Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/ylEbf9nTnxCov9ExoCH0uFtQzBg.roa
File:                     ylEbf9nTnxCov9ExoCH0uFtQzBg.roa (raw, json)
Hash identifier:          LrnNaM3yM0mHbHkxlz38yoWlDOqSkPsv9rllmyCp1x0=
Subject key identifier:   CA:51:1B:7F:D9:D3:9F:10:A8:BF:D1:31:A0:21:F4:B8:5B:50:CC:18
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018CC8DFA47CE23049CD48415100D21A1125
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/ylEbf9nTnxCov9ExoCH0uFtQzBg.roa
Signing time:             Tue 02 Jan 2024 06:32:28 +0000
ROA not before:           Tue 02 Jan 2024 06:32:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59692
IP address blocks:        45.135.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a4:7c:e2:30:49:cd:48:41:51:00:d2:1a:11:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  2 06:32:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca511b7fd9d39f10a8bfd131a021f4b85b50cc18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:5c:5a:dc:77:f1:32:55:0a:c8:64:c8:19:1b:
                    f0:51:b1:fa:97:5d:ef:88:f2:4f:83:c6:10:f9:ba:
                    d3:cb:95:fb:c5:8f:97:c7:99:82:9b:aa:54:ce:1b:
                    90:da:ec:b2:7f:d5:cc:ad:a7:fa:75:e3:3f:32:25:
                    e1:eb:94:f2:22:cf:ec:0d:46:08:87:a4:1b:22:af:
                    32:0e:53:6a:ee:73:4a:95:92:5f:74:e3:2c:6a:c3:
                    2d:8f:32:be:ca:4d:f6:b3:0c:43:5c:ae:45:ae:7e:
                    c3:d4:d9:e1:0e:fc:ee:eb:03:19:f0:c1:9e:64:d7:
                    43:8b:62:32:ed:1b:3e:af:57:b8:c7:56:e2:eb:e4:
                    e1:59:31:71:8c:2a:43:db:79:a3:ca:bd:6d:64:e2:
                    83:68:ca:58:01:5d:e7:c3:f9:fc:52:d6:ca:c7:79:
                    25:a5:9b:1d:37:1b:05:c9:72:26:d2:b8:59:5e:79:
                    98:50:92:6b:f8:cf:99:0b:66:28:42:32:c3:7b:6f:
                    2e:cb:4c:97:7d:01:7f:05:80:15:e7:20:80:15:e0:
                    b0:15:b3:85:75:44:0b:9e:e5:9a:3a:97:92:71:29:
                    b6:80:6e:e8:52:af:ec:ca:b1:0f:82:8a:43:f1:8f:
                    ca:44:e4:00:e4:90:95:24:14:c2:6f:b7:4c:13:f2:
                    77:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:51:1B:7F:D9:D3:9F:10:A8:BF:D1:31:A0:21:F4:B8:5B:50:CC:18
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/ylEbf9nTnxCov9ExoCH0uFtQzBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:62:62:cc:9a:e9:29:f7:10:60:53:96:f7:ac:a6:30:9b:40:
         31:47:e1:c4:a1:4d:38:24:72:d5:26:b5:50:fc:ce:1a:d2:65:
         8a:e8:09:7b:7b:fa:47:c5:2f:15:70:68:87:58:8a:95:73:e7:
         bf:02:5a:dd:2f:1d:5d:24:2c:58:3a:cc:2a:37:96:0f:48:a6:
         4c:99:10:fa:bb:b3:04:84:84:a8:3f:46:d5:12:b6:ae:5f:74:
         41:af:dc:86:85:94:7a:df:85:7e:77:19:56:fc:55:c2:be:7a:
         8b:9e:ff:34:e7:8c:c2:38:59:9f:fe:74:8e:25:c0:7a:bf:24:
         54:b1:79:79:ad:bb:13:5a:e8:46:6a:5e:3b:c4:36:88:99:f8:
         f8:1a:d7:78:2d:c9:0d:d4:75:42:18:2e:22:b5:99:45:93:18:
         82:08:e6:dc:eb:2d:68:e7:90:1d:7f:ec:ff:e8:80:91:e4:de:
         52:12:57:c9:a9:10:f1:b5:eb:56:c5:f7:db:9a:4d:13:b3:6a:
         81:f2:75:6e:71:94:a6:dc:2a:4b:6e:36:33:4b:ac:70:5c:17:
         6d:f0:b5:c6:13:d4:25:e2:a4:7b:09:07:36:17:8c:de:f1:e0:
         cd:dc:61:02:c0:2b:39:b6:96:9e:e8:d9:d8:65:ca:82:13:df:
         92:00:fc:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36R84jBJzUhBUQDSGhElMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwMTAyMDYzMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTUxMWI3ZmQ5ZDM5ZjEwYThiZmQxMzFhMDIxZjRiODViNTBjYzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1xa3HfxMlUKyGTIGRvwUbH6l13v
iPJPg8YQ+brTy5X7xY+Xx5mCm6pUzhuQ2uyyf9XMraf6deM/MiXh65TyIs/sDUYI
h6QbIq8yDlNq7nNKlZJfdOMsasMtjzK+yk32swxDXK5Frn7D1NnhDvzu6wMZ8MGe
ZNdDi2Iy7Rs+r1e4x1bi6+ThWTFxjCpD23mjyr1tZOKDaMpYAV3nw/n8UtbKx3kl
pZsdNxsFyXIm0rhZXnmYUJJr+M+ZC2YoQjLDe28uy0yXfQF/BYAV5yCAFeCwFbOF
dUQLnuWaOpeScSm2gG7oUq/syrEPgopD8Y/KROQA5JCVJBTCb7dME/J3jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMpRG3/Z058QqL/RMaAh9LhbUMwYMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEveWxFYmY5blRueENvdjlFeG9DSDB1RnRRekJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYfvMA0G
CSqGSIb3DQEBCwUAA4IBAQCFYmLMmukp9xBgU5b3rKYwm0AxR+HEoU04JHLVJrVQ
/M4a0mWK6Al7e/pHxS8VcGiHWIqVc+e/AlrdLx1dJCxYOswqN5YPSKZMmRD6u7ME
hISoP0bVErauX3RBr9yGhZR634V+dxlW/FXCvnqLnv8054zCOFmf/nSOJcB6vyRU
sXl5rbsTWuhGal47xDaImfj4Gtd4LckN1HVCGC4itZlFkxiCCObc6y1o55Adf+z/
6ICR5N5SElfJqRDxtetWxffbmk0Ts2qB8nVucZSm3CpLbjYzS6xwXBdt8LXGE9Ql
4qR7CQc2F4ze8eDN3GECwCs5tpae6NnYZcqCE9+SAPzV
-----END CERTIFICATE-----