Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/AGCjlep1Ca-6AtXNZN-AYMpLYd8.roa
File:                     AGCjlep1Ca-6AtXNZN-AYMpLYd8.roa (raw, json)
Hash identifier:          eSOZRz75i1apXYI1R8A5tHk6ae5ysQQRz/gxl2iy1Iw=
Subject key identifier:   00:60:A3:95:EA:75:09:AF:BA:02:D5:CD:64:DF:80:60:CA:4B:61:DF
Certificate issuer:       /CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
Certificate serial:       018CC801F8C7B7018FBE3783CC47ABF44BDB
Authority key identifier: 9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/AGCjlep1Ca-6AtXNZN-AYMpLYd8.roa
Signing time:             Tue 02 Jan 2024 02:30:21 +0000
ROA not before:           Tue 02 Jan 2024 02:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6830
IP address blocks:        195.13.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:f8:c7:b7:01:8f:be:37:83:cc:47:ab:f4:4b:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
        Validity
            Not Before: Jan  2 02:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0060a395ea7509afba02d5cd64df8060ca4b61df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e7:3b:90:d6:35:24:77:71:26:1a:5f:4a:2b:
                    04:eb:42:1d:fb:d9:4a:f1:ac:2a:5d:1a:bc:e9:2d:
                    67:c8:46:ec:87:af:9b:56:77:1b:65:d7:14:b4:db:
                    b0:eb:45:44:72:a0:e0:90:ea:4e:ec:e3:af:23:ce:
                    6f:75:6f:c3:bc:0b:9b:65:4e:a8:ed:a8:ee:58:9c:
                    4d:96:3f:83:8a:c8:3b:f6:f3:f5:6f:70:e2:9e:b9:
                    25:ce:52:03:2d:56:4d:14:59:d3:9e:20:a5:e7:ed:
                    1d:b9:0a:7b:3b:3b:7e:db:5b:51:d9:8d:b7:97:f3:
                    a2:ab:1f:7c:27:72:40:45:44:a8:7e:31:6c:5a:d3:
                    ab:98:c4:25:d5:58:a9:e4:17:24:b5:d5:f6:b4:7f:
                    34:aa:62:bb:e2:aa:92:0c:e1:41:7f:09:6e:59:60:
                    a9:1a:3f:94:6a:b7:d7:42:02:14:1f:e4:58:3a:42:
                    94:55:d4:7d:90:07:38:cc:58:d4:63:24:52:02:48:
                    8e:ee:7a:d9:52:c1:dd:a0:87:d1:fd:50:d6:75:73:
                    83:5d:ef:57:88:7c:80:ac:bd:4c:77:a7:f9:dc:dd:
                    7c:f2:72:18:15:44:50:3d:86:94:9c:c1:11:c3:c2:
                    3d:af:76:5d:88:a4:be:95:b6:ec:19:ce:fb:bb:34:
                    01:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:60:A3:95:EA:75:09:AF:BA:02:D5:CD:64:DF:80:60:CA:4B:61:DF
            X509v3 Authority Key Identifier:
                keyid:9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/AGCjlep1Ca-6AtXNZN-AYMpLYd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.13.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:d9:a5:79:32:a2:40:1a:4d:f2:88:9b:d7:b4:ef:4a:d0:43:
         bf:73:f4:64:fc:5e:19:b2:52:c9:34:2c:0a:45:eb:bc:26:82:
         a8:88:3c:a4:f5:00:67:f4:44:fd:b1:c3:f8:52:a7:25:47:de:
         c1:c5:71:f7:58:cb:70:8f:33:4c:bc:12:5a:74:a1:06:53:5a:
         fa:9a:00:fc:f0:39:a9:d9:6b:a2:48:a6:70:97:50:35:8a:e9:
         89:a7:af:bf:77:52:b1:41:26:31:92:c3:6a:b7:3e:ad:fb:52:
         5c:24:f5:d4:f9:ca:eb:72:d8:e3:57:87:5b:4d:fe:5a:35:a2:
         8d:18:9b:93:c3:fd:00:bd:b1:47:11:8f:49:50:d8:0b:02:79:
         80:73:e6:95:58:e0:c4:9e:12:bd:9f:c0:69:1c:d7:e2:6f:d7:
         9d:e3:2c:2a:bf:1e:24:11:c9:8b:0a:1b:ae:1d:17:03:62:79:
         e1:90:2c:e8:a1:0c:c3:d1:05:8b:d1:3e:e3:d1:f4:74:91:3a:
         0c:c1:a3:1e:0d:ee:b4:85:38:92:7f:c3:6a:6c:2a:a7:c0:19:
         87:af:ef:b1:2a:cf:c6:92:bb:a2:63:82:ad:0f:63:33:6b:64:
         d4:b1:4e:c9:ab:a6:25:f3:27:0a:c1:60:18:a6:9a:63:55:fa:
         af:5c:97:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAfjHtwGPvjeDzEer9EvbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMzUzM2Q2NjJjM2YwZDZiYjFlNjkyZjNmYWI2ZDdiYTM4
MjRjMjgwHhcNMjQwMTAyMDIzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDYwYTM5NWVhNzUwOWFmYmEwMmQ1Y2Q2NGRmODA2MGNhNGI2MWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOc7kNY1JHdxJhpfSisE60Id+9lK
8awqXRq86S1nyEbsh6+bVncbZdcUtNuw60VEcqDgkOpO7OOvI85vdW/DvAubZU6o
7ajuWJxNlj+Disg79vP1b3DinrklzlIDLVZNFFnTniCl5+0duQp7Ozt+21tR2Y23
l/Oiqx98J3JARUSofjFsWtOrmMQl1Vip5BcktdX2tH80qmK74qqSDOFBfwluWWCp
Gj+UarfXQgIUH+RYOkKUVdR9kAc4zFjUYyRSAkiO7nrZUsHdoIfR/VDWdXODXe9X
iHyArL1Md6f53N188nIYFURQPYaUnMERw8I9r3ZdiKS+lbbsGc77uzQBDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABgo5XqdQmvugLVzWTfgGDKS2HfMB8GA1UdIwQY
MBaAFJ41M9Ziw/DWux5pLz+rbXujgkwoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUt
YTc4MzQxMzA5OWQzLzEvQUdDamxlcDFDYS02QXRYTlpOLUFZTXBMWWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUtYTc4MzQxMzA5OWQz
LzEvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAww09MA0G
CSqGSIb3DQEBCwUAA4IBAQB/2aV5MqJAGk3yiJvXtO9K0EO/c/Rk/F4ZslLJNCwK
Reu8JoKoiDyk9QBn9ET9scP4UqclR97BxXH3WMtwjzNMvBJadKEGU1r6mgD88Dmp
2WuiSKZwl1A1iumJp6+/d1KxQSYxksNqtz6t+1JcJPXU+crrctjjV4dbTf5aNaKN
GJuTw/0AvbFHEY9JUNgLAnmAc+aVWODEnhK9n8BpHNfib9ed4ywqvx4kEcmLChuu
HRcDYnnhkCzooQzD0QWL0T7j0fR0kToMwaMeDe60hTiSf8NqbCqnwBmHr++xKs/G
kruiY4KtD2Mza2TUsU7Jq6Yl8ycKwWAYpppjVfqvXJcE
-----END CERTIFICATE-----