Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/pgoFUVRSJhIpc3Tz3BU1Eeb_iVc.roa
File:                     pgoFUVRSJhIpc3Tz3BU1Eeb_iVc.roa (raw, json)
Hash identifier:          c57g5oz0e/UqiZeJenFsAmx6a8EmsSimMSiJWnsWtaQ=
Subject key identifier:   A6:0A:05:51:54:52:26:12:29:73:74:F3:DC:15:35:11:E6:FF:89:57
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018CC8DFA50C8B91BB08632A0C285445249D
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/pgoFUVRSJhIpc3Tz3BU1Eeb_iVc.roa
Signing time:             Tue 02 Jan 2024 06:32:29 +0000
ROA not before:           Tue 02 Jan 2024 06:32:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61368
IP address blocks:        45.155.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a5:0c:8b:91:bb:08:63:2a:0c:28:54:45:24:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  2 06:32:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a60a055154522612297374f3dc153511e6ff8957
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:4b:d7:a6:3f:66:f8:eb:96:a7:3e:2c:5c:7d:
                    33:08:43:1c:22:3e:e9:8d:a0:50:3f:ef:38:8b:4e:
                    62:4d:09:c5:c7:8f:b3:fa:ff:d7:1b:a0:7e:66:3e:
                    ee:6c:75:d5:cc:53:11:fc:44:7b:70:35:87:ee:70:
                    10:fa:49:65:53:1e:34:3b:6e:39:4d:a8:b0:35:e0:
                    f6:17:3f:f7:d7:4c:6b:f1:ef:4f:0e:46:77:9e:db:
                    8d:2b:af:2d:5a:86:b7:f7:cf:4d:3b:89:25:e1:a9:
                    33:c2:33:2b:40:24:c2:9e:c5:21:63:75:9a:30:a8:
                    87:dc:93:24:3d:53:16:6b:ec:95:81:94:fb:1f:8f:
                    4e:08:89:a1:c4:3f:db:44:eb:0d:02:0d:82:af:93:
                    dd:96:42:a6:a3:2d:31:62:03:7a:c6:62:90:5f:2f:
                    10:f1:28:17:64:76:7c:9e:67:91:d7:78:f5:7a:1a:
                    32:55:fb:d0:8d:e3:2b:64:65:dd:20:13:0c:45:52:
                    16:e0:83:32:98:9f:2f:97:58:a9:4f:cb:7b:c2:48:
                    ec:21:fe:0f:29:f0:f9:9b:5f:0d:d2:8f:74:b2:00:
                    b9:54:34:c4:bf:23:6e:96:9f:aa:db:66:70:b4:c5:
                    bf:c4:63:e5:7d:36:66:0f:41:be:0f:b4:e1:e1:e1:
                    d7:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:0A:05:51:54:52:26:12:29:73:74:F3:DC:15:35:11:E6:FF:89:57
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/pgoFUVRSJhIpc3Tz3BU1Eeb_iVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:d8:dc:0b:1b:65:3b:5a:ea:d7:3b:cf:33:7f:31:fa:af:48:
         41:53:4c:69:e4:13:01:25:70:70:ea:0a:fc:84:4d:09:26:ff:
         ac:16:a5:7a:78:6e:cd:97:fb:a3:da:24:05:d5:a6:ad:f1:aa:
         78:15:6f:47:80:57:b8:b5:85:1c:39:02:cc:4b:9d:fd:6e:ab:
         1b:fa:e8:1d:a2:cd:c8:41:e8:5c:e6:7e:23:03:52:32:e5:6d:
         eb:45:2b:9e:09:48:f6:77:df:d1:0d:b9:19:02:d4:52:c9:cb:
         67:0e:81:37:df:7a:a3:20:d9:21:a9:94:a0:59:bb:79:67:17:
         ba:59:45:f7:29:f8:84:ab:f7:a5:99:e7:79:db:0c:7b:3f:77:
         ff:fa:d6:ad:b4:fc:f4:ca:e7:29:ae:6a:de:9e:87:db:98:e3:
         b9:26:4e:e0:ed:b7:f1:50:67:1f:80:dc:a7:82:78:19:60:c3:
         d4:d5:8b:29:58:c8:1c:f5:08:69:83:dd:88:6c:3b:3a:8c:a2:
         9f:42:b0:10:e9:05:91:26:ce:e7:1a:78:df:82:dd:d5:e8:5a:
         9b:ab:bf:e3:86:33:3c:8f:09:42:0d:0a:cb:6f:26:94:5b:ce:
         e0:e1:bc:74:e8:97:de:d8:14:e4:3f:bb:27:c3:61:5d:51:1d:
         b4:ae:66:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36UMi5G7CGMqDChURSSdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwMTAyMDYzMjI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjBhMDU1MTU0NTIyNjEyMjk3Mzc0ZjNkYzE1MzUxMWU2ZmY4OTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkvXpj9m+OuWpz4sXH0zCEMcIj7p
jaBQP+84i05iTQnFx4+z+v/XG6B+Zj7ubHXVzFMR/ER7cDWH7nAQ+kllUx40O245
TaiwNeD2Fz/310xr8e9PDkZ3ntuNK68tWoa3989NO4kl4akzwjMrQCTCnsUhY3Wa
MKiH3JMkPVMWa+yVgZT7H49OCImhxD/bROsNAg2Cr5PdlkKmoy0xYgN6xmKQXy8Q
8SgXZHZ8nmeR13j1ehoyVfvQjeMrZGXdIBMMRVIW4IMymJ8vl1ipT8t7wkjsIf4P
KfD5m18N0o90sgC5VDTEvyNulp+q22ZwtMW/xGPlfTZmD0G+D7Th4eHXyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKYKBVFUUiYSKXN089wVNRHm/4lXMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvcGdvRlVWUlNKaElwYzNUejNCVTFFZWJfaVZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZtaMA0G
CSqGSIb3DQEBCwUAA4IBAQBP2NwLG2U7WurXO88zfzH6r0hBU0xp5BMBJXBw6gr8
hE0JJv+sFqV6eG7Nl/uj2iQF1aat8ap4FW9HgFe4tYUcOQLMS539bqsb+ugdos3I
Qehc5n4jA1Iy5W3rRSueCUj2d9/RDbkZAtRSyctnDoE333qjINkhqZSgWbt5Zxe6
WUX3KfiEq/elmed52wx7P3f/+tattPz0yucprmrenofbmOO5Jk7g7bfxUGcfgNyn
gngZYMPU1YspWMgc9Qhpg92IbDs6jKKfQrAQ6QWRJs7nGnjfgt3V6Fqbq7/jhjM8
jwlCDQrLbyaUW87g4bx06Jfe2BTkP7snw2FdUR20rmY0
-----END CERTIFICATE-----