Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/R9CPhtTfRwALuTn-k-gZZU_BQsU.roa
File:                     R9CPhtTfRwALuTn-k-gZZU_BQsU.roa (raw, json)
Hash identifier:          fAKnXqTRlI9u8078WVfh4ukH15bWigYpVYWs9c0Afak=
Subject key identifier:   47:D0:8F:86:D4:DF:47:00:0B:B9:39:FE:93:E8:19:65:4F:C1:42:C5
Certificate issuer:       /CN=202f4c1a37e9313cdd2eea7750ae028d18cd5aae
Certificate serial:       018CC500181A15EB101453B7D6E77EE66E6F
Authority key identifier: 20:2F:4C:1A:37:E9:31:3C:DD:2E:EA:77:50:AE:02:8D:18:CD:5A:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IC9MGjfpMTzdLup3UK4CjRjNWq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/R9CPhtTfRwALuTn-k-gZZU_BQsU.roa
Signing time:             Mon 01 Jan 2024 12:29:26 +0000
ROA not before:           Mon 01 Jan 2024 12:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210262
IP address blocks:        213.231.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/IC9MGjfpMTzdLup3UK4CjRjNWq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/IC9MGjfpMTzdLup3UK4CjRjNWq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IC9MGjfpMTzdLup3UK4CjRjNWq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:18:1a:15:eb:10:14:53:b7:d6:e7:7e:e6:6e:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=202f4c1a37e9313cdd2eea7750ae028d18cd5aae
        Validity
            Not Before: Jan  1 12:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47d08f86d4df47000bb939fe93e819654fc142c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:72:b1:ac:d8:d8:5a:d8:d4:22:f4:48:61:31:
                    99:84:55:eb:da:4e:e1:75:f5:73:6a:e8:41:7b:27:
                    c6:dc:75:4b:4a:f3:ca:9e:4b:3a:22:6a:67:1e:e4:
                    52:6e:39:91:fe:0e:0f:d8:57:75:59:03:2d:10:e0:
                    1b:2b:ff:11:a1:4c:85:22:2e:a4:54:ef:07:9f:35:
                    51:7c:ff:10:45:9d:3f:7b:e4:ad:c2:d3:1e:36:f0:
                    90:49:82:64:19:7d:4b:40:86:03:14:85:81:ee:3a:
                    09:e8:13:95:00:79:57:07:8a:60:c4:55:9d:49:ae:
                    59:81:29:0a:9c:5c:66:59:df:21:e8:56:fe:25:c4:
                    e7:39:b8:97:ad:90:32:d3:2a:7a:d9:41:12:ad:42:
                    4c:5a:4e:4c:e7:82:04:d5:64:99:fb:af:89:93:9e:
                    51:28:ef:88:0c:e5:ba:e9:ca:cd:1f:1c:01:62:14:
                    38:c6:a2:03:25:f7:07:bc:16:da:54:8a:63:be:b2:
                    32:32:7d:f5:0f:4e:1a:4e:b9:d0:a1:f4:87:83:af:
                    3c:cf:fb:75:25:14:71:f6:92:08:71:fa:52:36:56:
                    43:d9:da:56:2f:ca:61:f6:7b:6c:a5:c5:2b:36:22:
                    22:aa:f7:9c:d2:4e:2e:8c:a8:61:f4:d6:59:87:6a:
                    e1:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:D0:8F:86:D4:DF:47:00:0B:B9:39:FE:93:E8:19:65:4F:C1:42:C5
            X509v3 Authority Key Identifier:
                keyid:20:2F:4C:1A:37:E9:31:3C:DD:2E:EA:77:50:AE:02:8D:18:CD:5A:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IC9MGjfpMTzdLup3UK4CjRjNWq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/R9CPhtTfRwALuTn-k-gZZU_BQsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/IC9MGjfpMTzdLup3UK4CjRjNWq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.231.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:43:89:69:ad:9a:f0:ff:da:7e:68:a0:d0:69:26:da:4b:6f:
         d8:fd:ad:5d:ad:ca:8e:3f:df:67:03:0b:32:f8:2a:2a:54:7a:
         14:5f:5e:80:29:de:cb:68:b0:a8:64:60:1a:3b:b6:8d:25:be:
         99:bb:f1:18:55:98:aa:da:a5:0f:81:5d:72:54:ae:58:f3:45:
         e5:ce:f4:7f:e9:19:a3:a4:35:7e:84:72:87:32:1c:d0:4d:e9:
         52:20:0b:63:60:32:41:26:0f:c5:f7:b7:f3:b9:14:f5:b1:ef:
         42:92:bd:78:7b:61:11:c2:9f:c3:86:3b:41:65:59:7b:72:11:
         51:b1:d1:77:96:a1:1b:95:9d:76:c3:88:bc:06:dc:57:64:54:
         6c:d2:f5:b7:37:b8:b7:a2:76:31:ee:38:06:62:3c:56:b7:d9:
         7e:de:54:80:26:33:9e:d8:de:3b:81:fe:ef:62:30:f8:69:e3:
         7a:ac:a3:0e:92:6b:d6:94:3e:54:98:64:a6:a7:e4:e4:58:11:
         73:de:29:71:af:c4:c5:1e:ac:ab:30:4d:22:86:12:34:6f:4d:
         c5:d6:9b:22:f2:67:be:c5:a8:1b:2c:d1:d2:2a:83:a6:e1:8d:
         78:1d:a7:e1:f7:65:5a:ec:7c:de:40:f9:0b:26:9b:b8:e4:ca:
         66:31:d4:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFABgaFesQFFO31ud+5m5vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMmY0YzFhMzdlOTMxM2NkZDJlZWE3NzUwYWUwMjhkMThj
ZDVhYWUwHhcNMjQwMTAxMTIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2QwOGY4NmQ0ZGY0NzAwMGJiOTM5ZmU5M2U4MTk2NTRmYzE0MmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6HKxrNjYWtjUIvRIYTGZhFXr2k7h
dfVzauhBeyfG3HVLSvPKnks6ImpnHuRSbjmR/g4P2Fd1WQMtEOAbK/8RoUyFIi6k
VO8HnzVRfP8QRZ0/e+StwtMeNvCQSYJkGX1LQIYDFIWB7joJ6BOVAHlXB4pgxFWd
Sa5ZgSkKnFxmWd8h6Fb+JcTnObiXrZAy0yp62UESrUJMWk5M54IE1WSZ+6+Jk55R
KO+IDOW66crNHxwBYhQ4xqIDJfcHvBbaVIpjvrIyMn31D04aTrnQofSHg688z/t1
JRRx9pIIcfpSNlZD2dpWL8ph9ntspcUrNiIiqvec0k4ujKhh9NZZh2rhvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfQj4bU30cAC7k5/pPoGWVPwULFMB8GA1UdIwQY
MBaAFCAvTBo36TE83S7qd1CuAo0YzVquMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUM5TUdqZnBNVHpkTHVwM1VLNENqUmpOV3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9lZGI4Y2QtMDAzZC00ODNhLTkwNmEt
ZjZiNzhlMmIxN2ExLzEvUjlDUGh0VGZSd0FMdVRuLWstZ1paVV9CUXNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9lZGI4Y2QtMDAzZC00ODNhLTkwNmEtZjZiNzhlMmIxN2Ex
LzEvSUM5TUdqZnBNVHpkTHVwM1VLNENqUmpOV3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1efFMA0G
CSqGSIb3DQEBCwUAA4IBAQCBQ4lprZrw/9p+aKDQaSbaS2/Y/a1drcqOP99nAwsy
+CoqVHoUX16AKd7LaLCoZGAaO7aNJb6Zu/EYVZiq2qUPgV1yVK5Y80XlzvR/6Rmj
pDV+hHKHMhzQTelSIAtjYDJBJg/F97fzuRT1se9Ckr14e2ERwp/DhjtBZVl7chFR
sdF3lqEblZ12w4i8BtxXZFRs0vW3N7i3onYx7jgGYjxWt9l+3lSAJjOe2N47gf7v
YjD4aeN6rKMOkmvWlD5UmGSmp+TkWBFz3ilxr8TFHqyrME0ihhI0b03F1psi8me+
xagbLNHSKoOm4Y14Hafh92Va7HzeQPkLJpu45MpmMdRm
-----END CERTIFICATE-----