Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/009fb7-9ed0-44ff-b7db-9e07b56b57b8/1/yGimX1U5_Eg-6o9DZzKVBJcDdwo.roa
File:                     yGimX1U5_Eg-6o9DZzKVBJcDdwo.roa (raw, json)
Hash identifier:          wm+qvuiwmVITD3kUVjkj/0A5dLUEaJsJixrzsJLHWzQ=
Subject key identifier:   C8:68:A6:5F:55:39:FC:48:3E:EA:8F:43:67:32:95:04:97:03:77:0A
Certificate issuer:       /CN=148a0c4067ca33ac76573fc86cfd75b7ecd200ff
Certificate serial:       018CC801DE04A9E06CBC6776D394AA45B5F6
Authority key identifier: 14:8A:0C:40:67:CA:33:AC:76:57:3F:C8:6C:FD:75:B7:EC:D2:00:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FIoMQGfKM6x2Vz_IbP11t-zSAP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/009fb7-9ed0-44ff-b7db-9e07b56b57b8/1/yGimX1U5_Eg-6o9DZzKVBJcDdwo.roa
Signing time:             Tue 02 Jan 2024 02:30:14 +0000
ROA not before:           Tue 02 Jan 2024 02:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25472
IP address blocks:        188.73.232.0/22 maxlen: 22
                          188.73.232.0/21 maxlen: 21
                          188.73.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/009fb7-9ed0-44ff-b7db-9e07b56b57b8/1/FIoMQGfKM6x2Vz_IbP11t-zSAP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/009fb7-9ed0-44ff-b7db-9e07b56b57b8/1/FIoMQGfKM6x2Vz_IbP11t-zSAP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FIoMQGfKM6x2Vz_IbP11t-zSAP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:de:04:a9:e0:6c:bc:67:76:d3:94:aa:45:b5:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=148a0c4067ca33ac76573fc86cfd75b7ecd200ff
        Validity
            Not Before: Jan  2 02:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c868a65f5539fc483eea8f43673295049703770a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:07:a4:ca:b2:f5:c9:16:14:30:3e:d2:92:19:
                    23:10:57:1c:54:04:c0:84:88:16:5e:e4:60:70:1b:
                    a1:34:39:af:d1:73:cf:af:98:3f:52:33:02:be:12:
                    a6:18:25:c1:2f:0a:ba:37:5f:a9:ab:14:e6:35:ce:
                    f7:40:d8:5e:ae:9d:14:12:b3:ec:3b:80:d8:61:09:
                    18:93:99:d1:3a:16:f4:2d:54:5d:bc:19:d7:ca:a8:
                    3c:98:41:aa:86:e3:a0:55:2e:de:1c:39:c1:36:49:
                    c4:b4:37:a8:8d:b1:1b:2c:63:20:70:ee:85:5f:3c:
                    94:67:c5:00:6f:8f:3c:0e:b1:d4:85:8c:3b:fe:65:
                    1f:03:db:f1:6b:a1:77:3c:e3:34:06:8c:96:13:c9:
                    fe:82:d8:71:c8:87:a2:11:18:82:cf:56:16:f9:f5:
                    c7:b7:01:5f:f3:57:75:01:c0:d9:91:47:d1:38:59:
                    0c:71:f0:1a:c7:60:7e:53:9b:05:e0:09:8c:30:f3:
                    a5:48:45:ec:fc:11:94:63:5b:82:ed:66:a0:7f:2a:
                    c3:37:04:9e:35:1c:0b:e8:b7:6d:85:29:c2:8f:47:
                    db:6a:99:79:4d:33:56:a5:3d:9d:72:8b:9e:1b:36:
                    7b:a5:57:06:c8:c0:28:26:bd:02:2d:28:ab:78:97:
                    90:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:68:A6:5F:55:39:FC:48:3E:EA:8F:43:67:32:95:04:97:03:77:0A
            X509v3 Authority Key Identifier:
                keyid:14:8A:0C:40:67:CA:33:AC:76:57:3F:C8:6C:FD:75:B7:EC:D2:00:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FIoMQGfKM6x2Vz_IbP11t-zSAP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/009fb7-9ed0-44ff-b7db-9e07b56b57b8/1/yGimX1U5_Eg-6o9DZzKVBJcDdwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/009fb7-9ed0-44ff-b7db-9e07b56b57b8/1/FIoMQGfKM6x2Vz_IbP11t-zSAP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.73.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7b:c6:65:f3:b9:52:7e:4c:24:5b:33:5a:f1:28:2c:00:62:0c:
         63:60:63:a4:63:5a:d4:49:d2:d8:50:42:89:57:b7:29:19:dd:
         45:47:a1:90:3a:62:04:2f:43:88:48:d6:bf:21:ff:b5:50:c6:
         69:15:cf:9f:a0:e5:cd:c1:5a:ae:a3:70:e6:69:e4:cc:27:3e:
         d9:72:9d:64:c6:c1:c7:b8:49:ef:cf:16:4f:67:54:e9:bc:86:
         77:de:47:ef:90:3c:b2:d4:e6:5e:e9:3f:6b:98:9b:9e:db:31:
         ff:e5:16:a8:f2:b1:b3:d0:42:d9:68:b2:be:cc:72:86:27:fe:
         20:39:28:e4:4c:4f:fa:67:5d:b5:63:43:37:4c:4d:d1:1d:4b:
         39:b5:83:cc:c5:ee:63:60:7f:44:1b:fd:23:c6:68:28:df:b5:
         e8:1d:18:cc:40:70:02:c9:af:63:ca:e2:34:ff:1f:1b:74:03:
         a5:b2:63:c1:c9:96:a9:7f:c5:5d:10:80:d9:d5:e5:a3:de:57:
         65:22:d1:f9:87:f5:44:65:95:f6:ba:8e:83:7c:f3:f0:70:ca:
         2a:bd:a8:63:2d:4b:6b:40:8e:b7:76:3d:07:38:f2:9e:75:9f:
         42:e4:98:cb:5c:4e:3a:08:dd:3f:e0:24:93:7e:2d:7c:de:fb:
         05:a1:73:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAd4EqeBsvGd205SqRbX2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0OGEwYzQwNjdjYTMzYWM3NjU3M2ZjODZjZmQ3NWI3ZWNk
MjAwZmYwHhcNMjQwMTAyMDIzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODY4YTY1ZjU1MzlmYzQ4M2VlYThmNDM2NzMyOTUwNDk3MDM3NzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigekyrL1yRYUMD7SkhkjEFccVATA
hIgWXuRgcBuhNDmv0XPPr5g/UjMCvhKmGCXBLwq6N1+pqxTmNc73QNherp0UErPs
O4DYYQkYk5nROhb0LVRdvBnXyqg8mEGqhuOgVS7eHDnBNknEtDeojbEbLGMgcO6F
XzyUZ8UAb488DrHUhYw7/mUfA9vxa6F3POM0BoyWE8n+gthxyIeiERiCz1YW+fXH
twFf81d1AcDZkUfROFkMcfAax2B+U5sF4AmMMPOlSEXs/BGUY1uC7WagfyrDNwSe
NRwL6LdthSnCj0fbapl5TTNWpT2dcoueGzZ7pVcGyMAoJr0CLSireJeQSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhopl9VOfxIPuqPQ2cylQSXA3cKMB8GA1UdIwQY
MBaAFBSKDEBnyjOsdlc/yGz9dbfs0gD/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRklvTVFHZktNNngyVnpfSWJQMTF0LXpTQVA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wMDlmYjctOWVkMC00NGZmLWI3ZGIt
OWUwN2I1NmI1N2I4LzEveUdpbVgxVTVfRWctNm85RFp6S1ZCSmNEZHdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wMDlmYjctOWVkMC00NGZmLWI3ZGItOWUwN2I1NmI1N2I4
LzEvRklvTVFHZktNNngyVnpfSWJQMTF0LXpTQVA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDvEnoMA0G
CSqGSIb3DQEBCwUAA4IBAQB7xmXzuVJ+TCRbM1rxKCwAYgxjYGOkY1rUSdLYUEKJ
V7cpGd1FR6GQOmIEL0OISNa/If+1UMZpFc+foOXNwVquo3DmaeTMJz7Zcp1kxsHH
uEnvzxZPZ1TpvIZ33kfvkDyy1OZe6T9rmJue2zH/5Rao8rGz0ELZaLK+zHKGJ/4g
OSjkTE/6Z121Y0M3TE3RHUs5tYPMxe5jYH9EG/0jxmgo37XoHRjMQHACya9jyuI0
/x8bdAOlsmPByZapf8VdEIDZ1eWj3ldlItH5h/VEZZX2uo6DfPPwcMoqvahjLUtr
QI63dj0HOPKedZ9C5JjLXE46CN0/4CSTfi183vsFoXMW
-----END CERTIFICATE-----