Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/rxd4c85bFdPd0fNrs_hqVaaFFN8.roa
File:                     rxd4c85bFdPd0fNrs_hqVaaFFN8.roa (raw, json)
Hash identifier:          Qmfo2JSigB+ilXr1BG7Yar+DPSYq2SCgLtUAHV3yu1Q=
Subject key identifier:   AF:17:78:73:CE:5B:15:D3:DD:D1:F3:6B:B3:F8:6A:55:A6:85:14:DF
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018CC8DF8B1AD40CFBC52CCDE26904C4ABE2
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/rxd4c85bFdPd0fNrs_hqVaaFFN8.roa
Signing time:             Tue 02 Jan 2024 06:32:22 +0000
ROA not before:           Tue 02 Jan 2024 06:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207474
IP address blocks:        188.132.146.0/24 maxlen: 24
                          188.132.166.0/24 maxlen: 24
                          188.132.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 06:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:8b:1a:d4:0c:fb:c5:2c:cd:e2:69:04:c4:ab:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 06:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af177873ce5b15d3ddd1f36bb3f86a55a68514df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:33:3e:63:94:81:60:fa:d0:d5:e3:66:ce:03:
                    10:5a:2e:c1:f9:de:51:ec:69:5a:89:6f:ad:3a:e3:
                    5b:69:e4:e5:f4:2b:04:6a:4d:cb:eb:0e:fe:cf:4d:
                    77:da:a8:88:98:9e:96:40:d5:61:2a:41:c7:fa:fc:
                    d9:f7:21:d9:7f:fa:86:03:d1:94:0c:d8:a9:80:cb:
                    91:77:19:04:34:0d:85:16:bc:e6:97:22:02:14:98:
                    f8:e4:21:81:30:44:af:aa:73:4e:94:b5:07:45:d9:
                    8c:d0:bf:31:57:fd:5e:c2:ef:d3:88:31:9c:f3:8e:
                    39:54:af:08:14:44:7e:d1:e8:3c:ad:9e:6e:b9:98:
                    5f:c6:75:d4:86:a7:d6:81:b2:47:af:07:0f:cb:33:
                    cf:4e:60:3d:22:ac:7d:2b:b2:4d:7f:e4:ce:84:a8:
                    ed:52:8e:db:f9:e9:2e:e1:f1:eb:f3:57:c2:4c:b9:
                    ee:e1:50:ff:1f:c3:15:65:8a:98:ae:61:6f:1f:32:
                    6c:a5:ff:87:9c:7f:91:05:47:da:e4:28:e9:2d:09:
                    55:15:79:66:8f:55:82:1b:c3:79:5f:ee:0b:59:df:
                    f7:6a:e0:bc:f2:08:a8:5c:22:1f:5b:46:99:57:d9:
                    a7:26:26:9a:8f:b4:6d:c0:fa:f5:25:02:c5:72:fc:
                    1e:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:17:78:73:CE:5B:15:D3:DD:D1:F3:6B:B3:F8:6A:55:A6:85:14:DF
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/rxd4c85bFdPd0fNrs_hqVaaFFN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.146.0/24
                  188.132.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a5:b7:5d:09:78:e6:05:8c:a4:54:d5:8d:e4:0a:2e:c8:c6:8c:
         5f:f2:7e:42:49:9c:1a:28:cf:b2:f8:c9:de:c7:82:db:4b:b1:
         78:ad:39:81:5b:bb:f3:e3:51:97:1b:ac:60:43:1f:fc:40:58:
         0b:23:6c:a4:b8:2f:85:fb:46:c0:4d:0c:69:4f:53:2a:6d:b8:
         61:87:d2:0a:4a:16:b8:c8:f0:1a:94:b5:76:f0:99:7c:74:c2:
         e5:0f:bd:df:27:d3:f0:36:e6:f9:d2:bd:a3:ae:80:3b:d1:ea:
         bf:7d:a8:79:ac:10:dd:bb:5f:78:24:b9:fe:86:e5:d8:f3:f6:
         7e:ff:6e:30:8b:9a:07:1d:7c:2a:52:bc:86:9c:a4:6a:bd:f5:
         4e:da:1d:c4:78:e1:22:b4:30:ce:ff:bc:ad:6c:ca:54:54:86:
         06:62:2a:61:82:a9:c1:a9:4b:f7:51:11:cc:5c:e6:3a:2c:90:
         16:6f:1e:b8:c0:fc:df:cf:5f:18:35:c7:2f:09:24:73:e1:e5:
         a9:ef:c9:92:21:24:2a:bb:5a:1c:97:d3:02:6f:4b:66:ee:f5:
         3d:ae:e2:65:81:29:04:bd:59:35:b5:84:fc:56:b8:10:f8:c2:
         42:16:4e:ab:41:fd:24:bd:c4:9d:73:c1:24:e4:07:4c:fd:a7:
         d3:06:3f:8e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI34sa1Az7xSzN4mkExKviMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMTAyMDYzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjE3Nzg3M2NlNWIxNWQzZGRkMWYzNmJiM2Y4NmE1NWE2ODUxNGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6TM+Y5SBYPrQ1eNmzgMQWi7B+d5R
7GlaiW+tOuNbaeTl9CsEak3L6w7+z0132qiImJ6WQNVhKkHH+vzZ9yHZf/qGA9GU
DNipgMuRdxkENA2FFrzmlyICFJj45CGBMESvqnNOlLUHRdmM0L8xV/1ewu/TiDGc
8445VK8IFER+0eg8rZ5uuZhfxnXUhqfWgbJHrwcPyzPPTmA9Iqx9K7JNf+TOhKjt
Uo7b+eku4fHr81fCTLnu4VD/H8MVZYqYrmFvHzJspf+HnH+RBUfa5CjpLQlVFXlm
j1WCG8N5X+4LWd/3auC88gioXCIfW0aZV9mnJiaaj7RtwPr1JQLFcvweZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK8XeHPOWxXT3dHza7P4alWmhRTfMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvcnhkNGM4NWJGZFBkMGZOcnNfaHFWYWFGRk44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvISSAwQB
vISmMA0GCSqGSIb3DQEBCwUAA4IBAQClt10JeOYFjKRU1Y3kCi7Ixoxf8n5CSZwa
KM+y+Mnex4LbS7F4rTmBW7vz41GXG6xgQx/8QFgLI2ykuC+F+0bATQxpT1Mqbbhh
h9IKSha4yPAalLV28Jl8dMLlD73fJ9PwNub50r2jroA70eq/fah5rBDdu194JLn+
huXY8/Z+/24wi5oHHXwqUryGnKRqvfVO2h3EeOEitDDO/7ytbMpUVIYGYiphgqnB
qUv3URHMXOY6LJAWbx64wPzfz18YNccvCSRz4eWp78mSISQqu1ocl9MCb0tm7vU9
ruJlgSkEvVk1tYT8VrgQ+MJCFk6rQf0kvcSdc8Ek5AdM/afTBj+O
-----END CERTIFICATE-----