Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/cYq8l3NcenGiSFibcz6lsDHU5MU.roa
File:                     cYq8l3NcenGiSFibcz6lsDHU5MU.roa (raw, json)
Hash identifier:          HKcrI14U8StYBCCm7qa2rnM5VoMvwwlilJxfy4MxCLU=
Subject key identifier:   71:8A:BC:97:73:5C:7A:71:A2:48:58:9B:73:3E:A5:B0:31:D4:E4:C5
Certificate issuer:       /CN=0c5140282591f9912f9639ee1412b6d1dcff0861
Certificate serial:       0197EF6C1A14040A13E7466D3E1F0B2259E2
Authority key identifier: 0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/cYq8l3NcenGiSFibcz6lsDHU5MU.roa
Signing time:             Wed 09 Jul 2025 13:42:08 +0000
ROA not before:           Wed 09 Jul 2025 13:42:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210022
IP address blocks:        188.72.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ef:6c:1a:14:04:0a:13:e7:46:6d:3e:1f:0b:22:59:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c5140282591f9912f9639ee1412b6d1dcff0861
        Validity
            Not Before: Jul  9 13:42:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=718abc97735c7a71a248589b733ea5b031d4e4c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:8b:30:0f:7c:6a:e9:9e:f4:10:b1:46:ce:06:
                    17:cf:c7:03:f6:d7:3f:6c:1e:c6:d6:ea:d2:46:7a:
                    ad:0e:a5:ca:77:d8:df:5b:a5:fd:fe:ca:27:28:7d:
                    30:b7:b2:0f:e2:02:66:cd:d1:81:e8:ee:d8:85:df:
                    12:b6:92:a1:1c:02:74:b6:2e:69:76:ec:e1:b8:54:
                    10:b8:f7:41:3a:26:3e:4e:94:75:87:02:7c:f9:c7:
                    bc:ca:04:9e:92:64:a1:cc:b1:1e:d0:d5:fa:6c:ca:
                    4b:a6:a4:97:f9:58:c2:6b:2d:c3:bb:67:11:ef:c5:
                    27:a2:64:32:ba:3e:f7:60:d1:90:4e:c2:55:5c:cc:
                    98:42:a0:9e:f5:a2:2c:e6:0d:7a:38:63:3b:5f:be:
                    9f:2c:4c:01:b4:f4:8e:37:f9:b2:66:4d:f4:a6:80:
                    9f:88:9a:c4:29:d9:cf:7a:a0:ea:76:dd:92:ee:dc:
                    4b:cd:b7:2f:1d:42:88:c2:51:f2:1d:9c:f6:06:42:
                    40:d6:cd:ff:e3:bf:7d:15:30:99:15:67:8b:58:48:
                    8e:67:5b:e9:c8:41:e9:75:5f:c1:48:03:d6:18:2b:
                    82:91:6a:50:75:3b:ab:6e:ee:bd:c7:01:2e:4d:59:
                    94:4c:ab:b5:87:5a:25:f4:8e:f4:87:d0:4c:2c:13:
                    dd:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:8A:BC:97:73:5C:7A:71:A2:48:58:9B:73:3E:A5:B0:31:D4:E4:C5
            X509v3 Authority Key Identifier:
                keyid:0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/cYq8l3NcenGiSFibcz6lsDHU5MU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.72.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:01:66:6e:4a:4a:b6:26:9a:b5:87:a8:31:82:c8:eb:a7:91:
         68:03:7a:3b:3f:2f:12:bd:17:46:15:b3:f8:c9:4b:b8:94:97:
         a0:67:67:c1:99:30:75:db:1f:10:ea:44:15:92:9d:42:33:33:
         1e:5c:39:1d:72:2b:c6:0c:e5:fa:2a:8b:eb:55:85:31:f7:55:
         bd:be:2c:50:66:da:36:d5:7b:10:98:d5:00:c2:0d:6f:e9:e1:
         a3:9d:a7:d1:e1:fb:f8:fc:d2:4e:f4:23:1b:8d:bd:10:3c:ab:
         3b:23:1f:ee:30:6a:f8:95:83:85:35:94:21:8d:a3:21:07:34:
         3a:47:12:57:a0:d8:02:3b:70:0d:ea:bc:69:b6:36:35:6d:9e:
         53:51:fe:6c:56:f9:07:13:98:63:14:bc:45:31:5b:34:d8:6b:
         91:40:02:5e:13:e4:12:58:fa:8c:59:ad:96:2c:eb:00:2b:ac:
         d6:e0:8f:70:b0:56:51:30:73:aa:17:2e:b9:04:62:de:1c:3f:
         59:73:30:14:3e:be:2e:96:30:47:a5:8d:c2:c5:c9:e6:9e:e2:
         15:fc:bd:d0:8c:87:ea:e7:69:d7:bc:a6:0d:cb:dc:ca:d1:b5:
         88:fd:04:20:4c:77:92:3c:56:6d:60:2e:e2:26:65:6c:bb:83:
         18:29:bc:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfvbBoUBAoT50ZtPh8LIlniMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNTE0MDI4MjU5MWY5OTEyZjk2MzllZTE0MTJiNmQxZGNm
ZjA4NjEwHhcNMjUwNzA5MTM0MjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MThhYmM5NzczNWM3YTcxYTI0ODU4OWI3MzNlYTViMDMxZDRlNGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyoswD3xq6Z70ELFGzgYXz8cD9tc/
bB7G1urSRnqtDqXKd9jfW6X9/sonKH0wt7IP4gJmzdGB6O7Yhd8StpKhHAJ0ti5p
duzhuFQQuPdBOiY+TpR1hwJ8+ce8ygSekmShzLEe0NX6bMpLpqSX+VjCay3Du2cR
78UnomQyuj73YNGQTsJVXMyYQqCe9aIs5g16OGM7X76fLEwBtPSON/myZk30poCf
iJrEKdnPeqDqdt2S7txLzbcvHUKIwlHyHZz2BkJA1s3/4799FTCZFWeLWEiOZ1vp
yEHpdV/BSAPWGCuCkWpQdTurbu69xwEuTVmUTKu1h1ol9I70h9BMLBPdjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGKvJdzXHpxokhYm3M+pbAx1OTFMB8GA1UdIwQY
MBaAFAxRQCglkfmRL5Y57hQSttHc/whhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUt
ZGU5MTQ2OWQzNzcyLzEvY1lxOGwzTmNlbkdpU0ZpYmN6NmxzREhVNU1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUtZGU5MTQ2OWQzNzcy
LzEvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEgCMA0G
CSqGSIb3DQEBCwUAA4IBAQCUAWZuSkq2Jpq1h6gxgsjrp5FoA3o7Py8SvRdGFbP4
yUu4lJegZ2fBmTB12x8Q6kQVkp1CMzMeXDkdcivGDOX6KovrVYUx91W9vixQZto2
1XsQmNUAwg1v6eGjnafR4fv4/NJO9CMbjb0QPKs7Ix/uMGr4lYOFNZQhjaMhBzQ6
RxJXoNgCO3AN6rxptjY1bZ5TUf5sVvkHE5hjFLxFMVs02GuRQAJeE+QSWPqMWa2W
LOsAK6zW4I9wsFZRMHOqFy65BGLeHD9ZczAUPr4uljBHpY3CxcnmnuIV/L3QjIfq
52nXvKYNy9zK0bWI/QQgTHeSPFZtYC7iJmVsu4MYKbzK
-----END CERTIFICATE-----