Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/iySUdl2maXzCYruFBJLBEzWFjUc.roa
File:                     iySUdl2maXzCYruFBJLBEzWFjUc.roa (raw, json)
Hash identifier:          +NohF4ACGF5x8uYaXgCiKAdRo2ZS5ai1+cYrbiHhDsQ=
Subject key identifier:   8B:24:94:76:5D:A6:69:7C:C2:62:BB:85:04:92:C1:13:35:85:8D:47
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018CC8DF8013487DC72749172DB3986BC748
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/iySUdl2maXzCYruFBJLBEzWFjUc.roa
Signing time:             Tue 02 Jan 2024 06:32:19 +0000
ROA not before:           Tue 02 Jan 2024 06:32:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197428
IP address blocks:        212.68.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:80:13:48:7d:c7:27:49:17:2d:b3:98:6b:c7:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 06:32:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b2494765da6697cc262bb850492c11335858d47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:fe:16:eb:59:74:19:dd:09:cc:c3:f6:3d:ae:
                    93:ad:8e:f7:18:fe:3d:67:44:4b:01:5c:76:a1:f4:
                    83:57:d8:d7:80:8a:83:bd:30:f7:02:ab:0d:e9:ba:
                    5e:ff:cd:83:9f:9f:56:7b:b0:2d:27:42:f1:86:6c:
                    e4:9f:ae:ae:92:13:57:80:0d:3a:5d:2a:41:50:22:
                    cd:32:db:24:75:7f:6f:1a:98:12:2a:62:88:b9:c2:
                    db:32:42:85:ff:f5:44:8c:6d:24:a3:02:d6:71:2a:
                    fd:8b:db:73:3d:4a:e5:19:42:0e:18:6c:d2:45:82:
                    0b:fb:a3:5d:a2:e3:8d:a2:43:6a:ab:d9:30:e0:0a:
                    e8:92:6a:8b:45:7f:6c:ac:4e:09:77:ef:72:31:26:
                    cd:2a:f6:b8:2e:5b:73:23:06:8e:cb:5d:98:46:a2:
                    69:23:61:c4:72:26:78:91:b4:51:f9:ee:ea:4a:60:
                    69:b9:10:b6:f2:a4:91:83:03:33:23:6f:35:ce:4c:
                    31:6b:45:c8:f6:af:16:9f:1a:99:cd:90:6a:be:b5:
                    c9:93:b5:4c:f6:57:92:57:da:d2:d8:c4:ab:2e:a3:
                    41:d7:f1:1d:e7:04:ce:2f:b1:7d:de:f3:27:05:e8:
                    63:58:80:d8:cf:c2:65:61:e6:97:3a:5d:89:18:df:
                    03:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:24:94:76:5D:A6:69:7C:C2:62:BB:85:04:92:C1:13:35:85:8D:47
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/iySUdl2maXzCYruFBJLBEzWFjUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.68.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:5d:4e:77:80:3c:be:ad:d3:8e:28:da:a9:15:00:44:95:4d:
         34:5d:c8:bc:f5:59:96:37:bd:c1:a4:98:8b:c6:eb:95:0b:26:
         45:12:21:fd:af:64:d7:c0:e5:43:10:07:b4:f6:b9:ba:86:67:
         c0:66:9b:43:5c:eb:18:ca:23:17:1a:4b:e9:79:2f:d5:8b:55:
         b1:c4:a8:b7:47:3e:4d:d8:22:a1:cd:f3:44:37:9e:bf:be:ec:
         e2:3d:48:bf:9d:26:17:f9:99:b7:32:11:dc:3c:60:d1:cb:7a:
         6f:fd:fe:d8:f8:99:cb:00:90:85:83:d4:ac:bb:c2:13:8e:4b:
         e3:a5:8c:6b:6c:06:a6:00:7a:80:64:cb:75:58:b9:05:c0:1a:
         36:28:d3:e5:46:d0:0f:ba:f5:ca:6b:eb:55:7d:da:82:e1:63:
         87:ea:67:90:e7:2e:42:36:56:9e:34:05:c8:8b:59:ce:4c:7c:
         5c:74:a5:ad:49:2f:b0:28:0f:11:a2:54:f5:b3:b5:b8:33:9b:
         3a:61:95:ca:ce:6e:07:59:d7:3e:90:ff:14:05:83:3e:3a:b2:
         e1:55:73:bf:39:f4:7c:e6:a1:f0:c4:f3:69:81:46:ad:5d:f4:
         cc:17:7c:15:50:bc:a4:b6:43:ef:0e:a5:ba:fc:7b:ef:05:1e:
         81:c7:36:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI34ATSH3HJ0kXLbOYa8dIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMTAyMDYzMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjI0OTQ3NjVkYTY2OTdjYzI2MmJiODUwNDkyYzExMzM1ODU4ZDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnf4W61l0Gd0JzMP2Pa6TrY73GP49
Z0RLAVx2ofSDV9jXgIqDvTD3AqsN6bpe/82Dn59We7AtJ0Lxhmzkn66ukhNXgA06
XSpBUCLNMtskdX9vGpgSKmKIucLbMkKF//VEjG0kowLWcSr9i9tzPUrlGUIOGGzS
RYIL+6NdouONokNqq9kw4ArokmqLRX9srE4Jd+9yMSbNKva4LltzIwaOy12YRqJp
I2HEciZ4kbRR+e7qSmBpuRC28qSRgwMzI281zkwxa0XI9q8WnxqZzZBqvrXJk7VM
9leSV9rS2MSrLqNB1/Ed5wTOL7F93vMnBehjWIDYz8JlYeaXOl2JGN8DWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIsklHZdpml8wmK7hQSSwRM1hY1HMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvaXlTVWRsMm1hWHpDWXJ1RkJKTEJFeldGalVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EQwMA0G
CSqGSIb3DQEBCwUAA4IBAQBVXU53gDy+rdOOKNqpFQBElU00Xci89VmWN73BpJiL
xuuVCyZFEiH9r2TXwOVDEAe09rm6hmfAZptDXOsYyiMXGkvpeS/Vi1WxxKi3Rz5N
2CKhzfNEN56/vuziPUi/nSYX+Zm3MhHcPGDRy3pv/f7Y+JnLAJCFg9Ssu8ITjkvj
pYxrbAamAHqAZMt1WLkFwBo2KNPlRtAPuvXKa+tVfdqC4WOH6meQ5y5CNlaeNAXI
i1nOTHxcdKWtSS+wKA8RolT1s7W4M5s6YZXKzm4HWdc+kP8UBYM+OrLhVXO/OfR8
5qHwxPNpgUatXfTMF3wVULyktkPvDqW6/HvvBR6Bxza1
-----END CERTIFICATE-----