Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/AGjcZfTBsqCHTj4nO_TvZnqo-UE.roa
File:                     AGjcZfTBsqCHTj4nO_TvZnqo-UE.roa (raw, json)
Hash identifier:          Hc4epX5Um91Q41SrHH2xhu8Z57fcmQHT3WhZ/Xn2Olo=
Subject key identifier:   00:68:DC:65:F4:C1:B2:A0:87:4E:3E:27:3B:F4:EF:66:7A:A8:F9:41
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       018CC3B6C55E64FD97E83565ECE95C98F276
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/AGjcZfTBsqCHTj4nO_TvZnqo-UE.roa
Signing time:             Mon 01 Jan 2024 06:29:44 +0000
ROA not before:           Mon 01 Jan 2024 06:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48430
IP address blocks:        185.139.212.0/22 maxlen: 22
                          2a07:1840::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c5:5e:64:fd:97:e8:35:65:ec:e9:5c:98:f2:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Jan  1 06:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0068dc65f4c1b2a0874e3e273bf4ef667aa8f941
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:55:5b:f9:fa:fb:c1:4c:f6:75:26:0e:76:48:
                    71:b7:39:d5:08:bb:d5:0c:68:36:d8:86:e4:63:36:
                    c9:af:5e:51:44:ad:42:b5:c5:a8:6c:75:99:df:bf:
                    0d:3b:0b:80:28:cc:45:63:7d:79:d7:3d:eb:77:53:
                    c3:02:81:b1:a7:0d:f3:c7:ed:48:ac:3f:23:f9:b0:
                    4c:a9:2d:64:41:8d:df:c6:a9:57:a9:99:89:a3:21:
                    ed:75:5a:d7:a7:1d:cf:af:3f:71:3f:9a:82:e6:6d:
                    59:1d:c4:8b:0d:a7:70:cb:56:a6:6e:7c:b5:75:0a:
                    a2:09:fd:4d:dc:c7:4d:87:b1:d0:84:5e:05:1d:f4:
                    7e:69:99:ab:d8:cf:38:50:29:6c:27:1c:ed:fa:5f:
                    d3:fd:c5:eb:65:05:6e:ac:dc:f8:9f:41:f7:11:66:
                    4d:3a:99:89:a8:e2:a3:cc:f2:57:80:17:dc:8b:9e:
                    c9:4e:fb:fc:8b:a6:f6:d4:09:39:e0:e9:bc:d9:a7:
                    8e:07:a4:71:b9:ee:94:3c:1d:e2:81:57:17:9b:8c:
                    94:1b:7c:c7:c3:b2:ce:92:b7:84:c6:78:fa:03:42:
                    3f:24:a0:d7:82:94:ec:52:ca:66:58:16:2f:02:62:
                    cd:8f:7b:8d:71:f5:9a:2d:af:d0:9a:13:68:d4:bf:
                    19:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:68:DC:65:F4:C1:B2:A0:87:4E:3E:27:3B:F4:EF:66:7A:A8:F9:41
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/AGjcZfTBsqCHTj4nO_TvZnqo-UE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.212.0/22
                IPv6:
                  2a07:1840::/32

    Signature Algorithm: sha256WithRSAEncryption
         8c:13:7b:10:be:bf:63:65:49:34:76:8d:5b:f3:ed:7f:f4:ef:
         46:e0:e7:cc:f4:1f:2d:69:83:76:a4:7c:fd:39:61:bc:80:5f:
         d2:ac:af:1e:46:ef:72:19:9f:6a:2f:2b:3b:0b:aa:22:54:dc:
         b9:c4:61:3e:6d:a2:4f:3b:66:82:4c:3b:10:80:69:6f:a3:94:
         39:04:31:cb:32:52:a6:b1:38:e4:d9:76:c7:58:ae:ba:ee:62:
         9d:25:2b:15:4b:7f:ff:43:7e:f5:8f:f0:88:75:c8:2a:1f:71:
         8e:6d:c6:eb:0b:ae:3a:9f:f0:fa:ee:26:31:07:3c:c8:09:9a:
         2f:d9:0b:4e:6b:19:46:ab:5e:40:6f:b6:41:7b:42:4f:24:e0:
         84:17:24:81:b1:b6:a2:fa:12:5f:a1:03:b6:49:e8:23:98:e5:
         c7:29:a4:73:c3:ff:c8:6d:c6:23:06:b4:7d:68:b3:33:4f:fc:
         39:8f:20:44:30:b7:b7:07:06:fa:0f:13:37:26:52:94:c3:e2:
         11:b8:81:ff:ee:ae:f4:9f:32:20:1b:a3:64:11:cd:b8:ed:f7:
         11:31:31:9c:d4:21:9d:21:5b:1a:31:b7:0c:d7:40:41:47:d4:
         96:45:2b:51:0f:66:f7:4b:78:dd:81:85:25:b5:7b:a4:08:ed:
         68:11:57:14
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtsVeZP2X6DVl7OlcmPJ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjQwMTAxMDYyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDY4ZGM2NWY0YzFiMmEwODc0ZTNlMjczYmY0ZWY2NjdhYThmOTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8VVb+fr7wUz2dSYOdkhxtznVCLvV
DGg22IbkYzbJr15RRK1CtcWobHWZ378NOwuAKMxFY3151z3rd1PDAoGxpw3zx+1I
rD8j+bBMqS1kQY3fxqlXqZmJoyHtdVrXpx3Prz9xP5qC5m1ZHcSLDadwy1ambny1
dQqiCf1N3MdNh7HQhF4FHfR+aZmr2M84UClsJxzt+l/T/cXrZQVurNz4n0H3EWZN
OpmJqOKjzPJXgBfci57JTvv8i6b21Ak54Om82aeOB6Rxue6UPB3igVcXm4yUG3zH
w7LOkreExnj6A0I/JKDXgpTsUspmWBYvAmLNj3uNcfWaLa/QmhNo1L8ZKwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFABo3GX0wbKgh04+Jzv072Z6qPlBMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvQUdqY1pmVEJzcUNIVGo0bk9fVHZabnFvLVVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYvUMA0E
AgACMAcDBQAqBxhAMA0GCSqGSIb3DQEBCwUAA4IBAQCME3sQvr9jZUk0do1b8+1/
9O9G4OfM9B8taYN2pHz9OWG8gF/SrK8eRu9yGZ9qLys7C6oiVNy5xGE+baJPO2aC
TDsQgGlvo5Q5BDHLMlKmsTjk2XbHWK667mKdJSsVS3//Q371j/CIdcgqH3GObcbr
C646n/D67iYxBzzICZov2QtOaxlGq15Ab7ZBe0JPJOCEFySBsbai+hJfoQO2Segj
mOXHKaRzw//IbcYjBrR9aLMzT/w5jyBEMLe3Bwb6DxM3JlKUw+IRuIH/7q70nzIg
G6NkEc247fcRMTGc1CGdIVsaMbcM10BBR9SWRStRD2b3S3jdgYUltXukCO1oEVcU
-----END CERTIFICATE-----