Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/BljD98mf-KkrBFqjNj10Thum48c.roa
File:                     BljD98mf-KkrBFqjNj10Thum48c.roa (raw, json)
Hash identifier:          q5+58xCpVbIzk5aU6UNUxUM7+hcLlpTDbUkwqMW58n4=
Subject key identifier:   06:58:C3:F7:C9:9F:F8:A9:2B:04:5A:A3:36:3D:74:4E:1B:A6:E3:C7
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       01905891F459657562310A6C9E8C2916FF22
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/BljD98mf-KkrBFqjNj10Thum48c.roa
Signing time:             Thu 27 Jun 2024 07:21:18 +0000
ROA not before:           Thu 27 Jun 2024 07:21:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216047
IP address blocks:        45.156.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 02:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:58:91:f4:59:65:75:62:31:0a:6c:9e:8c:29:16:ff:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jun 27 07:21:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0658c3f7c99ff8a92b045aa3363d744e1ba6e3c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:10:e5:b2:7e:13:e5:26:54:5d:2c:04:1f:0d:
                    f2:7a:29:f2:d8:4b:43:df:b2:28:99:de:ab:23:5a:
                    78:d7:fe:80:93:b5:39:34:51:25:f0:a5:00:eb:ec:
                    e2:a5:b9:9f:2c:33:7f:70:9e:21:21:45:66:1f:6d:
                    b2:8b:38:a0:aa:cd:de:e0:1f:08:d3:98:68:a7:32:
                    08:4e:90:b0:9b:f0:52:b4:c5:7c:22:3a:44:a9:8f:
                    4d:d3:16:cd:9e:b9:dc:af:56:fd:a4:6e:d1:e6:36:
                    4a:cb:01:6c:93:05:43:26:c1:fc:a6:df:bc:cb:bf:
                    46:43:4e:f5:5a:05:a6:5e:62:1e:53:bc:4c:f9:28:
                    bc:4c:0c:8d:62:a6:0f:c2:be:f1:70:41:68:50:10:
                    92:e9:0b:19:31:0a:7c:eb:7d:2c:8b:12:dc:40:2f:
                    11:57:42:be:6c:d2:49:71:72:c7:1f:d6:11:8a:99:
                    96:f3:2c:0b:72:76:0f:d6:eb:52:be:46:1b:96:f0:
                    43:47:f6:40:6c:da:38:bf:2d:d6:ee:33:ad:c4:45:
                    b7:1a:35:06:d2:e3:48:14:32:60:a7:d1:fe:32:e4:
                    04:e9:7d:8f:94:c8:4a:ae:36:22:b9:fa:19:70:99:
                    74:94:0b:54:c3:ac:62:46:5e:2f:f3:a9:41:f8:a8:
                    66:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:58:C3:F7:C9:9F:F8:A9:2B:04:5A:A3:36:3D:74:4E:1B:A6:E3:C7
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/BljD98mf-KkrBFqjNj10Thum48c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:7c:0b:89:b6:13:2c:93:ad:fb:fe:8e:3e:5d:1b:7b:c5:61:
         06:ef:1f:24:6c:32:dd:ac:ab:59:fc:47:b5:af:d8:24:7d:11:
         71:ee:25:96:bc:20:bc:93:2d:6d:5b:68:df:49:3e:58:59:d7:
         f9:9f:1f:1c:a5:33:54:80:4f:4e:10:b5:ed:b8:2a:15:f1:92:
         08:fc:73:d6:0f:91:9c:8f:45:ec:52:90:71:4e:92:21:73:89:
         41:3b:2d:ac:50:61:26:88:49:9f:e0:bc:c8:af:c1:1e:4b:2a:
         94:6e:5f:c8:65:92:70:4a:d8:4d:39:d4:59:9f:54:86:43:74:
         8a:b0:b4:e2:3a:42:28:4c:60:29:09:7b:f5:58:8b:7d:81:d7:
         be:41:4b:c6:a1:0b:43:a6:ca:fd:9f:49:df:84:1c:9b:fc:21:
         2e:db:b1:d0:4f:01:5c:f4:de:27:1a:d2:9d:27:85:0b:03:b4:
         8b:86:03:4b:0a:54:a1:ef:38:2d:07:b7:50:1d:4a:af:f7:df:
         32:2c:83:40:07:b0:c0:1d:5c:28:1c:5a:8d:e1:e4:f7:e4:ac:
         47:54:d7:15:57:47:4a:ab:2f:9a:ce:f3:d8:d5:a1:1a:6a:be:
         8e:0a:e8:83:41:e1:d2:26:08:21:98:90:ff:38:c8:37:77:3a:
         9e:75:f3:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBYkfRZZXViMQpsnowpFv8iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwNjI3MDcyMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjU4YzNmN2M5OWZmOGE5MmIwNDVhYTMzNjNkNzQ0ZTFiYTZlM2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBDlsn4T5SZUXSwEHw3yeiny2EtD
37Iomd6rI1p41/6Ak7U5NFEl8KUA6+zipbmfLDN/cJ4hIUVmH22yizigqs3e4B8I
05hopzIITpCwm/BStMV8IjpEqY9N0xbNnrncr1b9pG7R5jZKywFskwVDJsH8pt+8
y79GQ071WgWmXmIeU7xM+Si8TAyNYqYPwr7xcEFoUBCS6QsZMQp8630sixLcQC8R
V0K+bNJJcXLHH9YRipmW8ywLcnYP1utSvkYblvBDR/ZAbNo4vy3W7jOtxEW3GjUG
0uNIFDJgp9H+MuQE6X2PlMhKrjYiufoZcJl0lAtUw6xiRl4v86lB+KhmlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZYw/fJn/ipKwRaozY9dE4bpuPHMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvQmxqRDk4bWYtS2tyQkZxak5qMTBUaHVtNDhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZzdMA0G
CSqGSIb3DQEBCwUAA4IBAQA8fAuJthMsk637/o4+XRt7xWEG7x8kbDLdrKtZ/Ee1
r9gkfRFx7iWWvCC8ky1tW2jfST5YWdf5nx8cpTNUgE9OELXtuCoV8ZII/HPWD5Gc
j0XsUpBxTpIhc4lBOy2sUGEmiEmf4LzIr8EeSyqUbl/IZZJwSthNOdRZn1SGQ3SK
sLTiOkIoTGApCXv1WIt9gde+QUvGoQtDpsr9n0nfhByb/CEu27HQTwFc9N4nGtKd
J4ULA7SLhgNLClSh7zgtB7dQHUqv998yLINAB7DAHVwoHFqN4eT35KxHVNcVV0dK
qy+azvPY1aEaar6OCuiDQeHSJgghmJD/OMg3dzqedfMz
-----END CERTIFICATE-----