Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/Too2LbehDENeKoJTj5vwe7B-MuY.roa
File:                     Too2LbehDENeKoJTj5vwe7B-MuY.roa (raw, json)
Hash identifier:          Bn4GRqzw85L4D6KNEd5dkJW35rI8+j1buRnU6ZSiCGg=
Subject key identifier:   4E:8A:36:2D:B7:A1:0C:43:5E:2A:82:53:8F:9B:F0:7B:B0:7E:32:E6
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018CC8DF84563DFFEC4D981D77B58DFCAE4E
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/Too2LbehDENeKoJTj5vwe7B-MuY.roa
Signing time:             Tue 02 Jan 2024 06:32:20 +0000
ROA not before:           Tue 02 Jan 2024 06:32:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201233
IP address blocks:        188.132.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:84:56:3d:ff:ec:4d:98:1d:77:b5:8d:fc:ae:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 06:32:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e8a362db7a10c435e2a82538f9bf07bb07e32e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:22:23:f5:b4:35:95:87:b7:57:7d:17:76:2e:
                    7c:01:18:a8:b2:c2:23:ee:41:0d:cb:49:78:81:e8:
                    be:a3:d7:d5:80:7a:4c:d6:3f:b3:89:3d:76:43:b2:
                    8d:2e:7a:e3:e8:03:21:3e:e6:00:54:b0:3f:0a:df:
                    d4:c7:68:9c:76:1e:fb:70:25:0a:fc:a9:af:ef:ec:
                    72:68:50:a2:5a:48:14:98:ca:4d:52:de:9a:21:5c:
                    02:9c:db:3d:a9:7e:1b:5c:ef:61:29:17:a2:38:3f:
                    e4:02:f8:11:09:53:41:a9:26:fe:8e:30:6c:0c:a1:
                    90:01:35:53:ce:87:d5:61:1d:7c:b9:e4:1d:38:a4:
                    67:31:b9:3c:31:38:fd:26:5e:6b:5f:76:a7:26:16:
                    60:1f:f4:7f:f4:84:8c:97:8b:9f:94:4a:40:9e:40:
                    9d:db:4b:f0:f9:9a:91:86:f8:14:d0:a8:5e:37:92:
                    29:64:6f:91:a9:fc:a8:06:08:ff:74:80:e9:b6:62:
                    bd:5e:ae:a9:3b:c9:bb:eb:8c:97:14:ab:d4:c6:b1:
                    b4:85:a5:34:b3:ff:fd:d7:b0:21:55:1f:30:8f:e3:
                    b4:7d:5c:ea:b8:b3:ee:27:e1:f1:6f:bd:30:fb:7e:
                    91:8c:eb:69:ac:8d:92:29:f5:2d:2b:7c:d0:64:9b:
                    23:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:8A:36:2D:B7:A1:0C:43:5E:2A:82:53:8F:9B:F0:7B:B0:7E:32:E6
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/Too2LbehDENeKoJTj5vwe7B-MuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:bd:3a:1d:13:ad:29:2a:dd:9c:11:77:ea:1f:5a:54:5d:9f:
         c6:e6:57:e6:91:f9:f0:34:1a:4f:3a:2d:cb:ff:7a:34:c2:20:
         e5:ff:d4:e7:5e:a1:b2:41:ff:88:17:1d:e7:f5:eb:18:25:9c:
         90:85:e0:0f:92:bc:7d:d8:07:74:8c:74:ba:73:ae:b7:f4:61:
         4f:a9:60:02:b1:cf:cd:fe:c8:7b:41:03:00:7e:32:d4:5a:39:
         22:38:13:ac:3d:1f:dd:ec:9a:36:f8:ef:cc:4b:6e:80:71:c6:
         9e:24:39:13:1e:f5:ae:07:46:90:ee:5b:fc:fb:4c:36:7f:2b:
         fc:42:f6:6e:53:56:35:26:84:2a:fe:d3:cb:ec:58:a0:97:cd:
         57:29:25:54:17:53:11:41:dd:da:fd:64:a6:8f:9f:5d:b0:07:
         26:1d:77:59:d8:40:d1:eb:59:0b:f4:02:8f:0e:ce:4d:0a:16:
         7c:5a:26:c3:91:2f:aa:cc:64:f6:60:01:1a:e2:75:d7:24:a5:
         bf:a2:e4:48:01:f4:fa:0e:83:95:e3:da:5d:32:7e:7d:58:b2:
         c8:07:5f:c2:cb:2b:da:11:15:cb:04:6f:56:95:e8:59:51:dc:
         e3:22:22:c5:be:a3:aa:33:9e:dd:3c:2a:42:95:b4:54:8e:1f:
         4a:6d:cc:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI34RWPf/sTZgdd7WN/K5OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMTAyMDYzMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZThhMzYyZGI3YTEwYzQzNWUyYTgyNTM4ZjliZjA3YmIwN2UzMmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhyIj9bQ1lYe3V30Xdi58ARiossIj
7kENy0l4gei+o9fVgHpM1j+ziT12Q7KNLnrj6AMhPuYAVLA/Ct/Ux2icdh77cCUK
/Kmv7+xyaFCiWkgUmMpNUt6aIVwCnNs9qX4bXO9hKReiOD/kAvgRCVNBqSb+jjBs
DKGQATVTzofVYR18ueQdOKRnMbk8MTj9Jl5rX3anJhZgH/R/9ISMl4uflEpAnkCd
20vw+ZqRhvgU0KheN5IpZG+RqfyoBgj/dIDptmK9Xq6pO8m764yXFKvUxrG0haU0
s//917AhVR8wj+O0fVzquLPuJ+Hxb70w+36RjOtprI2SKfUtK3zQZJsjiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE6KNi23oQxDXiqCU4+b8HuwfjLmMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvVG9vMkxiZWhERU5lS29KVGo1dndlN0ItTXVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvITBMA0G
CSqGSIb3DQEBCwUAA4IBAQBMvTodE60pKt2cEXfqH1pUXZ/G5lfmkfnwNBpPOi3L
/3o0wiDl/9TnXqGyQf+IFx3n9esYJZyQheAPkrx92Ad0jHS6c6639GFPqWACsc/N
/sh7QQMAfjLUWjkiOBOsPR/d7Jo2+O/MS26AccaeJDkTHvWuB0aQ7lv8+0w2fyv8
QvZuU1Y1JoQq/tPL7Figl81XKSVUF1MRQd3a/WSmj59dsAcmHXdZ2EDR61kL9AKP
Ds5NChZ8WibDkS+qzGT2YAEa4nXXJKW/ouRIAfT6DoOV49pdMn59WLLIB1/Cyyva
ERXLBG9WlehZUdzjIiLFvqOqM57dPCpClbRUjh9Kbcza
-----END CERTIFICATE-----