Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/172c4e-6f5d-475e-9be9-c4073c13ff7c/1/IeW2QviZdHCFkqyxKErCeigywQA.roa
File:                     IeW2QviZdHCFkqyxKErCeigywQA.roa (raw, json)
Hash identifier:          0QdJ2WLUyUSu53F/VyUbztPdX4h61f8mvRNYsrSy5Jk=
Subject key identifier:   21:E5:B6:42:F8:99:74:70:85:92:AC:B1:28:4A:C2:7A:28:32:C1:00
Certificate issuer:       /CN=4f32b9eff9f02c7cabe1995a2db509d8258d35fc
Certificate serial:       018CC6B788A3BED1D7443B0D1EC82D42EADE
Authority key identifier: 4F:32:B9:EF:F9:F0:2C:7C:AB:E1:99:5A:2D:B5:09:D8:25:8D:35:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TzK57_nwLHyr4ZlaLbUJ2CWNNfw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/172c4e-6f5d-475e-9be9-c4073c13ff7c/1/IeW2QviZdHCFkqyxKErCeigywQA.roa
Signing time:             Mon 01 Jan 2024 20:29:25 +0000
ROA not before:           Mon 01 Jan 2024 20:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        132.76.0.0/16 maxlen: 16
                          132.77.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/172c4e-6f5d-475e-9be9-c4073c13ff7c/1/TzK57_nwLHyr4ZlaLbUJ2CWNNfw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/172c4e-6f5d-475e-9be9-c4073c13ff7c/1/TzK57_nwLHyr4ZlaLbUJ2CWNNfw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TzK57_nwLHyr4ZlaLbUJ2CWNNfw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:88:a3:be:d1:d7:44:3b:0d:1e:c8:2d:42:ea:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f32b9eff9f02c7cabe1995a2db509d8258d35fc
        Validity
            Not Before: Jan  1 20:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21e5b642f89974708592acb1284ac27a2832c100
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c8:88:ec:b2:6c:b4:f0:3f:99:0d:84:ad:0a:
                    3e:53:af:0c:7d:ff:d7:35:47:3a:c9:9c:73:94:e1:
                    32:81:64:e6:67:96:5f:d9:2e:62:06:e4:9a:0f:a9:
                    91:d4:4a:8d:1a:fd:ae:0d:d7:09:60:72:d0:14:3e:
                    06:43:71:ab:cb:e2:7b:52:d0:01:ad:b3:1f:f3:c2:
                    05:48:b1:f8:4e:da:a2:9c:79:9e:c7:43:82:a7:3f:
                    26:0c:fe:e7:66:a7:72:2f:71:36:e6:ac:35:c1:5f:
                    ee:9d:ea:16:39:c5:39:e8:26:2f:34:dd:dc:0e:eb:
                    0c:d3:9c:51:9b:ad:2f:fb:59:f3:37:ab:a3:df:23:
                    5b:3d:08:e0:2e:2b:1f:e9:38:6e:06:e1:f1:8b:52:
                    78:0d:00:1e:93:d9:57:f2:35:08:73:f8:1a:04:0a:
                    85:ad:19:db:cd:a7:60:cf:d6:de:15:f1:cf:77:7f:
                    99:34:71:a9:18:4c:29:95:29:e6:3e:a2:41:1f:3d:
                    f1:a8:e6:55:64:7c:e7:c9:50:b0:22:a7:13:25:34:
                    c3:fb:d9:88:db:7c:ab:7f:a3:24:d7:9b:26:cd:d6:
                    e4:38:d8:9e:eb:67:65:cd:94:40:44:13:f1:df:a2:
                    f3:d2:86:c7:5e:26:32:42:1a:aa:60:61:26:7a:a7:
                    e1:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:E5:B6:42:F8:99:74:70:85:92:AC:B1:28:4A:C2:7A:28:32:C1:00
            X509v3 Authority Key Identifier:
                keyid:4F:32:B9:EF:F9:F0:2C:7C:AB:E1:99:5A:2D:B5:09:D8:25:8D:35:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TzK57_nwLHyr4ZlaLbUJ2CWNNfw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/172c4e-6f5d-475e-9be9-c4073c13ff7c/1/IeW2QviZdHCFkqyxKErCeigywQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/172c4e-6f5d-475e-9be9-c4073c13ff7c/1/TzK57_nwLHyr4ZlaLbUJ2CWNNfw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.76.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         40:8f:8b:81:97:4e:5a:63:4b:14:24:a4:19:a2:77:0e:05:85:
         d0:0d:7f:14:ad:1a:e6:10:56:80:05:db:66:42:98:5e:06:e8:
         74:e5:3e:77:72:46:16:bd:ef:fe:bb:ac:27:3a:d6:68:cf:18:
         2f:e6:3c:9d:5f:eb:a5:93:ff:c0:bb:1a:7a:c5:7f:64:38:8b:
         64:b9:68:c5:db:6b:42:11:55:e9:e6:47:90:04:64:3c:43:93:
         7a:6d:31:03:c4:f9:7e:14:91:91:3a:ea:8c:d8:b2:84:6b:63:
         36:ff:c9:55:3c:2f:ff:ab:cc:9b:0d:01:c6:f9:4f:15:f9:fd:
         86:48:5c:94:94:1c:af:3d:15:c1:b4:09:e7:92:ef:95:66:71:
         30:b3:b6:b2:6a:d1:61:85:6a:e2:48:32:b8:ad:7e:3a:8b:ad:
         cf:5c:03:22:56:a7:db:ce:95:64:e5:17:03:8d:eb:23:6f:c3:
         a2:9a:ef:6b:7e:e8:c7:58:de:b4:ba:f7:c2:2d:0f:8f:85:9b:
         ad:39:ab:3c:82:66:fe:14:7e:82:b9:3e:d8:6c:ab:f1:bf:f9:
         5d:5c:88:e6:2a:c8:f3:76:31:c9:cb:b1:a4:e8:fa:5b:cb:72:
         63:22:09:91:b8:ff:b2:16:52:67:05:b8:ce:4d:a0:9d:3a:3b:
         24:eb:34:06
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzGt4ijvtHXRDsNHsgtQureMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMzJiOWVmZjlmMDJjN2NhYmUxOTk1YTJkYjUwOWQ4MjU4
ZDM1ZmMwHhcNMjQwMTAxMjAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWU1YjY0MmY4OTk3NDcwODU5MmFjYjEyODRhYzI3YTI4MzJjMTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MiI7LJstPA/mQ2ErQo+U68Mff/X
NUc6yZxzlOEygWTmZ5Zf2S5iBuSaD6mR1EqNGv2uDdcJYHLQFD4GQ3Gry+J7UtAB
rbMf88IFSLH4TtqinHmex0OCpz8mDP7nZqdyL3E25qw1wV/uneoWOcU56CYvNN3c
DusM05xRm60v+1nzN6uj3yNbPQjgLisf6ThuBuHxi1J4DQAek9lX8jUIc/gaBAqF
rRnbzadgz9beFfHPd3+ZNHGpGEwplSnmPqJBHz3xqOZVZHznyVCwIqcTJTTD+9mI
23yrf6Mk15smzdbkONie62dlzZRARBPx36Lz0obHXiYyQhqqYGEmeqfhjQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFCHltkL4mXRwhZKssShKwnooMsEAMB8GA1UdIwQY
MBaAFE8yue/58Cx8q+GZWi21CdgljTX8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHpLNTdfbndMSHlyNFpsYUxiVUoyQ1dOTmZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8xNzJjNGUtNmY1ZC00NzVlLTliZTkt
YzQwNzNjMTNmZjdjLzEvSWVXMlF2aVpkSENGa3F5eEtFckNlaWd5d1FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8xNzJjNGUtNmY1ZC00NzVlLTliZTktYzQwNzNjMTNmZjdj
LzEvVHpLNTdfbndMSHlyNFpsYUxiVUoyQ1dOTmZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBhEwwDQYJ
KoZIhvcNAQELBQADggEBAECPi4GXTlpjSxQkpBmidw4FhdANfxStGuYQVoAF22ZC
mF4G6HTlPndyRha97/67rCc61mjPGC/mPJ1f66WT/8C7GnrFf2Q4i2S5aMXba0IR
VenmR5AEZDxDk3ptMQPE+X4UkZE66ozYsoRrYzb/yVU8L/+rzJsNAcb5TxX5/YZI
XJSUHK89FcG0CeeS75VmcTCztrJq0WGFauJIMritfjqLrc9cAyJWp9vOlWTlFwON
6yNvw6Ka72t+6MdY3rS698ItD4+Fm605qzyCZv4UfoK5Pthsq/G/+V1ciOYqyPN2
McnLsaTo+lvLcmMiCZG4/7IWUmcFuM5NoJ06OyTrNAY=
-----END CERTIFICATE-----