Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/Aag7REjT_KXo8hitiQjHCALKwzA.roa
File:                     Aag7REjT_KXo8hitiQjHCALKwzA.roa (raw, json)
Hash identifier:          l2+y+AhsPQ6U94iLiP65xciuYVxAaWEd9lu0P2ISBTk=
Subject key identifier:   01:A8:3B:44:48:D3:FC:A5:E8:F2:18:AD:89:08:C7:08:02:CA:C3:30
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01942748490ED5805B3A8EA8657BE6AB0E73
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/Aag7REjT_KXo8hitiQjHCALKwzA.roa
Signing time:             Thu 02 Jan 2025 13:50:36 +0000
ROA not before:           Thu 02 Jan 2025 13:50:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206602
IP address blocks:        185.71.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:49:0e:d5:80:5b:3a:8e:a8:65:7b:e6:ab:0e:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  2 13:50:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=01a83b4448d3fca5e8f218ad8908c70802cac330
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ac:6b:ae:e7:ba:23:4e:91:15:ed:54:2f:5e:
                    46:6b:96:df:f5:8b:a6:0b:9b:ea:b9:68:32:42:51:
                    93:76:24:e9:66:f6:01:dd:85:98:50:39:b8:d3:71:
                    2e:36:f3:a5:c8:e7:5c:97:ab:a4:01:d8:cc:de:a4:
                    00:f0:7a:27:95:8e:6c:7a:7b:d8:0b:83:67:fa:13:
                    85:24:0a:3c:80:b5:a8:4b:4b:37:6a:59:1b:46:ea:
                    eb:d4:79:20:c2:12:14:aa:77:76:cf:09:b8:e7:e0:
                    28:9d:5c:ff:1b:eb:de:cf:8a:39:d3:f5:ee:65:d3:
                    48:80:49:c6:2c:b1:16:dc:27:51:43:e4:ae:0b:b4:
                    19:ef:f1:c5:11:25:86:51:c8:52:0c:78:cc:04:bb:
                    16:ef:2a:88:64:05:7e:cd:47:99:0b:c3:56:79:a9:
                    8a:6b:01:e1:25:48:2a:07:cc:8d:f5:56:eb:21:ec:
                    6f:c0:d3:68:96:64:17:da:79:3a:58:11:78:66:92:
                    56:e9:79:b1:07:71:43:07:ce:d2:b0:36:6c:30:7b:
                    40:57:62:7a:a5:a1:41:26:1d:08:de:fc:94:b3:ca:
                    f6:3d:18:4a:fb:3c:ee:c6:a7:ad:10:30:be:e6:0b:
                    f1:19:84:89:86:44:0f:cb:97:ed:d3:cd:52:fa:c4:
                    a1:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:A8:3B:44:48:D3:FC:A5:E8:F2:18:AD:89:08:C7:08:02:CA:C3:30
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/Aag7REjT_KXo8hitiQjHCALKwzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:65:0e:a8:b7:72:f9:de:1a:95:d1:db:b4:84:ae:9e:0e:3c:
         4f:66:ef:94:cd:f6:5d:fd:0d:a0:3f:6e:84:40:b8:d4:05:37:
         fd:3c:4b:58:24:50:13:42:32:74:cf:d1:b4:15:0d:d5:c9:1e:
         88:13:4f:92:8a:e1:b6:7b:6d:21:31:b6:94:5e:f1:24:6e:b9:
         11:4f:89:ce:fb:73:9f:86:fb:63:21:b8:09:d1:ec:c9:7c:7e:
         0d:af:91:d3:c0:a3:a2:b1:67:da:2c:35:84:3b:bb:a0:04:d2:
         0b:cc:7a:31:b5:9f:26:c7:0f:b5:f8:91:3d:2f:50:31:f1:0f:
         4e:bc:8d:5c:b4:85:c4:b8:f1:b6:18:45:2a:7b:f1:39:29:48:
         ab:9d:b7:e5:95:73:b4:96:1c:45:ed:d5:95:63:7b:e7:f2:43:
         83:59:b5:eb:d5:68:fa:3b:0b:39:a3:6c:e3:d8:e8:31:04:4a:
         4a:d3:82:22:5e:90:f1:b5:e6:e7:a8:7d:88:9d:e9:66:74:30:
         a7:60:01:14:a0:3a:c3:16:c2:48:65:c2:af:e1:b9:8e:78:97:
         95:1e:33:2f:22:44:d9:11:df:94:09:6d:6f:97:d0:8c:70:63:
         d9:ed:8f:41:90:bd:b3:0a:a3:17:be:83:ee:9f:58:d4:05:a7:
         20:2f:a3:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSEkO1YBbOo6oZXvmqw5zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwMTAyMTM1MDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWE4M2I0NDQ4ZDNmY2E1ZThmMjE4YWQ4OTA4YzcwODAyY2FjMzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6xrrue6I06RFe1UL15Ga5bf9Yum
C5vquWgyQlGTdiTpZvYB3YWYUDm403EuNvOlyOdcl6ukAdjM3qQA8HonlY5senvY
C4Nn+hOFJAo8gLWoS0s3alkbRurr1HkgwhIUqnd2zwm45+AonVz/G+vez4o50/Xu
ZdNIgEnGLLEW3CdRQ+SuC7QZ7/HFESWGUchSDHjMBLsW7yqIZAV+zUeZC8NWeamK
awHhJUgqB8yN9VbrIexvwNNolmQX2nk6WBF4ZpJW6XmxB3FDB87SsDZsMHtAV2J6
paFBJh0I3vyUs8r2PRhK+zzuxqetEDC+5gvxGYSJhkQPy5ft081S+sSh5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAGoO0RI0/yl6PIYrYkIxwgCysMwMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvQWFnN1JFalRfS1hvOGhpdGlRakhDQUxLd3pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUccMA0G
CSqGSIb3DQEBCwUAA4IBAQBIZQ6ot3L53hqV0du0hK6eDjxPZu+UzfZd/Q2gP26E
QLjUBTf9PEtYJFATQjJ0z9G0FQ3VyR6IE0+SiuG2e20hMbaUXvEkbrkRT4nO+3Of
hvtjIbgJ0ezJfH4Nr5HTwKOisWfaLDWEO7ugBNILzHoxtZ8mxw+1+JE9L1Ax8Q9O
vI1ctIXEuPG2GEUqe/E5KUirnbfllXO0lhxF7dWVY3vn8kODWbXr1Wj6Ows5o2zj
2OgxBEpK04IiXpDxtebnqH2InelmdDCnYAEUoDrDFsJIZcKv4bmOeJeVHjMvIkTZ
Ed+UCW1vl9CMcGPZ7Y9BkL2zCqMXvoPun1jUBacgL6MX
-----END CERTIFICATE-----