Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/I64snve9ARFC7lop01DjavvL1QM.roa
File:                     I64snve9ARFC7lop01DjavvL1QM.roa (raw, json)
Hash identifier:          AAVu3SHZgW4BHe7dSGPPKlEeHDWOEsBaSqwp6clv9O0=
Subject key identifier:   23:AE:2C:9E:F7:BD:01:11:42:EE:5A:29:D3:50:E3:6A:FB:CB:D5:03
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018CC8DF8F9B68B07F14D9E172FFE9E1AAE2
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/I64snve9ARFC7lop01DjavvL1QM.roa
Signing time:             Tue 02 Jan 2024 06:32:23 +0000
ROA not before:           Tue 02 Jan 2024 06:32:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216076
IP address blocks:        188.132.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:8f:9b:68:b0:7f:14:d9:e1:72:ff:e9:e1:aa:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 06:32:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23ae2c9ef7bd011142ee5a29d350e36afbcbd503
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:17:4e:75:7f:16:19:86:a1:a3:3b:90:c5:1b:
                    8d:0e:e8:92:f3:dd:04:2d:7e:73:54:98:00:fc:da:
                    07:8f:79:cc:a0:f6:b4:ff:81:7b:77:fb:38:c9:62:
                    7c:8a:6c:28:c4:6d:4a:3b:f5:d3:67:e2:35:7a:8d:
                    25:18:b3:29:cb:d6:e7:c7:b5:56:7e:64:dd:09:9e:
                    2b:6a:df:38:13:04:0a:8b:48:b9:5e:2a:f9:4f:5c:
                    9c:a3:87:3f:e6:12:9d:5c:8a:2b:ce:65:b7:e5:47:
                    82:e7:cf:92:c9:d2:71:ca:6b:a5:e4:3a:b9:fa:f6:
                    75:eb:3f:99:b0:c7:e0:40:c8:da:cc:e6:20:49:85:
                    0c:4d:a2:24:79:27:95:d6:ee:24:86:49:3c:3f:62:
                    98:ca:2c:72:45:e0:e4:fc:b4:cd:d8:40:6b:ea:4e:
                    29:ac:42:21:61:26:04:0c:48:b9:2d:02:5c:c6:80:
                    d9:9b:6a:2a:72:dd:58:17:f7:9f:3c:19:f8:48:b6:
                    9a:ae:73:da:50:b1:55:c9:13:b9:b4:b4:f2:c5:a2:
                    7c:5b:1b:5d:99:c8:e7:18:79:a4:82:3d:32:39:6c:
                    a4:42:05:06:55:2b:0b:f8:4b:34:35:86:5b:ef:a7:
                    18:26:b3:fb:ec:d3:a6:e0:e2:70:52:70:6e:55:75:
                    1d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:AE:2C:9E:F7:BD:01:11:42:EE:5A:29:D3:50:E3:6A:FB:CB:D5:03
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/I64snve9ARFC7lop01DjavvL1QM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:d6:51:54:ba:a4:66:69:86:fd:8b:c7:e4:3a:f9:36:c5:86:
         71:9d:c7:92:1a:34:d1:54:7b:14:38:62:b7:42:0b:e3:5f:a1:
         b8:ae:3a:f2:28:ae:af:a4:b8:35:05:8d:3c:dd:13:91:e9:1e:
         c3:d9:98:c8:0b:20:b1:c2:ee:2b:f4:6a:17:66:fe:27:d5:52:
         56:0d:10:ed:07:44:5b:38:71:b1:cc:f0:07:93:26:ce:b8:45:
         6a:9a:f0:06:4e:5c:8b:9d:99:bf:35:cd:ee:92:58:2d:1a:6f:
         e8:e7:a8:d1:df:91:c5:d6:0a:15:7d:fb:ce:b6:17:53:64:0a:
         75:f1:92:cc:2b:07:46:53:11:94:6e:78:55:e8:c0:a9:5c:c2:
         ef:b8:28:f8:d3:ea:d8:7c:63:9b:4c:be:3e:3f:10:41:fd:00:
         37:2e:97:97:c1:93:68:44:bc:17:19:cd:b9:fb:c3:98:12:db:
         07:fd:02:64:55:eb:10:b3:e0:47:55:55:d7:01:e1:63:9e:00:
         ff:15:44:aa:7c:0d:09:e4:e4:34:76:3f:44:07:d7:b0:6b:91:
         2d:60:57:b9:40:8d:b4:c2:db:5c:72:38:3c:ce:ac:3f:c4:ea:
         cc:e1:f5:d2:d3:1e:81:a4:b9:f9:6c:88:3d:e2:da:de:3a:62:
         77:6d:5a:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI34+baLB/FNnhcv/p4ariMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMTAyMDYzMjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2FlMmM5ZWY3YmQwMTExNDJlZTVhMjlkMzUwZTM2YWZiY2JkNTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRdOdX8WGYahozuQxRuNDuiS890E
LX5zVJgA/NoHj3nMoPa0/4F7d/s4yWJ8imwoxG1KO/XTZ+I1eo0lGLMpy9bnx7VW
fmTdCZ4rat84EwQKi0i5Xir5T1yco4c/5hKdXIorzmW35UeC58+SydJxymul5Dq5
+vZ16z+ZsMfgQMjazOYgSYUMTaIkeSeV1u4khkk8P2KYyixyReDk/LTN2EBr6k4p
rEIhYSYEDEi5LQJcxoDZm2oqct1YF/efPBn4SLaarnPaULFVyRO5tLTyxaJ8Wxtd
mcjnGHmkgj0yOWykQgUGVSsL+Es0NYZb76cYJrP77NOm4OJwUnBuVXUd7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCOuLJ73vQERQu5aKdNQ42r7y9UDMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvSTY0c252ZTlBUkZDN2xvcDAxRGphdnZMMVFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvISgMA0G
CSqGSIb3DQEBCwUAA4IBAQAn1lFUuqRmaYb9i8fkOvk2xYZxnceSGjTRVHsUOGK3
QgvjX6G4rjryKK6vpLg1BY083ROR6R7D2ZjICyCxwu4r9GoXZv4n1VJWDRDtB0Rb
OHGxzPAHkybOuEVqmvAGTlyLnZm/Nc3uklgtGm/o56jR35HF1goVffvOthdTZAp1
8ZLMKwdGUxGUbnhV6MCpXMLvuCj40+rYfGObTL4+PxBB/QA3LpeXwZNoRLwXGc25
+8OYEtsH/QJkVesQs+BHVVXXAeFjngD/FUSqfA0J5OQ0dj9EB9ewa5EtYFe5QI20
wttccjg8zqw/xOrM4fXS0x6BpLn5bIg94treOmJ3bVrN
-----END CERTIFICATE-----