Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ufphc4aPs4NaVRe35HN-ine437k.roa
File:                     ufphc4aPs4NaVRe35HN-ine437k.roa (raw, json)
Hash identifier:          5l+6S1D3IHHaKbF3ywMd/RL5HrR6/MvEkFvLwFNO2nU=
Subject key identifier:   B9:FA:61:73:86:8F:B3:83:5A:55:17:B7:E4:73:7E:8A:77:B8:DF:B9
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       01942746BE819572E032FB9E1571F394F4F6
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ufphc4aPs4NaVRe35HN-ine437k.roa
Signing time:             Thu 02 Jan 2025 13:48:55 +0000
ROA not before:           Thu 02 Jan 2025 13:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215761
IP address blocks:        188.132.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:be:81:95:72:e0:32:fb:9e:15:71:f3:94:f4:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 13:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b9fa6173868fb3835a5517b7e4737e8a77b8dfb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:52:44:7c:1e:9b:71:ab:fa:59:df:be:f3:db:
                    e1:84:d4:66:f1:bf:81:7d:24:f2:8c:48:65:a6:5b:
                    65:3b:35:50:ef:ac:22:af:b9:01:68:cb:3b:a4:53:
                    c9:48:bf:3c:3b:ee:90:2f:78:24:6d:a4:42:e4:ad:
                    d4:19:7a:6c:1a:06:fc:a4:07:fd:37:17:18:93:7d:
                    f5:07:78:73:cc:24:ab:10:0c:72:23:9c:10:b4:e8:
                    b8:94:9d:47:08:b1:05:22:40:cd:4d:1c:3d:15:1e:
                    70:10:6b:9d:5f:9b:1f:95:ec:09:b7:f2:1a:65:17:
                    55:4f:7b:25:ff:8f:c7:48:0e:6a:5d:1b:db:ba:44:
                    db:f0:8b:af:40:5d:0b:8e:d9:de:95:8d:4c:55:24:
                    11:7c:01:e8:b0:31:b5:9b:3d:72:b9:b7:b1:a6:71:
                    0e:2c:53:ef:11:51:cf:82:04:b3:df:65:98:79:07:
                    dc:b2:bf:8f:e2:d4:65:bd:c4:a3:cc:0c:50:68:4f:
                    64:97:b0:98:e7:eb:ee:42:40:d3:f5:f7:76:1c:0f:
                    0c:ca:23:27:81:ef:ca:f5:11:fa:8f:23:c5:fb:5d:
                    fe:bd:af:b1:13:ef:90:1b:58:6d:79:22:51:80:c0:
                    29:6c:03:c7:b7:38:a2:b6:a4:b3:3d:6f:6a:72:82:
                    ef:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:FA:61:73:86:8F:B3:83:5A:55:17:B7:E4:73:7E:8A:77:B8:DF:B9
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ufphc4aPs4NaVRe35HN-ine437k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:e5:46:0b:e8:a8:e6:54:18:31:fc:96:56:a2:e4:8e:f1:03:
         d0:6d:a9:23:94:a8:51:b8:e2:f0:7f:ff:1c:df:51:8b:ae:ea:
         93:5c:9f:15:1e:97:77:99:c3:79:33:9e:f1:89:88:8a:5c:bd:
         45:d0:f5:bc:3c:03:eb:88:4f:4b:4f:f6:14:25:8d:95:76:0b:
         5a:35:58:14:6a:89:c0:67:36:4e:69:30:e1:1f:34:06:46:f3:
         3e:92:1c:dd:07:e5:df:1f:6f:90:e8:76:e8:72:c7:a2:32:bb:
         73:eb:ee:76:6a:cd:28:0f:5d:02:d6:55:28:9d:11:c5:63:20:
         d5:43:87:ec:e2:9a:81:f9:83:ab:b9:ea:e3:9e:eb:69:d3:a7:
         91:e3:96:08:9f:cb:1e:33:6a:92:b5:f8:80:f2:02:84:f6:52:
         f5:ea:b5:25:63:31:d2:dc:90:45:57:c4:28:aa:b5:cb:da:d8:
         f7:d6:1a:3c:f2:1b:e1:ed:66:28:48:44:c5:b0:d8:2d:08:1f:
         ca:13:2f:db:35:6e:59:36:28:06:1c:e8:96:c2:f9:e9:2b:9a:
         75:6d:23:0d:6e:3e:11:8f:f8:4f:ef:13:03:92:23:99:2c:e0:
         f5:43:a7:ad:15:6e:64:c0:1a:9c:10:45:1a:ac:71:4d:85:d5:
         ec:0d:50:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRr6BlXLgMvueFXHzlPT2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwMTAyMTM0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWZhNjE3Mzg2OGZiMzgzNWE1NTE3YjdlNDczN2U4YTc3YjhkZmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVJEfB6bcav6Wd++89vhhNRm8b+B
fSTyjEhlpltlOzVQ76wir7kBaMs7pFPJSL88O+6QL3gkbaRC5K3UGXpsGgb8pAf9
NxcYk331B3hzzCSrEAxyI5wQtOi4lJ1HCLEFIkDNTRw9FR5wEGudX5sflewJt/Ia
ZRdVT3sl/4/HSA5qXRvbukTb8IuvQF0LjtnelY1MVSQRfAHosDG1mz1yubexpnEO
LFPvEVHPggSz32WYeQfcsr+P4tRlvcSjzAxQaE9kl7CY5+vuQkDT9fd2HA8MyiMn
ge/K9RH6jyPF+13+va+xE++QG1hteSJRgMApbAPHtziitqSzPW9qcoLv5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLn6YXOGj7ODWlUXt+Rzfop3uN+5MB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvdWZwaGM0YVBzNE5hVlJlMzVITi1pbmU0MzdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvISAMA0G
CSqGSIb3DQEBCwUAA4IBAQBQ5UYL6KjmVBgx/JZWouSO8QPQbakjlKhRuOLwf/8c
31GLruqTXJ8VHpd3mcN5M57xiYiKXL1F0PW8PAPriE9LT/YUJY2VdgtaNVgUaonA
ZzZOaTDhHzQGRvM+khzdB+XfH2+Q6HbocseiMrtz6+52as0oD10C1lUonRHFYyDV
Q4fs4pqB+YOruerjnutp06eR45YIn8seM2qStfiA8gKE9lL16rUlYzHS3JBFV8Qo
qrXL2tj31ho88hvh7WYoSETFsNgtCB/KEy/bNW5ZNigGHOiWwvnpK5p1bSMNbj4R
j/hP7xMDkiOZLOD1Q6etFW5kwBqcEEUarHFNhdXsDVB2
-----END CERTIFICATE-----