Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/6DM37SdPkytH7feZnF5j5x7fV8A.roa
File:                     6DM37SdPkytH7feZnF5j5x7fV8A.roa (raw, json)
Hash identifier:          97dxPoN4MFf7mdMtpycXIz9QZoYq2XbNFdSgYH8uaQg=
Subject key identifier:   E8:33:37:ED:27:4F:93:2B:47:ED:F7:99:9C:5E:63:E7:1E:DF:57:C0
Certificate issuer:       /CN=0c5140282591f9912f9639ee1412b6d1dcff0861
Certificate serial:       018CC500DBA20B211A02CF897006376447CF
Authority key identifier: 0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/6DM37SdPkytH7feZnF5j5x7fV8A.roa
Signing time:             Mon 01 Jan 2024 12:30:16 +0000
ROA not before:           Mon 01 Jan 2024 12:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212460
IP address blocks:        188.72.1.0/24 maxlen: 24
                          188.72.0.0/24 maxlen: 24
                          188.72.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:db:a2:0b:21:1a:02:cf:89:70:06:37:64:47:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c5140282591f9912f9639ee1412b6d1dcff0861
        Validity
            Not Before: Jan  1 12:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e83337ed274f932b47edf7999c5e63e71edf57c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:74:e1:ca:02:79:ea:4b:fb:69:87:32:23:38:
                    dc:64:8c:62:53:52:bb:71:bb:3c:8a:dd:05:44:7a:
                    42:87:65:87:c7:ed:d7:09:ae:4c:7b:4b:19:19:d0:
                    3f:f2:ff:8d:bc:d8:e2:ea:39:01:b5:0e:e0:05:f0:
                    75:6b:99:1b:92:fc:98:f4:72:69:a4:12:3a:8c:d3:
                    6b:78:22:81:32:d7:d7:a4:63:9f:41:f3:e0:da:ee:
                    56:d2:e0:8f:e1:f8:c6:72:d2:a2:4d:6f:bf:37:c9:
                    d5:bf:46:bb:81:86:6f:f3:a0:7d:f0:c0:03:2b:4b:
                    a0:55:58:ad:80:eb:00:4e:e0:bc:df:7c:55:f3:d9:
                    f0:43:45:7b:a1:5b:a0:c7:3c:9a:fb:06:15:d3:b4:
                    39:0f:0d:3e:2e:50:fb:c4:61:ca:2a:3a:e3:12:f1:
                    bb:22:84:15:f2:af:e2:d5:b7:1e:c9:62:a3:6c:3b:
                    8d:8b:13:38:5c:0d:11:25:f4:36:17:d6:78:a0:48:
                    f6:dc:52:e4:d6:6e:80:a6:05:96:6d:03:c2:f6:fa:
                    57:d6:ed:c4:82:68:45:b5:8d:70:9e:6f:94:01:55:
                    d0:4d:5f:53:97:c4:9b:6e:16:0f:d9:21:bd:a6:b8:
                    e9:da:eb:32:ee:33:2c:b2:de:9e:27:55:f9:b2:d4:
                    49:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:33:37:ED:27:4F:93:2B:47:ED:F7:99:9C:5E:63:E7:1E:DF:57:C0
            X509v3 Authority Key Identifier:
                keyid:0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/6DM37SdPkytH7feZnF5j5x7fV8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.72.0.0/23
                  188.72.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:f7:62:ab:cc:4d:02:33:e1:22:fd:80:ce:cf:86:12:12:e0:
         70:2b:f7:1f:e6:4d:95:cd:9a:af:34:58:0e:b0:aa:9a:b4:93:
         85:89:c9:6a:dc:6b:81:fa:b2:cc:34:8f:5e:6f:20:ce:9c:91:
         be:a7:73:c3:cc:de:71:2f:78:59:07:c6:fc:52:7d:a7:f8:54:
         1d:1e:a1:b2:d4:ab:11:30:43:c8:75:0f:6b:04:4b:9b:f4:fe:
         d5:65:ec:6c:75:a0:d8:59:4d:4d:7c:e4:1c:7a:79:a8:6c:aa:
         9d:17:04:d8:a7:4e:ba:61:c5:af:c6:57:11:63:94:93:1c:ec:
         06:fb:82:b8:c2:93:d3:00:79:f3:7b:3f:47:37:b4:04:0d:ba:
         65:64:56:a3:cd:f9:35:6a:58:81:fb:69:8d:83:5f:00:c6:f2:
         23:a5:61:67:5a:75:ca:28:8b:36:1c:9b:6f:fd:8b:09:10:1a:
         67:05:fa:42:ec:46:7d:a9:5d:a7:40:ea:c6:02:ac:48:06:7b:
         33:cf:11:13:df:f9:de:55:5f:8d:d7:45:8c:f4:b3:f4:1d:c5:
         55:9b:60:5c:39:75:45:9b:e7:59:f8:17:5e:3d:b5:be:a0:5d:
         36:de:cc:8d:52:5f:ef:f9:d1:25:90:a1:cd:ac:82:59:12:6e:
         ff:b4:4b:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFANuiCyEaAs+JcAY3ZEfPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNTE0MDI4MjU5MWY5OTEyZjk2MzllZTE0MTJiNmQxZGNm
ZjA4NjEwHhcNMjQwMTAxMTIzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODMzMzdlZDI3NGY5MzJiNDdlZGY3OTk5YzVlNjNlNzFlZGY1N2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHThygJ56kv7aYcyIzjcZIxiU1K7
cbs8it0FRHpCh2WHx+3XCa5Me0sZGdA/8v+NvNji6jkBtQ7gBfB1a5kbkvyY9HJp
pBI6jNNreCKBMtfXpGOfQfPg2u5W0uCP4fjGctKiTW+/N8nVv0a7gYZv86B98MAD
K0ugVVitgOsATuC833xV89nwQ0V7oVugxzya+wYV07Q5Dw0+LlD7xGHKKjrjEvG7
IoQV8q/i1bceyWKjbDuNixM4XA0RJfQ2F9Z4oEj23FLk1m6ApgWWbQPC9vpX1u3E
gmhFtY1wnm+UAVXQTV9Tl8SbbhYP2SG9prjp2usy7jMsst6eJ1X5stRJ9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOgzN+0nT5MrR+33mZxeY+ce31fAMB8GA1UdIwQY
MBaAFAxRQCglkfmRL5Y57hQSttHc/whhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUt
ZGU5MTQ2OWQzNzcyLzEvNkRNMzdTZFBreXRIN2ZlWm5GNWo1eDdmVjhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUtZGU5MTQ2OWQzNzcy
LzEvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBvEgAAwQA
vEgzMA0GCSqGSIb3DQEBCwUAA4IBAQA792KrzE0CM+Ei/YDOz4YSEuBwK/cf5k2V
zZqvNFgOsKqatJOFiclq3GuB+rLMNI9ebyDOnJG+p3PDzN5xL3hZB8b8Un2n+FQd
HqGy1KsRMEPIdQ9rBEub9P7VZexsdaDYWU1NfOQcenmobKqdFwTYp066YcWvxlcR
Y5STHOwG+4K4wpPTAHnzez9HN7QEDbplZFajzfk1aliB+2mNg18AxvIjpWFnWnXK
KIs2HJtv/YsJEBpnBfpC7EZ9qV2nQOrGAqxIBnszzxET3/neVV+N10WM9LP0HcVV
m2BcOXVFm+dZ+BdePbW+oF023syNUl/v+dElkKHNrIJZEm7/tEvH
-----END CERTIFICATE-----