Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/b17ca4-2e2e-415a-adde-77257e04765f/1/h-agl-nn-RYaXQsR1RlcsPU7MBg.roa
File:                     h-agl-nn-RYaXQsR1RlcsPU7MBg.roa (raw, json)
Hash identifier:          HAXg0eWi0I6Qj/d0VEPEsXLgnx+ATW5qZpnKGGRFZ8k=
Subject key identifier:   87:E6:A0:97:E9:E7:F9:16:1A:5D:0B:11:D5:19:5C:B0:F5:3B:30:18
Certificate issuer:       /CN=4ee0432f5429d861d7743bfc31d7ad019628a5eb
Certificate serial:       018CC2DADDA01CAB868DC8A6870724A54612
Authority key identifier: 4E:E0:43:2F:54:29:D8:61:D7:74:3B:FC:31:D7:AD:01:96:28:A5:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TuBDL1Qp2GHXdDv8MdetAZYopes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/b17ca4-2e2e-415a-adde-77257e04765f/1/h-agl-nn-RYaXQsR1RlcsPU7MBg.roa
Signing time:             Mon 01 Jan 2024 02:29:32 +0000
ROA not before:           Mon 01 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8757
IP address blocks:        185.144.84.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/b17ca4-2e2e-415a-adde-77257e04765f/1/TuBDL1Qp2GHXdDv8MdetAZYopes.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/b17ca4-2e2e-415a-adde-77257e04765f/1/TuBDL1Qp2GHXdDv8MdetAZYopes.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TuBDL1Qp2GHXdDv8MdetAZYopes.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:dd:a0:1c:ab:86:8d:c8:a6:87:07:24:a5:46:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ee0432f5429d861d7743bfc31d7ad019628a5eb
        Validity
            Not Before: Jan  1 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87e6a097e9e7f9161a5d0b11d5195cb0f53b3018
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:1d:01:b9:49:0c:82:e9:b8:1f:0a:30:b1:e0:
                    4c:b3:98:9a:e5:71:7f:92:e9:d6:c7:6a:c1:69:a1:
                    67:9e:28:6a:dd:98:1b:8e:67:aa:67:a3:2c:b3:e6:
                    5e:04:c4:a6:72:6f:f8:8b:9e:52:fe:68:2b:cf:a7:
                    d8:f0:2c:08:53:60:23:3d:0e:b6:e7:3b:ca:ea:b8:
                    cf:79:8e:31:1e:83:a2:57:d8:58:14:da:a6:37:57:
                    41:3f:e5:e6:e5:c7:5d:2b:d1:78:e7:4c:c2:3d:f3:
                    b7:2f:fe:57:17:f1:c7:4a:69:a5:38:bd:ee:f3:31:
                    bd:7f:3f:8c:ab:39:71:ed:67:97:b6:ae:f9:50:50:
                    78:f5:a1:71:a9:0a:b1:bf:b0:bf:33:fe:28:b5:3a:
                    c0:82:85:6f:ec:6f:e3:b4:ed:91:9e:26:da:c3:b3:
                    13:3e:8d:40:ab:87:f6:11:2b:a5:40:0a:24:eb:3c:
                    cc:1b:fa:d5:15:79:c6:8f:2b:1f:85:90:7a:19:ea:
                    f5:7d:a9:ca:7f:ef:a1:ef:82:74:47:d5:00:d8:e9:
                    1b:9d:66:8e:1f:08:bf:43:26:9c:17:58:8b:04:c3:
                    0c:8e:6b:df:82:de:a7:c5:e8:53:ed:2b:1e:b3:14:
                    5f:f7:ec:d1:b8:e9:7c:71:bb:cd:67:7c:9b:7a:19:
                    85:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:E6:A0:97:E9:E7:F9:16:1A:5D:0B:11:D5:19:5C:B0:F5:3B:30:18
            X509v3 Authority Key Identifier:
                keyid:4E:E0:43:2F:54:29:D8:61:D7:74:3B:FC:31:D7:AD:01:96:28:A5:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TuBDL1Qp2GHXdDv8MdetAZYopes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/b17ca4-2e2e-415a-adde-77257e04765f/1/h-agl-nn-RYaXQsR1RlcsPU7MBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/b17ca4-2e2e-415a-adde-77257e04765f/1/TuBDL1Qp2GHXdDv8MdetAZYopes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bb:01:6b:dc:06:0f:b2:df:92:e9:04:a7:38:02:0d:c1:b5:5d:
         bf:03:02:24:5a:27:77:a4:94:86:bb:93:57:b6:54:6d:9a:d4:
         bc:e5:39:ef:5d:bd:eb:06:55:9a:c5:04:53:dc:c7:04:6f:da:
         83:27:c0:e5:d1:b8:92:fb:a4:d8:19:8f:70:cf:41:c2:cc:1d:
         d0:56:60:48:bb:c8:36:42:c4:95:d8:69:90:23:92:d5:71:ff:
         0e:b4:c4:d0:54:4a:25:2d:7c:c6:19:a9:a3:72:e5:29:17:08:
         c2:8d:9e:ba:db:e3:fd:af:ff:c0:01:e0:45:74:41:85:85:26:
         27:61:eb:c0:0f:21:a9:dc:53:a9:17:5c:a2:8b:96:e1:eb:04:
         73:18:99:c0:e8:07:72:37:1b:0d:84:ae:e1:45:a5:25:50:5d:
         d6:56:a8:69:3b:b7:37:4c:48:20:91:66:30:02:37:e9:8d:29:
         8d:41:8a:d3:69:d1:3c:2b:c6:b0:db:47:67:90:af:ad:d8:38:
         91:c5:52:23:d0:45:4a:f0:59:b2:70:c2:6f:95:a3:c9:c2:17:
         b2:a3:77:e3:8e:c8:1b:37:2b:c5:7e:c7:65:fe:ec:ec:ee:3c:
         fd:f4:70:11:17:33:de:b6:30:4b:a8:65:33:e3:18:43:fa:9a:
         5c:9a:a9:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2t2gHKuGjcimhwckpUYSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZTA0MzJmNTQyOWQ4NjFkNzc0M2JmYzMxZDdhZDAxOTYy
OGE1ZWIwHhcNMjQwMTAxMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2U2YTA5N2U5ZTdmOTE2MWE1ZDBiMTFkNTE5NWNiMGY1M2IzMDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgh0BuUkMgum4HwowseBMs5ia5XF/
kunWx2rBaaFnnihq3ZgbjmeqZ6Mss+ZeBMSmcm/4i55S/mgrz6fY8CwIU2AjPQ62
5zvK6rjPeY4xHoOiV9hYFNqmN1dBP+Xm5cddK9F450zCPfO3L/5XF/HHSmmlOL3u
8zG9fz+Mqzlx7WeXtq75UFB49aFxqQqxv7C/M/4otTrAgoVv7G/jtO2Rnibaw7MT
Po1Aq4f2ESulQAok6zzMG/rVFXnGjysfhZB6Ger1fanKf++h74J0R9UA2OkbnWaO
Hwi/QyacF1iLBMMMjmvfgt6nxehT7SsesxRf9+zRuOl8cbvNZ3ybehmFDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIfmoJfp5/kWGl0LEdUZXLD1OzAYMB8GA1UdIwQY
MBaAFE7gQy9UKdhh13Q7/DHXrQGWKKXrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHVCREwxUXAyR0hYZER2OE1kZXRBWllvcGVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9iMTdjYTQtMmUyZS00MTVhLWFkZGUt
NzcyNTdlMDQ3NjVmLzEvaC1hZ2wtbm4tUllhWFFzUjFSbGNzUFU3TUJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9iMTdjYTQtMmUyZS00MTVhLWFkZGUtNzcyNTdlMDQ3NjVm
LzEvVHVCREwxUXAyR0hYZER2OE1kZXRBWllvcGVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZBUMA0G
CSqGSIb3DQEBCwUAA4IBAQC7AWvcBg+y35LpBKc4Ag3BtV2/AwIkWid3pJSGu5NX
tlRtmtS85TnvXb3rBlWaxQRT3McEb9qDJ8Dl0biS+6TYGY9wz0HCzB3QVmBIu8g2
QsSV2GmQI5LVcf8OtMTQVEolLXzGGamjcuUpFwjCjZ662+P9r//AAeBFdEGFhSYn
YevADyGp3FOpF1yii5bh6wRzGJnA6AdyNxsNhK7hRaUlUF3WVqhpO7c3TEggkWYw
AjfpjSmNQYrTadE8K8aw20dnkK+t2DiRxVIj0EVK8FmycMJvlaPJwheyo3fjjsgb
NyvFfsdl/uzs7jz99HARFzPetjBLqGUz4xhD+ppcmqlS
-----END CERTIFICATE-----