Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/tE-7Mw9LlDghOo1n-jT2523-CPo.roa
File:                     tE-7Mw9LlDghOo1n-jT2523-CPo.roa (raw, json)
Hash identifier:          B+ppcChOoqLSvaSopbAwqThiGBYSZ/W21HQ2YD89XQM=
Subject key identifier:   B4:4F:BB:33:0F:4B:94:38:21:3A:8D:67:FA:34:F6:E7:6D:FE:08:FA
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018CC8DF8799F5A0F041D8F9C6C8A857747E
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/tE-7Mw9LlDghOo1n-jT2523-CPo.roa
Signing time:             Tue 02 Jan 2024 06:32:21 +0000
ROA not before:           Tue 02 Jan 2024 06:32:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205463
IP address blocks:        188.132.130.0/24 maxlen: 24
                          188.132.165.0/24 maxlen: 24
                          188.132.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:87:99:f5:a0:f0:41:d8:f9:c6:c8:a8:57:74:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 06:32:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b44fbb330f4b9438213a8d67fa34f6e76dfe08fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:18:b4:fb:a6:cb:b0:65:71:c6:e9:32:ec:9e:
                    c2:dd:8f:ee:73:9e:29:96:95:79:23:8b:c8:b8:25:
                    81:bd:34:a2:c8:ba:fb:25:f5:e1:01:8c:95:f9:5f:
                    87:09:58:d5:09:a8:e2:36:7d:22:7f:af:7f:b5:27:
                    b8:eb:41:e4:11:30:a0:b3:fe:c5:78:f0:0e:93:7f:
                    f4:71:1d:6f:ed:32:a5:52:3f:d2:68:13:31:6b:32:
                    e9:de:eb:44:4f:f9:f0:d0:a1:6e:f5:7f:18:74:53:
                    7f:ee:7f:2b:59:3e:99:0a:2d:b5:b8:2a:fe:8b:3a:
                    8b:78:f1:d7:33:5e:e9:d3:05:4f:b1:60:91:1a:f2:
                    92:b9:d0:d3:b0:de:e7:64:75:8b:c0:b2:a8:3e:92:
                    a7:fd:06:2e:da:71:e9:27:ff:7f:1a:96:68:81:2b:
                    b3:0a:e5:76:e4:72:a7:46:d9:de:74:43:97:42:68:
                    a9:b6:78:e5:20:98:43:fd:0b:35:95:03:8e:f5:3d:
                    27:7d:ee:f6:e6:91:80:2d:0a:7a:80:5e:0b:84:f0:
                    45:58:13:11:78:05:54:c4:b7:0e:6a:52:41:2f:0e:
                    83:72:42:e0:6b:60:6b:33:77:28:5d:1f:d4:55:f0:
                    2f:e8:d2:a3:3e:2f:e9:8e:a5:8a:0d:61:8f:40:75:
                    cf:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:4F:BB:33:0F:4B:94:38:21:3A:8D:67:FA:34:F6:E7:6D:FE:08:FA
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/tE-7Mw9LlDghOo1n-jT2523-CPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.130.0/24
                  188.132.165.0/24
                  188.132.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:74:4d:ef:29:24:df:3d:3b:44:7d:9c:81:56:e3:da:f8:50:
         af:6b:fe:1d:42:a2:b6:f0:34:a2:af:9a:51:97:f1:b0:af:9d:
         4d:e1:40:63:a6:87:4f:f5:6a:5f:70:76:f3:ac:ec:fc:58:cf:
         b6:e7:38:0b:49:f4:c1:c1:c7:01:81:c0:6e:9d:0e:a2:2a:31:
         3e:2e:79:65:09:ea:a6:67:f1:36:51:a3:b0:43:d6:14:f3:e5:
         0c:53:86:27:b7:f5:9b:d3:82:a1:5c:04:8f:d7:88:25:27:85:
         db:76:01:94:62:d6:07:c9:a2:27:4d:12:db:49:77:95:13:a1:
         10:d7:5b:60:66:7a:c0:05:d7:79:f4:60:33:df:ab:31:d1:92:
         49:fb:d7:00:15:67:91:af:9e:7d:8f:6e:54:cc:f1:06:f2:e2:
         7e:76:ca:20:0f:32:e3:3d:5d:03:ca:ba:34:d4:7b:8c:ec:11:
         8e:b3:6c:b5:5f:de:5f:28:44:5e:20:ef:c5:5b:c3:ff:d6:06:
         57:e5:d8:ef:11:90:d1:03:bf:0b:60:6f:6e:1a:8b:73:7d:50:
         5a:e9:6d:11:0d:8e:aa:85:24:0b:5c:f4:6f:15:2b:b5:52:ab:
         e1:eb:5d:15:90:eb:c0:74:4b:fc:42:56:e0:f6:ed:5c:63:48:
         31:b7:ea:11
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzI34eZ9aDwQdj5xsioV3R+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMTAyMDYzMjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDRmYmIzMzBmNGI5NDM4MjEzYThkNjdmYTM0ZjZlNzZkZmUwOGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgRi0+6bLsGVxxuky7J7C3Y/uc54p
lpV5I4vIuCWBvTSiyLr7JfXhAYyV+V+HCVjVCajiNn0if69/tSe460HkETCgs/7F
ePAOk3/0cR1v7TKlUj/SaBMxazLp3utET/nw0KFu9X8YdFN/7n8rWT6ZCi21uCr+
izqLePHXM17p0wVPsWCRGvKSudDTsN7nZHWLwLKoPpKn/QYu2nHpJ/9/GpZogSuz
CuV25HKnRtnedEOXQmiptnjlIJhD/Qs1lQOO9T0nfe725pGALQp6gF4LhPBFWBMR
eAVUxLcOalJBLw6DckLga2BrM3coXR/UVfAv6NKjPi/pjqWKDWGPQHXPoQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLRPuzMPS5Q4ITqNZ/o09udt/gj6MB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvdEUtN013OUxsRGdoT28xbi1qVDI1MjMtQ1BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAvISCAwQA
vISlAwQAvITKMA0GCSqGSIb3DQEBCwUAA4IBAQArdE3vKSTfPTtEfZyBVuPa+FCv
a/4dQqK28DSir5pRl/Gwr51N4UBjpodP9WpfcHbzrOz8WM+25zgLSfTBwccBgcBu
nQ6iKjE+LnllCeqmZ/E2UaOwQ9YU8+UMU4Ynt/Wb04KhXASP14glJ4XbdgGUYtYH
yaInTRLbSXeVE6EQ11tgZnrABdd59GAz36sx0ZJJ+9cAFWeRr559j25UzPEG8uJ+
dsogDzLjPV0Dyro01HuM7BGOs2y1X95fKEReIO/FW8P/1gZX5djvEZDRA78LYG9u
GotzfVBa6W0RDY6qhSQLXPRvFSu1Uqvh610VkOvAdEv8Qlbg9u1cY0gxt+oR
-----END CERTIFICATE-----