Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/32e650-0cec-4262-bc93-e3dd776489a1/1/agKshWalfjb_E-GOoaxoNeUCxOo.roa
File:                     agKshWalfjb_E-GOoaxoNeUCxOo.roa (raw, json)
Hash identifier:          Z9tRHx90KCY5eZWK7zFoXx/lFXcbhw6xjKcPlyphvDM=
Subject key identifier:   6A:02:AC:85:66:A5:7E:36:FF:13:E1:8E:A1:AC:68:35:E5:02:C4:EA
Certificate issuer:       /CN=aae89bc3097768acd67c2dd747d3be1adb72e997
Certificate serial:       018CC72603EC9781A8FB9740000E3F2FA3C6
Authority key identifier: AA:E8:9B:C3:09:77:68:AC:D6:7C:2D:D7:47:D3:BE:1A:DB:72:E9:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/quibwwl3aKzWfC3XR9O-Gtty6Zc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/32e650-0cec-4262-bc93-e3dd776489a1/1/agKshWalfjb_E-GOoaxoNeUCxOo.roa
Signing time:             Mon 01 Jan 2024 22:30:06 +0000
ROA not before:           Mon 01 Jan 2024 22:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41656
IP address blocks:        91.200.73.0/24 maxlen: 24
                          194.145.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/32e650-0cec-4262-bc93-e3dd776489a1/1/quibwwl3aKzWfC3XR9O-Gtty6Zc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/32e650-0cec-4262-bc93-e3dd776489a1/1/quibwwl3aKzWfC3XR9O-Gtty6Zc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/quibwwl3aKzWfC3XR9O-Gtty6Zc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:03:ec:97:81:a8:fb:97:40:00:0e:3f:2f:a3:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aae89bc3097768acd67c2dd747d3be1adb72e997
        Validity
            Not Before: Jan  1 22:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a02ac8566a57e36ff13e18ea1ac6835e502c4ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:7c:4e:3e:d6:47:6e:89:af:63:9b:a0:47:b9:
                    6f:d1:aa:0d:ea:72:44:7c:db:35:b8:bd:f7:74:55:
                    16:92:50:e1:37:50:24:36:62:99:c3:14:d9:53:44:
                    6e:5d:ea:aa:84:37:85:e0:6b:45:79:32:2c:9d:da:
                    2a:d1:44:1c:e6:fd:1b:57:1c:cd:ad:bd:8f:37:9f:
                    98:12:ad:fe:c6:b9:e4:1a:cd:50:dc:b5:d5:a9:33:
                    60:22:89:7f:1e:84:96:dc:0d:15:80:52:45:48:9d:
                    24:9e:08:27:9c:67:0b:33:55:95:8d:d4:d6:fc:49:
                    7a:84:ef:43:cc:19:26:78:f6:10:14:68:34:95:ad:
                    59:18:ac:9e:4e:a8:c7:db:80:22:5e:22:e3:54:9d:
                    91:42:a1:0a:31:fe:b0:20:81:69:f2:4e:71:8f:fb:
                    60:b1:f2:fe:48:fc:7b:f0:56:9d:f3:96:f0:de:ee:
                    72:06:b5:30:74:35:a7:97:1c:72:ed:4f:de:ac:3b:
                    50:4f:ca:59:a0:61:0f:2b:be:a5:da:99:74:52:a2:
                    ed:bb:92:be:5b:5e:42:d7:ae:f3:83:97:2d:36:aa:
                    96:61:ce:58:32:e5:17:40:1e:37:d6:e5:87:59:70:
                    05:cf:cd:03:4e:28:d0:15:f2:c6:95:42:3b:8d:46:
                    0a:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:02:AC:85:66:A5:7E:36:FF:13:E1:8E:A1:AC:68:35:E5:02:C4:EA
            X509v3 Authority Key Identifier:
                keyid:AA:E8:9B:C3:09:77:68:AC:D6:7C:2D:D7:47:D3:BE:1A:DB:72:E9:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/quibwwl3aKzWfC3XR9O-Gtty6Zc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/32e650-0cec-4262-bc93-e3dd776489a1/1/agKshWalfjb_E-GOoaxoNeUCxOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/32e650-0cec-4262-bc93-e3dd776489a1/1/quibwwl3aKzWfC3XR9O-Gtty6Zc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.73.0/24
                  194.145.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:8e:16:60:68:44:6c:29:6a:10:59:9e:8c:e5:0e:b0:70:2c:
         07:80:3f:a3:bb:9d:1d:58:0c:75:fe:1a:c3:a4:1a:21:67:e0:
         b9:1a:6f:42:ef:77:fa:45:36:94:40:62:1b:fb:4b:29:13:4b:
         c0:cc:08:e4:01:c2:53:74:a1:5f:7e:7f:7c:d9:9b:78:c6:4c:
         c1:6e:3e:40:61:3f:53:ec:63:2a:70:73:8b:77:25:40:5f:30:
         e9:33:85:07:df:8b:ff:8b:2a:3b:7e:c7:30:6c:9c:bc:8c:cc:
         80:17:2a:89:42:31:6d:a3:2d:ee:e7:13:38:be:c7:76:94:fe:
         4f:16:d8:bb:c3:27:73:88:01:57:aa:56:68:78:9f:ee:ec:be:
         57:ca:39:f4:df:3f:37:80:2b:67:50:8e:ef:80:78:23:1e:8f:
         40:13:7a:1d:88:80:7b:e8:c0:b0:4f:99:cc:b2:c2:fa:8b:f5:
         b0:2d:80:b3:5e:3b:4f:f3:40:ab:cc:eb:33:9d:5d:78:60:c6:
         cf:5a:eb:34:e3:15:09:d7:cb:dd:4f:51:2b:21:3b:26:6a:d1:
         78:d2:9e:1b:26:6f:65:f9:3e:86:9d:0d:27:8e:ec:c7:f4:53:
         f3:cd:ff:c2:73:35:16:85:11:fa:5b:73:d7:79:c1:21:55:5e:
         e1:99:8a:c0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJgPsl4Go+5dAAA4/L6PGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZTg5YmMzMDk3NzY4YWNkNjdjMmRkNzQ3ZDNiZTFhZGI3
MmU5OTcwHhcNMjQwMTAxMjIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTAyYWM4NTY2YTU3ZTM2ZmYxM2UxOGVhMWFjNjgzNWU1MDJjNGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHxOPtZHbomvY5ugR7lv0aoN6nJE
fNs1uL33dFUWklDhN1AkNmKZwxTZU0RuXeqqhDeF4GtFeTIsndoq0UQc5v0bVxzN
rb2PN5+YEq3+xrnkGs1Q3LXVqTNgIol/HoSW3A0VgFJFSJ0knggnnGcLM1WVjdTW
/El6hO9DzBkmePYQFGg0la1ZGKyeTqjH24AiXiLjVJ2RQqEKMf6wIIFp8k5xj/tg
sfL+SPx78Fad85bw3u5yBrUwdDWnlxxy7U/erDtQT8pZoGEPK76l2pl0UqLtu5K+
W15C167zg5ctNqqWYc5YMuUXQB431uWHWXAFz80DTijQFfLGlUI7jUYKSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGoCrIVmpX42/xPhjqGsaDXlAsTqMB8GA1UdIwQY
MBaAFKrom8MJd2is1nwt10fTvhrbcumXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXVpYnd3bDNhS3pXZkMzWFI5Ty1HdHR5NlpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zMmU2NTAtMGNlYy00MjYyLWJjOTMt
ZTNkZDc3NjQ4OWExLzEvYWdLc2hXYWxmamJfRS1HT29heG9OZVVDeE9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zMmU2NTAtMGNlYy00MjYyLWJjOTMtZTNkZDc3NjQ4OWEx
LzEvcXVpYnd3bDNhS3pXZkMzWFI5Ty1HdHR5NlpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8hJAwQA
wpHLMA0GCSqGSIb3DQEBCwUAA4IBAQAkjhZgaERsKWoQWZ6M5Q6wcCwHgD+ju50d
WAx1/hrDpBohZ+C5Gm9C73f6RTaUQGIb+0spE0vAzAjkAcJTdKFffn982Zt4xkzB
bj5AYT9T7GMqcHOLdyVAXzDpM4UH34v/iyo7fscwbJy8jMyAFyqJQjFtoy3u5xM4
vsd2lP5PFti7wydziAFXqlZoeJ/u7L5Xyjn03z83gCtnUI7vgHgjHo9AE3odiIB7
6MCwT5nMssL6i/WwLYCzXjtP80CrzOsznV14YMbPWus04xUJ18vdT1ErITsmatF4
0p4bJm9l+T6GnQ0njuzH9FPzzf/CczUWhRH6W3PXecEhVV7hmYrA
-----END CERTIFICATE-----