Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/hJf8mX3zXpbtbKMe8Fi4oD-M864.roa
File:                     hJf8mX3zXpbtbKMe8Fi4oD-M864.roa (raw, json)
Hash identifier:          dx7qJe39zVplbqzJNarMKrhA/jzYxuseJ4MlvsaGD+Y=
Subject key identifier:   84:97:FC:99:7D:F3:5E:96:ED:6C:A3:1E:F0:58:B8:A0:3F:8C:F3:AE
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       0191F5CB059EE3772498240EF75542FDCBA0
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/hJf8mX3zXpbtbKMe8Fi4oD-M864.roa
Signing time:             Sun 15 Sep 2024 13:06:48 +0000
ROA not before:           Sun 15 Sep 2024 13:06:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136050
IP address blocks:        45.135.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:f5:cb:05:9e:e3:77:24:98:24:0e:f7:55:42:fd:cb:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Sep 15 13:06:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8497fc997df35e96ed6ca31ef058b8a03f8cf3ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f5:31:a3:61:1d:89:62:db:56:4d:17:6a:4d:
                    fc:fe:da:37:ec:99:a3:89:bc:0a:29:ce:0f:4f:cc:
                    f7:7f:27:22:b3:20:e1:46:94:c3:db:7a:9e:ce:6a:
                    03:da:a0:9f:a5:bb:30:6e:ec:5f:86:e6:97:3d:fc:
                    55:e0:f3:fd:7c:7b:bb:3f:6b:02:9f:8f:5a:28:49:
                    28:f5:81:ef:7e:e7:76:bc:73:f9:b6:20:8d:50:79:
                    24:24:1a:62:59:eb:c6:cc:3e:2e:89:31:21:0f:38:
                    ac:96:08:60:d4:98:ac:c0:d3:79:d5:eb:e1:ed:3a:
                    4c:c2:48:4b:44:5f:34:23:6e:08:23:7d:ec:c7:91:
                    f7:ad:c2:6c:d1:e2:c9:8e:47:2b:d3:6e:2c:90:18:
                    31:38:5c:c2:e6:85:75:3a:d4:a3:76:92:49:60:69:
                    8b:d8:a5:3a:57:95:44:5d:33:7c:cc:8b:18:6f:c4:
                    89:73:80:74:f9:e1:83:5e:99:e6:66:94:60:67:bc:
                    c8:ab:40:07:ed:d2:14:30:95:e1:b8:03:f7:2f:a2:
                    b7:4c:e3:6e:36:ca:f1:3e:34:75:c0:6e:30:1f:ee:
                    41:42:d0:e3:f8:94:88:bd:8d:bf:0f:c0:b4:9f:b9:
                    37:fd:37:e8:91:f7:3f:e9:c6:ba:04:9e:7c:fd:d1:
                    21:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:97:FC:99:7D:F3:5E:96:ED:6C:A3:1E:F0:58:B8:A0:3F:8C:F3:AE
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/hJf8mX3zXpbtbKMe8Fi4oD-M864.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:96:6c:99:e5:2f:b5:d1:b4:a5:ba:5e:88:07:5d:5d:47:07:
         80:78:7a:f7:c8:20:bf:e1:8c:c0:60:a7:fe:3e:4e:e2:95:16:
         eb:68:4c:35:0c:14:33:40:6a:6d:39:a2:78:bf:d4:3e:5c:cd:
         33:78:7c:c5:e7:db:77:86:0d:63:69:9e:b2:2f:3b:ef:e8:43:
         f9:9b:ce:4c:98:57:e1:95:83:00:23:16:3e:b5:56:3e:c8:60:
         70:58:43:ee:48:01:6c:61:5c:df:47:92:50:e4:c9:ab:ed:70:
         d8:a3:60:e4:5b:82:3d:c5:8b:01:00:4f:51:d1:16:b9:b3:9c:
         86:9a:e7:29:cc:81:7e:a4:d0:92:82:27:32:5a:6c:d1:4a:8b:
         cc:14:05:69:e1:3e:41:1e:c8:a2:21:7a:8e:0c:d7:7e:59:db:
         b6:f7:31:70:61:d9:7c:cf:7f:01:24:e9:d3:cd:17:fa:e8:02:
         90:28:d5:21:89:92:fc:e8:bd:14:61:e6:b0:d3:ca:0b:18:0f:
         87:42:61:f3:c9:32:ff:d4:f8:a2:1b:57:4c:60:af:cd:61:f9:
         38:5d:36:af:3b:e8:8c:3b:5c:38:49:3f:96:8e:ec:e7:79:d6:
         30:de:5f:26:75:ca:fa:13:86:23:b8:91:99:61:a1:49:1f:72:
         ca:4c:5f:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZH1ywWe43ckmCQO91VC/cugMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwOTE1MTMwNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDk3ZmM5OTdkZjM1ZTk2ZWQ2Y2EzMWVmMDU4YjhhMDNmOGNmM2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPUxo2EdiWLbVk0Xak38/to37Jmj
ibwKKc4PT8z3fycisyDhRpTD23qezmoD2qCfpbswbuxfhuaXPfxV4PP9fHu7P2sC
n49aKEko9YHvfud2vHP5tiCNUHkkJBpiWevGzD4uiTEhDzislghg1JiswNN51evh
7TpMwkhLRF80I24II33sx5H3rcJs0eLJjkcr024skBgxOFzC5oV1OtSjdpJJYGmL
2KU6V5VEXTN8zIsYb8SJc4B0+eGDXpnmZpRgZ7zIq0AH7dIUMJXhuAP3L6K3TONu
NsrxPjR1wG4wH+5BQtDj+JSIvY2/D8C0n7k3/Tfokfc/6ca6BJ58/dEhfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFISX/Jl9816W7WyjHvBYuKA/jPOuMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvaEpmOG1YM3pYcGJ0YktNZThGaTRvRC1NODY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYfsMA0G
CSqGSIb3DQEBCwUAA4IBAQCPlmyZ5S+10bSlul6IB11dRweAeHr3yCC/4YzAYKf+
Pk7ilRbraEw1DBQzQGptOaJ4v9Q+XM0zeHzF59t3hg1jaZ6yLzvv6EP5m85MmFfh
lYMAIxY+tVY+yGBwWEPuSAFsYVzfR5JQ5Mmr7XDYo2DkW4I9xYsBAE9R0Ra5s5yG
mucpzIF+pNCSgicyWmzRSovMFAVp4T5BHsiiIXqODNd+Wdu29zFwYdl8z38BJOnT
zRf66AKQKNUhiZL86L0UYeaw08oLGA+HQmHzyTL/1PiiG1dMYK/NYfk4XTavO+iM
O1w4ST+WjuznedYw3l8mdcr6E4YjuJGZYaFJH3LKTF/B
-----END CERTIFICATE-----