Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/AARgwg4WL8S4psOIZuvEMDfdKh0.roa
File:                     AARgwg4WL8S4psOIZuvEMDfdKh0.roa (raw, json)
Hash identifier:          eHISdkJeeHjF07hd4tGeXYxukmgEvyrIbqCBPyK73Rc=
Subject key identifier:   00:04:60:C2:0E:16:2F:C4:B8:A6:C3:88:66:EB:C4:30:37:DD:2A:1D
Certificate issuer:       /CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
Certificate serial:       018CC425357F720C98A426F0A68D25B6D2DD
Authority key identifier: D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/AARgwg4WL8S4psOIZuvEMDfdKh0.roa
Signing time:             Mon 01 Jan 2024 08:30:22 +0000
ROA not before:           Mon 01 Jan 2024 08:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212337
IP address blocks:        91.220.171.0/24 maxlen: 24
                          185.106.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:35:7f:72:0c:98:a4:26:f0:a6:8d:25:b6:d2:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
        Validity
            Not Before: Jan  1 08:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=000460c20e162fc4b8a6c38866ebc43037dd2a1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:37:fe:be:0e:c4:13:a5:0f:a8:fb:e9:20:69:
                    fa:a1:82:f6:50:6d:d9:6a:b0:3f:0a:21:84:c2:0c:
                    63:f1:29:db:3d:b3:f1:f7:bf:43:01:29:ac:48:c8:
                    e0:70:a8:18:6f:bd:fd:3a:fa:b0:2c:0c:49:4d:6b:
                    8b:70:a5:c9:e3:1e:b3:db:88:f5:ee:98:73:6c:34:
                    5d:39:29:9c:9e:92:52:d3:8f:b8:4f:5a:32:66:26:
                    82:fa:b0:1d:12:1f:3c:1c:fc:f0:c0:e6:d5:69:ef:
                    30:ad:cd:f1:78:1a:a8:e1:bd:ca:fe:fe:0f:e6:a4:
                    f3:94:ae:8d:92:c1:b5:88:d5:73:fc:14:3c:89:6f:
                    dc:c4:bc:f4:13:77:9d:f4:39:a2:c3:bc:28:e0:f9:
                    ef:8a:ee:b7:29:7f:2e:50:b0:bf:00:ea:de:d9:36:
                    92:b0:49:2c:c1:c8:b2:3b:ef:a8:41:ef:4d:60:8e:
                    47:75:26:bf:5d:74:39:bd:f4:fd:89:f7:22:e3:b4:
                    69:89:4d:ab:35:2d:d8:b1:0f:0d:64:2b:f7:5d:eb:
                    e9:22:0d:be:3b:a2:44:c7:c1:18:94:0b:03:b8:05:
                    dd:7f:b1:31:bf:2a:6b:db:fb:2d:2e:6a:cf:cb:94:
                    94:c7:fb:af:2e:de:46:a4:3f:50:36:a4:22:74:ae:
                    44:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:04:60:C2:0E:16:2F:C4:B8:A6:C3:88:66:EB:C4:30:37:DD:2A:1D
            X509v3 Authority Key Identifier:
                keyid:D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/AARgwg4WL8S4psOIZuvEMDfdKh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.171.0/24
                  185.106.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:93:3c:b7:73:1c:60:80:e2:61:3e:ae:72:93:3a:5c:dc:0c:
         fe:95:e2:5f:7d:83:33:1c:0d:47:82:bf:34:94:54:cd:e2:1f:
         07:5f:89:9e:e2:d6:f7:7c:43:3b:62:b7:00:06:83:b3:7f:4d:
         50:57:44:ed:57:2a:e3:57:b2:8f:eb:c8:b9:06:78:86:16:eb:
         a1:73:f8:42:fa:74:95:eb:7b:c9:c1:ea:86:02:02:2c:5d:bd:
         19:30:5a:5b:20:2b:32:6e:bd:29:ad:8f:27:5f:d5:b4:ea:d3:
         32:24:d0:7b:42:65:e7:d7:a6:0d:7a:27:a7:5f:c4:f3:e5:64:
         53:ed:c5:69:81:bb:29:ae:d7:2f:b3:bf:8c:1d:99:f2:cc:ac:
         23:f6:39:d8:80:48:10:33:b6:03:eb:8a:02:98:d3:1d:11:38:
         51:2b:53:3a:5a:ce:c1:25:39:e7:37:e7:53:57:32:82:10:49:
         8d:55:6d:1b:08:39:09:9b:27:d7:d0:b1:21:da:0c:a9:34:93:
         a6:04:8e:d1:2b:69:15:19:23:84:a2:d3:03:de:c9:da:af:85:
         d6:f3:de:d6:fa:06:75:f6:b3:7d:10:25:5d:fb:6a:c5:a7:65:
         b6:d4:d7:f0:8c:b5:a8:4e:ea:4e:7c:0c:28:c4:60:9c:43:31:
         a2:6a:90:a3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJTV/cgyYpCbwpo0lttLdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNjAwY2JhZmQyNmZlZTUwNjRmYzg5ZjMwMWRmYzhlM2Mx
ZDNjYTUwHhcNMjQwMTAxMDgzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDA0NjBjMjBlMTYyZmM0YjhhNmMzODg2NmViYzQzMDM3ZGQyYTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDf+vg7EE6UPqPvpIGn6oYL2UG3Z
arA/CiGEwgxj8SnbPbPx979DASmsSMjgcKgYb739OvqwLAxJTWuLcKXJ4x6z24j1
7phzbDRdOSmcnpJS04+4T1oyZiaC+rAdEh88HPzwwObVae8wrc3xeBqo4b3K/v4P
5qTzlK6NksG1iNVz/BQ8iW/cxLz0E3ed9Dmiw7wo4Pnviu63KX8uULC/AOre2TaS
sEkswciyO++oQe9NYI5HdSa/XXQ5vfT9ifci47RpiU2rNS3YsQ8NZCv3XevpIg2+
O6JEx8EYlAsDuAXdf7Exvypr2/stLmrPy5SUx/uvLt5GpD9QNqQidK5EdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAAEYMIOFi/EuKbDiGbrxDA33SodMB8GA1UdIwQY
MBaAFNNgDLr9Jv7lBk/InzAd/I48HTylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmIt
MWM2ODBhZGY3YTI2LzEvQUFSZ3dnNFdMOFM0cHNPSVp1dkVNRGZkS2gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmItMWM2ODBhZGY3YTI2
LzEvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9yrAwQA
uWolMA0GCSqGSIb3DQEBCwUAA4IBAQBXkzy3cxxggOJhPq5ykzpc3Az+leJffYMz
HA1Hgr80lFTN4h8HX4me4tb3fEM7YrcABoOzf01QV0TtVyrjV7KP68i5BniGFuuh
c/hC+nSV63vJweqGAgIsXb0ZMFpbICsybr0prY8nX9W06tMyJNB7QmXn16YNeien
X8Tz5WRT7cVpgbsprtcvs7+MHZnyzKwj9jnYgEgQM7YD64oCmNMdEThRK1M6Ws7B
JTnnN+dTVzKCEEmNVW0bCDkJmyfX0LEh2gypNJOmBI7RK2kVGSOEotMD3snar4XW
897W+gZ19rN9ECVd+2rFp2W21NfwjLWoTupOfAwoxGCcQzGiapCj
-----END CERTIFICATE-----