Thu 02 Jan 2025 01:48:58 +0000
ROA not before:           Thu 02 Jan 2025 01:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59643
IP address blocks:        45.155.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 15:54:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:9c:11:37:ec:90:de:9f:b0:9f:2a:a0:c5:35:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  2 01:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=02a92e330396a5c8c521050d002c77f7b8bda8c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:04:c9:c4:4f:87:dd:95:62:eb:64:29:4b:ce:
                    f0:8e:bf:d9:2c:80:51:2d:a8:f5:ea:ac:64:2b:03:
                    5d:d5:b6:df:59:ae:bb:07:4e:23:34:53:90:2f:45:
                    0f:86:ce:81:55:f8:dc:9b:35:46:c6:6b:a0:4a:ac:
                    39:56:41:1d:04:60:ab:29:7f:da:9a:ee:4c:82:1d:
                    75:82:88:43:72:e0:9c:d2:53:b7:75:ea:30:b9:18:
                    6c:83:b0:49:a1:09:08:11:e1:b2:af:f7:62:38:7c:
                    7f:3f:d3:6d:70:0e:21:d3:b2:c9:e5:4e:9e:20:57:
                    ef:94:f8:17:c8:ab:75:00:74:bf:3a:0d:8c:de:61:
                    88:3c:c8:c2:28:16:ec:2c:11:17:23:4c:7e:e4:0f:
                    75:17:3d:d4:ff:ce:30:44:08:33:4b:fd:ab:3c:1c:
                    47:42:59:dd:e7:4c:55:5c:95:f3:8b:52:78:58:01:
                    c4:ce:2b:66:1b:05:c2:10:f8:1f:bf:97:82:be:e3:
                    fb:e1:d2:cc:fb:07:c3:a6:91:ae:e7:31:a3:6f:b0:
                    78:45:53:d6:fb:16:af:8d:a4:26:90:bd:f4:7c:bd:
                    d4:40:67:6e:b7:cc:e6:a5:2a:e4:30:c3:ee:96:51:
                    9c:3b:59:0e:6a:d4:2a:46:01:fd:1d:78:79:8b:f8:
                    f0:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:A9:2E:33:03:96:A5:C8:C5:21:05:0D:00:2C:77:F7:B8:BD:A8:C2
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/AqkuMwOWpcjFIQUNACx397i9qMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:f0:bf:db:45:97:8c:52:29:f1:bb:74:af:00:7f:49:b4:00:
         45:86:c6:3a:49:ad:39:78:e7:d6:80:ad:88:3c:76:f1:8c:05:
         54:40:be:80:db:36:8f:c1:27:a6:a6:3e:f2:df:15:7b:20:f5:
         10:63:b0:e8:c7:f8:23:b0:c2:b2:75:17:de:78:a4:b6:0c:7a:
         85:a9:44:c5:5f:70:98:de:0f:5e:e5:e8:ed:85:27:d6:44:81:
         07:fe:41:4a:ac:39:38:52:69:c6:b8:35:df:43:9e:68:c3:ab:
         c5:6f:8a:c3:45:fc:10:d5:62:b9:8a:ff:d4:33:c6:14:2a:47:
         ef:8d:7f:0e:60:79:12:d6:47:40:b4:b7:12:74:b4:a6:08:e2:
         4a:e8:93:4a:2a:ec:e7:7c:b4:6b:89:1b:de:7b:63:cb:61:89:
         ef:57:c0:73:cb:9a:d2:e3:72:f7:ac:53:9b:b9:4d:59:b4:05:
         22:fb:4f:00:ab:c7:f4:f3:b6:c5:e0:b1:70:2b:46:42:b4:81:
         20:fc:d7:f8:96:98:74:ac:e5:17:ba:12:ec:ee:fb:d4:ae:52:
         b3:fd:61:03:5a:b2:17:26:76:47:14:63:1f:ff:c7:8b:a4:8a:
         fa:d7:81:fa:42:7c:1d:7e:9d:dc:81:5e:99:46:be:0d:d1:aa:
         91:67:d6:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks5wRN+yQ3p+wnyqgxTUbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjUwMTAyMDE0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmE5MmUzMzAzOTZhNWM4YzUyMTA1MGQwMDJjNzdmN2I4YmRhOGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjATJxE+H3ZVi62QpS87wjr/ZLIBR
Laj16qxkKwNd1bbfWa67B04jNFOQL0UPhs6BVfjcmzVGxmugSqw5VkEdBGCrKX/a
mu5Mgh11gohDcuCc0lO3deowuRhsg7BJoQkIEeGyr/diOHx/P9NtcA4h07LJ5U6e
IFfvlPgXyKt1AHS/Og2M3mGIPMjCKBbsLBEXI0x+5A91Fz3U/84wRAgzS/2rPBxH
Qlnd50xVXJXzi1J4WAHEzitmGwXCEPgfv5eCvuP74dLM+wfDppGu5zGjb7B4RVPW
+xavjaQmkL30fL3UQGdut8zmpSrkMMPullGcO1kOatQqRgH9HXh5i/jwBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAKpLjMDlqXIxSEFDQAsd/e4vajCMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvQXFrdU13T1dwY2pGSVFVTkFDeDM5N2k5cU1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZvjMA0G
CSqGSIb3DQEBCwUAA4IBAQC/8L/bRZeMUinxu3SvAH9JtABFhsY6Sa05eOfWgK2I
PHbxjAVUQL6A2zaPwSempj7y3xV7IPUQY7Dox/gjsMKydRfeeKS2DHqFqUTFX3CY
3g9e5ejthSfWRIEH/kFKrDk4UmnGuDXfQ55ow6vFb4rDRfwQ1WK5iv/UM8YUKkfv
jX8OYHkS1kdAtLcSdLSmCOJK6JNKKuznfLRriRvee2PLYYnvV8Bzy5rS43L3rFOb
uU1ZtAUi+08Aq8f087bF4LFwK0ZCtIEg/Nf4lph0rOUXuhLs7vvUrlKz/WEDWrIX
JnZHFGMf/8eLpIr614H6Qnwdfp3cgV6ZRr4N0aqRZ9bx
-----END CERTIFICATE-----