Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/dXf_wrd1o5__T6H2QgTkVY6BONI.roa
File:                     dXf_wrd1o5__T6H2QgTkVY6BONI.roa (raw, json)
Hash identifier:          xzkfta6S+qDPKFZY/B/Qi610VFMc0m1AOis9+yt8slI=
Subject key identifier:   75:77:FF:C2:B7:75:A3:9F:FF:4F:A1:F6:42:04:E4:55:8E:81:38:D2
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018CE7607896F3A0C91886581C1C656C2D49
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/dXf_wrd1o5__T6H2QgTkVY6BONI.roa
Signing time:             Mon 08 Jan 2024 04:41:48 +0000
ROA not before:           Mon 08 Jan 2024 04:41:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.235.164.0/24 maxlen: 24
                          45.135.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e7:60:78:96:f3:a0:c9:18:86:58:1c:1c:65:6c:2d:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  8 04:41:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7577ffc2b775a39fff4fa1f64204e4558e8138d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:fe:61:b7:81:62:8b:70:ca:a9:a8:85:3f:56:
                    d7:aa:33:76:01:96:e0:4f:9e:43:66:5e:25:2a:58:
                    1e:2d:d7:de:b6:90:d2:2e:eb:84:a8:f8:4b:3f:9b:
                    0b:c8:e9:ad:ab:9c:d7:60:ca:f8:1a:be:23:88:8b:
                    1d:75:9c:52:5c:3e:b4:91:45:57:32:de:1f:08:52:
                    11:f3:14:13:d2:d7:82:cc:68:c9:62:36:94:b3:3f:
                    ea:40:a9:65:4d:03:53:f5:81:7c:4f:98:5a:58:df:
                    9f:95:5d:10:bd:bd:73:af:53:fd:01:cf:04:15:ca:
                    6e:b7:d2:e1:0e:1f:d9:ae:52:2a:c9:d9:ab:75:6f:
                    1d:8a:bf:3f:bf:af:63:b9:8c:5b:5e:4e:e7:ff:87:
                    58:af:a7:31:cc:65:2f:e1:40:e8:c2:e2:62:80:33:
                    f5:3a:26:59:da:12:6f:71:52:3f:97:03:7c:23:43:
                    5c:6f:1d:a3:f4:fc:2d:0f:00:6d:43:06:1e:b6:79:
                    02:3e:00:dd:df:00:c3:04:d9:a6:2c:e0:b0:e1:7b:
                    2b:0a:a3:8f:bd:2c:31:17:24:75:ea:63:3b:1f:4f:
                    06:84:4b:bb:9a:f2:a7:ca:c2:a2:bc:6e:66:07:3c:
                    ee:7b:40:58:22:b9:9c:57:ad:49:e6:a6:cc:e9:32:
                    2e:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:77:FF:C2:B7:75:A3:9F:FF:4F:A1:F6:42:04:E4:55:8E:81:38:D2
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/dXf_wrd1o5__T6H2QgTkVY6BONI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.238.0/24
                  185.235.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:f3:8d:74:d6:ee:2c:f1:5d:c3:70:8b:a6:9d:df:8d:3f:50:
         d3:06:f0:2c:22:3a:55:e5:ef:d7:71:e4:c2:ea:94:44:d0:11:
         cd:3b:1d:ad:b5:ce:a8:fc:b1:ca:fc:69:1e:7a:d6:e0:84:15:
         4c:cf:df:49:84:48:63:e9:8c:f2:4f:de:3b:92:da:f5:53:d0:
         d6:2f:f1:d5:a5:fc:cc:3a:90:56:ea:34:df:5c:e8:fc:e1:29:
         69:b0:40:12:0c:21:fc:2e:cf:5f:c7:4f:b9:cd:2d:66:5c:66:
         cc:bf:ce:80:bf:5e:ac:92:3e:96:2c:e7:7b:cc:8f:ef:9f:b6:
         b0:66:70:a9:48:ef:2a:32:54:4c:53:32:10:34:5a:5c:c3:b7:
         4c:11:05:99:0b:37:f5:f4:9f:8f:2a:4e:f7:6b:fe:fb:68:b0:
         71:64:cb:ae:33:18:7f:f9:ca:ad:1f:b3:3e:cb:ad:95:4b:c5:
         ad:37:cc:a1:52:c1:49:8a:25:e0:79:06:5e:61:58:0d:2a:3d:
         69:dd:f2:9d:ec:54:63:fb:92:08:51:a4:68:46:f3:87:1f:76:
         80:1a:65:06:95:71:b3:0e:90:3a:5c:0f:60:24:9d:8a:af:4f:
         ba:b8:3b:89:60:46:35:26:a6:d3:52:6b:88:95:31:98:62:21:
         39:0d:7e:40
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYznYHiW86DJGIZYHBxlbC1JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwMTA4MDQ0MTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTc3ZmZjMmI3NzVhMzlmZmY0ZmExZjY0MjA0ZTQ1NThlODEzOGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/5ht4Fii3DKqaiFP1bXqjN2AZbg
T55DZl4lKlgeLdfetpDSLuuEqPhLP5sLyOmtq5zXYMr4Gr4jiIsddZxSXD60kUVX
Mt4fCFIR8xQT0teCzGjJYjaUsz/qQKllTQNT9YF8T5haWN+flV0Qvb1zr1P9Ac8E
Fcput9LhDh/ZrlIqydmrdW8dir8/v69juYxbXk7n/4dYr6cxzGUv4UDowuJigDP1
OiZZ2hJvcVI/lwN8I0Ncbx2j9PwtDwBtQwYetnkCPgDd3wDDBNmmLOCw4XsrCqOP
vSwxFyR16mM7H08GhEu7mvKnysKivG5mBzzue0BYIrmcV61J5qbM6TIufQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHV3/8K3daOf/0+h9kIE5FWOgTjSMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvZFhmX3dyZDFvNV9fVDZIMlFnVGtWWTZCT05JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYfuAwQA
ueukMA0GCSqGSIb3DQEBCwUAA4IBAQBC84101u4s8V3DcIumnd+NP1DTBvAsIjpV
5e/XceTC6pRE0BHNOx2ttc6o/LHK/GkeetbghBVMz99JhEhj6YzyT947ktr1U9DW
L/HVpfzMOpBW6jTfXOj84SlpsEASDCH8Ls9fx0+5zS1mXGbMv86Av16skj6WLOd7
zI/vn7awZnCpSO8qMlRMUzIQNFpcw7dMEQWZCzf19J+PKk73a/77aLBxZMuuMxh/
+cqtH7M+y62VS8WtN8yhUsFJiiXgeQZeYVgNKj1p3fKd7FRj+5IIUaRoRvOHH3aA
GmUGlXGzDpA6XA9gJJ2Kr0+6uDuJYEY1JqbTUmuIlTGYYiE5DX5A
-----END CERTIFICATE-----