Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/ce022d-d8db-4459-be1c-b091215d5e4d/1/R4Bhl0kCEh5X_qacnIrnz22ai48.roa
File:                     R4Bhl0kCEh5X_qacnIrnz22ai48.roa (raw, json)
Hash identifier:          fAri0nA6O0WBhYbEuz4XDuyUusAUoddE0brz7Z+OFyo=
Subject key identifier:   47:80:61:97:49:02:12:1E:57:FE:A6:9C:9C:8A:E7:CF:6D:9A:8B:8F
Certificate issuer:       /CN=c9470ae418eeddd6b39dae9e7a177a19c7799c41
Certificate serial:       018CC56ED7EF77A7598A57FF4ECD8BAD9BFA
Authority key identifier: C9:47:0A:E4:18:EE:DD:D6:B3:9D:AE:9E:7A:17:7A:19:C7:79:9C:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yUcK5Bju3dazna6eehd6Gcd5nEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/ce022d-d8db-4459-be1c-b091215d5e4d/1/R4Bhl0kCEh5X_qacnIrnz22ai48.roa
Signing time:             Mon 01 Jan 2024 14:30:24 +0000
ROA not before:           Mon 01 Jan 2024 14:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.36.216.0/22 maxlen: 24
                          194.247.26.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/ce022d-d8db-4459-be1c-b091215d5e4d/1/yUcK5Bju3dazna6eehd6Gcd5nEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/ce022d-d8db-4459-be1c-b091215d5e4d/1/yUcK5Bju3dazna6eehd6Gcd5nEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yUcK5Bju3dazna6eehd6Gcd5nEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 11:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d7:ef:77:a7:59:8a:57:ff:4e:cd:8b:ad:9b:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9470ae418eeddd6b39dae9e7a177a19c7799c41
        Validity
            Not Before: Jan  1 14:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=478061974902121e57fea69c9c8ae7cf6d9a8b8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:58:3c:4a:d2:1d:ed:65:a0:4f:df:60:4a:0a:
                    a7:cf:e6:89:12:dc:9a:7b:0c:b6:91:68:16:65:66:
                    c8:2c:31:2a:19:ec:52:0c:9a:dc:3c:be:8e:e0:1c:
                    cb:4d:bd:f9:21:15:7c:bf:1b:c3:06:37:53:ae:92:
                    2b:af:3b:08:3a:43:1f:5b:9a:e4:20:b4:0b:ce:99:
                    91:11:f5:28:b8:11:86:54:54:20:13:11:a8:c1:89:
                    47:ea:a9:67:76:94:a8:6a:36:07:23:88:88:98:1a:
                    92:5f:e7:18:a7:b9:88:eb:36:fc:61:50:a4:89:db:
                    43:f9:c6:77:3e:25:e7:11:56:49:c0:da:09:2f:f0:
                    ab:9e:60:43:ec:5d:68:34:3e:b7:55:cc:23:21:4e:
                    45:d9:99:d0:15:7d:db:65:ed:f5:ea:20:b0:64:06:
                    c0:2e:a7:4c:32:75:c0:88:2a:a3:2e:e7:11:b3:f9:
                    eb:fd:a8:b0:73:14:f7:f2:98:ce:b7:af:e8:d3:6c:
                    c6:4c:d0:db:5a:40:da:c6:f3:45:63:dd:3c:ad:01:
                    25:72:19:76:5f:db:c8:e4:39:9d:04:93:be:e4:32:
                    2c:60:78:c1:09:df:9e:91:16:de:50:f5:53:43:56:
                    36:75:30:c3:2d:c4:fc:02:40:4d:73:9c:4d:2d:ea:
                    84:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:80:61:97:49:02:12:1E:57:FE:A6:9C:9C:8A:E7:CF:6D:9A:8B:8F
            X509v3 Authority Key Identifier:
                keyid:C9:47:0A:E4:18:EE:DD:D6:B3:9D:AE:9E:7A:17:7A:19:C7:79:9C:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yUcK5Bju3dazna6eehd6Gcd5nEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce022d-d8db-4459-be1c-b091215d5e4d/1/R4Bhl0kCEh5X_qacnIrnz22ai48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce022d-d8db-4459-be1c-b091215d5e4d/1/yUcK5Bju3dazna6eehd6Gcd5nEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.216.0/22
                  194.247.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:d8:f8:c5:8c:30:99:05:98:9f:ef:5a:ad:57:59:7b:c9:bc:
         54:c8:aa:1f:fa:63:95:a9:e6:4a:cc:b7:0f:f7:b3:eb:c5:a4:
         cd:e2:70:01:71:fe:8e:dd:53:28:65:b3:63:ce:84:f4:c1:19:
         9a:28:c9:58:83:08:0e:6f:06:ba:b8:69:f6:45:39:66:d3:98:
         c6:38:b3:5c:65:e3:82:67:6d:b8:dc:4f:3c:8c:55:b2:82:d9:
         46:51:b5:bf:66:95:70:37:86:cc:ab:2d:f0:53:80:04:aa:96:
         eb:5d:34:d7:c1:b7:7a:4b:3e:0d:7a:f4:ed:07:0d:42:e3:b2:
         5f:89:e3:a8:14:1d:66:64:a6:69:4f:d2:df:02:97:51:73:0b:
         56:4c:7d:7c:20:cb:d8:6f:58:f0:70:e3:3b:76:45:5f:31:ba:
         d6:f8:7a:5d:c4:5b:0a:fb:fc:bc:d6:f8:0b:43:7b:9d:33:a7:
         cb:8d:85:51:13:cf:c1:f2:02:ca:89:84:fc:e6:ea:0b:6a:da:
         18:3c:35:0e:f6:80:bd:f0:78:3c:2d:ff:82:9c:5b:fc:16:d9:
         af:49:62:9f:99:60:5a:c3:c3:fa:03:d5:e5:78:70:04:f2:f3:
         77:bc:1d:95:37:9a:c3:0d:25:3f:e9:be:24:5e:28:a4:0e:fa:
         f2:db:2a:8b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbtfvd6dZilf/Ts2LrZv6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5NDcwYWU0MThlZWRkZDZiMzlkYWU5ZTdhMTc3YTE5Yzc3
OTljNDEwHhcNMjQwMTAxMTQzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzgwNjE5NzQ5MDIxMjFlNTdmZWE2OWM5YzhhZTdjZjZkOWE4YjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlg8StId7WWgT99gSgqnz+aJEtya
ewy2kWgWZWbILDEqGexSDJrcPL6O4BzLTb35IRV8vxvDBjdTrpIrrzsIOkMfW5rk
ILQLzpmREfUouBGGVFQgExGowYlH6qlndpSoajYHI4iImBqSX+cYp7mI6zb8YVCk
idtD+cZ3PiXnEVZJwNoJL/CrnmBD7F1oND63VcwjIU5F2ZnQFX3bZe316iCwZAbA
LqdMMnXAiCqjLucRs/nr/aiwcxT38pjOt6/o02zGTNDbWkDaxvNFY908rQElchl2
X9vI5DmdBJO+5DIsYHjBCd+ekRbeUPVTQ1Y2dTDDLcT8AkBNc5xNLeqESQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEeAYZdJAhIeV/6mnJyK589tmouPMB8GA1UdIwQY
MBaAFMlHCuQY7t3Ws52unnoXehnHeZxBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVVjSzVCanUzZGF6bmE2ZWVoZDZHY2Q1bkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9jZTAyMmQtZDhkYi00NDU5LWJlMWMt
YjA5MTIxNWQ1ZTRkLzEvUjRCaGwwa0NFaDVYX3FhY25Jcm56MjJhaTQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9jZTAyMmQtZDhkYi00NDU5LWJlMWMtYjA5MTIxNWQ1ZTRk
LzEveVVjSzVCanUzZGF6bmE2ZWVoZDZHY2Q1bkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuSTYAwQB
wvcaMA0GCSqGSIb3DQEBCwUAA4IBAQAp2PjFjDCZBZif71qtV1l7ybxUyKof+mOV
qeZKzLcP97PrxaTN4nABcf6O3VMoZbNjzoT0wRmaKMlYgwgObwa6uGn2RTlm05jG
OLNcZeOCZ2243E88jFWygtlGUbW/ZpVwN4bMqy3wU4AEqpbrXTTXwbd6Sz4NevTt
Bw1C47JfieOoFB1mZKZpT9LfApdRcwtWTH18IMvYb1jwcOM7dkVfMbrW+HpdxFsK
+/y81vgLQ3udM6fLjYVRE8/B8gLKiYT85uoLatoYPDUO9oC98Hg8Lf+CnFv8Ftmv
SWKfmWBaw8P6A9XleHAE8vN3vB2VN5rDDSU/6b4kXiikDvry2yqL
-----END CERTIFICATE-----