Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/4VrJOI3oAPOMoLE_L9J9HrFUHts.roa
File:                     4VrJOI3oAPOMoLE_L9J9HrFUHts.roa (raw, json)
Hash identifier:          vFl3cZqnf26bBUZIgbdTGDczIH1SIq3AckcQjqrZy34=
Subject key identifier:   E1:5A:C9:38:8D:E8:00:F3:8C:A0:B1:3F:2F:D2:7D:1E:B1:54:1E:DB
Certificate issuer:       /CN=d25622457a1be33a01258866a067e0447dfd8964
Certificate serial:       018CC7956E1C0E6E2BB8029FE219237B5C9C
Authority key identifier: D2:56:22:45:7A:1B:E3:3A:01:25:88:66:A0:67:E0:44:7D:FD:89:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0lYiRXob4zoBJYhmoGfgRH39iWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/4VrJOI3oAPOMoLE_L9J9HrFUHts.roa
Signing time:             Tue 02 Jan 2024 00:31:48 +0000
ROA not before:           Tue 02 Jan 2024 00:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14576
IP address blocks:        62.233.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/0lYiRXob4zoBJYhmoGfgRH39iWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/0lYiRXob4zoBJYhmoGfgRH39iWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0lYiRXob4zoBJYhmoGfgRH39iWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:6e:1c:0e:6e:2b:b8:02:9f:e2:19:23:7b:5c:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d25622457a1be33a01258866a067e0447dfd8964
        Validity
            Not Before: Jan  2 00:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e15ac9388de800f38ca0b13f2fd27d1eb1541edb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:d0:91:79:56:a2:d9:23:d6:25:ab:ef:df:f5:
                    1c:cb:ce:e4:50:7e:a5:b6:80:47:fe:c5:27:1b:46:
                    59:62:4a:3f:1b:1c:9b:d0:bc:db:75:ed:67:3e:fd:
                    68:3a:3b:9b:bc:f7:2d:0d:74:1e:6e:05:81:f3:a8:
                    f4:12:fd:b8:fb:35:94:2f:e2:58:8c:44:fe:d2:72:
                    5f:d8:3c:6b:3e:ad:d5:4d:45:bd:e1:d2:bf:08:55:
                    88:a0:f2:2a:3e:90:69:4f:ea:0a:b1:d5:c8:ab:bf:
                    2d:54:56:06:f9:2f:fa:e1:e8:74:49:09:19:92:5a:
                    95:29:4a:68:33:76:75:86:8c:95:4b:09:98:7e:e8:
                    0a:e0:f8:1f:1c:8c:1f:ef:0d:aa:b9:b0:6e:28:aa:
                    e4:a8:83:d8:28:50:e6:83:86:8f:a2:5e:5c:f4:f0:
                    fb:bd:c7:d7:1d:47:52:61:a6:d8:fd:32:25:60:ff:
                    1e:f0:39:17:e9:81:3e:c1:52:00:8c:6e:e2:53:da:
                    8d:ac:95:cd:79:4e:fd:c7:9f:ca:d6:e2:45:88:ea:
                    cb:a7:eb:e3:4e:fe:24:8e:db:c8:a1:7a:cc:9e:ec:
                    f0:8c:a8:e0:11:3a:06:63:1c:be:25:5a:83:9c:80:
                    6b:1f:08:dc:3a:26:9d:b3:78:2e:2c:9e:49:57:90:
                    6a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:5A:C9:38:8D:E8:00:F3:8C:A0:B1:3F:2F:D2:7D:1E:B1:54:1E:DB
            X509v3 Authority Key Identifier:
                keyid:D2:56:22:45:7A:1B:E3:3A:01:25:88:66:A0:67:E0:44:7D:FD:89:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0lYiRXob4zoBJYhmoGfgRH39iWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/4VrJOI3oAPOMoLE_L9J9HrFUHts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/0lYiRXob4zoBJYhmoGfgRH39iWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.233.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:a6:1b:74:e1:0f:c5:30:c5:bd:bd:9f:ae:0c:0c:a9:24:a0:
         d4:59:bb:0e:14:24:0e:d9:17:bf:dc:27:db:4b:be:63:d7:68:
         5a:5a:b5:45:b3:55:0f:e0:a4:e2:2f:ca:d5:85:75:9c:3e:b3:
         19:dc:50:61:74:e9:33:dc:7b:dd:96:64:d2:2e:36:66:f4:25:
         4a:52:16:74:82:48:98:f1:a4:70:c6:28:a8:b7:e2:f8:08:84:
         a9:cb:93:3d:3e:ae:e2:ee:26:98:7e:1f:9c:25:65:bb:5a:08:
         20:71:0c:be:44:ed:19:83:c5:cb:db:73:4c:1a:01:fc:ca:c2:
         09:b9:70:f1:cf:f4:1d:2f:82:91:9c:3f:64:30:5e:0c:db:c7:
         c1:dd:21:2e:5f:97:20:70:e2:8f:8f:28:55:bc:84:0b:d2:b7:
         15:7c:ad:17:6a:92:fe:3f:7a:72:12:52:77:1f:f2:94:fd:0b:
         e0:5f:28:06:0c:bd:57:24:48:c4:b0:22:4f:f9:df:fe:f0:e7:
         f9:0f:41:05:1d:92:7a:e4:a1:7e:1b:45:b6:6b:3a:5d:cd:4d:
         63:60:21:ca:c2:29:a9:95:ae:19:10:1e:a3:8d:1c:7a:12:c5:
         7b:26:0d:74:c0:84:db:8a:09:7b:31:46:a7:15:7a:f6:58:90:
         4f:01:a2:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlW4cDm4ruAKf4hkje1ycMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNTYyMjQ1N2ExYmUzM2EwMTI1ODg2NmEwNjdlMDQ0N2Rm
ZDg5NjQwHhcNMjQwMTAyMDAzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTVhYzkzODhkZTgwMGYzOGNhMGIxM2YyZmQyN2QxZWIxNTQxZWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNCReVai2SPWJavv3/Ucy87kUH6l
toBH/sUnG0ZZYko/Gxyb0Lzbde1nPv1oOjubvPctDXQebgWB86j0Ev24+zWUL+JY
jET+0nJf2DxrPq3VTUW94dK/CFWIoPIqPpBpT+oKsdXIq78tVFYG+S/64eh0SQkZ
klqVKUpoM3Z1hoyVSwmYfugK4PgfHIwf7w2qubBuKKrkqIPYKFDmg4aPol5c9PD7
vcfXHUdSYabY/TIlYP8e8DkX6YE+wVIAjG7iU9qNrJXNeU79x5/K1uJFiOrLp+vj
Tv4kjtvIoXrMnuzwjKjgEToGYxy+JVqDnIBrHwjcOiads3guLJ5JV5BqGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFayTiN6ADzjKCxPy/SfR6xVB7bMB8GA1UdIwQY
MBaAFNJWIkV6G+M6ASWIZqBn4ER9/YlkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGxZaVJYb2I0em9CSllobW9HZmdSSDM5aVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8yNmI0N2ItZjJjZS00ZjJiLTlkMzMt
NDU1NzllNDE4ZmY3LzEvNFZySk9JM29BUE9Nb0xFX0w5SjlIckZVSHRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8yNmI0N2ItZjJjZS00ZjJiLTlkMzMtNDU1NzllNDE4ZmY3
LzEvMGxZaVJYb2I0em9CSllobW9HZmdSSDM5aVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPuknMA0G
CSqGSIb3DQEBCwUAA4IBAQAgpht04Q/FMMW9vZ+uDAypJKDUWbsOFCQO2Re/3Cfb
S75j12haWrVFs1UP4KTiL8rVhXWcPrMZ3FBhdOkz3HvdlmTSLjZm9CVKUhZ0gkiY
8aRwxiiot+L4CISpy5M9Pq7i7iaYfh+cJWW7WgggcQy+RO0Zg8XL23NMGgH8ysIJ
uXDxz/QdL4KRnD9kMF4M28fB3SEuX5cgcOKPjyhVvIQL0rcVfK0XapL+P3pyElJ3
H/KU/QvgXygGDL1XJEjEsCJP+d/+8Of5D0EFHZJ65KF+G0W2azpdzU1jYCHKwimp
la4ZEB6jjRx6EsV7Jg10wITbigl7MUanFXr2WJBPAaLF
-----END CERTIFICATE-----