Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/f21ee0-d730-45db-97bd-c34be03c15db/1/AGFXaqT3BvJjfsfWKc-WZgyT260.roa
File:                     AGFXaqT3BvJjfsfWKc-WZgyT260.roa (raw, json)
Hash identifier:          otB7RONJ2iX79r/3n1UHcffodGPsIg2+hKNGewXNd5g=
Subject key identifier:   00:61:57:6A:A4:F7:06:F2:63:7E:C7:D6:29:CF:96:66:0C:93:DB:AD
Certificate issuer:       /CN=4b9a3b9e10232095c18d2644440ce5c58a138b35
Certificate serial:       0194266AD0A5E194C1247C982C370C68C14D
Authority key identifier: 4B:9A:3B:9E:10:23:20:95:C1:8D:26:44:44:0C:E5:C5:8A:13:8B:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S5o7nhAjIJXBjSZERAzlxYoTizU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/f21ee0-d730-45db-97bd-c34be03c15db/1/AGFXaqT3BvJjfsfWKc-WZgyT260.roa
Signing time:             Thu 02 Jan 2025 09:48:41 +0000
ROA not before:           Thu 02 Jan 2025 09:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20777
IP address blocks:        194.125.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/f21ee0-d730-45db-97bd-c34be03c15db/1/S5o7nhAjIJXBjSZERAzlxYoTizU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/f21ee0-d730-45db-97bd-c34be03c15db/1/S5o7nhAjIJXBjSZERAzlxYoTizU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S5o7nhAjIJXBjSZERAzlxYoTizU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 06:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:d0:a5:e1:94:c1:24:7c:98:2c:37:0c:68:c1:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b9a3b9e10232095c18d2644440ce5c58a138b35
        Validity
            Not Before: Jan  2 09:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0061576aa4f706f2637ec7d629cf96660c93dbad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:b0:8a:88:aa:db:5d:88:f9:d2:44:8e:a5:86:
                    da:35:96:5c:06:11:c9:27:10:7a:65:1c:33:3c:2f:
                    ec:2e:37:5c:37:82:3d:56:8e:54:cb:30:ed:c0:dc:
                    52:9f:9e:95:19:0d:a5:ed:4d:d9:15:50:69:8a:dc:
                    6a:2a:ed:6b:2c:04:4b:b4:5b:58:b4:2f:0d:89:ac:
                    62:28:dd:a6:6d:2a:30:90:c2:af:29:ad:d2:2f:e2:
                    1a:94:8d:f7:f2:f3:82:52:14:0b:59:32:6c:26:2c:
                    10:8f:fb:74:4a:80:8c:62:8e:61:93:05:df:70:7e:
                    e4:85:92:e3:65:3e:3b:da:59:80:98:74:92:7f:ae:
                    98:d5:3c:4b:99:a0:86:70:2b:8e:5e:e7:e1:ee:d8:
                    9a:97:f4:02:2a:f4:8c:da:93:91:04:19:2a:94:6d:
                    74:64:b9:37:81:71:28:8f:b4:c5:73:e7:ec:67:95:
                    32:4e:c0:2b:d8:5b:f1:4c:f3:38:7e:9e:31:da:32:
                    90:65:42:ce:5b:c2:69:57:92:d5:42:a8:1d:25:12:
                    c6:4d:de:6e:8e:18:0c:5d:33:76:ff:8e:57:73:ca:
                    c2:65:8e:8e:b9:55:b9:c6:6c:1c:72:b5:47:bd:1c:
                    71:c2:83:4c:d5:2a:fa:69:d9:a9:80:c6:56:04:e4:
                    65:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:61:57:6A:A4:F7:06:F2:63:7E:C7:D6:29:CF:96:66:0C:93:DB:AD
            X509v3 Authority Key Identifier:
                keyid:4B:9A:3B:9E:10:23:20:95:C1:8D:26:44:44:0C:E5:C5:8A:13:8B:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5o7nhAjIJXBjSZERAzlxYoTizU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f21ee0-d730-45db-97bd-c34be03c15db/1/AGFXaqT3BvJjfsfWKc-WZgyT260.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f21ee0-d730-45db-97bd-c34be03c15db/1/S5o7nhAjIJXBjSZERAzlxYoTizU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.125.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:0b:b1:57:0e:fe:09:65:b4:e8:71:fb:7a:1e:00:93:0d:6f:
         d8:12:37:19:47:02:01:e7:0f:5c:8b:c7:aa:54:81:82:33:b1:
         f3:d0:6d:1f:e6:34:6e:cb:3a:c7:c9:53:27:bf:73:b5:03:c2:
         b3:65:c2:7a:d3:21:e0:84:a3:d5:f6:52:2f:e5:11:e2:6d:1b:
         98:ba:04:28:37:05:4d:46:da:bd:da:6e:60:90:36:e0:92:c1:
         c3:b4:0a:df:18:b0:83:8c:ee:37:21:64:cc:dd:69:95:6c:fd:
         86:23:b6:38:05:e7:3c:9f:86:54:9f:7c:30:79:ca:79:63:d5:
         c1:e3:38:3d:43:66:af:c7:b7:fb:78:60:47:a0:c3:a3:9f:62:
         a1:fa:a5:1d:5d:9d:9d:f6:d6:83:3f:d3:ad:7b:5c:27:7d:86:
         5e:93:24:0b:18:93:d4:f2:fb:ab:55:b5:ca:ad:77:86:1f:a8:
         44:1e:a1:7b:f6:11:30:b4:77:46:93:6c:3e:e7:b3:ca:a5:86:
         48:85:f1:2a:5d:b5:c6:2b:8c:86:40:2d:33:7d:e8:e2:b1:9f:
         e1:8c:84:b8:5e:95:f9:b9:85:ed:9e:dc:74:14:d2:ee:5b:6a:
         e7:bb:1a:f3:5d:db:87:19:eb:1a:cc:af:85:27:f1:2e:85:f9:
         34:a0:5f:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmatCl4ZTBJHyYLDcMaMFNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOWEzYjllMTAyMzIwOTVjMThkMjY0NDQ0MGNlNWM1OGEx
MzhiMzUwHhcNMjUwMTAyMDk0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDYxNTc2YWE0ZjcwNmYyNjM3ZWM3ZDYyOWNmOTY2NjBjOTNkYmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbCKiKrbXYj50kSOpYbaNZZcBhHJ
JxB6ZRwzPC/sLjdcN4I9Vo5UyzDtwNxSn56VGQ2l7U3ZFVBpitxqKu1rLARLtFtY
tC8NiaxiKN2mbSowkMKvKa3SL+IalI338vOCUhQLWTJsJiwQj/t0SoCMYo5hkwXf
cH7khZLjZT472lmAmHSSf66Y1TxLmaCGcCuOXufh7tial/QCKvSM2pORBBkqlG10
ZLk3gXEoj7TFc+fsZ5UyTsAr2FvxTPM4fp4x2jKQZULOW8JpV5LVQqgdJRLGTd5u
jhgMXTN2/45Xc8rCZY6OuVW5xmwccrVHvRxxwoNM1Sr6admpgMZWBORlxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABhV2qk9wbyY37H1inPlmYMk9utMB8GA1UdIwQY
MBaAFEuaO54QIyCVwY0mREQM5cWKE4s1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVvN25oQWpJSlhCalNaRVJBemx4WW9UaXpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9mMjFlZTAtZDczMC00NWRiLTk3YmQt
YzM0YmUwM2MxNWRiLzEvQUdGWGFxVDNCdkpqZnNmV0tjLVdaZ3lUMjYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9mMjFlZTAtZDczMC00NWRiLTk3YmQtYzM0YmUwM2MxNWRi
LzEvUzVvN25oQWpJSlhCalNaRVJBemx4WW9UaXpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn3xMA0G
CSqGSIb3DQEBCwUAA4IBAQCuC7FXDv4JZbTocft6HgCTDW/YEjcZRwIB5w9ci8eq
VIGCM7Hz0G0f5jRuyzrHyVMnv3O1A8KzZcJ60yHghKPV9lIv5RHibRuYugQoNwVN
Rtq92m5gkDbgksHDtArfGLCDjO43IWTM3WmVbP2GI7Y4Bec8n4ZUn3wwecp5Y9XB
4zg9Q2avx7f7eGBHoMOjn2Kh+qUdXZ2d9taDP9Ote1wnfYZekyQLGJPU8vurVbXK
rXeGH6hEHqF79hEwtHdGk2w+57PKpYZIhfEqXbXGK4yGQC0zfejisZ/hjIS4XpX5
uYXtntx0FNLuW2rnuxrzXduHGesazK+FJ/Euhfk0oF9q
-----END CERTIFICATE-----