Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/Ag1IJJ_aGL25RlltrDNTCpSjkJk.roa
File:                     Ag1IJJ_aGL25RlltrDNTCpSjkJk.roa (raw, json)
Hash identifier:          TfbUPM8o9aFUUYlbbrFXauSHc+ZlOYUubA4eqosE8uw=
Subject key identifier:   02:0D:48:24:9F:DA:18:BD:B9:46:59:6D:AC:33:53:0A:94:A3:90:99
Certificate issuer:       /CN=c3fb403a241883e58fced52d39d80eabd52bb36f
Certificate serial:       018CC726EC8F7BC3DB037BD1B4BE473CCDED
Authority key identifier: C3:FB:40:3A:24:18:83:E5:8F:CE:D5:2D:39:D8:0E:AB:D5:2B:B3:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/Ag1IJJ_aGL25RlltrDNTCpSjkJk.roa
Signing time:             Mon 01 Jan 2024 22:31:06 +0000
ROA not before:           Mon 01 Jan 2024 22:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210353
IP address blocks:        194.44.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:ec:8f:7b:c3:db:03:7b:d1:b4:be:47:3c:cd:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3fb403a241883e58fced52d39d80eabd52bb36f
        Validity
            Not Before: Jan  1 22:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=020d48249fda18bdb946596dac33530a94a39099
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:0e:d8:d7:66:fd:f7:42:b9:9b:46:17:69:10:
                    4a:5d:8e:5e:47:e5:07:de:19:83:65:9e:af:bd:48:
                    a6:40:dd:a3:3a:9c:16:80:7f:45:5e:32:c0:b2:d6:
                    bc:ed:78:b4:6e:65:ac:ff:42:80:14:ae:e2:31:c5:
                    3d:a9:f1:d6:c3:df:92:cc:39:d1:5e:08:64:8b:a7:
                    12:18:46:7c:6e:e3:91:5f:90:55:3d:44:0c:e5:90:
                    c6:d0:75:10:0e:29:f4:30:72:06:7c:a1:17:d2:bf:
                    69:5c:55:23:15:e6:94:b0:f6:4a:48:7f:89:1e:43:
                    63:33:3f:e1:3b:b0:bf:90:04:cc:9b:f2:e2:c1:98:
                    b4:5e:8c:80:7c:5e:96:52:31:3d:f1:7d:e6:f7:da:
                    83:cf:bd:0d:21:cb:af:1d:7b:30:76:e5:62:12:46:
                    d2:c8:28:0f:3d:8f:89:b0:95:7c:24:fc:ca:0a:27:
                    02:44:47:83:de:c6:a5:29:86:04:80:17:1f:8c:b0:
                    fc:7b:fe:bb:d9:09:c4:a0:45:4a:1e:7f:36:f6:bc:
                    e4:8c:c1:e7:03:40:b4:3f:20:2f:cc:20:f5:77:78:
                    a2:be:9f:24:c6:96:4a:38:08:a8:48:21:8b:66:a3:
                    f4:4f:69:b7:5c:2d:38:3e:61:32:9e:f6:e7:fb:28:
                    b9:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:0D:48:24:9F:DA:18:BD:B9:46:59:6D:AC:33:53:0A:94:A3:90:99
            X509v3 Authority Key Identifier:
                keyid:C3:FB:40:3A:24:18:83:E5:8F:CE:D5:2D:39:D8:0E:AB:D5:2B:B3:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/Ag1IJJ_aGL25RlltrDNTCpSjkJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.44.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:42:15:81:08:38:0e:69:f1:8f:29:a6:b4:8d:4e:91:be:bb:
         7e:8a:86:23:29:d7:82:41:f0:04:09:10:f5:72:3b:6b:5d:a6:
         34:1d:81:cb:e4:73:6e:7f:c5:ad:35:b4:2f:04:ab:64:86:36:
         26:f6:b8:b9:c3:a7:82:be:98:1b:d7:c5:89:48:4b:ad:2b:54:
         ad:4b:bc:61:d4:56:ae:6b:7a:7d:07:01:b7:94:3f:18:3a:75:
         73:5a:15:1d:da:76:20:7b:02:1e:ec:44:84:44:0c:95:91:91:
         49:95:f6:19:e0:6b:2d:33:e4:0b:9e:dc:3a:dc:f2:8c:de:81:
         c7:ac:5e:5b:29:df:2d:69:61:67:c3:d3:51:27:36:4c:27:d4:
         fe:27:db:56:d6:3a:7d:a9:58:a6:aa:d1:70:bb:29:43:74:e6:
         ad:7d:72:8a:7c:2e:a4:32:b3:09:79:30:e3:ae:1a:2f:84:2e:
         53:13:b5:b2:53:34:26:a0:9a:b2:00:4e:02:95:c7:f8:66:8b:
         c1:5f:80:34:38:8e:06:cb:83:73:ed:f0:04:8c:63:95:e3:55:
         2d:43:27:43:29:1f:2b:73:e7:13:fd:6d:69:8e:ac:48:69:dd:
         7c:4e:1a:fc:ab:b1:2b:45:9f:b0:b4:a4:e5:51:26:00:67:3c:
         33:d1:17:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJuyPe8PbA3vRtL5HPM3tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzZmI0MDNhMjQxODgzZTU4ZmNlZDUyZDM5ZDgwZWFiZDUy
YmIzNmYwHhcNMjQwMTAxMjIzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjBkNDgyNDlmZGExOGJkYjk0NjU5NmRhYzMzNTMwYTk0YTM5MDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhA7Y12b990K5m0YXaRBKXY5eR+UH
3hmDZZ6vvUimQN2jOpwWgH9FXjLAsta87Xi0bmWs/0KAFK7iMcU9qfHWw9+SzDnR
Xghki6cSGEZ8buORX5BVPUQM5ZDG0HUQDin0MHIGfKEX0r9pXFUjFeaUsPZKSH+J
HkNjMz/hO7C/kATMm/LiwZi0XoyAfF6WUjE98X3m99qDz70NIcuvHXswduViEkbS
yCgPPY+JsJV8JPzKCicCREeD3salKYYEgBcfjLD8e/672QnEoEVKHn829rzkjMHn
A0C0PyAvzCD1d3iivp8kxpZKOAioSCGLZqP0T2m3XC04PmEynvbn+yi5TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAINSCSf2hi9uUZZbawzUwqUo5CZMB8GA1UdIwQY
MBaAFMP7QDokGIPlj87VLTnYDqvVK7NvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd190QU9pUVlnLVdQenRVdE9kZ09xOVVyczI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC80ZGM2MjUtN2MxYy00ZGFjLTg5OWUt
YTlhNzc5MDI2ZjBhLzEvQWcxSUpKX2FHTDI1UmxsdHJETlRDcFNqa0prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC80ZGM2MjUtN2MxYy00ZGFjLTg5OWUtYTlhNzc5MDI2ZjBh
LzEvd190QU9pUVlnLVdQenRVdE9kZ09xOVVyczI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwizqMA0G
CSqGSIb3DQEBCwUAA4IBAQA1QhWBCDgOafGPKaa0jU6Rvrt+ioYjKdeCQfAECRD1
cjtrXaY0HYHL5HNuf8WtNbQvBKtkhjYm9ri5w6eCvpgb18WJSEutK1StS7xh1Fau
a3p9BwG3lD8YOnVzWhUd2nYgewIe7ESERAyVkZFJlfYZ4GstM+QLntw63PKM3oHH
rF5bKd8taWFnw9NRJzZMJ9T+J9tW1jp9qVimqtFwuylDdOatfXKKfC6kMrMJeTDj
rhovhC5TE7WyUzQmoJqyAE4Clcf4ZovBX4A0OI4Gy4Nz7fAEjGOV41UtQydDKR8r
c+cT/W1pjqxIad18Thr8q7ErRZ+wtKTlUSYAZzwz0RcV
-----END CERTIFICATE-----