Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/AguHBebCgKGNPd6agC4Df6RIEsI.roa
File:                     AguHBebCgKGNPd6agC4Df6RIEsI.roa (raw, json)
Hash identifier:          +3u1d+ANyPlfQRr5lM4qVfEBhpG9dDU3Whvt2PbHYao=
Subject key identifier:   02:0B:87:05:E6:C2:80:A1:8D:3D:DE:9A:80:2E:03:7F:A4:48:12:C2
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       018CC9BC8D5A9ECF7309BB908AD3FFB3E733
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/AguHBebCgKGNPd6agC4Df6RIEsI.roa
Signing time:             Tue 02 Jan 2024 10:33:46 +0000
ROA not before:           Tue 02 Jan 2024 10:33:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6220
IP address blocks:        213.198.48.0/24 maxlen: 24
                          213.198.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:8d:5a:9e:cf:73:09:bb:90:8a:d3:ff:b3:e7:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  2 10:33:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=020b8705e6c280a18d3dde9a802e037fa44812c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:43:83:96:ba:62:60:5a:ab:cd:fc:49:b6:a9:
                    c0:7a:27:a2:db:bd:7c:bb:89:34:8f:29:c1:85:5f:
                    b7:cc:69:0a:0c:e7:da:a7:d4:05:4d:9a:6b:cb:5e:
                    32:a6:f7:cc:18:b8:a4:04:3c:27:65:be:2b:fd:2d:
                    83:7e:66:2f:04:bd:0a:aa:61:90:22:0d:c9:97:67:
                    21:8f:39:f2:82:34:5e:57:7c:14:8e:30:17:ab:34:
                    bd:92:62:7c:02:e4:20:f7:62:11:e3:07:4b:a6:60:
                    08:cb:93:92:40:ca:ce:fe:d3:21:43:d8:25:eb:3b:
                    86:c2:34:89:0a:d7:d2:42:e9:1d:ae:e4:3d:91:da:
                    10:03:ef:2b:a7:17:71:49:52:d1:20:2a:b1:1c:7b:
                    12:04:87:c9:52:cb:b1:a7:cb:7b:aa:04:ad:06:28:
                    ba:ba:36:c2:6f:20:74:43:a4:55:d4:d0:12:20:d3:
                    47:63:dd:a2:47:c8:e3:fc:10:fd:c8:a4:8b:ab:03:
                    b9:b2:ca:09:2e:49:a0:0a:f9:64:5a:56:25:ec:2c:
                    5f:92:0f:02:b2:65:f7:92:cd:f7:7b:b0:cd:bc:12:
                    b5:da:cd:2c:41:e5:14:3a:e9:25:3f:8b:69:58:2a:
                    e7:65:8f:71:4d:69:7c:a9:a0:35:08:1a:7a:af:ae:
                    48:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:0B:87:05:E6:C2:80:A1:8D:3D:DE:9A:80:2E:03:7F:A4:48:12:C2
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/AguHBebCgKGNPd6agC4Df6RIEsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.198.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:66:43:87:fd:31:d3:51:cb:2b:5c:24:22:67:94:d9:56:72:
         6a:a5:c9:0e:f2:f7:f2:4d:aa:ee:19:1f:3a:97:bd:5e:4c:2f:
         8c:50:93:e0:e8:8c:1d:ad:c0:b9:8a:63:29:09:80:33:28:d0:
         74:88:01:73:e6:02:14:13:4d:5d:16:ab:a5:6b:58:0b:5d:b7:
         29:f2:4e:d5:09:69:4b:75:da:bf:ab:da:2c:d3:cf:5c:3d:58:
         a3:76:b7:32:10:b0:29:c5:97:9c:4d:7a:5a:b2:20:13:86:4c:
         da:1e:3a:fe:1e:6c:4f:83:a4:bc:77:0a:1c:f2:18:73:ec:f2:
         86:ef:fc:1a:dd:71:34:fc:b3:66:cc:d3:93:61:a7:1f:02:b6:
         ed:c9:0c:94:b8:61:c2:47:6d:ab:06:1c:7b:a5:14:ea:81:dd:
         f8:b6:a0:98:01:bb:8e:a3:55:09:ff:ff:ef:3a:49:80:10:d7:
         44:89:67:24:23:f0:ff:0f:e7:aa:95:49:f5:9c:a2:16:b4:dc:
         9a:76:9f:49:15:bf:6c:12:9c:48:a6:f3:13:35:56:cc:64:2f:
         72:09:8e:e3:90:19:99:20:dc:6d:67:bd:c2:55:1e:d2:e3:64:
         db:96:cb:0e:73:bb:96:50:3b:7f:87:80:2c:74:20:4f:df:12:
         a5:46:fd:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvI1ans9zCbuQitP/s+czMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjQwMTAyMTAzMzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjBiODcwNWU2YzI4MGExOGQzZGRlOWE4MDJlMDM3ZmE0NDgxMmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhEODlrpiYFqrzfxJtqnAeiei2718
u4k0jynBhV+3zGkKDOfap9QFTZpry14ypvfMGLikBDwnZb4r/S2DfmYvBL0KqmGQ
Ig3Jl2chjznygjReV3wUjjAXqzS9kmJ8AuQg92IR4wdLpmAIy5OSQMrO/tMhQ9gl
6zuGwjSJCtfSQukdruQ9kdoQA+8rpxdxSVLRICqxHHsSBIfJUsuxp8t7qgStBii6
ujbCbyB0Q6RV1NASINNHY92iR8jj/BD9yKSLqwO5ssoJLkmgCvlkWlYl7Cxfkg8C
smX3ks33e7DNvBK12s0sQeUUOuklP4tpWCrnZY9xTWl8qaA1CBp6r65IRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAILhwXmwoChjT3emoAuA3+kSBLCMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvQWd1SEJlYkNnS0dOUGQ2YWdDNERmNlJJRXNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1cYwMA0G
CSqGSIb3DQEBCwUAA4IBAQAiZkOH/THTUcsrXCQiZ5TZVnJqpckO8vfyTaruGR86
l71eTC+MUJPg6IwdrcC5imMpCYAzKNB0iAFz5gIUE01dFqula1gLXbcp8k7VCWlL
ddq/q9os089cPVijdrcyELApxZecTXpasiAThkzaHjr+HmxPg6S8dwoc8hhz7PKG
7/wa3XE0/LNmzNOTYacfArbtyQyUuGHCR22rBhx7pRTqgd34tqCYAbuOo1UJ///v
OkmAENdEiWckI/D/D+eqlUn1nKIWtNyadp9JFb9sEpxIpvMTNVbMZC9yCY7jkBmZ
INxtZ73CVR7S42TblssOc7uWUDt/h4AsdCBP3xKlRv04
-----END CERTIFICATE-----