Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/bff799-9e32-43be-85cd-824760714dfb/1/1agrLKR8WH_T4rZWw2gSrPqW4os.roa
File:                     1agrLKR8WH_T4rZWw2gSrPqW4os.roa (raw, json)
Hash identifier:          hEyMy69XRY78tskGuxzt7AH0ycY7lf3f76kNVcnPjaU=
Subject key identifier:   D5:A8:2B:2C:A4:7C:58:7F:D3:E2:B6:56:C3:68:12:AC:FA:96:E2:8B
Certificate issuer:       /CN=e544e266d4eb9cc7ded292c12b06b1ca7bcea778
Certificate serial:       018CC6B92169BB0C4C08E9B29F123586B7D3
Authority key identifier: E5:44:E2:66:D4:EB:9C:C7:DE:D2:92:C1:2B:06:B1:CA:7B:CE:A7:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5UTiZtTrnMfe0pLBKwaxynvOp3g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/bff799-9e32-43be-85cd-824760714dfb/1/1agrLKR8WH_T4rZWw2gSrPqW4os.roa
Signing time:             Mon 01 Jan 2024 20:31:10 +0000
ROA not before:           Mon 01 Jan 2024 20:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20813
IP address blocks:        193.108.160.0/23 maxlen: 23
                          194.24.226.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/bff799-9e32-43be-85cd-824760714dfb/1/5UTiZtTrnMfe0pLBKwaxynvOp3g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/bff799-9e32-43be-85cd-824760714dfb/1/5UTiZtTrnMfe0pLBKwaxynvOp3g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5UTiZtTrnMfe0pLBKwaxynvOp3g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:21:69:bb:0c:4c:08:e9:b2:9f:12:35:86:b7:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e544e266d4eb9cc7ded292c12b06b1ca7bcea778
        Validity
            Not Before: Jan  1 20:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5a82b2ca47c587fd3e2b656c36812acfa96e28b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:7f:c1:2a:b8:51:5d:02:03:96:aa:9d:6a:05:
                    91:5c:63:a4:2e:b2:e0:03:4b:60:a4:90:16:1c:83:
                    3a:a8:15:93:5e:72:9f:95:5b:54:ae:1e:d6:19:98:
                    f7:0b:a5:5d:44:2d:7b:4a:dc:1e:d5:29:ba:5a:70:
                    5a:f0:f6:ad:b9:ff:e3:3c:92:16:6d:f6:31:65:56:
                    be:6b:20:c8:f4:07:2b:b4:c0:6a:6c:d8:58:cb:d2:
                    f1:d7:79:00:06:9b:17:1b:27:41:e7:e4:86:3d:ca:
                    11:ce:b1:8b:67:9d:24:fb:f2:78:bc:c6:82:2f:66:
                    22:ce:08:75:b2:2d:f4:03:a1:b7:03:c7:d7:58:7c:
                    68:83:31:13:e2:d9:24:51:95:49:0c:4b:59:7e:a0:
                    b3:c2:17:9b:d6:60:1a:d7:4f:cb:c5:b5:4d:9b:5f:
                    34:69:f4:79:7f:00:7a:0c:bf:37:99:73:dd:28:a2:
                    cd:6e:ae:bd:63:2f:37:66:f0:34:0f:0b:02:3e:4d:
                    f7:a9:13:56:78:e7:37:2c:7e:16:af:1f:45:3d:58:
                    3b:76:f0:00:6e:95:fd:f3:1b:97:40:f0:1c:9d:02:
                    91:a4:02:72:f3:91:46:45:8b:7f:8b:cf:9e:17:ff:
                    af:2a:83:dd:0a:7e:b9:d8:3b:cb:b5:0a:a3:dc:83:
                    80:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:A8:2B:2C:A4:7C:58:7F:D3:E2:B6:56:C3:68:12:AC:FA:96:E2:8B
            X509v3 Authority Key Identifier:
                keyid:E5:44:E2:66:D4:EB:9C:C7:DE:D2:92:C1:2B:06:B1:CA:7B:CE:A7:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5UTiZtTrnMfe0pLBKwaxynvOp3g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/bff799-9e32-43be-85cd-824760714dfb/1/1agrLKR8WH_T4rZWw2gSrPqW4os.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/bff799-9e32-43be-85cd-824760714dfb/1/5UTiZtTrnMfe0pLBKwaxynvOp3g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.160.0/23
                  194.24.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:e5:27:f0:e5:12:12:c0:c8:82:9c:2c:53:68:ae:b2:5b:d2:
         9b:ce:54:b0:67:e2:d2:0d:44:cb:09:ef:6c:9d:fe:f2:ea:47:
         b4:ed:b0:6b:bb:35:d5:79:e2:4a:7e:8c:9c:6b:d3:11:32:3f:
         ef:7c:58:ff:a6:35:45:48:f1:2f:81:49:d7:98:6b:8a:f2:bc:
         7d:b6:78:e6:70:83:50:51:5e:d2:32:7e:fa:65:6b:51:ee:d6:
         35:07:76:1e:b9:61:e6:a0:a0:db:53:9e:b4:5c:b6:e6:ee:5a:
         8b:26:03:40:ea:73:08:4e:a5:63:34:4a:41:92:0a:a0:45:89:
         dc:e2:9a:bd:ae:a5:6c:26:55:70:28:78:71:7d:76:7a:c2:01:
         9b:20:cd:9b:73:a6:2f:dd:2d:4e:ec:fb:fc:48:a5:9b:d0:f0:
         e1:93:68:d2:5a:db:eb:a3:0b:ad:c2:97:47:77:82:e8:f0:8e:
         bc:8f:4c:e1:4e:99:64:0f:07:2f:63:47:26:73:8c:29:bc:b2:
         18:5e:2d:fd:62:ab:d8:11:e9:82:c5:fe:1e:02:12:17:75:e8:
         7d:7e:19:a4:1c:ae:fd:bf:09:e1:19:8c:4f:e8:f7:b1:3a:28:
         ab:5c:ae:db:6d:a9:62:fa:b9:58:32:c2:f0:7c:48:b1:d6:f9:
         bb:a7:80:41
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuSFpuwxMCOmynxI1hrfTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NDRlMjY2ZDRlYjljYzdkZWQyOTJjMTJiMDZiMWNhN2Jj
ZWE3NzgwHhcNMjQwMTAxMjAzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWE4MmIyY2E0N2M1ODdmZDNlMmI2NTZjMzY4MTJhY2ZhOTZlMjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtH/BKrhRXQIDlqqdagWRXGOkLrLg
A0tgpJAWHIM6qBWTXnKflVtUrh7WGZj3C6VdRC17Stwe1Sm6WnBa8Patuf/jPJIW
bfYxZVa+ayDI9AcrtMBqbNhYy9Lx13kABpsXGydB5+SGPcoRzrGLZ50k+/J4vMaC
L2Yizgh1si30A6G3A8fXWHxogzET4tkkUZVJDEtZfqCzwheb1mAa10/LxbVNm180
afR5fwB6DL83mXPdKKLNbq69Yy83ZvA0DwsCPk33qRNWeOc3LH4Wrx9FPVg7dvAA
bpX98xuXQPAcnQKRpAJy85FGRYt/i8+eF/+vKoPdCn652DvLtQqj3IOAlwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNWoKyykfFh/0+K2VsNoEqz6luKLMB8GA1UdIwQY
MBaAFOVE4mbU65zH3tKSwSsGscp7zqd4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVVUaVp0VHJuTWZlMHBMQkt3YXh5bnZPcDNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9iZmY3OTktOWUzMi00M2JlLTg1Y2Qt
ODI0NzYwNzE0ZGZiLzEvMWFnckxLUjhXSF9UNHJaV3cyZ1NyUHFXNG9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9iZmY3OTktOWUzMi00M2JlLTg1Y2QtODI0NzYwNzE0ZGZi
LzEvNVVUaVp0VHJuTWZlMHBMQkt3YXh5bnZPcDNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwWygAwQB
whjiMA0GCSqGSIb3DQEBCwUAA4IBAQAb5Sfw5RISwMiCnCxTaK6yW9KbzlSwZ+LS
DUTLCe9snf7y6ke07bBruzXVeeJKfoyca9MRMj/vfFj/pjVFSPEvgUnXmGuK8rx9
tnjmcINQUV7SMn76ZWtR7tY1B3YeuWHmoKDbU560XLbm7lqLJgNA6nMITqVjNEpB
kgqgRYnc4pq9rqVsJlVwKHhxfXZ6wgGbIM2bc6Yv3S1O7Pv8SKWb0PDhk2jSWtvr
owutwpdHd4Lo8I68j0zhTplkDwcvY0cmc4wpvLIYXi39YqvYEemCxf4eAhIXdeh9
fhmkHK79vwnhGYxP6PexOiirXK7bbali+rlYMsLwfEix1vm7p4BB
-----END CERTIFICATE-----