Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/f7ec70-0ded-42ca-9d00-9d9e1b6beee9/1/AGh_BXwDaFnqdr1rluMLMPMOrnM.roa
File:                     AGh_BXwDaFnqdr1rluMLMPMOrnM.roa (raw, json)
Hash identifier:          L7VSHEAFfvwnZGbHuhPcAH6Mmh4M0FtFsSBsZ0VnfV0=
Subject key identifier:   00:68:7F:05:7C:03:68:59:EA:76:BD:6B:96:E3:0B:30:F3:0E:AE:73
Certificate issuer:       /CN=a7ca9ada44524fc536fa3ecabf758df26407c8b1
Certificate serial:       01941FFAB378F680833C7CB5E6366FDBE030
Authority key identifier: A7:CA:9A:DA:44:52:4F:C5:36:FA:3E:CA:BF:75:8D:F2:64:07:C8:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p8qa2kRST8U2-j7Kv3WN8mQHyLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/f7ec70-0ded-42ca-9d00-9d9e1b6beee9/1/AGh_BXwDaFnqdr1rluMLMPMOrnM.roa
Signing time:             Wed 01 Jan 2025 03:48:31 +0000
ROA not before:           Wed 01 Jan 2025 03:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51766
IP address blocks:        91.220.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/f7ec70-0ded-42ca-9d00-9d9e1b6beee9/1/p8qa2kRST8U2-j7Kv3WN8mQHyLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/f7ec70-0ded-42ca-9d00-9d9e1b6beee9/1/p8qa2kRST8U2-j7Kv3WN8mQHyLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p8qa2kRST8U2-j7Kv3WN8mQHyLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b3:78:f6:80:83:3c:7c:b5:e6:36:6f:db:e0:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7ca9ada44524fc536fa3ecabf758df26407c8b1
        Validity
            Not Before: Jan  1 03:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00687f057c036859ea76bd6b96e30b30f30eae73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:9c:6c:78:b5:17:dd:a6:26:ea:54:5f:88:ed:
                    43:f0:b5:ee:2e:9f:1e:21:51:ff:04:03:df:a0:b8:
                    f8:f2:d1:29:33:f1:72:8a:dd:9a:19:c3:c0:44:bc:
                    88:7e:fd:a3:f2:a1:2b:f3:f5:6c:70:e4:02:4d:fd:
                    88:30:28:0f:d7:79:be:e5:e1:0e:a1:4f:3b:14:92:
                    63:f1:04:fe:75:84:8e:eb:66:79:58:fa:cf:3b:83:
                    58:ee:a2:c7:c4:53:7c:d6:fe:e4:f6:44:d7:02:75:
                    3e:68:50:cf:2f:c5:11:31:ae:a6:5d:c7:0b:8d:89:
                    1d:d4:59:d6:b4:06:7b:cd:1b:39:a9:57:8f:33:f2:
                    43:c3:dc:15:56:d8:a8:67:0b:bd:a0:43:13:72:38:
                    9c:07:49:72:55:94:15:3d:43:df:04:57:c6:e5:02:
                    d1:02:82:39:c0:f0:78:ac:93:47:b5:87:49:d3:9b:
                    0a:97:dc:2f:41:d9:e6:50:df:22:01:df:09:62:2d:
                    9e:ae:4a:43:8a:eb:3e:62:c5:c6:ae:f2:3d:3c:6b:
                    07:d6:a7:5b:1c:d3:07:43:f4:0b:5e:60:58:ca:69:
                    d5:d6:a7:84:6e:20:15:69:8c:90:6c:89:1c:9c:49:
                    e0:af:87:9e:03:cb:89:67:0f:30:e2:10:3a:b8:3e:
                    db:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:68:7F:05:7C:03:68:59:EA:76:BD:6B:96:E3:0B:30:F3:0E:AE:73
            X509v3 Authority Key Identifier:
                keyid:A7:CA:9A:DA:44:52:4F:C5:36:FA:3E:CA:BF:75:8D:F2:64:07:C8:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p8qa2kRST8U2-j7Kv3WN8mQHyLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/f7ec70-0ded-42ca-9d00-9d9e1b6beee9/1/AGh_BXwDaFnqdr1rluMLMPMOrnM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/f7ec70-0ded-42ca-9d00-9d9e1b6beee9/1/p8qa2kRST8U2-j7Kv3WN8mQHyLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:04:50:75:e6:a9:8a:1d:c2:b5:06:6e:60:b3:62:69:75:b6:
         95:15:07:be:d8:38:91:9c:f5:c4:91:77:ab:f7:fb:3b:1a:21:
         d4:59:2b:e4:c5:e7:e0:7f:6e:6b:51:fc:33:33:f7:6a:7c:10:
         99:f9:df:22:ca:05:97:e1:56:e4:d0:21:34:b9:71:16:9c:ab:
         69:68:38:5d:fc:80:14:e6:f6:ed:b0:08:8c:b3:5e:36:71:f9:
         95:9d:ed:17:09:de:c3:ff:c7:b6:ed:e4:6f:8e:3c:78:94:de:
         d7:d2:c6:b9:bb:8e:16:17:2b:00:9d:6c:1c:bd:55:13:6e:40:
         4c:a5:e5:83:41:c5:76:4b:0c:f9:dc:06:2a:23:79:5d:73:9d:
         7f:92:a8:2d:78:17:ba:b1:01:53:6a:e5:da:c6:a9:7b:b8:9f:
         40:3d:a4:09:a3:21:ce:c1:74:63:22:fe:4c:ac:70:d0:e2:57:
         20:be:7e:84:e6:31:43:97:46:97:20:2a:39:6f:c9:7c:61:0f:
         df:e1:bb:de:50:5c:b2:4c:b7:1e:84:51:a3:52:1b:81:a1:6a:
         17:71:af:1c:db:e4:b0:50:7c:c1:9b:60:3b:86:dd:f1:b5:67:
         f8:26:43:24:46:de:63:b1:9f:4a:fb:cb:2e:a6:7c:c2:39:9f:
         32:2f:eb:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+rN49oCDPHy15jZv2+AwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3Y2E5YWRhNDQ1MjRmYzUzNmZhM2VjYWJmNzU4ZGYyNjQw
N2M4YjEwHhcNMjUwMTAxMDM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDY4N2YwNTdjMDM2ODU5ZWE3NmJkNmI5NmUzMGIzMGYzMGVhZTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5pxseLUX3aYm6lRfiO1D8LXuLp8e
IVH/BAPfoLj48tEpM/Fyit2aGcPARLyIfv2j8qEr8/VscOQCTf2IMCgP13m+5eEO
oU87FJJj8QT+dYSO62Z5WPrPO4NY7qLHxFN81v7k9kTXAnU+aFDPL8URMa6mXccL
jYkd1FnWtAZ7zRs5qVePM/JDw9wVVtioZwu9oEMTcjicB0lyVZQVPUPfBFfG5QLR
AoI5wPB4rJNHtYdJ05sKl9wvQdnmUN8iAd8JYi2erkpDius+YsXGrvI9PGsH1qdb
HNMHQ/QLXmBYymnV1qeEbiAVaYyQbIkcnEngr4eeA8uJZw8w4hA6uD7bWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABofwV8A2hZ6na9a5bjCzDzDq5zMB8GA1UdIwQY
MBaAFKfKmtpEUk/FNvo+yr91jfJkB8ixMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDhxYTJrUlNUOFUyLWo3S3YzV044bVFIeUxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9mN2VjNzAtMGRlZC00MmNhLTlkMDAt
OWQ5ZTFiNmJlZWU5LzEvQUdoX0JYd0RhRm5xZHIxcmx1TUxNUE1Pcm5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9mN2VjNzAtMGRlZC00MmNhLTlkMDAtOWQ5ZTFiNmJlZWU5
LzEvcDhxYTJrUlNUOFUyLWo3S3YzV044bVFIeUxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9w0MA0G
CSqGSIb3DQEBCwUAA4IBAQABBFB15qmKHcK1Bm5gs2JpdbaVFQe+2DiRnPXEkXer
9/s7GiHUWSvkxefgf25rUfwzM/dqfBCZ+d8iygWX4Vbk0CE0uXEWnKtpaDhd/IAU
5vbtsAiMs142cfmVne0XCd7D/8e27eRvjjx4lN7X0sa5u44WFysAnWwcvVUTbkBM
peWDQcV2Swz53AYqI3ldc51/kqgteBe6sQFTauXaxql7uJ9APaQJoyHOwXRjIv5M
rHDQ4lcgvn6E5jFDl0aXICo5b8l8YQ/f4bveUFyyTLcehFGjUhuBoWoXca8c2+Sw
UHzBm2A7ht3xtWf4JkMkRt5jsZ9K+8supnzCOZ8yL+v5
-----END CERTIFICATE-----