Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/iJohV2rNqL8PjojvrvF9H5o2_W0.roa
File:                     iJohV2rNqL8PjojvrvF9H5o2_W0.roa (raw, json)
Hash identifier:          yjpFeru7FnzkbLdEyI19XEomRxAjq+cQO7rh3aKapWE=
Subject key identifier:   88:9A:21:57:6A:CD:A8:BF:0F:8E:88:EF:AE:F1:7D:1F:9A:36:FD:6D
Certificate issuer:       /CN=0c5140282591f9912f9639ee1412b6d1dcff0861
Certificate serial:       018E43C36E8FCA508D57FB58A86A4ABB25EA
Authority key identifier: 0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/iJohV2rNqL8PjojvrvF9H5o2_W0.roa
Signing time:             Fri 15 Mar 2024 20:17:44 +0000
ROA not before:           Fri 15 Mar 2024 20:17:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205800
IP address blocks:        188.72.40.0/24 maxlen: 24
                          188.72.41.0/24 maxlen: 24
                          188.72.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 05:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:43:c3:6e:8f:ca:50:8d:57:fb:58:a8:6a:4a:bb:25:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c5140282591f9912f9639ee1412b6d1dcff0861
        Validity
            Not Before: Mar 15 20:17:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=889a21576acda8bf0f8e88efaef17d1f9a36fd6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:7c:71:af:d8:72:d4:d4:dc:7f:07:a2:e7:58:
                    d7:43:c0:fe:8b:09:1d:16:2b:65:73:23:20:a3:53:
                    3e:2d:40:c1:95:64:69:e7:e7:16:d7:b7:26:96:29:
                    1d:00:41:58:9b:ea:64:3a:e7:b4:61:88:f5:42:76:
                    92:0f:bf:01:d7:b0:20:bc:b3:c9:82:94:3d:8b:7e:
                    60:f7:3c:66:26:47:fc:ba:5e:4c:52:24:e3:c4:d1:
                    cf:08:aa:cd:29:06:bb:2b:1c:e1:ef:41:f8:cd:f8:
                    2d:20:9f:a3:29:8e:a4:b2:a9:ef:00:9f:fe:39:1e:
                    9e:f2:70:70:55:d9:63:ce:78:15:12:bb:ba:39:d2:
                    20:88:8e:c0:c3:27:78:4f:42:9f:37:70:98:76:d2:
                    26:c5:22:ac:1b:b2:f5:eb:24:28:6e:95:ea:b3:96:
                    28:87:31:a9:7a:02:51:e1:e6:b2:56:d4:fd:64:9f:
                    11:7e:85:86:d2:57:ba:f5:26:f2:c0:90:a1:38:bc:
                    79:9e:ee:9f:b7:a7:ea:ac:40:1c:04:2a:ae:86:30:
                    ee:5e:b1:3d:22:be:57:db:32:16:7d:da:44:89:73:
                    47:fd:5c:fc:88:b8:d1:ff:93:cd:82:85:b5:11:d9:
                    52:12:fd:b2:fb:f1:49:84:b0:25:80:ea:38:ef:88:
                    c0:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:9A:21:57:6A:CD:A8:BF:0F:8E:88:EF:AE:F1:7D:1F:9A:36:FD:6D
            X509v3 Authority Key Identifier:
                keyid:0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/iJohV2rNqL8PjojvrvF9H5o2_W0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.72.40.0/23
                  188.72.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:ff:3b:97:e4:6f:18:4b:d2:3e:fe:01:d2:a3:a6:75:80:2d:
         db:a6:02:b4:09:e4:fb:9c:60:ed:70:34:51:7a:d0:be:fa:56:
         c5:c8:56:aa:5c:9c:2d:80:5a:d3:7f:e4:20:0a:b8:42:a0:08:
         6c:e0:a3:66:1c:1a:32:ec:26:15:54:41:21:f3:7a:d1:59:a9:
         b8:6f:b9:1b:64:14:3a:82:8e:1d:5a:59:b3:79:75:c2:96:d3:
         53:45:0c:e9:08:42:84:e4:54:52:a7:7b:af:c0:95:42:a9:ea:
         b5:88:01:9f:90:36:91:f4:ab:6a:3c:35:a5:b0:85:82:ea:d5:
         94:d8:d8:9f:de:78:f7:93:ae:8a:6e:b8:63:fc:99:a8:b7:07:
         2d:24:db:5a:d1:11:56:fa:c5:2d:82:a8:1b:9c:cf:35:d4:9e:
         08:3b:c9:13:80:fb:59:ec:1c:a3:62:bb:7b:59:c7:11:78:7f:
         39:eb:b4:cf:30:36:4e:88:a6:e3:5f:c8:a6:9f:94:ed:c7:2e:
         2d:f1:48:46:2b:e7:2b:a1:34:0f:74:4a:87:25:ed:18:03:00:
         44:b3:4e:fb:e0:62:2d:ea:5a:90:2d:58:84:88:02:86:6e:f8:
         7b:29:3a:9d:95:09:7e:ee:67:7c:41:c2:19:69:45:66:1a:c2:
         9d:7e:f5:b6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5Dw26PylCNV/tYqGpKuyXqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNTE0MDI4MjU5MWY5OTEyZjk2MzllZTE0MTJiNmQxZGNm
ZjA4NjEwHhcNMjQwMzE1MjAxNzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODlhMjE1NzZhY2RhOGJmMGY4ZTg4ZWZhZWYxN2QxZjlhMzZmZDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXxxr9hy1NTcfwei51jXQ8D+iwkd
FitlcyMgo1M+LUDBlWRp5+cW17cmlikdAEFYm+pkOue0YYj1QnaSD78B17AgvLPJ
gpQ9i35g9zxmJkf8ul5MUiTjxNHPCKrNKQa7Kxzh70H4zfgtIJ+jKY6ksqnvAJ/+
OR6e8nBwVdljzngVEru6OdIgiI7Awyd4T0KfN3CYdtImxSKsG7L16yQobpXqs5Yo
hzGpegJR4eayVtT9ZJ8RfoWG0le69SbywJChOLx5nu6ft6fqrEAcBCquhjDuXrE9
Ir5X2zIWfdpEiXNH/Vz8iLjR/5PNgoW1EdlSEv2y+/FJhLAlgOo474jA7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIiaIVdqzai/D46I767xfR+aNv1tMB8GA1UdIwQY
MBaAFAxRQCglkfmRL5Y57hQSttHc/whhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUt
ZGU5MTQ2OWQzNzcyLzEvaUpvaFYyck5xTDhQam9qdnJ2RjlINW8yX1cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUtZGU5MTQ2OWQzNzcy
LzEvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBvEgoAwQA
vEgxMA0GCSqGSIb3DQEBCwUAA4IBAQBR/zuX5G8YS9I+/gHSo6Z1gC3bpgK0CeT7
nGDtcDRRetC++lbFyFaqXJwtgFrTf+QgCrhCoAhs4KNmHBoy7CYVVEEh83rRWam4
b7kbZBQ6go4dWlmzeXXCltNTRQzpCEKE5FRSp3uvwJVCqeq1iAGfkDaR9KtqPDWl
sIWC6tWU2Nif3nj3k66Kbrhj/JmotwctJNta0RFW+sUtgqgbnM811J4IO8kTgPtZ
7ByjYrt7WccReH8567TPMDZOiKbjX8imn5Ttxy4t8UhGK+croTQPdEqHJe0YAwBE
s0774GIt6lqQLViEiAKGbvh7KTqdlQl+7md8QcIZaUVmGsKdfvW2
-----END CERTIFICATE-----