Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/gXUXu_Uy7Od5IJ-Xa-0rIQls1IU.roa
File:                     gXUXu_Uy7Od5IJ-Xa-0rIQls1IU.roa (raw, json)
Hash identifier:          x1MKbhxg28kjDIc6W7SekpsAugjPOq+MWgYEsae0m94=
Subject key identifier:   81:75:17:BB:F5:32:EC:E7:79:20:9F:97:6B:ED:2B:21:09:6C:D4:85
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018DE9BBFF22E27EADC04407B0C15D17ABF8
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/gXUXu_Uy7Od5IJ-Xa-0rIQls1IU.roa
Signing time:             Tue 27 Feb 2024 08:43:48 +0000
ROA not before:           Tue 27 Feb 2024 08:43:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45650
IP address blocks:        45.139.188.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e9:bb:ff:22:e2:7e:ad:c0:44:07:b0:c1:5d:17:ab:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Feb 27 08:43:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=817517bbf532ece779209f976bed2b21096cd485
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:be:28:34:5b:55:83:5e:a1:ca:32:cb:7f:a8:
                    53:4a:10:c5:8f:b3:55:3e:8e:d5:10:4d:5b:20:dd:
                    5d:3e:a1:a2:b4:23:2d:30:b2:b3:cc:0f:9e:2c:49:
                    0e:5e:07:33:9a:08:53:83:d5:b7:51:ff:14:1e:96:
                    85:77:17:0d:45:8c:e1:26:98:97:75:56:17:90:b0:
                    8b:7b:c3:cf:a2:00:8a:b0:97:a0:38:b1:12:70:d9:
                    75:f5:35:8f:3b:5b:a1:32:64:03:8d:c5:d2:8b:77:
                    da:25:9f:31:01:2e:9d:d5:c1:8c:74:90:fa:4c:c6:
                    bf:72:1e:12:a4:8f:dc:7b:bd:a4:23:1d:a3:45:b5:
                    33:ce:ab:78:12:2f:cc:45:86:c5:e9:27:65:48:cd:
                    49:38:4f:26:54:0f:7c:35:4d:e1:77:61:55:8f:ac:
                    65:49:4d:34:b3:36:8d:0e:b7:b9:0e:29:75:4e:33:
                    9d:be:f7:ac:cb:c1:44:df:2c:87:d4:54:48:c0:bf:
                    80:7f:f1:6a:1d:20:cc:c8:d2:a3:b2:a8:07:0e:a3:
                    b6:18:bd:70:51:a5:52:42:03:e7:f4:a1:61:f7:df:
                    56:e8:5a:39:19:0e:d6:63:75:b4:cc:4c:af:98:b9:
                    f2:75:ea:6b:d5:ca:6b:32:b6:95:dd:f3:d9:b3:6f:
                    81:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:75:17:BB:F5:32:EC:E7:79:20:9F:97:6B:ED:2B:21:09:6C:D4:85
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/gXUXu_Uy7Od5IJ-Xa-0rIQls1IU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:37:db:7d:29:c7:f4:1f:c7:f5:2d:9c:f2:f0:0a:d7:b2:df:
         69:16:a3:81:39:03:96:5f:22:bc:82:8d:ac:8d:e2:fb:5c:ed:
         a0:89:fb:18:47:c5:68:f5:46:69:46:87:9e:cb:b1:6a:5b:f6:
         f2:2c:af:fd:c5:61:a0:14:cb:b7:39:75:91:36:c6:d8:e7:1b:
         7b:33:00:5a:32:72:e1:25:01:a0:46:83:b9:f5:bb:11:4e:e4:
         2a:8f:b4:db:a2:07:40:cc:e1:56:3e:45:07:3f:fe:6b:c1:e4:
         8c:78:7c:75:a6:9e:c0:27:5f:ed:f9:81:ce:3e:8b:14:84:bd:
         45:df:95:f4:17:11:cd:92:f2:b5:60:69:d5:b3:39:c7:9a:50:
         01:00:0f:89:f8:1e:b7:b2:92:81:0b:80:1e:9e:f6:ea:9d:d5:
         15:8b:45:79:bc:00:a7:58:98:cd:a0:b0:fb:84:db:dc:15:a5:
         ae:22:c3:e8:34:f2:ff:93:87:01:4a:21:91:9b:88:08:d4:08:
         0e:d3:9c:82:e4:0d:fb:76:26:7c:2f:6b:6b:f7:09:c5:e4:2a:
         94:c2:0a:4f:c8:33:e6:f5:3f:c5:16:31:b5:cb:61:a3:94:79:
         19:60:61:33:88:69:f4:63:d7:0e:53:ee:23:52:a3:c0:1d:8f:
         0b:0b:14:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3pu/8i4n6twEQHsMFdF6v4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwMjI3MDg0MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTc1MTdiYmY1MzJlY2U3NzkyMDlmOTc2YmVkMmIyMTA5NmNkNDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1L4oNFtVg16hyjLLf6hTShDFj7NV
Po7VEE1bIN1dPqGitCMtMLKzzA+eLEkOXgczmghTg9W3Uf8UHpaFdxcNRYzhJpiX
dVYXkLCLe8PPogCKsJegOLEScNl19TWPO1uhMmQDjcXSi3faJZ8xAS6d1cGMdJD6
TMa/ch4SpI/ce72kIx2jRbUzzqt4Ei/MRYbF6SdlSM1JOE8mVA98NU3hd2FVj6xl
SU00szaNDre5Dil1TjOdvvesy8FE3yyH1FRIwL+Af/FqHSDMyNKjsqgHDqO2GL1w
UaVSQgPn9KFh999W6Fo5GQ7WY3W0zEyvmLnydepr1cprMraV3fPZs2+BBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIF1F7v1MuzneSCfl2vtKyEJbNSFMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvZ1hVWHVfVXk3T2Q1SUotWGEtMHJJUWxzMUlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYu8MA0G
CSqGSIb3DQEBCwUAA4IBAQB6N9t9Kcf0H8f1LZzy8ArXst9pFqOBOQOWXyK8go2s
jeL7XO2gifsYR8Vo9UZpRoeey7FqW/byLK/9xWGgFMu3OXWRNsbY5xt7MwBaMnLh
JQGgRoO59bsRTuQqj7TbogdAzOFWPkUHP/5rweSMeHx1pp7AJ1/t+YHOPosUhL1F
35X0FxHNkvK1YGnVsznHmlABAA+J+B63spKBC4AenvbqndUVi0V5vACnWJjNoLD7
hNvcFaWuIsPoNPL/k4cBSiGRm4gI1AgO05yC5A37diZ8L2tr9wnF5CqUwgpPyDPm
9T/FFjG1y2GjlHkZYGEziGn0Y9cOU+4jUqPAHY8LCxS3
-----END CERTIFICATE-----