Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/6x0IEY_oKfCzRglb0trfQDLrEcI.roa
File:                     6x0IEY_oKfCzRglb0trfQDLrEcI.roa (raw, json)
Hash identifier:          nw30ktNno9lq6+jz1pG7hTRfM4CfDepnp8LPoxPcyNw=
Subject key identifier:   EB:1D:08:11:8F:E8:29:F0:B3:46:09:5B:D2:DA:DF:40:32:EB:11:C2
Certificate issuer:       /CN=0c5140282591f9912f9639ee1412b6d1dcff0861
Certificate serial:       018F4CDEF89256A86FEA82B0C673A3D51E54
Authority key identifier: 0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/6x0IEY_oKfCzRglb0trfQDLrEcI.roa
Signing time:             Mon 06 May 2024 07:47:12 +0000
ROA not before:           Mon 06 May 2024 07:47:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201749
IP address blocks:        188.72.1.0/24 maxlen: 24
                          188.72.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jul 2024 04:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4c:de:f8:92:56:a8:6f:ea:82:b0:c6:73:a3:d5:1e:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c5140282591f9912f9639ee1412b6d1dcff0861
        Validity
            Not Before: May  6 07:47:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb1d08118fe829f0b346095bd2dadf4032eb11c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:48:68:31:30:c8:1a:74:48:4c:74:5c:59:1c:
                    6a:bf:37:b2:13:95:a6:32:24:57:e6:04:6c:7d:bf:
                    bf:58:55:70:8b:77:d7:47:a1:c7:ba:6f:1e:37:9d:
                    25:d3:1a:79:25:5c:69:71:c9:66:e7:cc:0c:1d:b3:
                    41:36:22:b8:6e:22:07:79:81:5f:7b:b5:0b:e4:0e:
                    22:c8:8f:e4:19:d9:2d:05:90:ea:5c:76:a4:e0:22:
                    cb:5d:a3:da:62:1e:fc:c5:22:fa:4c:6b:18:ea:41:
                    e7:66:6f:64:69:a8:7c:1c:ed:ce:6f:48:ba:79:6e:
                    59:9a:04:2f:17:8b:26:67:6b:34:d9:f0:5e:8a:e3:
                    44:41:52:e4:f0:fe:dd:b7:12:cb:b5:99:b7:6b:8a:
                    c5:b4:81:a4:90:58:86:10:2c:05:3a:f6:b4:11:90:
                    35:84:90:01:b6:28:3d:91:15:77:24:67:cd:e9:ad:
                    26:9c:cb:88:7b:46:b5:c1:ce:1a:1d:62:91:e4:55:
                    47:28:d1:6d:2b:9b:36:72:db:d6:87:f7:4e:a4:0b:
                    0c:a6:bd:ed:15:23:43:c7:26:45:94:a1:dc:1d:80:
                    c2:bc:e3:9c:ac:92:ef:83:fd:92:f7:f7:c5:80:ea:
                    7f:31:f3:45:5c:3a:74:17:95:66:e5:e6:63:7d:04:
                    b3:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:1D:08:11:8F:E8:29:F0:B3:46:09:5B:D2:DA:DF:40:32:EB:11:C2
            X509v3 Authority Key Identifier:
                keyid:0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/6x0IEY_oKfCzRglb0trfQDLrEcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.72.1.0/24
                  188.72.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:d4:d3:6b:75:d0:c5:c8:e3:8a:14:7b:63:ab:c3:1a:8a:e6:
         ec:86:5f:b0:45:a5:4a:65:6d:60:e2:85:15:ba:89:7d:6a:63:
         a0:c6:1b:f0:d5:10:74:89:3f:cd:25:81:10:d0:32:05:d5:41:
         6e:a8:95:30:27:18:03:41:73:79:a8:b6:ff:93:e3:8a:6c:7d:
         99:31:df:d3:c8:b6:c8:f4:7a:cf:e5:67:b1:90:60:c6:33:3d:
         2f:e8:7f:64:c4:4d:5c:b8:be:80:1e:23:11:9e:3c:82:0f:91:
         83:56:1b:c7:46:26:4c:3f:3f:e4:6f:d5:6b:7a:80:eb:49:c5:
         b9:ad:62:c3:65:ea:c1:2e:2e:9a:37:f3:27:dd:bb:5a:18:ee:
         24:0e:bb:4b:f4:99:4b:3d:ba:80:91:88:90:04:e4:eb:2a:54:
         28:8b:af:51:08:e7:a0:b2:59:e4:57:d1:cd:d7:a3:d4:51:ee:
         54:52:83:9e:3a:0b:53:a5:f0:a3:44:c3:c6:5a:ac:03:16:44:
         90:a3:d0:30:52:68:5e:70:33:15:18:45:fc:78:bf:16:a0:c6:
         42:50:12:42:7f:5e:99:b0:3b:ab:64:f2:97:31:83:27:6c:06:
         5a:26:aa:60:9b:9c:b7:70:b8:80:0b:5b:65:9f:79:04:ee:b7:
         88:f9:6b:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9M3viSVqhv6oKwxnOj1R5UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNTE0MDI4MjU5MWY5OTEyZjk2MzllZTE0MTJiNmQxZGNm
ZjA4NjEwHhcNMjQwNTA2MDc0NzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjFkMDgxMThmZTgyOWYwYjM0NjA5NWJkMmRhZGY0MDMyZWIxMWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUhoMTDIGnRITHRcWRxqvzeyE5Wm
MiRX5gRsfb+/WFVwi3fXR6HHum8eN50l0xp5JVxpcclm58wMHbNBNiK4biIHeYFf
e7UL5A4iyI/kGdktBZDqXHak4CLLXaPaYh78xSL6TGsY6kHnZm9kaah8HO3Ob0i6
eW5ZmgQvF4smZ2s02fBeiuNEQVLk8P7dtxLLtZm3a4rFtIGkkFiGECwFOva0EZA1
hJABtig9kRV3JGfN6a0mnMuIe0a1wc4aHWKR5FVHKNFtK5s2ctvWh/dOpAsMpr3t
FSNDxyZFlKHcHYDCvOOcrJLvg/2S9/fFgOp/MfNFXDp0F5Vm5eZjfQSzmQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOsdCBGP6Cnws0YJW9La30Ay6xHCMB8GA1UdIwQY
MBaAFAxRQCglkfmRL5Y57hQSttHc/whhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUt
ZGU5MTQ2OWQzNzcyLzEvNngwSUVZX29LZkN6UmdsYjB0cmZRRExyRWNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUtZGU5MTQ2OWQzNzcy
LzEvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvEgBAwQA
vEg4MA0GCSqGSIb3DQEBCwUAA4IBAQA41NNrddDFyOOKFHtjq8Maiubshl+wRaVK
ZW1g4oUVuol9amOgxhvw1RB0iT/NJYEQ0DIF1UFuqJUwJxgDQXN5qLb/k+OKbH2Z
Md/TyLbI9HrP5WexkGDGMz0v6H9kxE1cuL6AHiMRnjyCD5GDVhvHRiZMPz/kb9Vr
eoDrScW5rWLDZerBLi6aN/Mn3btaGO4kDrtL9JlLPbqAkYiQBOTrKlQoi69RCOeg
slnkV9HN16PUUe5UUoOeOgtTpfCjRMPGWqwDFkSQo9AwUmhecDMVGEX8eL8WoMZC
UBJCf16ZsDurZPKXMYMnbAZaJqpgm5y3cLiAC1tln3kE7reI+Wve
-----END CERTIFICATE-----