Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/exbADQdBHhCMG2rBz4OQlmIAlHI.roa
File:                     exbADQdBHhCMG2rBz4OQlmIAlHI.roa (raw, json)
Hash identifier:          MqX63j3VFCG7jO6VTOkjTZHnLev7KW4j9Y6kGg3FtXk=
Subject key identifier:   7B:16:C0:0D:07:41:1E:10:8C:1B:6A:C1:CF:83:90:96:62:00:94:72
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       0191D6E3092BFEDC0CB3332D5C4A44760FF0
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/exbADQdBHhCMG2rBz4OQlmIAlHI.roa
Signing time:             Mon 09 Sep 2024 13:04:48 +0000
ROA not before:           Mon 09 Sep 2024 13:04:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        45.156.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d6:e3:09:2b:fe:dc:0c:b3:33:2d:5c:4a:44:76:0f:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Sep  9 13:04:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b16c00d07411e108c1b6ac1cf83909662009472
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:11:2d:b8:2d:4a:a9:b5:b2:7a:81:9f:28:37:
                    0a:be:f2:43:69:4b:df:c1:6b:8d:d2:68:3d:a2:09:
                    ad:a7:f7:a5:75:c1:c8:8a:6b:36:24:89:2d:02:1d:
                    40:d8:62:30:0e:ef:f9:b3:c8:34:df:2f:bd:04:f5:
                    4c:6d:01:57:14:98:7c:89:35:ef:97:97:d1:22:f5:
                    13:a0:b1:dd:18:02:59:90:07:36:50:99:12:cd:c2:
                    c9:e5:d7:01:46:64:fb:69:67:85:35:ed:d8:e6:74:
                    06:53:28:0e:94:2d:57:77:43:56:24:0b:63:76:0d:
                    5a:07:cd:d3:e6:d7:4a:7e:81:6b:f4:17:39:9e:03:
                    8c:03:77:50:79:d7:21:7e:5f:2c:7d:2a:d1:4a:1c:
                    fa:e6:98:3f:09:2f:c0:15:e7:a5:fc:5e:05:47:25:
                    66:8d:7a:40:ce:5e:01:2a:ed:a6:34:47:4a:30:5d:
                    3b:31:6a:10:5b:74:27:7b:af:a2:af:66:54:e5:8c:
                    cf:09:2b:6d:ec:cf:c6:af:87:3d:b7:36:96:f0:ec:
                    8b:c8:ba:d3:92:06:dd:6d:38:1f:91:2b:50:1f:fc:
                    c3:af:52:d1:c4:98:64:10:86:a2:6d:1f:a5:ab:ab:
                    c1:46:62:b3:91:a9:c2:4a:09:6d:d7:6e:2b:14:5c:
                    42:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:16:C0:0D:07:41:1E:10:8C:1B:6A:C1:CF:83:90:96:62:00:94:72
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/exbADQdBHhCMG2rBz4OQlmIAlHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:cc:eb:ff:cd:f8:4f:c0:00:2e:1c:c5:50:b7:ea:f0:cc:6a:
         06:9c:37:60:18:75:e9:03:c9:11:ff:99:13:84:7e:4b:61:e3:
         ff:6d:a6:5e:94:fe:96:71:15:29:c4:af:33:f6:76:6d:82:c9:
         c6:25:8a:76:da:80:33:6e:69:6c:83:96:08:84:78:7b:98:d5:
         4e:cd:de:dd:c2:40:4f:4f:d1:a3:ef:3c:63:0b:f0:c9:48:f9:
         fd:1e:72:32:af:9d:79:e0:f7:b4:58:d6:1f:ef:c5:9b:ff:c3:
         6a:3c:bf:05:a3:5a:33:99:29:6a:58:ba:00:f2:45:38:ee:e9:
         38:ef:11:25:17:02:d1:4e:db:12:3b:87:e2:38:09:87:7e:d6:
         e2:c9:ef:b5:6f:bf:e9:99:28:9e:d4:0b:35:59:6f:c6:b3:d1:
         21:a7:7f:24:5e:aa:15:09:40:2e:98:bd:e1:9b:39:02:0f:fb:
         35:47:0a:03:22:6a:c4:3b:41:46:14:0e:f4:3b:4a:28:9b:f4:
         b3:94:01:90:5c:51:a9:cd:f7:37:36:21:a3:35:0f:bc:9e:10:
         c6:83:4a:85:db:6a:75:a0:bf:68:58:f9:2e:eb:fc:9a:ad:66:
         bd:30:31:8d:b5:55:8c:21:49:7f:d7:48:6a:0e:51:76:01:7e:
         32:28:f0:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHW4wkr/twMszMtXEpEdg/wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwOTA5MTMwNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjE2YzAwZDA3NDExZTEwOGMxYjZhYzFjZjgzOTA5NjYyMDA5NDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqREtuC1KqbWyeoGfKDcKvvJDaUvf
wWuN0mg9ogmtp/eldcHIims2JIktAh1A2GIwDu/5s8g03y+9BPVMbQFXFJh8iTXv
l5fRIvUToLHdGAJZkAc2UJkSzcLJ5dcBRmT7aWeFNe3Y5nQGUygOlC1Xd0NWJAtj
dg1aB83T5tdKfoFr9Bc5ngOMA3dQedchfl8sfSrRShz65pg/CS/AFeel/F4FRyVm
jXpAzl4BKu2mNEdKMF07MWoQW3Qne6+ir2ZU5YzPCStt7M/Gr4c9tzaW8OyLyLrT
kgbdbTgfkStQH/zDr1LRxJhkEIaibR+lq6vBRmKzkanCSglt124rFFxC7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHsWwA0HQR4QjBtqwc+DkJZiAJRyMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvZXhiQURRZEJIaENNRzJyQno0T1FsbUlBbEhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZzeMA0G
CSqGSIb3DQEBCwUAA4IBAQCazOv/zfhPwAAuHMVQt+rwzGoGnDdgGHXpA8kR/5kT
hH5LYeP/baZelP6WcRUpxK8z9nZtgsnGJYp22oAzbmlsg5YIhHh7mNVOzd7dwkBP
T9Gj7zxjC/DJSPn9HnIyr5154Pe0WNYf78Wb/8NqPL8Fo1ozmSlqWLoA8kU47uk4
7xElFwLRTtsSO4fiOAmHftbiye+1b7/pmSie1As1WW/Gs9Ehp38kXqoVCUAumL3h
mzkCD/s1RwoDImrEO0FGFA70O0oom/SzlAGQXFGpzfc3NiGjNQ+8nhDGg0qF22p1
oL9oWPku6/yarWa9MDGNtVWMIUl/10hqDlF2AX4yKPAB
-----END CERTIFICATE-----