Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/paxXkzZTgJfcVFOeqF0bqw8F9Z4.roa
File:                     paxXkzZTgJfcVFOeqF0bqw8F9Z4.roa (raw, json)
Hash identifier:          YGBcM/FiaYJ5fnGN6k70QhGsc+AdVRB4uWCv0ExaPpo=
Subject key identifier:   A5:AC:57:93:36:53:80:97:DC:54:53:9E:A8:5D:1B:AB:0F:05:F5:9E
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018CC8DF81B0D9C8E19F95A3CD8824DB4315
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/paxXkzZTgJfcVFOeqF0bqw8F9Z4.roa
Signing time:             Tue 02 Jan 2024 06:32:19 +0000
ROA not before:           Tue 02 Jan 2024 06:32:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198662
IP address blocks:        188.132.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 06:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:81:b0:d9:c8:e1:9f:95:a3:cd:88:24:db:43:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 06:32:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5ac579336538097dc54539ea85d1bab0f05f59e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:16:26:f4:63:34:2c:c6:f7:9b:35:a9:37:ae:
                    4d:33:b0:f1:49:95:0a:a7:d2:11:a3:a3:6c:0a:36:
                    57:a7:0a:80:db:02:d9:fa:7d:95:1d:52:58:b6:e0:
                    52:9c:a7:0d:5f:1f:a9:69:d3:5c:ca:5c:6c:57:e4:
                    d6:22:fe:28:a8:4e:da:24:da:bd:60:c6:57:52:cc:
                    eb:af:51:d5:31:7b:00:1e:62:74:8b:d2:2f:dd:b3:
                    e4:69:8b:9e:9d:91:66:57:cf:0f:50:d7:02:78:d4:
                    81:45:51:d9:62:1e:c2:0b:ad:c3:d8:40:d4:e7:d0:
                    f7:15:de:09:48:8d:c7:ed:96:14:90:87:bc:1c:89:
                    1e:32:51:ba:2f:f1:a5:80:81:38:5c:0f:23:19:90:
                    fa:bb:a6:52:36:9d:b2:8f:10:4f:63:34:74:98:4d:
                    26:dd:67:57:db:b1:49:27:90:51:0a:7c:9d:9e:80:
                    84:0f:4b:9b:8d:9d:0c:08:60:38:de:64:52:1b:32:
                    4e:93:df:87:d2:71:6e:37:07:22:7e:89:28:ce:4b:
                    96:92:ac:8c:ef:e4:15:1a:2f:4a:0b:be:a9:27:b1:
                    1c:b9:89:cf:89:7a:5a:0f:31:f1:a7:45:e1:1d:aa:
                    be:80:53:f6:f5:81:8b:1b:fb:10:a3:10:24:1d:66:
                    ea:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:AC:57:93:36:53:80:97:DC:54:53:9E:A8:5D:1B:AB:0F:05:F5:9E
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/paxXkzZTgJfcVFOeqF0bqw8F9Z4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:9a:f2:2c:16:60:af:3d:88:d0:e0:a8:65:62:38:54:0c:76:
         4b:d5:cb:9e:2f:87:9a:f9:9c:34:05:7d:16:96:ab:86:99:fd:
         b8:f0:18:df:51:cd:a5:79:25:90:52:92:f2:df:c1:c3:a8:b2:
         2f:2f:ef:fd:d6:0d:00:6b:e9:90:58:a8:92:52:37:45:a2:93:
         43:18:60:69:0f:d8:5e:d2:78:a6:5f:1a:b7:ca:ab:ce:43:43:
         b5:90:39:dd:57:7b:59:b2:54:2b:48:ca:d2:9f:0c:9f:bb:b6:
         5d:85:ee:75:1f:71:8a:e5:70:3b:a6:01:cb:75:ee:f8:91:38:
         d2:0a:da:4a:a3:42:5f:3d:56:e4:ce:c9:dd:38:fc:5a:13:dc:
         bd:92:76:db:9e:b0:7e:93:dc:f1:29:e8:9d:ac:12:c8:36:01:
         a2:61:02:37:43:de:5f:04:b8:52:67:bb:4b:c6:9a:a4:96:93:
         1e:6e:5b:c9:cd:56:2c:99:66:f2:ee:5f:23:a4:42:ac:05:a5:
         95:22:91:8a:e6:f6:1d:19:ec:fd:b2:21:6d:3c:76:3a:eb:4b:
         2b:36:bd:79:6c:c2:40:8c:b9:55:a4:5e:79:85:98:57:7f:a2:
         88:8e:b3:54:48:ac:17:d2:50:1c:df:75:7b:75:70:7b:08:83:
         d8:5e:a8:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI34Gw2cjhn5WjzYgk20MVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMTAyMDYzMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWFjNTc5MzM2NTM4MDk3ZGM1NDUzOWVhODVkMWJhYjBmMDVmNTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBYm9GM0LMb3mzWpN65NM7DxSZUK
p9IRo6NsCjZXpwqA2wLZ+n2VHVJYtuBSnKcNXx+padNcylxsV+TWIv4oqE7aJNq9
YMZXUszrr1HVMXsAHmJ0i9Iv3bPkaYuenZFmV88PUNcCeNSBRVHZYh7CC63D2EDU
59D3Fd4JSI3H7ZYUkIe8HIkeMlG6L/GlgIE4XA8jGZD6u6ZSNp2yjxBPYzR0mE0m
3WdX27FJJ5BRCnydnoCED0ubjZ0MCGA43mRSGzJOk9+H0nFuNwcifokozkuWkqyM
7+QVGi9KC76pJ7EcuYnPiXpaDzHxp0XhHaq+gFP29YGLG/sQoxAkHWbqewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKWsV5M2U4CX3FRTnqhdG6sPBfWeMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvcGF4WGt6WlRnSmZjVkZPZXFGMGJxdzhGOVo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvISkMA0G
CSqGSIb3DQEBCwUAA4IBAQComvIsFmCvPYjQ4KhlYjhUDHZL1cueL4ea+Zw0BX0W
lquGmf248BjfUc2leSWQUpLy38HDqLIvL+/91g0Aa+mQWKiSUjdFopNDGGBpD9he
0nimXxq3yqvOQ0O1kDndV3tZslQrSMrSnwyfu7Zdhe51H3GK5XA7pgHLde74kTjS
CtpKo0JfPVbkzsndOPxaE9y9knbbnrB+k9zxKeidrBLINgGiYQI3Q95fBLhSZ7tL
xpqklpMeblvJzVYsmWby7l8jpEKsBaWVIpGK5vYdGez9siFtPHY660srNr15bMJA
jLlVpF55hZhXf6KIjrNUSKwX0lAc33V7dXB7CIPYXqjS
-----END CERTIFICATE-----