Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/agHw5j73hh3S8gaVYMcMrZCuJN0.roa
File:                     agHw5j73hh3S8gaVYMcMrZCuJN0.roa (raw, json)
Hash identifier:          ai5olFnMzKUwv5YcWrLDzcxfH3cynFgeTCnIGgyJG+I=
Subject key identifier:   6A:01:F0:E6:3E:F7:86:1D:D2:F2:06:95:60:C7:0C:AD:90:AE:24:DD
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       018CC6B7B4291734AE5B935DE578C4554A12
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/agHw5j73hh3S8gaVYMcMrZCuJN0.roa
Signing time:             Mon 01 Jan 2024 20:29:37 +0000
ROA not before:           Mon 01 Jan 2024 20:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        185.196.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b4:29:17:34:ae:5b:93:5d:e5:78:c4:55:4a:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 20:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a01f0e63ef7861dd2f2069560c70cad90ae24dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:0d:7a:12:d6:67:f8:10:48:3a:8c:51:db:c3:
                    53:93:92:f9:ae:e5:34:ee:c5:81:82:88:fd:47:ff:
                    cd:d4:07:f7:4b:db:7e:3a:33:12:38:0e:f7:9d:ef:
                    d6:96:30:e5:33:92:3e:26:f9:f3:2b:e4:7f:33:3d:
                    5b:6f:bb:84:eb:70:f3:ec:da:1e:59:0b:09:35:64:
                    63:08:54:e8:81:1e:14:0e:c0:84:3f:a2:e9:1b:08:
                    52:43:33:5a:84:8d:ea:50:51:71:af:65:53:d9:3d:
                    a5:9a:58:55:df:ea:bd:3a:26:9c:16:6b:96:b8:33:
                    48:75:43:3a:08:b1:5e:3c:f9:e9:e5:a0:17:0a:b5:
                    68:e8:88:ac:8d:8d:78:55:dd:03:0c:c9:66:a4:b5:
                    09:ab:b4:92:9b:ac:f4:a7:fc:86:b7:6a:ea:18:df:
                    1c:73:a5:56:76:6c:93:0e:09:18:ba:86:65:c2:30:
                    a5:67:fd:79:52:a0:de:d8:01:1f:c1:47:b2:07:75:
                    8c:73:72:e8:68:fd:85:f4:66:13:b8:ed:30:b2:3d:
                    e9:59:cc:e0:31:4f:b9:66:d7:17:94:b8:6a:53:51:
                    06:ba:4e:94:de:b8:2d:ae:5e:b9:8d:72:c7:94:af:
                    19:2c:79:e3:16:2f:13:44:53:02:b7:d5:af:b8:38:
                    35:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:01:F0:E6:3E:F7:86:1D:D2:F2:06:95:60:C7:0C:AD:90:AE:24:DD
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/agHw5j73hh3S8gaVYMcMrZCuJN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:c8:ed:03:55:19:ec:73:64:43:fd:69:30:0a:39:e2:85:f6:
         48:74:1d:d7:74:27:f7:36:24:44:49:f7:45:aa:69:12:5e:b6:
         4d:a6:38:22:11:3e:2d:7f:eb:ad:1e:69:36:a7:4d:4b:e4:d1:
         88:8b:c0:cf:6b:b1:c7:74:3d:86:71:0a:4f:6f:0d:10:ad:da:
         a4:2c:13:39:0c:f7:4c:c8:7e:67:37:87:4a:25:83:88:b2:a7:
         ba:76:0f:37:20:8d:15:f9:6d:b5:db:42:4e:c8:09:a2:cf:53:
         eb:a1:3b:2f:df:f2:c3:ce:bf:b1:51:09:4f:65:b2:63:11:26:
         9f:6c:01:b6:16:fd:65:50:ae:58:18:6a:4d:7c:89:36:85:d2:
         0b:8a:fd:d7:1e:66:60:ba:be:65:cd:28:e8:c4:7e:ba:24:cb:
         0f:ee:5f:ff:c8:a5:19:3d:a0:11:8e:b0:f2:fb:8c:36:a6:cb:
         c2:cc:ee:4a:f3:ca:df:e9:59:0b:30:40:5b:20:93:e3:28:80:
         e0:ce:f3:89:6f:aa:3f:75:ea:bb:e5:64:5d:b6:4f:39:89:43:
         5f:d5:07:3a:1e:05:ba:46:e6:32:bd:d2:ec:43:39:e4:6c:c4:
         6d:4f:e0:84:23:f7:b8:1b:d1:a9:47:ee:15:21:5f:3f:52:1b:
         d4:ca:1c:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt7QpFzSuW5Nd5XjEVUoSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwMTAxMjAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTAxZjBlNjNlZjc4NjFkZDJmMjA2OTU2MGM3MGNhZDkwYWUyNGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkg16EtZn+BBIOoxR28NTk5L5ruU0
7sWBgoj9R//N1Af3S9t+OjMSOA73ne/WljDlM5I+JvnzK+R/Mz1bb7uE63Dz7Noe
WQsJNWRjCFTogR4UDsCEP6LpGwhSQzNahI3qUFFxr2VT2T2lmlhV3+q9OiacFmuW
uDNIdUM6CLFePPnp5aAXCrVo6IisjY14Vd0DDMlmpLUJq7SSm6z0p/yGt2rqGN8c
c6VWdmyTDgkYuoZlwjClZ/15UqDe2AEfwUeyB3WMc3LoaP2F9GYTuO0wsj3pWczg
MU+5ZtcXlLhqU1EGuk6U3rgtrl65jXLHlK8ZLHnjFi8TRFMCt9WvuDg12QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGoB8OY+94Yd0vIGlWDHDK2QriTdMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvYWdIdzVqNzNoaDNTOGdhVllNY01yWkN1Sk4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucR1MA0G
CSqGSIb3DQEBCwUAA4IBAQC5yO0DVRnsc2RD/WkwCjnihfZIdB3XdCf3NiRESfdF
qmkSXrZNpjgiET4tf+utHmk2p01L5NGIi8DPa7HHdD2GcQpPbw0QrdqkLBM5DPdM
yH5nN4dKJYOIsqe6dg83II0V+W2120JOyAmiz1ProTsv3/LDzr+xUQlPZbJjESaf
bAG2Fv1lUK5YGGpNfIk2hdILiv3XHmZgur5lzSjoxH66JMsP7l//yKUZPaARjrDy
+4w2psvCzO5K88rf6VkLMEBbIJPjKIDgzvOJb6o/deq75WRdtk85iUNf1Qc6HgW6
RuYyvdLsQznkbMRtT+CEI/e4G9GpR+4VIV8/UhvUyhzj
-----END CERTIFICATE-----