Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/IpsEL8TrXpatTzGYpvhHCQgT_zY.roa
File:                     IpsEL8TrXpatTzGYpvhHCQgT_zY.roa (raw, json)
Hash identifier:          oz1hozKvrthjKCUhh0KlBp6t5gC1737KMDpuuo1blvc=
Subject key identifier:   22:9B:04:2F:C4:EB:5E:96:AD:4F:31:98:A6:F8:47:09:08:13:FF:36
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       01942746B00CA9D7BDE6954B1F0413FD3609
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/IpsEL8TrXpatTzGYpvhHCQgT_zY.roa
Signing time:             Thu 02 Jan 2025 13:48:51 +0000
ROA not before:           Thu 02 Jan 2025 13:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207474
IP address blocks:        188.132.166.0/24 maxlen: 24
                          188.132.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 01:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:b0:0c:a9:d7:bd:e6:95:4b:1f:04:13:fd:36:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 13:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=229b042fc4eb5e96ad4f3198a6f847090813ff36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:4f:c4:04:a9:8e:f4:39:b2:29:d6:2c:53:53:
                    22:d0:eb:46:67:78:64:06:e8:2a:92:fe:40:88:70:
                    e3:8d:ee:07:cc:d0:b1:43:af:9d:e1:ac:08:10:16:
                    19:82:4c:76:5e:7a:f5:b3:9d:74:e4:1e:c9:aa:4f:
                    0f:db:04:74:d7:fa:f8:c2:e8:43:1f:2b:d0:77:dc:
                    f7:7d:b0:45:86:6d:5c:66:1f:58:ee:3c:ef:8e:98:
                    e6:12:58:f1:f1:8c:cb:55:37:bd:27:d4:d9:cf:ed:
                    e8:b7:13:df:a9:b9:c8:a0:49:35:72:e3:3e:2c:e0:
                    89:c2:8a:21:85:41:39:3d:ab:46:f4:f9:5b:12:81:
                    d2:83:4b:15:0b:cf:4f:fc:f6:8e:b6:ba:4a:05:64:
                    b2:d2:4c:d3:1b:71:8c:72:1d:b6:88:87:38:35:f6:
                    60:72:9e:f9:1e:4e:0d:09:40:ad:89:63:2a:f2:d6:
                    07:22:5b:74:1b:4f:67:8b:59:78:ee:20:d5:51:1b:
                    d7:fd:11:ce:3e:bf:60:51:c3:0f:00:17:3c:c3:d7:
                    b1:7a:ad:dd:ac:4d:51:03:91:30:fd:4b:d0:b2:42:
                    6b:55:f0:a5:26:3a:73:da:fb:71:87:fa:77:d5:0d:
                    44:33:37:9e:e1:15:c9:6d:fc:82:e0:bc:66:91:58:
                    43:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:9B:04:2F:C4:EB:5E:96:AD:4F:31:98:A6:F8:47:09:08:13:FF:36
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/IpsEL8TrXpatTzGYpvhHCQgT_zY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:02:28:aa:0e:1a:88:47:81:be:27:d1:43:2a:86:ed:12:30:
         f3:7a:4e:f0:13:59:df:c9:dd:e6:7a:a3:b1:37:c3:2f:4d:3e:
         4e:4f:ff:82:5f:d0:9b:9f:aa:62:19:28:fe:f6:b7:73:69:6d:
         fc:eb:29:1d:b0:b1:f0:ad:77:ce:b3:00:cd:ae:e2:0b:6d:83:
         95:f5:a6:87:89:98:5d:b9:43:d3:bf:9b:64:c3:e5:39:e3:a8:
         86:e3:91:96:ca:c0:64:2c:75:a9:22:56:fe:21:4d:00:c4:e6:
         9c:a6:40:81:6d:f0:d7:74:cc:bb:f1:a6:80:9e:60:00:49:a8:
         6d:30:43:6b:5c:0c:ff:0d:49:1e:b1:d0:f7:a2:9d:5e:79:b6:
         1d:64:55:8f:13:d9:f7:6f:cf:04:12:e3:48:e9:8c:f6:37:11:
         c6:12:ab:b9:84:90:08:4f:4b:8b:cb:18:81:22:1b:a8:e1:82:
         9b:3c:5a:7c:87:bd:95:59:9f:3d:bd:93:16:5b:bc:6f:a5:dc:
         b8:01:dc:cd:67:70:36:7d:91:96:4f:b9:22:6b:5e:b4:8c:be:
         ff:11:d5:03:e4:63:70:81:7b:ca:d7:33:7a:81:d6:d4:b0:e0:
         e0:d7:fc:e5:8a:84:09:4c:1f:c6:ad:ac:8f:19:79:34:50:0d:
         e1:93:eb:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRrAMqde95pVLHwQT/TYJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwMTAyMTM0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjliMDQyZmM0ZWI1ZTk2YWQ0ZjMxOThhNmY4NDcwOTA4MTNmZjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkU/EBKmO9DmyKdYsU1Mi0OtGZ3hk
Bugqkv5AiHDjje4HzNCxQ6+d4awIEBYZgkx2Xnr1s5105B7Jqk8P2wR01/r4wuhD
HyvQd9z3fbBFhm1cZh9Y7jzvjpjmEljx8YzLVTe9J9TZz+3otxPfqbnIoEk1cuM+
LOCJwoohhUE5PatG9PlbEoHSg0sVC89P/PaOtrpKBWSy0kzTG3GMch22iIc4NfZg
cp75Hk4NCUCtiWMq8tYHIlt0G09ni1l47iDVURvX/RHOPr9gUcMPABc8w9exeq3d
rE1RA5Ew/UvQskJrVfClJjpz2vtxh/p31Q1EMzee4RXJbfyC4LxmkVhDgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKbBC/E616WrU8xmKb4RwkIE/82MB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvSXBzRUw4VHJYcGF0VHpHWXB2aEhDUWdUX3pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvISmMA0G
CSqGSIb3DQEBCwUAA4IBAQARAiiqDhqIR4G+J9FDKobtEjDzek7wE1nfyd3meqOx
N8MvTT5OT/+CX9Cbn6piGSj+9rdzaW386ykdsLHwrXfOswDNruILbYOV9aaHiZhd
uUPTv5tkw+U546iG45GWysBkLHWpIlb+IU0AxOacpkCBbfDXdMy78aaAnmAASaht
MENrXAz/DUkesdD3op1eebYdZFWPE9n3b88EEuNI6Yz2NxHGEqu5hJAIT0uLyxiB
Ihuo4YKbPFp8h72VWZ89vZMWW7xvpdy4AdzNZ3A2fZGWT7kia160jL7/EdUD5GNw
gXvK1zN6gdbUsODg1/zlioQJTB/GrayPGXk0UA3hk+tb
-----END CERTIFICATE-----