Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/48b50b-adfe-4dfb-ad80-103b206ba28b/1/AjGn5wkRrNhN64powB4qXm2qlDk.roa
File:                     AjGn5wkRrNhN64powB4qXm2qlDk.roa (raw, json)
Hash identifier:          hkBxl2lZQuZA+OMhHmgFlEcQMEOLbiuGyKYusrBckE4=
Subject key identifier:   02:31:A7:E7:09:11:AC:D8:4D:EB:8A:68:C0:1E:2A:5E:6D:AA:94:39
Certificate issuer:       /CN=f724cba521c080db72a6e54a1b8cf4495cbbc7d6
Certificate serial:       018CC5DD2ED6E393291E79E09DC063F1B9A1
Authority key identifier: F7:24:CB:A5:21:C0:80:DB:72:A6:E5:4A:1B:8C:F4:49:5C:BB:C7:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9yTLpSHAgNtypuVKG4z0SVy7x9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/48b50b-adfe-4dfb-ad80-103b206ba28b/1/AjGn5wkRrNhN64powB4qXm2qlDk.roa
Signing time:             Mon 01 Jan 2024 16:30:56 +0000
ROA not before:           Mon 01 Jan 2024 16:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207996
IP address blocks:        185.203.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/48b50b-adfe-4dfb-ad80-103b206ba28b/1/9yTLpSHAgNtypuVKG4z0SVy7x9Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/48b50b-adfe-4dfb-ad80-103b206ba28b/1/9yTLpSHAgNtypuVKG4z0SVy7x9Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9yTLpSHAgNtypuVKG4z0SVy7x9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 04:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:2e:d6:e3:93:29:1e:79:e0:9d:c0:63:f1:b9:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f724cba521c080db72a6e54a1b8cf4495cbbc7d6
        Validity
            Not Before: Jan  1 16:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0231a7e70911acd84deb8a68c01e2a5e6daa9439
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:cb:ef:39:5c:10:61:d0:ed:cf:52:0e:7f:37:
                    2f:7b:da:5f:80:e9:3d:8c:82:1f:7a:be:64:91:62:
                    5a:bc:7a:d8:9a:bf:11:cb:eb:da:82:57:8a:32:96:
                    71:fa:f4:06:38:74:22:80:b3:55:8a:62:12:57:b6:
                    20:03:31:aa:09:e8:1e:d7:2c:f4:90:a7:d9:22:66:
                    4d:53:23:ed:d8:84:d8:4c:e5:68:c0:3f:18:9d:fc:
                    57:05:c8:61:ad:0b:cd:58:be:56:6c:cd:e2:26:7f:
                    17:e1:b4:a9:ed:c1:b2:81:f8:1c:09:99:78:71:29:
                    dd:a1:31:0f:12:db:7b:14:52:ad:8e:a0:4f:ef:0d:
                    a3:39:5d:68:4f:c0:c4:99:41:60:41:3a:a4:ce:69:
                    23:b0:c6:62:27:b8:2f:29:50:de:21:a5:b7:b1:34:
                    0f:63:d3:f6:cc:92:9a:06:e9:12:4f:45:6d:06:b8:
                    d2:cf:3a:1a:2d:f0:a1:01:23:2d:39:04:91:97:c0:
                    f8:c4:55:31:d8:e7:ef:70:2b:f8:19:2f:07:c5:b7:
                    07:e3:39:d5:18:d8:91:f6:82:c2:dd:5c:9f:ea:0e:
                    57:29:d4:16:4c:f6:3c:5a:00:ce:a3:68:d7:f7:77:
                    4f:73:56:05:14:64:ff:69:e9:f7:e9:75:3c:77:75:
                    92:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:31:A7:E7:09:11:AC:D8:4D:EB:8A:68:C0:1E:2A:5E:6D:AA:94:39
            X509v3 Authority Key Identifier:
                keyid:F7:24:CB:A5:21:C0:80:DB:72:A6:E5:4A:1B:8C:F4:49:5C:BB:C7:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9yTLpSHAgNtypuVKG4z0SVy7x9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/48b50b-adfe-4dfb-ad80-103b206ba28b/1/AjGn5wkRrNhN64powB4qXm2qlDk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/48b50b-adfe-4dfb-ad80-103b206ba28b/1/9yTLpSHAgNtypuVKG4z0SVy7x9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:3d:de:4a:72:52:cd:3b:32:0b:f8:b6:fb:b0:55:f2:75:af:
         09:c3:22:8a:68:a3:16:07:16:5b:40:be:e7:0e:2e:e2:ca:e5:
         d5:b8:3d:1e:ac:8e:2f:f6:44:f7:df:61:4c:43:60:ee:e3:e3:
         89:34:c8:74:dd:3d:8c:2e:60:a4:b1:ee:76:11:e8:b9:6e:74:
         14:7b:d3:27:40:62:b1:ab:4f:d7:71:a5:cc:7c:fe:ea:67:01:
         56:5c:85:76:7b:d0:cd:9b:22:0a:1f:2c:81:97:ca:3e:17:78:
         bd:1c:b1:d8:9c:09:07:87:1d:c1:ec:f7:31:85:95:03:d8:98:
         e6:63:0a:b9:e7:49:b9:b1:a4:1d:df:b4:77:4e:ea:22:17:0a:
         3a:fc:da:cf:26:57:0a:0e:ef:da:27:9a:00:ae:74:de:37:7e:
         46:d1:8f:15:ce:84:cd:a7:4d:18:fd:61:1f:b2:b8:a0:73:ff:
         62:56:20:b5:ad:37:5c:2b:c3:8a:f2:1d:4c:94:8a:68:b2:a5:
         49:d7:59:cc:39:91:21:24:9e:8c:15:1c:f9:0e:75:66:60:7f:
         46:69:20:71:78:bc:05:ac:55:70:f4:6e:4f:76:e8:6c:a9:a7:
         cb:8b:2f:b9:fe:9c:b3:be:f3:7c:74:8b:8d:ae:cd:bb:3a:98:
         cb:02:4d:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3S7W45MpHnngncBj8bmhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MjRjYmE1MjFjMDgwZGI3MmE2ZTU0YTFiOGNmNDQ5NWNi
YmM3ZDYwHhcNMjQwMTAxMTYzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjMxYTdlNzA5MTFhY2Q4NGRlYjhhNjhjMDFlMmE1ZTZkYWE5NDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscvvOVwQYdDtz1IOfzcve9pfgOk9
jIIfer5kkWJavHrYmr8Ry+vagleKMpZx+vQGOHQigLNVimISV7YgAzGqCege1yz0
kKfZImZNUyPt2ITYTOVowD8YnfxXBchhrQvNWL5WbM3iJn8X4bSp7cGygfgcCZl4
cSndoTEPEtt7FFKtjqBP7w2jOV1oT8DEmUFgQTqkzmkjsMZiJ7gvKVDeIaW3sTQP
Y9P2zJKaBukST0VtBrjSzzoaLfChASMtOQSRl8D4xFUx2OfvcCv4GS8HxbcH4znV
GNiR9oLC3Vyf6g5XKdQWTPY8WgDOo2jX93dPc1YFFGT/aen36XU8d3WSyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAIxp+cJEazYTeuKaMAeKl5tqpQ5MB8GA1UdIwQY
MBaAFPcky6UhwIDbcqblShuM9Elcu8fWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXlUTHBTSEFnTnR5cHVWS0c0ejBTVnk3eDlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy80OGI1MGItYWRmZS00ZGZiLWFkODAt
MTAzYjIwNmJhMjhiLzEvQWpHbjV3a1JyTmhONjRwb3dCNHFYbTJxbERrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy80OGI1MGItYWRmZS00ZGZiLWFkODAtMTAzYjIwNmJhMjhi
LzEvOXlUTHBTSEFnTnR5cHVWS0c0ejBTVnk3eDlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuctxMA0G
CSqGSIb3DQEBCwUAA4IBAQBXPd5KclLNOzIL+Lb7sFXyda8JwyKKaKMWBxZbQL7n
Di7iyuXVuD0erI4v9kT332FMQ2Du4+OJNMh03T2MLmCkse52Eei5bnQUe9MnQGKx
q0/XcaXMfP7qZwFWXIV2e9DNmyIKHyyBl8o+F3i9HLHYnAkHhx3B7PcxhZUD2Jjm
Ywq550m5saQd37R3TuoiFwo6/NrPJlcKDu/aJ5oArnTeN35G0Y8VzoTNp00Y/WEf
srigc/9iViC1rTdcK8OK8h1MlIposqVJ11nMOZEhJJ6MFRz5DnVmYH9GaSBxeLwF
rFVw9G5PduhsqafLiy+5/pyzvvN8dIuNrs27OpjLAk0r
-----END CERTIFICATE-----