Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/TF4spckjLUc1ZHsUbApDo5iMzl0.roa
File:                     TF4spckjLUc1ZHsUbApDo5iMzl0.roa (raw, json)
Hash identifier:          pl2e/WhF7SHc1sxmQadQZ3/2yz4UzhETDfSp/OyYTzg=
Subject key identifier:   4C:5E:2C:A5:C9:23:2D:47:35:64:7B:14:6C:0A:43:A3:98:8C:CE:5D
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018E5667291C85CE10A4804FB48A75E9AB09
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/TF4spckjLUc1ZHsUbApDo5iMzl0.roa
Signing time:             Tue 19 Mar 2024 11:09:45 +0000
ROA not before:           Tue 19 Mar 2024 11:09:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199484
IP address blocks:        188.132.210.0/24 maxlen: 24
                          188.132.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:56:67:29:1c:85:ce:10:a4:80:4f:b4:8a:75:e9:ab:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Mar 19 11:09:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c5e2ca5c9232d4735647b146c0a43a3988cce5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:37:27:bf:c5:46:8f:c6:b1:22:c7:46:d8:75:
                    6d:7e:5e:6d:da:e5:d7:f9:54:f0:42:89:73:8e:f0:
                    b3:42:42:78:0d:44:81:cc:f6:d8:2b:59:de:f9:41:
                    dc:bc:28:83:bf:18:d2:86:78:ba:bc:96:11:03:01:
                    ad:e4:dc:86:7b:30:26:93:c0:34:c1:32:ff:78:ae:
                    23:a0:5b:1b:e1:a4:30:7d:36:08:f6:be:de:a1:a2:
                    89:d9:96:e4:ab:20:46:f6:85:2c:e7:01:87:4b:39:
                    29:89:42:f8:39:9b:c0:64:cc:a1:a4:e5:91:19:9e:
                    2e:74:7a:39:a1:8d:c1:f7:82:67:b0:12:fd:9c:61:
                    4e:07:90:5f:14:13:45:8f:7c:86:15:8b:66:c7:60:
                    a3:7b:ad:fa:bd:37:ed:e1:29:c7:09:32:36:91:f1:
                    e6:a4:79:e7:43:f1:90:81:a6:25:81:1f:98:23:54:
                    c1:ae:a7:20:4d:b8:a0:81:2c:83:23:01:9c:d2:09:
                    d8:52:0a:fa:ee:85:48:a8:62:71:58:ad:b7:4b:7d:
                    38:2a:71:bc:b4:81:a6:8c:0c:f8:3b:0b:b0:a4:cc:
                    f8:f4:7d:49:c8:83:12:b9:81:a4:37:e4:4d:fe:6e:
                    27:69:3d:df:e8:bd:a0:df:26:49:43:21:27:ce:fe:
                    09:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:5E:2C:A5:C9:23:2D:47:35:64:7B:14:6C:0A:43:A3:98:8C:CE:5D
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/TF4spckjLUc1ZHsUbApDo5iMzl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:3c:37:19:77:b6:e2:cc:33:6a:ed:6a:d2:87:70:c4:54:10:
         ef:75:a1:5c:f8:16:6d:2f:de:a1:ca:22:0d:00:6a:37:85:44:
         e0:17:19:74:90:96:24:a7:0d:0d:9b:96:7a:6f:66:5b:a2:44:
         ef:ad:8f:11:7a:91:29:4f:28:70:8f:cf:23:66:5e:97:88:a2:
         89:bc:67:fd:be:02:be:1d:05:17:7c:a3:5a:cc:41:e5:5a:21:
         54:5f:0c:e6:08:3d:32:d8:8a:a1:1f:75:0b:28:9b:fa:c5:33:
         c4:7e:1e:9f:f6:d6:14:4f:14:a6:2f:0a:13:68:4f:a5:d6:52:
         d9:d2:35:3e:94:9f:53:9b:e6:6a:13:25:b1:4d:1e:05:45:6f:
         8b:ff:e2:a1:b2:dd:7b:76:3f:6b:d9:d1:82:61:4c:40:41:f1:
         33:b7:4c:6b:17:9b:12:22:56:4f:7d:8d:fe:f3:be:31:96:5b:
         cb:fe:ac:6b:92:16:40:67:eb:ea:16:77:ed:e7:46:d9:66:40:
         23:a1:6e:1e:db:27:58:70:57:85:bd:7b:9e:06:90:cf:76:17:
         b3:cb:df:61:5c:1d:1d:c1:b3:42:1f:36:91:31:ac:96:01:73:
         9d:4f:ab:37:99:ff:13:f1:53:c9:1c:25:4f:aa:a5:d6:c5:5b:
         8c:72:db:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5WZykchc4QpIBPtIp16asJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMzE5MTEwOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzVlMmNhNWM5MjMyZDQ3MzU2NDdiMTQ2YzBhNDNhMzk4OGNjZTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljcnv8VGj8axIsdG2HVtfl5t2uXX
+VTwQolzjvCzQkJ4DUSBzPbYK1ne+UHcvCiDvxjShni6vJYRAwGt5NyGezAmk8A0
wTL/eK4joFsb4aQwfTYI9r7eoaKJ2ZbkqyBG9oUs5wGHSzkpiUL4OZvAZMyhpOWR
GZ4udHo5oY3B94JnsBL9nGFOB5BfFBNFj3yGFYtmx2Cje636vTft4SnHCTI2kfHm
pHnnQ/GQgaYlgR+YI1TBrqcgTbiggSyDIwGc0gnYUgr67oVIqGJxWK23S304KnG8
tIGmjAz4OwuwpMz49H1JyIMSuYGkN+RN/m4naT3f6L2g3yZJQyEnzv4JTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExeLKXJIy1HNWR7FGwKQ6OYjM5dMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvVEY0c3Bja2pMVWMxWkhzVWJBcERvNWlNemwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvITSMA0G
CSqGSIb3DQEBCwUAA4IBAQB6PDcZd7bizDNq7WrSh3DEVBDvdaFc+BZtL96hyiIN
AGo3hUTgFxl0kJYkpw0Nm5Z6b2ZbokTvrY8RepEpTyhwj88jZl6XiKKJvGf9vgK+
HQUXfKNazEHlWiFUXwzmCD0y2IqhH3ULKJv6xTPEfh6f9tYUTxSmLwoTaE+l1lLZ
0jU+lJ9Tm+ZqEyWxTR4FRW+L/+Khst17dj9r2dGCYUxAQfEzt0xrF5sSIlZPfY3+
874xllvL/qxrkhZAZ+vqFnft50bZZkAjoW4e2ydYcFeFvXueBpDPdhezy99hXB0d
wbNCHzaRMayWAXOdT6s3mf8T8VPJHCVPqqXWxVuMctv4
-----END CERTIFICATE-----