Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/Qfc5BTaenFdycdE6ErpO7rBeFDA.roa
File:                     Qfc5BTaenFdycdE6ErpO7rBeFDA.roa (raw, json)
Hash identifier:          LMSAQzDI6rJzitBU/EKIOwiHfP8v7Yy8scDJ1f1CWn0=
Subject key identifier:   41:F7:39:05:36:9E:9C:57:72:71:D1:3A:12:BA:4E:EE:B0:5E:14:30
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018CC8DFA64EB125FD166460D2241AA3E073
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/Qfc5BTaenFdycdE6ErpO7rBeFDA.roa
Signing time:             Tue 02 Jan 2024 06:32:29 +0000
ROA not before:           Tue 02 Jan 2024 06:32:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     135097
IP address blocks:        45.135.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a6:4e:b1:25:fd:16:64:60:d2:24:1a:a3:e0:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  2 06:32:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41f73905369e9c577271d13a12ba4eeeb05e1430
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:6d:27:d6:05:2a:13:4e:47:c7:5c:75:1e:43:
                    70:58:8a:21:88:78:f0:a0:c4:7a:f2:ae:77:55:f6:
                    56:05:34:31:97:6a:e3:15:bb:5b:b5:8b:06:62:54:
                    94:9e:6d:18:ae:77:b4:a7:f1:36:e6:48:77:cc:12:
                    e1:4c:1a:d6:fe:12:5f:5b:4d:0f:f0:f7:a1:be:b6:
                    94:76:c0:7a:7c:68:a1:55:6c:e1:e5:7a:f0:18:bd:
                    3e:f5:01:5e:eb:46:74:0d:c9:a5:a5:87:5c:3d:a8:
                    7e:21:42:a5:60:19:57:29:b0:30:a4:15:3f:34:78:
                    64:32:83:a7:53:7f:88:32:22:5e:22:2d:d5:2d:fc:
                    82:b5:f0:3e:d5:44:94:e7:99:4b:9b:a6:b2:2a:f1:
                    a5:7a:a4:1b:6e:af:1a:06:2f:33:59:f8:68:c7:ab:
                    fe:42:d5:4d:8d:5f:b2:29:0b:e2:ce:f2:80:a9:f4:
                    4e:f1:09:96:9e:5b:09:36:6e:a5:58:7d:36:40:ce:
                    0d:a5:98:1a:df:a9:6b:48:3b:05:22:3c:2a:e7:63:
                    c1:b3:cf:20:bf:e7:ab:ad:28:08:87:1e:94:0a:9f:
                    01:cd:99:16:3c:fd:a3:f3:41:db:e0:76:c3:8c:6a:
                    6e:0d:f6:d7:ce:a4:43:a7:6f:6e:e8:12:6e:f5:0b:
                    38:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:F7:39:05:36:9E:9C:57:72:71:D1:3A:12:BA:4E:EE:B0:5E:14:30
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/Qfc5BTaenFdycdE6ErpO7rBeFDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:3a:08:09:8b:17:0c:7c:8f:b5:e8:a1:f6:ce:c4:5d:1f:f1:
         42:7a:1f:fb:14:69:44:ce:3f:fc:a6:a1:6f:74:b8:c9:b5:91:
         5e:60:4f:95:9d:28:d0:6f:68:07:e8:bb:80:1c:1b:7d:6f:1e:
         9f:9b:3d:e7:b6:c1:05:41:a5:04:da:a6:c2:53:fd:25:c4:83:
         ea:cd:39:8a:25:7a:e6:b9:1c:5a:d4:17:41:54:0b:eb:75:75:
         70:9f:df:d8:d9:e4:3c:2a:a5:62:12:48:14:22:10:27:bf:85:
         49:b5:72:2c:71:9e:9d:9f:85:43:60:bb:f7:5e:1f:54:ab:cc:
         89:99:d3:43:b0:aa:66:6e:6c:e9:23:bc:ac:80:2d:1e:d2:a6:
         98:59:da:ca:89:ff:fe:46:94:3c:c5:77:0d:64:8d:06:1d:6b:
         78:3d:60:55:5c:7c:e2:b2:50:c1:bb:af:fa:30:0f:fa:6f:f1:
         97:62:d3:96:1b:19:0b:f7:41:99:aa:d5:f5:0c:66:cc:f8:57:
         78:42:47:04:dc:1d:8c:2b:48:e3:42:c9:0b:93:02:4f:df:8c:
         14:9c:fb:e1:47:6a:6e:ac:46:5a:92:7e:45:1b:7a:4f:4f:59:
         3a:90:69:36:b7:eb:0a:bf:5e:a8:40:ff:3b:49:4b:57:3d:8e:
         d5:a2:47:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36ZOsSX9FmRg0iQao+BzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwMTAyMDYzMjI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWY3MzkwNTM2OWU5YzU3NzI3MWQxM2ExMmJhNGVlZWIwNWUxNDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj20n1gUqE05Hx1x1HkNwWIohiHjw
oMR68q53VfZWBTQxl2rjFbtbtYsGYlSUnm0Yrne0p/E25kh3zBLhTBrW/hJfW00P
8PehvraUdsB6fGihVWzh5XrwGL0+9QFe60Z0DcmlpYdcPah+IUKlYBlXKbAwpBU/
NHhkMoOnU3+IMiJeIi3VLfyCtfA+1USU55lLm6ayKvGleqQbbq8aBi8zWfhox6v+
QtVNjV+yKQvizvKAqfRO8QmWnlsJNm6lWH02QM4NpZga36lrSDsFIjwq52PBs88g
v+errSgIhx6UCp8BzZkWPP2j80Hb4HbDjGpuDfbXzqRDp29u6BJu9Qs4UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEH3OQU2npxXcnHROhK6Tu6wXhQwMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvUWZjNUJUYWVuRmR5Y2RFNkVycE83ckJlRkRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYftMA0G
CSqGSIb3DQEBCwUAA4IBAQAeOggJixcMfI+16KH2zsRdH/FCeh/7FGlEzj/8pqFv
dLjJtZFeYE+VnSjQb2gH6LuAHBt9bx6fmz3ntsEFQaUE2qbCU/0lxIPqzTmKJXrm
uRxa1BdBVAvrdXVwn9/Y2eQ8KqViEkgUIhAnv4VJtXIscZ6dn4VDYLv3Xh9Uq8yJ
mdNDsKpmbmzpI7ysgC0e0qaYWdrKif/+RpQ8xXcNZI0GHWt4PWBVXHzislDBu6/6
MA/6b/GXYtOWGxkL90GZqtX1DGbM+Fd4QkcE3B2MK0jjQskLkwJP34wUnPvhR2pu
rEZakn5FG3pPT1k6kGk2t+sKv16oQP87SUtXPY7Vokc6
-----END CERTIFICATE-----