Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/f9ks4g-GQlKm8pWHUVxhiclocBU.roa
File:                     f9ks4g-GQlKm8pWHUVxhiclocBU.roa (raw, json)
Hash identifier:          9Os3OmLt2dgqjeaYklpnQT008/aC61riszGFRydfp5o=
Subject key identifier:   7F:D9:2C:E2:0F:86:42:52:A6:F2:95:87:51:5C:61:89:C9:68:70:15
Certificate issuer:       /CN=1ee5efbf65897160d55a52dc3a22c017876cd06c
Certificate serial:       018CC4923788727EBDB37B4AF8FDB443E27E
Authority key identifier: 1E:E5:EF:BF:65:89:71:60:D5:5A:52:DC:3A:22:C0:17:87:6C:D0:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/f9ks4g-GQlKm8pWHUVxhiclocBU.roa
Signing time:             Mon 01 Jan 2024 10:29:25 +0000
ROA not before:           Mon 01 Jan 2024 10:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197529
IP address blocks:        185.176.124.0/22 maxlen: 24
                          46.226.72.0/21 maxlen: 24
                          2a00:5a00::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:37:88:72:7e:bd:b3:7b:4a:f8:fd:b4:43:e2:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ee5efbf65897160d55a52dc3a22c017876cd06c
        Validity
            Not Before: Jan  1 10:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7fd92ce20f864252a6f29587515c6189c9687015
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:bb:6a:0e:47:20:e3:3e:8c:08:a5:43:cb:f6:
                    16:bd:b1:a9:c3:42:ea:72:73:f3:f6:74:9c:f8:a3:
                    86:b9:03:b7:bd:f4:1a:f3:f7:49:3d:cd:78:2a:7b:
                    68:fe:d1:d2:2f:11:7a:a1:6a:1f:9e:f6:cf:9d:7c:
                    08:9a:ec:ff:7b:a7:a6:6a:3c:37:78:84:2f:84:9f:
                    c9:f1:9c:8d:25:c9:e5:ae:57:d4:0a:60:6f:9c:24:
                    1d:85:6c:d3:70:5b:42:7a:41:87:6a:60:b9:45:f2:
                    26:d8:24:3f:0d:80:21:70:f6:0b:85:c3:46:80:d9:
                    91:b3:b7:71:c2:cc:81:64:9a:1f:6a:9e:72:47:60:
                    c8:6b:6a:4c:f2:53:e3:e6:c5:22:3f:01:bc:2d:5b:
                    bc:ac:78:5d:d2:a0:63:c1:de:fc:59:9d:48:15:d5:
                    b5:4c:a3:1e:6f:f6:db:88:0b:ac:86:58:8e:dd:df:
                    7f:3f:2f:85:3a:54:f0:bb:45:de:63:23:a3:75:29:
                    45:42:ac:43:6b:49:70:04:f0:e8:d1:a6:5d:93:d2:
                    d8:6d:23:8d:be:6e:30:c5:bc:21:03:74:e3:69:80:
                    88:65:97:33:db:40:c7:6c:5d:27:d6:11:fb:f9:ca:
                    6d:2b:0b:18:4c:53:f1:68:15:b8:01:62:ef:e6:a4:
                    ca:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:D9:2C:E2:0F:86:42:52:A6:F2:95:87:51:5C:61:89:C9:68:70:15
            X509v3 Authority Key Identifier:
                keyid:1E:E5:EF:BF:65:89:71:60:D5:5A:52:DC:3A:22:C0:17:87:6C:D0:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/f9ks4g-GQlKm8pWHUVxhiclocBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.226.72.0/21
                  185.176.124.0/22
                IPv6:
                  2a00:5a00::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:62:24:02:ea:02:80:93:96:dc:db:d0:ef:b0:66:e1:02:c2:
         cc:51:cc:d3:41:ce:a1:af:f6:11:45:9a:08:19:50:ad:49:77:
         5e:09:72:86:f5:ce:64:7d:81:8f:a6:42:aa:3f:4b:d6:93:c4:
         fa:7c:e7:7c:44:94:a6:4d:27:17:94:73:6d:c9:99:7c:04:7a:
         15:42:b6:e8:37:d8:aa:a9:9a:d3:4d:ab:9b:32:48:55:f2:19:
         35:a2:51:cc:43:94:76:44:12:8c:63:3d:97:ee:a9:43:95:2a:
         5c:27:aa:bc:d8:4c:83:9e:bc:32:f8:f9:7f:b9:4b:1d:30:c8:
         34:b1:1f:83:17:10:cb:f2:c5:ad:4a:aa:56:1c:9a:dc:51:81:
         9b:e3:89:4c:c7:6b:c3:8e:41:c5:8e:41:f9:7f:74:fc:cb:f3:
         82:f5:6f:30:4b:66:ce:0a:29:16:4d:de:63:ec:03:7b:2e:7c:
         1d:f9:12:a0:6f:18:d2:13:43:ec:26:61:a1:f7:7c:a4:e0:c5:
         58:d3:d8:81:06:33:53:43:a3:7c:e1:ee:71:c8:30:a5:53:5b:
         24:5b:ed:77:2b:83:31:cb:7e:32:9d:f2:db:25:33:96:c1:3c:
         26:31:a1:fd:d6:40:04:60:08:84:51:d1:fa:7e:73:3a:b0:ed:
         f2:fe:57:27
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEkjeIcn69s3tK+P20Q+J+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlZTVlZmJmNjU4OTcxNjBkNTVhNTJkYzNhMjJjMDE3ODc2
Y2QwNmMwHhcNMjQwMTAxMTAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmQ5MmNlMjBmODY0MjUyYTZmMjk1ODc1MTVjNjE4OWM5Njg3MDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7tqDkcg4z6MCKVDy/YWvbGpw0Lq
cnPz9nSc+KOGuQO3vfQa8/dJPc14Knto/tHSLxF6oWofnvbPnXwImuz/e6emajw3
eIQvhJ/J8ZyNJcnlrlfUCmBvnCQdhWzTcFtCekGHamC5RfIm2CQ/DYAhcPYLhcNG
gNmRs7dxwsyBZJofap5yR2DIa2pM8lPj5sUiPwG8LVu8rHhd0qBjwd78WZ1IFdW1
TKMeb/bbiAushliO3d9/Py+FOlTwu0XeYyOjdSlFQqxDa0lwBPDo0aZdk9LYbSON
vm4wxbwhA3TjaYCIZZcz20DHbF0n1hH7+cptKwsYTFPxaBW4AWLv5qTKHwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFH/ZLOIPhkJSpvKVh1FcYYnJaHAVMB8GA1UdIwQY
MBaAFB7l779liXFg1VpS3DoiwBeHbNBsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHVYdnYyV0pjV0RWV2xMY09pTEFGNGRzMEd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8zMzI0NzctYzgzYy00ZjgwLWIxYmUt
N2MwZGI3YmFlMTM1LzEvZjlrczRnLUdRbEttOHBXSFVWeGhpY2xvY0JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8zMzI0NzctYzgzYy00ZjgwLWIxYmUtN2MwZGI3YmFlMTM1
LzEvSHVYdnYyV0pjV0RWV2xMY09pTEFGNGRzMEd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDLuJIAwQC
ubB8MA0EAgACMAcDBQAqAFoAMA0GCSqGSIb3DQEBCwUAA4IBAQAtYiQC6gKAk5bc
29DvsGbhAsLMUczTQc6hr/YRRZoIGVCtSXdeCXKG9c5kfYGPpkKqP0vWk8T6fOd8
RJSmTScXlHNtyZl8BHoVQrboN9iqqZrTTaubMkhV8hk1olHMQ5R2RBKMYz2X7qlD
lSpcJ6q82EyDnrwy+Pl/uUsdMMg0sR+DFxDL8sWtSqpWHJrcUYGb44lMx2vDjkHF
jkH5f3T8y/OC9W8wS2bOCikWTd5j7AN7Lnwd+RKgbxjSE0PsJmGh93yk4MVY09iB
BjNTQ6N84e5xyDClU1skW+13K4Mxy34ynfLbJTOWwTwmMaH91kAEYAiEUdH6fnM6
sO3y/lcn
-----END CERTIFICATE-----