Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/bf6049-8d1d-4be8-9f57-8bab78de32c9/1/Agk2D06VqRUbO7v0GpJ_JkYYb4M.roa
File:                     Agk2D06VqRUbO7v0GpJ_JkYYb4M.roa (raw, json)
Hash identifier:          O6WPtMiOK2SOTXUmqCXkXb9yRh+TDpKF9+wILtvrvfU=
Subject key identifier:   02:09:36:0F:4E:95:A9:15:1B:3B:BB:F4:1A:92:7F:26:46:18:6F:83
Certificate issuer:       /CN=02807e0863103f0912e7e0247811d167797d8107
Certificate serial:       018CC26D43800E886C4DE304AAB1D1A931A9
Authority key identifier: 02:80:7E:08:63:10:3F:09:12:E7:E0:24:78:11:D1:67:79:7D:81:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AoB-CGMQPwkS5-AkeBHRZ3l9gQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/bf6049-8d1d-4be8-9f57-8bab78de32c9/1/Agk2D06VqRUbO7v0GpJ_JkYYb4M.roa
Signing time:             Mon 01 Jan 2024 00:29:49 +0000
ROA not before:           Mon 01 Jan 2024 00:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57794
IP address blocks:        213.108.88.0/21 maxlen: 21
                          213.108.88.0/22 maxlen: 22
                          213.108.92.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/bf6049-8d1d-4be8-9f57-8bab78de32c9/1/AoB-CGMQPwkS5-AkeBHRZ3l9gQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/bf6049-8d1d-4be8-9f57-8bab78de32c9/1/AoB-CGMQPwkS5-AkeBHRZ3l9gQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AoB-CGMQPwkS5-AkeBHRZ3l9gQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:43:80:0e:88:6c:4d:e3:04:aa:b1:d1:a9:31:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02807e0863103f0912e7e0247811d167797d8107
        Validity
            Not Before: Jan  1 00:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0209360f4e95a9151b3bbbf41a927f2646186f83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:9d:c7:c2:fb:47:d8:73:09:cd:5a:3a:9b:cb:
                    8d:33:10:f8:c6:d1:52:a7:ba:22:9d:3a:f8:66:b9:
                    62:4c:cd:46:a4:58:6a:37:2b:44:2b:8f:42:5d:a9:
                    32:8c:f9:58:27:7a:f6:5a:c2:f1:da:91:39:6a:06:
                    13:60:43:17:54:c1:5a:7b:da:d0:d2:97:00:41:d7:
                    4c:ea:8c:88:04:a0:ff:eb:af:40:2b:14:16:63:aa:
                    7e:dc:c8:87:9c:d3:52:b4:ac:c1:0b:41:8b:a9:93:
                    ff:5c:14:24:97:83:38:a1:d5:3c:22:7c:22:92:e6:
                    2c:3b:5d:16:83:7f:3c:f6:be:f5:90:76:65:df:db:
                    8f:ba:d4:60:8f:23:f6:63:4c:88:7b:be:55:d6:82:
                    02:5d:5a:87:2d:45:95:2a:70:9e:5a:ca:10:cc:cc:
                    76:8c:97:81:c6:f8:c7:c4:eb:ea:8e:7c:34:ab:ef:
                    fd:9e:f5:f7:1a:d1:0d:cc:8b:35:4e:07:bf:d0:eb:
                    9a:e2:f5:b0:b1:2f:63:ca:f2:c4:ff:6e:b3:cc:93:
                    43:72:69:83:fa:99:5b:c8:81:b5:38:6f:43:14:0c:
                    7b:e8:53:09:11:77:6a:10:97:e3:b0:ed:36:ef:50:
                    9f:10:4a:a7:0f:a5:50:63:ed:06:7f:5c:c1:2a:de:
                    50:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:09:36:0F:4E:95:A9:15:1B:3B:BB:F4:1A:92:7F:26:46:18:6F:83
            X509v3 Authority Key Identifier:
                keyid:02:80:7E:08:63:10:3F:09:12:E7:E0:24:78:11:D1:67:79:7D:81:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AoB-CGMQPwkS5-AkeBHRZ3l9gQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/bf6049-8d1d-4be8-9f57-8bab78de32c9/1/Agk2D06VqRUbO7v0GpJ_JkYYb4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/bf6049-8d1d-4be8-9f57-8bab78de32c9/1/AoB-CGMQPwkS5-AkeBHRZ3l9gQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.108.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0f:61:8c:e9:66:3b:5b:7d:b1:23:00:76:47:0a:50:e0:5f:5c:
         cf:56:23:0d:7c:b5:cc:a8:de:ce:68:1f:08:34:4e:74:aa:ea:
         d4:5d:5c:86:ef:b5:12:92:53:bb:28:90:87:6c:28:01:d2:8c:
         7b:b8:95:fa:d9:6b:f4:3f:b8:b0:8d:e7:80:83:25:ac:93:20:
         6e:82:0c:45:36:2f:0a:83:bb:01:4a:9f:cc:ad:02:ab:46:16:
         26:87:a3:3b:2f:8a:6c:53:2c:06:d0:1a:31:44:72:e1:20:c4:
         8e:44:ea:2b:95:19:0e:6c:99:60:89:62:c5:81:5f:f7:36:53:
         0d:e4:59:42:cd:2c:2f:da:6b:e8:5e:99:f4:7b:1b:6f:ba:b8:
         97:87:34:cf:3d:d9:3e:cf:8f:f5:9b:f3:4c:9c:94:d9:d4:30:
         6a:2e:60:a3:49:ad:5f:b6:a0:d2:75:ad:15:4b:9c:9f:9e:c8:
         fb:9d:1e:a3:e7:30:66:ec:df:9c:5b:74:f2:74:9e:c9:9d:65:
         2c:c1:56:b0:1c:e6:ca:0b:c8:15:d8:e4:b4:f5:1a:a5:cd:8c:
         25:da:80:94:78:1f:77:b7:1e:c6:0e:ad:40:4f:8d:b6:37:e9:
         78:75:b8:61:11:f1:da:4f:77:bc:78:de:87:e5:16:52:f2:d8:
         86:03:c0:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbUOADohsTeMEqrHRqTGpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyODA3ZTA4NjMxMDNmMDkxMmU3ZTAyNDc4MTFkMTY3Nzk3
ZDgxMDcwHhcNMjQwMTAxMDAyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjA5MzYwZjRlOTVhOTE1MWIzYmJiZjQxYTkyN2YyNjQ2MTg2ZjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi53HwvtH2HMJzVo6m8uNMxD4xtFS
p7oinTr4ZrliTM1GpFhqNytEK49CXakyjPlYJ3r2WsLx2pE5agYTYEMXVMFae9rQ
0pcAQddM6oyIBKD/669AKxQWY6p+3MiHnNNStKzBC0GLqZP/XBQkl4M4odU8Inwi
kuYsO10Wg3889r71kHZl39uPutRgjyP2Y0yIe75V1oICXVqHLUWVKnCeWsoQzMx2
jJeBxvjHxOvqjnw0q+/9nvX3GtENzIs1Tge/0Oua4vWwsS9jyvLE/26zzJNDcmmD
+plbyIG1OG9DFAx76FMJEXdqEJfjsO0271CfEEqnD6VQY+0Gf1zBKt5QMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAIJNg9OlakVGzu79BqSfyZGGG+DMB8GA1UdIwQY
MBaAFAKAfghjED8JEufgJHgR0Wd5fYEHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQW9CLUNHTVFQd2tTNS1Ba2VCSFJaM2w5Z1FjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9iZjYwNDktOGQxZC00YmU4LTlmNTct
OGJhYjc4ZGUzMmM5LzEvQWdrMkQwNlZxUlViTzd2MEdwSl9Ka1lZYjRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9iZjYwNDktOGQxZC00YmU4LTlmNTctOGJhYjc4ZGUzMmM5
LzEvQW9CLUNHTVFQd2tTNS1Ba2VCSFJaM2w5Z1FjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD1WxYMA0G
CSqGSIb3DQEBCwUAA4IBAQAPYYzpZjtbfbEjAHZHClDgX1zPViMNfLXMqN7OaB8I
NE50qurUXVyG77USklO7KJCHbCgB0ox7uJX62Wv0P7iwjeeAgyWskyBuggxFNi8K
g7sBSp/MrQKrRhYmh6M7L4psUywG0BoxRHLhIMSOROorlRkObJlgiWLFgV/3NlMN
5FlCzSwv2mvoXpn0extvuriXhzTPPdk+z4/1m/NMnJTZ1DBqLmCjSa1ftqDSda0V
S5yfnsj7nR6j5zBm7N+cW3TydJ7JnWUswVawHObKC8gV2OS09RqlzYwl2oCUeB93
tx7GDq1AT422N+l4dbhhEfHaT3e8eN6H5RZS8tiGA8Dw
-----END CERTIFICATE-----