Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/SZIbuxuvDCaVGSUmHY_UnWeMpnE.roa
File:                     SZIbuxuvDCaVGSUmHY_UnWeMpnE.roa (raw, json)
Hash identifier:          VwRW8hObQvFeuwYafBfwN6njNnCQkrnYjr6nvm44kqg=
Subject key identifier:   49:92:1B:BB:1B:AF:0C:26:95:19:25:26:1D:8F:D4:9D:67:8C:A6:71
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       0191328779CE939B1E737855EFFF41F6469B
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/SZIbuxuvDCaVGSUmHY_UnWeMpnE.roa
Signing time:             Thu 08 Aug 2024 15:07:04 +0000
ROA not before:           Thu 08 Aug 2024 15:07:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211557
IP address blocks:        188.132.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:32:87:79:ce:93:9b:1e:73:78:55:ef:ff:41:f6:46:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Aug  8 15:07:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49921bbb1baf0c26951925261d8fd49d678ca671
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:86:9c:f3:dc:f3:e3:90:73:88:09:6e:38:44:
                    a5:81:30:8f:8b:6a:2d:cd:f9:bb:b7:50:26:fc:27:
                    b6:5c:6c:fe:64:a0:b7:c6:78:73:2d:46:63:5d:96:
                    fd:f4:7e:8d:e3:ba:b4:99:1d:86:ba:31:5d:60:16:
                    5d:eb:02:9c:6e:b6:f2:4f:15:88:91:62:76:e8:c3:
                    c6:a6:a8:87:13:b9:b1:b6:b2:56:2c:90:24:6c:2f:
                    b3:9f:26:e9:4d:e1:52:b3:47:4b:f5:9a:de:70:d4:
                    c5:07:67:70:4f:b0:1a:6d:4b:a9:c7:78:b0:eb:e6:
                    70:ec:0e:73:f3:23:45:9b:80:c3:73:73:5e:d5:17:
                    1e:86:a5:24:51:35:d7:e7:f5:27:9c:27:56:40:94:
                    b1:49:a6:12:9b:d5:ed:31:31:3c:ba:ec:d0:b0:c3:
                    31:ed:4e:9d:21:09:82:b9:cd:41:da:99:12:2f:6e:
                    ce:76:fe:07:8f:df:64:74:1b:7c:db:f9:a8:17:df:
                    b9:a6:03:5e:ce:eb:ca:aa:20:07:df:f3:a2:ed:e8:
                    8c:93:2a:ba:d4:61:0d:43:77:5e:2e:df:f9:d6:70:
                    c1:e1:eb:75:8c:a4:ce:f8:e5:ae:fa:5f:6f:43:fb:
                    c5:3c:74:3b:c1:35:8f:38:b6:4c:7b:8a:f5:f1:13:
                    5c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:92:1B:BB:1B:AF:0C:26:95:19:25:26:1D:8F:D4:9D:67:8C:A6:71
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/SZIbuxuvDCaVGSUmHY_UnWeMpnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:bf:a4:8b:13:83:63:78:9b:c2:1f:13:c7:6b:3a:38:32:80:
         87:09:b5:eb:1c:f7:15:aa:83:37:0f:6b:d7:11:7e:c5:f2:85:
         60:8a:10:ff:6c:1e:a8:b1:42:50:ff:2e:45:49:32:71:b5:64:
         23:dd:23:28:a2:15:30:0a:44:b7:9e:0b:a6:4e:b3:b1:29:5a:
         da:27:72:7e:2b:6f:24:ad:01:64:49:c7:19:0f:47:1c:99:a0:
         67:fd:cb:b7:b8:c8:31:35:cc:b9:2e:fa:87:fb:69:93:56:aa:
         ba:12:82:aa:f6:67:11:bf:ae:ce:80:68:39:83:0f:4d:f7:22:
         ab:d6:db:a6:76:10:f5:20:fd:ef:b8:63:64:91:9a:61:d5:64:
         81:9b:f4:e0:0b:89:72:75:7b:ae:7f:90:28:1d:3b:ea:ed:ae:
         f9:b4:41:3c:4f:98:23:ce:f7:86:6c:89:94:d3:9f:44:ad:fb:
         bb:22:87:6d:3a:11:3d:1e:d8:85:5d:ec:5a:37:25:6c:9a:76:
         11:2e:ad:36:92:dd:8f:df:33:cb:2f:c4:29:f9:f8:06:c9:11:
         17:83:f2:f1:d3:f3:1b:63:98:ec:0e:9a:0a:fb:60:0c:1d:30:
         d9:5b:9c:f5:16:03:ee:bd:8e:1a:f6:9f:63:ab:ec:43:7a:b7:
         eb:64:a5:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEyh3nOk5sec3hV7/9B9kabMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwODA4MTUwNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTkyMWJiYjFiYWYwYzI2OTUxOTI1MjYxZDhmZDQ5ZDY3OGNhNjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYac89zz45BziAluOESlgTCPi2ot
zfm7t1Am/Ce2XGz+ZKC3xnhzLUZjXZb99H6N47q0mR2GujFdYBZd6wKcbrbyTxWI
kWJ26MPGpqiHE7mxtrJWLJAkbC+znybpTeFSs0dL9ZrecNTFB2dwT7AabUupx3iw
6+Zw7A5z8yNFm4DDc3Ne1RcehqUkUTXX5/UnnCdWQJSxSaYSm9XtMTE8uuzQsMMx
7U6dIQmCuc1B2pkSL27Odv4Hj99kdBt82/moF9+5pgNezuvKqiAH3/Oi7eiMkyq6
1GENQ3deLt/51nDB4et1jKTO+OWu+l9vQ/vFPHQ7wTWPOLZMe4r18RNc9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEmSG7sbrwwmlRklJh2P1J1njKZxMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvU1pJYnV4dXZEQ2FWR1NVbUhZX1VuV2VNcG5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvITtMA0G
CSqGSIb3DQEBCwUAA4IBAQCLv6SLE4NjeJvCHxPHazo4MoCHCbXrHPcVqoM3D2vX
EX7F8oVgihD/bB6osUJQ/y5FSTJxtWQj3SMoohUwCkS3ngumTrOxKVraJ3J+K28k
rQFkSccZD0ccmaBn/cu3uMgxNcy5LvqH+2mTVqq6EoKq9mcRv67OgGg5gw9N9yKr
1tumdhD1IP3vuGNkkZph1WSBm/TgC4lydXuuf5AoHTvq7a75tEE8T5gjzveGbImU
059Erfu7IodtOhE9HtiFXexaNyVsmnYRLq02kt2P3zPLL8Qp+fgGyREXg/Lx0/Mb
Y5jsDpoK+2AMHTDZW5z1FgPuvY4a9p9jq+xDerfrZKUT
-----END CERTIFICATE-----