Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/ea0196-ab79-42cf-ab2b-fc4b03710ae0/1/4PyCpb7jXTE5dHMEcxCXu2jIyCA.roa
File:                     4PyCpb7jXTE5dHMEcxCXu2jIyCA.roa (raw, json)
Hash identifier:          c7ecrPmAHMhDMIUG0HUp1DAO4BgzUF6ZUwOhYo3dqzY=
Subject key identifier:   E0:FC:82:A5:BE:E3:5D:31:39:74:73:04:73:10:97:BB:68:C8:C8:20
Certificate issuer:       /CN=4cad0397487799e2118ff4cbcf8f159747f35891
Certificate serial:       018CC801A6EA45768DC5297C272B8C40951A
Authority key identifier: 4C:AD:03:97:48:77:99:E2:11:8F:F4:CB:CF:8F:15:97:47:F3:58:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TK0Dl0h3meIRj_TLz48Vl0fzWJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/ea0196-ab79-42cf-ab2b-fc4b03710ae0/1/4PyCpb7jXTE5dHMEcxCXu2jIyCA.roa
Signing time:             Tue 02 Jan 2024 02:30:00 +0000
ROA not before:           Tue 02 Jan 2024 02:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200995
IP address blocks:        212.72.236.0/22 maxlen: 24
                          2001:7bb::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/ea0196-ab79-42cf-ab2b-fc4b03710ae0/1/TK0Dl0h3meIRj_TLz48Vl0fzWJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/ea0196-ab79-42cf-ab2b-fc4b03710ae0/1/TK0Dl0h3meIRj_TLz48Vl0fzWJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TK0Dl0h3meIRj_TLz48Vl0fzWJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:03:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:a6:ea:45:76:8d:c5:29:7c:27:2b:8c:40:95:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cad0397487799e2118ff4cbcf8f159747f35891
        Validity
            Not Before: Jan  2 02:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0fc82a5bee35d3139747304731097bb68c8c820
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:aa:9c:bd:fa:96:3c:41:35:45:77:f9:d6:87:
                    93:a2:ba:ed:80:f0:c1:e3:ff:da:34:2c:28:b0:90:
                    ef:87:5d:a1:09:43:a5:25:20:4f:b8:d6:c5:46:9f:
                    f1:d1:c5:fd:85:fe:e8:31:dd:ed:a4:46:dd:88:96:
                    4f:0f:d8:b3:44:7d:38:f3:90:aa:30:3e:b8:95:8a:
                    8f:ba:6a:27:e3:64:2c:82:44:a3:f8:70:20:41:b5:
                    3a:d3:f5:56:8d:d2:35:10:6a:d1:ef:76:cc:23:d7:
                    f1:2c:ff:b4:2e:93:f8:cc:30:62:8f:8d:07:1d:bd:
                    ca:56:d3:62:15:b3:ac:48:6b:2f:bf:53:b5:ae:a7:
                    43:1e:b3:2a:a4:2b:46:00:1c:f8:4a:70:2c:85:ac:
                    7d:21:ac:9b:4e:88:21:63:d5:f1:72:9d:1a:01:af:
                    e5:ee:06:c6:60:f0:e4:ed:84:6d:87:e0:d4:b5:e4:
                    07:f0:0b:65:b4:49:f6:53:27:5e:ae:cc:cb:e5:90:
                    84:cd:ff:66:8b:c0:58:15:dc:af:11:4f:3a:64:aa:
                    bd:ff:08:dc:d4:27:70:7a:45:b8:37:40:fb:47:2c:
                    58:e1:cb:e8:34:a3:ca:c3:25:46:8c:f5:82:27:6c:
                    4b:83:64:97:e7:ed:6d:c9:05:69:51:42:cf:a2:04:
                    45:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:FC:82:A5:BE:E3:5D:31:39:74:73:04:73:10:97:BB:68:C8:C8:20
            X509v3 Authority Key Identifier:
                keyid:4C:AD:03:97:48:77:99:E2:11:8F:F4:CB:CF:8F:15:97:47:F3:58:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TK0Dl0h3meIRj_TLz48Vl0fzWJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/ea0196-ab79-42cf-ab2b-fc4b03710ae0/1/4PyCpb7jXTE5dHMEcxCXu2jIyCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/ea0196-ab79-42cf-ab2b-fc4b03710ae0/1/TK0Dl0h3meIRj_TLz48Vl0fzWJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.72.236.0/22
                IPv6:
                  2001:7bb::/32

    Signature Algorithm: sha256WithRSAEncryption
         c1:60:21:21:02:6f:e5:c4:38:19:c9:5f:34:19:a9:b9:e5:3b:
         04:cc:7e:a4:55:1d:2c:7f:15:71:e3:14:1f:e3:38:43:4e:b9:
         c8:c5:93:9a:49:d2:67:92:9f:58:f7:df:f5:61:51:7c:65:29:
         a8:b0:ad:db:04:e8:b0:bf:46:21:8b:f0:35:b2:8c:c1:5e:ec:
         2e:91:1a:28:6b:40:f6:4a:8b:f0:6b:ae:03:b7:3b:12:2b:11:
         87:88:36:67:e1:e7:1b:75:f8:28:a6:f0:51:db:2a:95:22:c9:
         89:86:da:6b:e5:fb:09:62:f1:51:d6:55:2d:8f:84:2a:8d:52:
         87:d9:54:d0:a3:df:74:53:5b:1d:ed:fc:49:d9:02:36:77:d1:
         4d:cb:34:74:68:7c:06:03:52:f2:0c:a3:8a:d0:8c:39:17:d3:
         e3:90:44:74:f7:56:7b:b5:c0:49:f3:28:bc:53:06:88:62:ae:
         fe:9e:a2:ba:d6:ed:4b:14:3d:ce:ec:de:bf:93:a8:52:ad:08:
         8a:e3:d7:51:72:6f:14:43:9f:c4:3e:19:84:27:bd:25:b3:59:
         b3:36:be:13:e0:f2:59:7d:60:88:87:c8:7e:5d:ff:e6:e5:5e:
         e2:64:a3:80:de:fb:70:33:7b:48:f8:0a:be:b1:ec:a4:a1:72:
         cf:94:79:6c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAabqRXaNxSl8JyuMQJUaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYWQwMzk3NDg3Nzk5ZTIxMThmZjRjYmNmOGYxNTk3NDdm
MzU4OTEwHhcNMjQwMTAyMDIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGZjODJhNWJlZTM1ZDMxMzk3NDczMDQ3MzEwOTdiYjY4YzhjODIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqqcvfqWPEE1RXf51oeTorrtgPDB
4//aNCwosJDvh12hCUOlJSBPuNbFRp/x0cX9hf7oMd3tpEbdiJZPD9izRH0485Cq
MD64lYqPumon42QsgkSj+HAgQbU60/VWjdI1EGrR73bMI9fxLP+0LpP4zDBij40H
Hb3KVtNiFbOsSGsvv1O1rqdDHrMqpCtGABz4SnAshax9IaybToghY9Xxcp0aAa/l
7gbGYPDk7YRth+DUteQH8AtltEn2UyderszL5ZCEzf9mi8BYFdyvEU86ZKq9/wjc
1CdwekW4N0D7RyxY4cvoNKPKwyVGjPWCJ2xLg2SX5+1tyQVpUULPogRFTQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOD8gqW+410xOXRzBHMQl7toyMggMB8GA1UdIwQY
MBaAFEytA5dId5niEY/0y8+PFZdH81iRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEswRGwwaDNtZUlSal9UTHo0OFZsMGZ6V0pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9lYTAxOTYtYWI3OS00MmNmLWFiMmIt
ZmM0YjAzNzEwYWUwLzEvNFB5Q3BiN2pYVEU1ZEhNRWN4Q1h1MmpJeUNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9lYTAxOTYtYWI3OS00MmNmLWFiMmItZmM0YjAzNzEwYWUw
LzEvVEswRGwwaDNtZUlSal9UTHo0OFZsMGZ6V0pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQC1EjsMA0E
AgACMAcDBQAgAQe7MA0GCSqGSIb3DQEBCwUAA4IBAQDBYCEhAm/lxDgZyV80Gam5
5TsEzH6kVR0sfxVx4xQf4zhDTrnIxZOaSdJnkp9Y99/1YVF8ZSmosK3bBOiwv0Yh
i/A1sozBXuwukRooa0D2Sovwa64DtzsSKxGHiDZn4ecbdfgopvBR2yqVIsmJhtpr
5fsJYvFR1lUtj4QqjVKH2VTQo990U1sd7fxJ2QI2d9FNyzR0aHwGA1LyDKOK0Iw5
F9PjkER091Z7tcBJ8yi8UwaIYq7+nqK61u1LFD3O7N6/k6hSrQiK49dRcm8UQ5/E
PhmEJ70ls1mzNr4T4PJZfWCIh8h+Xf/m5V7iZKOA3vtwM3tI+Aq+seykoXLPlHls
-----END CERTIFICATE-----