Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/924c77-b283-4a52-9094-11f1b5a4b0dc/1/AwgHOO97IxH12Fkwi0qfc9bi2ZA.roa
File:                     AwgHOO97IxH12Fkwi0qfc9bi2ZA.roa (raw, json)
Hash identifier:          vVBkE8+IxSR6quTO4XirhU5FqvP1/6MWYuaOM/opzFI=
Subject key identifier:   03:08:07:38:EF:7B:23:11:F5:D8:59:30:8B:4A:9F:73:D6:E2:D9:90
Certificate issuer:       /CN=40cb59a418eadfa5dc869f56f1847fb25d987fc6
Certificate serial:       018CC2DAC1C74E903741FE300E0638556A31
Authority key identifier: 40:CB:59:A4:18:EA:DF:A5:DC:86:9F:56:F1:84:7F:B2:5D:98:7F:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QMtZpBjq36Xchp9W8YR_sl2Yf8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/924c77-b283-4a52-9094-11f1b5a4b0dc/1/AwgHOO97IxH12Fkwi0qfc9bi2ZA.roa
Signing time:             Mon 01 Jan 2024 02:29:25 +0000
ROA not before:           Mon 01 Jan 2024 02:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29075
IP address blocks:        185.18.172.0/22 maxlen: 22
                          45.140.103.0/24 maxlen: 24
                          2a04:cc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/924c77-b283-4a52-9094-11f1b5a4b0dc/1/QMtZpBjq36Xchp9W8YR_sl2Yf8Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/924c77-b283-4a52-9094-11f1b5a4b0dc/1/QMtZpBjq36Xchp9W8YR_sl2Yf8Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QMtZpBjq36Xchp9W8YR_sl2Yf8Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c1:c7:4e:90:37:41:fe:30:0e:06:38:55:6a:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40cb59a418eadfa5dc869f56f1847fb25d987fc6
        Validity
            Not Before: Jan  1 02:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03080738ef7b2311f5d859308b4a9f73d6e2d990
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:01:a9:a6:57:86:16:07:f0:4f:04:a7:62:29:
                    73:8d:91:52:af:29:64:59:89:fe:a2:6e:14:cf:9e:
                    3a:9a:b2:24:fd:5e:4f:e3:ef:06:fe:e5:fa:ac:15:
                    94:b1:46:38:95:1a:b6:a0:78:e8:cd:4b:0a:d6:19:
                    e4:f1:5a:69:d1:ce:ad:6f:41:77:1e:5f:8e:02:6d:
                    b9:dd:4c:be:35:dc:99:46:7f:c2:f1:7a:8b:16:e4:
                    8e:35:9c:c3:1e:f0:fc:69:ad:5d:e9:87:54:c8:d1:
                    5d:6d:73:17:f4:6a:40:5c:bd:d7:53:97:89:5a:1f:
                    6c:8e:fd:7d:8b:c1:e9:1c:65:31:0f:b3:9f:e2:e6:
                    c9:65:9f:71:72:0f:ae:f1:0f:e9:ef:ca:2d:e6:a7:
                    7f:9e:9f:b2:35:0a:89:ef:f0:0b:83:88:85:57:f7:
                    13:78:68:9c:07:c0:57:dc:02:5c:bb:05:21:b7:c3:
                    32:05:26:7c:08:d6:87:77:4e:db:e5:0f:d2:7d:7f:
                    49:dc:2e:24:58:51:0a:9c:59:77:25:53:a5:10:28:
                    23:92:ad:29:be:df:8a:0e:85:22:ca:73:0d:e4:3b:
                    89:60:f0:ef:df:07:69:5a:3d:de:f1:3f:a9:e2:6c:
                    2e:f0:a3:27:c2:6f:51:81:60:69:67:dc:e4:0d:b7:
                    a9:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:08:07:38:EF:7B:23:11:F5:D8:59:30:8B:4A:9F:73:D6:E2:D9:90
            X509v3 Authority Key Identifier:
                keyid:40:CB:59:A4:18:EA:DF:A5:DC:86:9F:56:F1:84:7F:B2:5D:98:7F:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QMtZpBjq36Xchp9W8YR_sl2Yf8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/924c77-b283-4a52-9094-11f1b5a4b0dc/1/AwgHOO97IxH12Fkwi0qfc9bi2ZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/924c77-b283-4a52-9094-11f1b5a4b0dc/1/QMtZpBjq36Xchp9W8YR_sl2Yf8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.103.0/24
                  185.18.172.0/22
                IPv6:
                  2a04:cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         54:62:32:5d:5b:6c:72:8c:bb:43:1d:f5:a0:e3:b9:eb:c4:bd:
         7f:aa:85:e1:c9:9e:9a:31:6d:fa:86:01:c5:c5:11:f7:0c:e9:
         9f:72:ac:ab:71:39:ad:a2:a2:e4:4d:ba:99:5d:c8:e1:12:c1:
         d8:10:47:6a:30:9a:5e:54:fa:4c:ce:ba:23:28:98:aa:6b:57:
         b3:66:22:a9:3d:ee:6d:a6:3a:54:8e:96:a8:09:3a:c2:e2:78:
         1d:59:f8:4f:12:fc:db:2d:b3:c7:8f:f9:35:9b:ce:20:5a:a5:
         bd:fa:03:6e:75:1e:83:eb:e6:40:41:05:80:28:3d:0c:1d:f7:
         93:39:8b:a1:6c:56:e0:e5:fc:3b:0f:89:fb:88:c0:01:e8:bb:
         cf:19:06:2d:e8:3a:86:d3:ed:92:c5:21:72:d1:08:fc:8f:2b:
         bd:87:e9:88:68:5e:e1:65:26:58:b2:e9:9a:52:33:16:af:f1:
         95:48:a1:71:d3:06:4b:1d:5c:fd:5d:8d:38:b7:3f:12:3b:8b:
         ae:28:3d:94:b9:24:7f:51:82:ed:24:60:d4:05:15:0c:bf:5b:
         68:20:e9:2a:0d:3c:4e:f2:7f:c6:4b:59:f9:9b:9f:df:62:ce:
         db:65:cc:2f:c7:64:7f:90:44:ff:50:9a:ce:e0:8f:f9:2c:b4:
         ae:1d:e9:43
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzC2sHHTpA3Qf4wDgY4VWoxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwY2I1OWE0MThlYWRmYTVkYzg2OWY1NmYxODQ3ZmIyNWQ5
ODdmYzYwHhcNMjQwMTAxMDIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzA4MDczOGVmN2IyMzExZjVkODU5MzA4YjRhOWY3M2Q2ZTJkOTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQGppleGFgfwTwSnYilzjZFSrylk
WYn+om4Uz546mrIk/V5P4+8G/uX6rBWUsUY4lRq2oHjozUsK1hnk8Vpp0c6tb0F3
Hl+OAm253Uy+NdyZRn/C8XqLFuSONZzDHvD8aa1d6YdUyNFdbXMX9GpAXL3XU5eJ
Wh9sjv19i8HpHGUxD7Of4ubJZZ9xcg+u8Q/p78ot5qd/np+yNQqJ7/ALg4iFV/cT
eGicB8BX3AJcuwUht8MyBSZ8CNaHd07b5Q/SfX9J3C4kWFEKnFl3JVOlECgjkq0p
vt+KDoUiynMN5DuJYPDv3wdpWj3e8T+p4mwu8KMnwm9RgWBpZ9zkDbepTwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAMIBzjveyMR9dhZMItKn3PW4tmQMB8GA1UdIwQY
MBaAFEDLWaQY6t+l3IafVvGEf7JdmH/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU10WnBCanEzNlhjaHA5VzhZUl9zbDJZZjhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My85MjRjNzctYjI4My00YTUyLTkwOTQt
MTFmMWI1YTRiMGRjLzEvQXdnSE9POTdJeEgxMkZrd2kwcWZjOWJpMlpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My85MjRjNzctYjI4My00YTUyLTkwOTQtMTFmMWI1YTRiMGRj
LzEvUU10WnBCanEzNlhjaHA5VzhZUl9zbDJZZjhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALYxnAwQC
uRKsMA0EAgACMAcDBQMqBAzAMA0GCSqGSIb3DQEBCwUAA4IBAQBUYjJdW2xyjLtD
HfWg47nrxL1/qoXhyZ6aMW36hgHFxRH3DOmfcqyrcTmtoqLkTbqZXcjhEsHYEEdq
MJpeVPpMzrojKJiqa1ezZiKpPe5tpjpUjpaoCTrC4ngdWfhPEvzbLbPHj/k1m84g
WqW9+gNudR6D6+ZAQQWAKD0MHfeTOYuhbFbg5fw7D4n7iMAB6LvPGQYt6DqG0+2S
xSFy0Qj8jyu9h+mIaF7hZSZYsumaUjMWr/GVSKFx0wZLHVz9XY04tz8SO4uuKD2U
uSR/UYLtJGDUBRUMv1toIOkqDTxO8n/GS1n5m5/fYs7bZcwvx2R/kET/UJrO4I/5
LLSuHelD
-----END CERTIFICATE-----