Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/aG1Oys8MDuakx-_J6YulBnEGR5c.roa
File:                     aG1Oys8MDuakx-_J6YulBnEGR5c.roa (raw, json)
Hash identifier:          +sW0VVw8iXKybGvJsxmbzIaXX2g8ofMseKcSIoco3Xo=
Subject key identifier:   68:6D:4E:CA:CF:0C:0E:E6:A4:C7:EF:C9:E9:8B:A5:06:71:06:47:97
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       0191E5F7D052EBD0CAFDBC39BC56303FE11B
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/aG1Oys8MDuakx-_J6YulBnEGR5c.roa
Signing time:             Thu 12 Sep 2024 11:21:48 +0000
ROA not before:           Thu 12 Sep 2024 11:21:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50969
IP address blocks:        185.140.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:35:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e5:f7:d0:52:eb:d0:ca:fd:bc:39:bc:56:30:3f:e1:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Sep 12 11:21:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=686d4ecacf0c0ee6a4c7efc9e98ba50671064797
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ab:1a:aa:59:24:7c:a3:9b:ea:2b:7f:47:eb:
                    83:59:a0:d6:1e:3f:11:d9:df:45:26:a6:62:59:cc:
                    ce:8e:17:5d:01:1d:10:5e:39:2a:d1:7b:51:83:61:
                    2a:7e:bc:57:71:9c:ed:d7:31:3b:d1:ce:5d:88:76:
                    07:ed:78:23:92:82:5f:48:a4:30:4e:58:0b:20:09:
                    5b:6d:fb:af:36:1b:5d:a4:9f:6c:13:4f:7d:cc:d5:
                    80:98:16:59:70:39:42:a0:67:36:26:56:39:2c:a3:
                    e7:e9:1a:6a:15:8f:e5:79:1f:fe:a3:89:a4:fa:25:
                    61:03:70:49:53:fc:d5:1a:fb:1e:cb:84:26:d5:c0:
                    fb:6b:57:d7:ac:48:13:17:ef:22:78:b2:ed:f2:ca:
                    6b:eb:e4:57:7c:b2:20:81:ca:27:bd:5a:81:3c:2c:
                    5b:51:d0:6f:55:47:18:eb:0c:d4:a5:19:d7:0c:bc:
                    4d:d9:47:0f:1c:a8:8f:fa:23:25:5c:51:f4:9a:37:
                    63:51:d7:18:6f:48:2a:3a:32:e2:45:85:e8:d7:7c:
                    ec:85:e2:f5:c7:db:88:b7:97:71:d3:5f:a6:b5:b7:
                    65:e2:41:5b:6a:2f:0f:9a:43:7a:8d:a2:ec:8b:d2:
                    98:a5:60:8f:6c:8a:c6:3e:10:06:23:57:f9:25:51:
                    00:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:6D:4E:CA:CF:0C:0E:E6:A4:C7:EF:C9:E9:8B:A5:06:71:06:47:97
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/aG1Oys8MDuakx-_J6YulBnEGR5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:16:04:a2:e1:bd:67:9b:8f:70:58:e2:6b:29:8f:d1:8b:89:
         0d:02:ae:ce:c7:c7:ec:98:a0:b3:aa:c4:1c:a1:7c:ec:8d:33:
         f2:d6:1d:a1:8e:ae:72:25:7c:ba:10:fd:b2:8f:05:3c:b9:4e:
         20:1b:68:03:c0:87:f8:eb:ab:41:51:52:64:7c:92:0f:07:0f:
         f3:31:09:dc:e2:38:32:39:ea:95:8c:8c:ed:80:0c:e6:dc:32:
         a3:0a:da:c0:f0:4b:0f:52:43:db:a9:1c:85:4f:e5:a7:81:1b:
         d8:3c:ea:3b:26:37:a2:82:6a:8d:22:c9:ce:d3:4d:a2:3a:11:
         55:7d:88:84:de:cb:cb:81:c6:a0:47:8a:65:97:1d:89:b8:d1:
         c1:69:ca:ba:dd:6b:2d:32:78:72:1b:9c:bb:99:a1:af:9e:72:
         4b:e0:c5:0d:91:4b:0b:af:f4:92:c2:b3:95:6d:3f:15:23:09:
         56:89:39:1f:ed:0f:e2:43:50:43:60:3c:e0:fe:24:df:be:75:
         f9:4d:9d:45:2c:0f:72:f3:a5:02:f9:8d:62:f1:31:63:89:9d:
         b4:68:d9:d4:d7:60:48:ec:a4:b2:c4:93:ee:b1:9c:97:19:cd:
         55:a5:a9:88:0e:65:8a:ee:2f:ef:09:62:f3:4e:58:fa:39:3a:
         fc:d9:09:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHl99BS69DK/bw5vFYwP+EbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwOTEyMTEyMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODZkNGVjYWNmMGMwZWU2YTRjN2VmYzllOThiYTUwNjcxMDY0Nzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApasaqlkkfKOb6it/R+uDWaDWHj8R
2d9FJqZiWczOjhddAR0QXjkq0XtRg2EqfrxXcZzt1zE70c5diHYH7XgjkoJfSKQw
TlgLIAlbbfuvNhtdpJ9sE099zNWAmBZZcDlCoGc2JlY5LKPn6RpqFY/leR/+o4mk
+iVhA3BJU/zVGvsey4Qm1cD7a1fXrEgTF+8ieLLt8spr6+RXfLIggconvVqBPCxb
UdBvVUcY6wzUpRnXDLxN2UcPHKiP+iMlXFH0mjdjUdcYb0gqOjLiRYXo13zsheL1
x9uIt5dx01+mtbdl4kFbai8PmkN6jaLsi9KYpWCPbIrGPhAGI1f5JVEAhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGhtTsrPDA7mpMfvyemLpQZxBkeXMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvYUcxT3lzOE1EdWFreC1fSjZZdWxCbkVHUjVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYysMA0G
CSqGSIb3DQEBCwUAA4IBAQCcFgSi4b1nm49wWOJrKY/Ri4kNAq7Ox8fsmKCzqsQc
oXzsjTPy1h2hjq5yJXy6EP2yjwU8uU4gG2gDwIf466tBUVJkfJIPBw/zMQnc4jgy
OeqVjIztgAzm3DKjCtrA8EsPUkPbqRyFT+WngRvYPOo7JjeigmqNIsnO002iOhFV
fYiE3svLgcagR4pllx2JuNHBacq63WstMnhyG5y7maGvnnJL4MUNkUsLr/SSwrOV
bT8VIwlWiTkf7Q/iQ1BDYDzg/iTfvnX5TZ1FLA9y86UC+Y1i8TFjiZ20aNnU12BI
7KSyxJPusZyXGc1VpamIDmWK7i/vCWLzTlj6OTr82Qlx
-----END CERTIFICATE-----