Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/AG97hJvhy0UeDTt3HIas70L9MWQ.roa
File:                     AG97hJvhy0UeDTt3HIas70L9MWQ.roa (raw, json)
Hash identifier:          CpGaF4KcigctK1KLFQXtXWhD0jjodHuaq3LolhI5NC8=
Subject key identifier:   00:6F:7B:84:9B:E1:CB:45:1E:0D:3B:77:1C:86:AC:EF:42:FD:31:64
Certificate issuer:       /CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
Certificate serial:       019424B3916A2D46B8F8AC4AC11B24CF9C6D
Authority key identifier: D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/AG97hJvhy0UeDTt3HIas70L9MWQ.roa
Signing time:             Thu 02 Jan 2025 01:48:55 +0000
ROA not before:           Thu 02 Jan 2025 01:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212337
IP address blocks:        91.220.171.0/24 maxlen: 24
                          185.106.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:91:6a:2d:46:b8:f8:ac:4a:c1:1b:24:cf:9c:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
        Validity
            Not Before: Jan  2 01:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=006f7b849be1cb451e0d3b771c86acef42fd3164
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:5b:49:5d:35:92:50:81:1a:32:bd:99:5c:4a:
                    ea:8b:bf:29:9b:4b:da:f2:14:2e:7e:3c:b2:04:06:
                    6d:3d:bc:d4:3a:90:f8:fe:ac:cf:43:85:9f:4e:19:
                    db:08:3a:e0:46:95:24:a6:4f:76:65:8c:36:e8:0a:
                    64:b2:db:32:77:c0:2a:48:fd:1d:a7:94:27:42:37:
                    da:ab:bc:23:81:c3:dd:6d:01:53:4c:14:ba:6e:d1:
                    27:5a:54:53:3e:68:04:19:3e:16:d1:1d:e4:63:cd:
                    c1:0f:e9:a8:41:69:77:28:a6:57:cc:39:68:2f:67:
                    9d:f8:ed:bc:de:e9:f7:eb:88:e7:3a:b3:e7:54:b9:
                    7e:99:3c:ad:24:05:1c:4e:b5:e1:76:63:d9:b7:42:
                    22:49:c6:3e:40:bf:4b:28:3c:a1:b8:5d:12:85:ab:
                    15:21:24:00:89:f4:26:5b:10:2c:86:11:54:19:3c:
                    a3:9d:7c:9c:1f:a3:1f:e4:5b:98:0a:bb:38:d9:7d:
                    05:1c:ce:1d:66:a3:e3:f6:1d:a0:84:9b:9a:d5:5d:
                    84:03:6b:ed:74:5e:a2:39:89:e8:85:0b:cf:00:e6:
                    d4:24:8c:94:1d:d4:1a:75:23:29:b4:5a:14:9d:93:
                    0d:68:9c:7f:46:dc:af:6c:24:9e:93:7b:01:6e:10:
                    47:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:6F:7B:84:9B:E1:CB:45:1E:0D:3B:77:1C:86:AC:EF:42:FD:31:64
            X509v3 Authority Key Identifier:
                keyid:D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/AG97hJvhy0UeDTt3HIas70L9MWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.171.0/24
                  185.106.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:3c:33:f6:79:a9:1d:cc:22:66:13:9d:58:fa:ca:b1:5f:b9:
         9d:f5:19:01:86:c4:56:28:f7:cb:ce:39:c1:07:47:78:e9:e4:
         0c:41:43:10:2a:77:f9:5d:0c:c2:47:33:b4:29:2a:07:db:b9:
         92:cf:13:4f:75:bd:55:5b:7c:80:8b:78:f7:41:b3:57:7e:df:
         47:9f:41:52:76:63:56:6b:66:c5:0e:20:e4:73:0f:9e:52:ba:
         5d:e6:4f:f9:e1:47:3a:84:94:57:6d:93:3d:c9:77:f6:a2:53:
         e3:1a:e1:bc:f3:b0:f0:e2:be:45:c1:5f:ef:e3:bf:c6:9c:5e:
         dd:22:ac:1b:78:d3:e3:7d:28:67:8c:8f:51:15:04:09:b6:fb:
         2c:3c:e1:5c:11:15:88:e6:c5:d8:c7:65:1e:ad:6c:e0:75:c1:
         77:58:99:cc:49:dd:a8:b3:3a:08:4b:1e:66:6d:40:59:ea:c8:
         da:90:14:33:7f:90:cb:60:c2:da:e6:5a:55:c4:bd:08:cf:9d:
         b2:df:94:f2:29:b1:3f:5d:c4:ca:57:0e:0a:b3:70:fd:38:7f:
         11:f0:57:ac:db:50:b0:72:2f:d2:7d:fc:52:d2:94:fa:16:29:
         02:0e:0e:65:23:f7:79:36:c1:2d:26:09:94:9e:7d:7a:73:8f:
         fa:15:a6:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQks5FqLUa4+KxKwRskz5xtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNjAwY2JhZmQyNmZlZTUwNjRmYzg5ZjMwMWRmYzhlM2Mx
ZDNjYTUwHhcNMjUwMTAyMDE0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDZmN2I4NDliZTFjYjQ1MWUwZDNiNzcxYzg2YWNlZjQyZmQzMTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzltJXTWSUIEaMr2ZXErqi78pm0va
8hQufjyyBAZtPbzUOpD4/qzPQ4WfThnbCDrgRpUkpk92ZYw26Apkstsyd8AqSP0d
p5QnQjfaq7wjgcPdbQFTTBS6btEnWlRTPmgEGT4W0R3kY83BD+moQWl3KKZXzDlo
L2ed+O283un364jnOrPnVLl+mTytJAUcTrXhdmPZt0IiScY+QL9LKDyhuF0ShasV
ISQAifQmWxAshhFUGTyjnXycH6Mf5FuYCrs42X0FHM4dZqPj9h2ghJua1V2EA2vt
dF6iOYnohQvPAObUJIyUHdQadSMptFoUnZMNaJx/RtyvbCSek3sBbhBHJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFABve4Sb4ctFHg07dxyGrO9C/TFkMB8GA1UdIwQY
MBaAFNNgDLr9Jv7lBk/InzAd/I48HTylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmIt
MWM2ODBhZGY3YTI2LzEvQUc5N2hKdmh5MFVlRFR0M0hJYXM3MEw5TVdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmItMWM2ODBhZGY3YTI2
LzEvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9yrAwQA
uWolMA0GCSqGSIb3DQEBCwUAA4IBAQCKPDP2eakdzCJmE51Y+sqxX7md9RkBhsRW
KPfLzjnBB0d46eQMQUMQKnf5XQzCRzO0KSoH27mSzxNPdb1VW3yAi3j3QbNXft9H
n0FSdmNWa2bFDiDkcw+eUrpd5k/54Uc6hJRXbZM9yXf2olPjGuG887Dw4r5FwV/v
47/GnF7dIqwbeNPjfShnjI9RFQQJtvssPOFcERWI5sXYx2UerWzgdcF3WJnMSd2o
szoISx5mbUBZ6sjakBQzf5DLYMLa5lpVxL0Iz52y35TyKbE/XcTKVw4Ks3D9OH8R
8Fes21Cwci/SffxS0pT6FikCDg5lI/d5NsEtJgmUnn16c4/6FaZZ
-----END CERTIFICATE-----