Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/7W5cPTWxY9Mfsc_k6I06ZPTVSik.roa
File:                     7W5cPTWxY9Mfsc_k6I06ZPTVSik.roa (raw, json)
Hash identifier:          wRBICbG4XRrKR8yeL8SxoxMxtM+E9O2lv+evD0AkBMk=
Subject key identifier:   ED:6E:5C:3D:35:B1:63:D3:1F:B1:CF:E4:E8:8D:3A:64:F4:D5:4A:29
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018CC8DF83EBC711B985852E752C68365B71
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/7W5cPTWxY9Mfsc_k6I06ZPTVSik.roa
Signing time:             Tue 02 Jan 2024 06:32:20 +0000
ROA not before:           Tue 02 Jan 2024 06:32:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200231
IP address blocks:        188.132.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:83:eb:c7:11:b9:85:85:2e:75:2c:68:36:5b:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 06:32:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed6e5c3d35b163d31fb1cfe4e88d3a64f4d54a29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:95:19:96:80:56:f6:c1:b8:d8:2f:84:50:42:
                    95:7c:21:ab:3a:38:ef:79:84:b1:05:6a:4d:d7:0c:
                    86:da:47:20:c6:9a:08:b5:3a:04:62:51:b4:0f:b5:
                    03:84:d0:1c:12:ae:ee:e5:f1:27:ff:f3:e8:67:64:
                    91:4f:9e:b9:46:42:cb:44:f2:aa:41:bf:d5:e1:33:
                    c4:af:a5:11:0f:a2:98:d1:5d:17:b7:22:51:c5:42:
                    26:bf:38:ff:ed:c1:e0:a4:38:5c:65:7f:b5:7e:11:
                    27:b2:48:a8:0c:71:b7:0d:d2:f3:77:dc:ce:dc:4e:
                    62:12:44:d8:e1:2d:64:f5:8e:6f:e2:40:e2:df:09:
                    c1:5c:15:60:b7:2b:1e:8f:89:51:7b:2b:64:5a:74:
                    c0:69:2e:1b:2b:03:e2:6c:b3:97:5e:51:a5:eb:0f:
                    a7:39:47:6b:ba:1d:7e:93:77:aa:d2:60:ca:65:3c:
                    8b:83:a5:bf:37:39:2f:1c:77:9a:3e:26:39:29:1b:
                    75:03:0d:56:e7:8e:ea:bf:f8:51:50:31:7e:10:29:
                    3c:8b:de:bc:70:89:6e:0a:b4:e5:95:9b:05:5e:d8:
                    81:ce:8b:1e:63:9e:01:5a:ad:aa:ef:93:e1:53:43:
                    f5:1b:5e:4c:06:9d:f7:14:69:76:62:be:96:96:c9:
                    24:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:6E:5C:3D:35:B1:63:D3:1F:B1:CF:E4:E8:8D:3A:64:F4:D5:4A:29
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/7W5cPTWxY9Mfsc_k6I06ZPTVSik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:94:47:5a:bb:30:ae:15:c1:a6:a6:5f:64:c4:ce:05:c3:1d:
         2e:44:95:56:9c:8f:ee:2b:19:e9:ea:62:b3:1f:26:a2:da:83:
         87:82:80:f3:38:54:b8:87:d6:76:98:43:99:4e:1f:ea:36:49:
         89:77:3d:e3:0f:ab:60:0c:eb:b3:ab:cb:79:81:31:5f:fe:ab:
         74:fe:ab:07:c6:98:80:77:8d:f0:85:3e:be:ef:16:d8:7b:8f:
         08:e3:f4:3f:ac:c1:05:42:55:37:33:cc:4f:07:d3:67:6d:04:
         22:44:7d:1c:25:42:7b:81:90:5f:5a:87:87:8c:c7:34:e5:7e:
         00:8e:ec:ea:5a:e5:f5:a3:df:9f:cc:33:a7:0a:36:b2:85:0c:
         bf:81:a2:03:75:5a:bc:88:55:4e:0e:c1:93:5d:19:89:7d:1a:
         b4:5b:e9:fe:51:d2:11:b1:50:6c:de:aa:44:de:02:81:71:4c:
         47:0c:f2:73:23:cd:eb:82:47:5f:d6:e1:08:dd:f2:58:6d:9a:
         7d:68:b9:07:f3:82:74:81:70:6b:fe:d4:23:d1:99:d9:67:ee:
         9d:32:05:d4:dd:86:15:bb:ff:43:a3:c6:e3:01:8c:45:58:69:
         9e:ff:ae:da:fe:53:63:16:a2:9f:0e:8d:83:3d:dd:9d:6b:ab:
         5c:31:17:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI34PrxxG5hYUudSxoNltxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMTAyMDYzMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDZlNWMzZDM1YjE2M2QzMWZiMWNmZTRlODhkM2E2NGY0ZDU0YTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh5UZloBW9sG42C+EUEKVfCGrOjjv
eYSxBWpN1wyG2kcgxpoItToEYlG0D7UDhNAcEq7u5fEn//PoZ2SRT565RkLLRPKq
Qb/V4TPEr6URD6KY0V0XtyJRxUImvzj/7cHgpDhcZX+1fhEnskioDHG3DdLzd9zO
3E5iEkTY4S1k9Y5v4kDi3wnBXBVgtysej4lReytkWnTAaS4bKwPibLOXXlGl6w+n
OUdruh1+k3eq0mDKZTyLg6W/NzkvHHeaPiY5KRt1Aw1W547qv/hRUDF+ECk8i968
cIluCrTllZsFXtiBzoseY54BWq2q75PhU0P1G15MBp33FGl2Yr6WlskkZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO1uXD01sWPTH7HP5OiNOmT01UopMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvN1c1Y1BUV3hZOU1mc2NfazZJMDZaUFRWU2lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvITuMA0G
CSqGSIb3DQEBCwUAA4IBAQAmlEdauzCuFcGmpl9kxM4Fwx0uRJVWnI/uKxnp6mKz
Hyai2oOHgoDzOFS4h9Z2mEOZTh/qNkmJdz3jD6tgDOuzq8t5gTFf/qt0/qsHxpiA
d43whT6+7xbYe48I4/Q/rMEFQlU3M8xPB9NnbQQiRH0cJUJ7gZBfWoeHjMc05X4A
juzqWuX1o9+fzDOnCjayhQy/gaIDdVq8iFVODsGTXRmJfRq0W+n+UdIRsVBs3qpE
3gKBcUxHDPJzI83rgkdf1uEI3fJYbZp9aLkH84J0gXBr/tQj0ZnZZ+6dMgXU3YYV
u/9Do8bjAYxFWGme/67a/lNjFqKfDo2DPd2da6tcMRce
-----END CERTIFICATE-----