Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/JspRZoCbcg4lrkMkmiFHQUnrsD8.roa
File:                     JspRZoCbcg4lrkMkmiFHQUnrsD8.roa (raw, json)
Hash identifier:          9+AlwrCqg+TYeB486gkabWLgx5yvF6a3TCV73lDcyYg=
Subject key identifier:   26:CA:51:66:80:9B:72:0E:25:AE:43:24:9A:21:47:41:49:EB:B0:3F
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018CC8DF80C5B93E6CB07CAB13F816A7451C
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/JspRZoCbcg4lrkMkmiFHQUnrsD8.roa
Signing time:             Tue 02 Jan 2024 06:32:19 +0000
ROA not before:           Tue 02 Jan 2024 06:32:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197748
IP address blocks:        188.132.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 21:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:80:c5:b9:3e:6c:b0:7c:ab:13:f8:16:a7:45:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 06:32:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26ca5166809b720e25ae43249a21474149ebb03f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:96:99:31:17:8f:60:1e:c8:f7:73:24:f2:7b:
                    d6:83:a2:73:32:0b:79:71:95:3b:df:b2:85:15:86:
                    0a:d4:5a:9f:cc:71:a7:d3:3d:5b:15:23:2c:51:63:
                    64:7d:bf:58:a3:7d:2c:ce:f7:63:3c:b4:5a:88:60:
                    61:fc:eb:9a:ea:9a:e4:92:c0:8f:87:bc:35:09:e7:
                    8a:e1:6c:16:4d:a8:ab:a5:85:10:ff:b6:5b:b7:1c:
                    1e:f9:e4:8b:5f:12:9f:4e:3e:bf:9f:43:94:cb:8a:
                    50:26:53:f8:20:79:1e:38:77:81:c0:ea:e5:1f:5d:
                    5c:8a:da:ac:9b:81:72:6d:d9:f7:81:e9:a2:26:33:
                    b5:c3:19:dc:9d:16:14:7e:69:2a:fd:5a:a2:cb:d8:
                    9d:aa:ce:3f:81:f7:07:c5:5f:d3:3b:39:56:44:50:
                    ff:a8:3c:dc:7b:9a:a9:69:34:a9:9b:c4:43:a5:11:
                    4c:fc:66:2e:c9:f4:14:29:77:22:59:83:8e:58:74:
                    81:60:a4:39:47:d7:16:e1:33:4e:91:c3:1e:b5:5e:
                    30:ae:2e:8a:14:63:68:35:79:9d:bc:5d:42:35:9c:
                    2f:af:36:88:dd:51:2b:75:96:53:dc:6e:8a:f1:59:
                    d6:20:ba:49:54:a6:a0:7f:c9:6d:d4:82:31:4b:a8:
                    57:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:CA:51:66:80:9B:72:0E:25:AE:43:24:9A:21:47:41:49:EB:B0:3F
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/JspRZoCbcg4lrkMkmiFHQUnrsD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:41:59:6e:68:96:38:ab:b2:5f:9a:ac:ec:0f:e5:f0:00:31:
         11:44:ef:90:e4:4f:b9:37:9b:bc:09:80:4e:e1:8e:ed:88:66:
         a7:c9:4f:80:c0:57:df:73:50:eb:9f:05:f3:01:b8:ee:2e:a5:
         82:12:99:8d:c3:93:90:d7:bd:91:1c:02:dc:94:64:35:07:16:
         3e:ae:2e:ad:c8:25:cb:8b:68:af:5f:24:f1:2e:68:1b:de:93:
         c5:e3:ce:9f:3b:a6:e2:35:f9:1d:51:a4:24:f8:cb:59:fd:c8:
         99:1a:52:9e:7e:bf:c5:84:45:73:3f:be:42:8d:7a:b9:62:44:
         27:b6:8c:94:b6:be:71:cd:6b:00:db:16:d2:42:b5:67:0a:a0:
         7a:33:47:e7:95:ae:1a:75:3b:9b:13:27:cd:8e:06:f3:41:ee:
         17:90:53:11:53:27:32:27:da:ee:ee:ad:16:97:5b:92:e3:c8:
         32:d5:22:08:d0:5d:b5:ac:cf:2e:6e:07:d2:35:ba:44:a8:d7:
         ba:43:81:4d:1e:58:2f:2c:a7:94:69:98:8d:14:96:db:f0:e0:
         eb:29:f8:64:71:9f:41:06:de:a7:a1:a9:9e:d1:f5:6f:c7:59:
         7f:75:e2:b9:14:48:bc:c1:a0:85:70:32:f9:72:f4:dc:1b:2a:
         3b:69:e3:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI34DFuT5ssHyrE/gWp0UcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMTAyMDYzMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmNhNTE2NjgwOWI3MjBlMjVhZTQzMjQ5YTIxNDc0MTQ5ZWJiMDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZaZMRePYB7I93Mk8nvWg6JzMgt5
cZU737KFFYYK1FqfzHGn0z1bFSMsUWNkfb9Yo30szvdjPLRaiGBh/Oua6prkksCP
h7w1CeeK4WwWTairpYUQ/7Zbtxwe+eSLXxKfTj6/n0OUy4pQJlP4IHkeOHeBwOrl
H11citqsm4Fybdn3gemiJjO1wxncnRYUfmkq/Vqiy9idqs4/gfcHxV/TOzlWRFD/
qDzce5qpaTSpm8RDpRFM/GYuyfQUKXciWYOOWHSBYKQ5R9cW4TNOkcMetV4wri6K
FGNoNXmdvF1CNZwvrzaI3VErdZZT3G6K8VnWILpJVKagf8lt1IIxS6hX2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbKUWaAm3IOJa5DJJohR0FJ67A/MB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvSnNwUlpvQ2JjZzRscmtNa21pRkhRVW5yc0Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvISNMA0G
CSqGSIb3DQEBCwUAA4IBAQAsQVluaJY4q7JfmqzsD+XwADERRO+Q5E+5N5u8CYBO
4Y7tiGanyU+AwFffc1DrnwXzAbjuLqWCEpmNw5OQ172RHALclGQ1BxY+ri6tyCXL
i2ivXyTxLmgb3pPF486fO6biNfkdUaQk+MtZ/ciZGlKefr/FhEVzP75CjXq5YkQn
toyUtr5xzWsA2xbSQrVnCqB6M0fnla4adTubEyfNjgbzQe4XkFMRUycyJ9ru7q0W
l1uS48gy1SII0F21rM8ubgfSNbpEqNe6Q4FNHlgvLKeUaZiNFJbb8ODrKfhkcZ9B
Bt6noame0fVvx1l/deK5FEi8waCFcDL5cvTcGyo7aeMj
-----END CERTIFICATE-----