Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/lBXK9L6hP2hZW8XxgKsoGFntuMY.roa
File:                     lBXK9L6hP2hZW8XxgKsoGFntuMY.roa (raw, json)
Hash identifier:          LoFq3m2d5W9RqYJ98NBx+CpVgpQlbKInEZJyCPXSAmM=
Subject key identifier:   94:15:CA:F4:BE:A1:3F:68:59:5B:C5:F1:80:AB:28:18:59:ED:B8:C6
Certificate issuer:       /CN=0c5140282591f9912f9639ee1412b6d1dcff0861
Certificate serial:       018CC500D82ADD8C87A7DBCAEEBCF723498E
Authority key identifier: 0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/lBXK9L6hP2hZW8XxgKsoGFntuMY.roa
Signing time:             Mon 01 Jan 2024 12:30:15 +0000
ROA not before:           Mon 01 Jan 2024 12:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201089
IP address blocks:        188.72.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jul 2024 04:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:d8:2a:dd:8c:87:a7:db:ca:ee:bc:f7:23:49:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c5140282591f9912f9639ee1412b6d1dcff0861
        Validity
            Not Before: Jan  1 12:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9415caf4bea13f68595bc5f180ab281859edb8c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:35:27:d2:7c:d9:7b:df:d7:db:4c:13:a0:b5:
                    0b:47:d4:fb:2c:25:b2:b3:c7:a8:c0:df:e5:f0:b5:
                    45:c3:8a:50:43:fd:f0:b0:7e:67:cf:2f:e2:01:25:
                    62:b7:73:58:62:5f:b8:eb:62:59:0d:72:26:34:47:
                    36:ef:03:de:1e:5e:8f:e0:18:69:fd:a2:48:bf:cb:
                    d9:ac:1a:a4:2b:3f:2a:1c:ff:3f:96:53:3a:29:81:
                    a3:07:c0:a5:55:96:94:da:26:01:15:52:e7:07:b1:
                    cb:84:a8:92:b1:15:23:bd:a6:46:bb:d0:58:77:d5:
                    88:51:a5:5b:33:9e:ed:27:b5:42:8d:b6:b9:da:32:
                    4b:c4:75:42:0d:4d:ac:e2:02:35:5a:a4:85:75:f2:
                    4e:f0:a4:f2:24:0e:c4:9b:89:c1:2b:03:9d:67:dc:
                    ea:1c:94:1f:49:23:fe:3b:f9:a6:3a:fb:a0:0f:e9:
                    06:29:19:ef:47:81:07:a8:df:c4:42:58:40:e4:7b:
                    26:f8:b0:42:59:a5:65:85:b5:2f:83:d6:1f:45:79:
                    5e:78:f3:12:b0:ad:39:ed:74:df:2f:c7:96:6e:45:
                    12:b5:3b:42:1a:f2:06:64:d0:8c:41:cf:c9:7f:2e:
                    7f:02:5b:51:c3:b3:8e:57:83:aa:93:74:6c:0b:b2:
                    50:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:15:CA:F4:BE:A1:3F:68:59:5B:C5:F1:80:AB:28:18:59:ED:B8:C6
            X509v3 Authority Key Identifier:
                keyid:0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/lBXK9L6hP2hZW8XxgKsoGFntuMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.72.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:52:55:33:00:46:85:dd:ac:8c:60:e1:7e:f8:50:db:50:49:
         da:2d:1d:68:2e:10:d6:a3:a9:2a:ae:af:05:55:d7:9a:58:29:
         0f:6c:38:66:5b:4e:da:58:cf:1a:7b:31:6c:dd:49:c4:a8:62:
         a0:43:a4:9a:53:6a:0c:be:9a:c0:f2:32:e9:da:db:5a:3a:74:
         a1:9d:47:37:a5:9d:79:65:c9:e4:77:b7:f2:58:72:4e:17:ac:
         a0:e9:a3:d5:be:02:da:70:eb:8c:64:81:ee:c0:39:41:c2:b1:
         6c:e0:e9:bf:7d:b9:50:b9:4e:ed:f5:12:49:76:86:fc:38:c5:
         86:de:a3:a2:74:03:da:d8:60:f8:3c:d7:42:e2:e3:32:8f:5d:
         07:24:5a:31:58:36:d8:15:5a:0b:5d:6b:09:4e:b4:bd:fa:3f:
         ee:67:3f:3b:84:9e:06:f7:d4:dc:50:79:8f:2a:f4:1d:da:8a:
         be:ae:ec:39:ad:df:ad:a0:d4:fd:44:b3:b8:eb:95:9c:14:96:
         e4:e7:6d:86:cf:e8:af:de:20:19:4a:fa:c2:81:b0:c3:ef:2b:
         71:49:e7:e6:10:43:da:c8:54:b3:6d:f5:92:eb:e2:cb:44:72:
         51:cf:14:0d:1f:4b:5d:a8:24:d7:09:49:63:ed:cd:5f:2e:01:
         1b:f2:2c:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFANgq3YyHp9vK7rz3I0mOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNTE0MDI4MjU5MWY5OTEyZjk2MzllZTE0MTJiNmQxZGNm
ZjA4NjEwHhcNMjQwMTAxMTIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDE1Y2FmNGJlYTEzZjY4NTk1YmM1ZjE4MGFiMjgxODU5ZWRiOGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDUn0nzZe9/X20wToLULR9T7LCWy
s8eowN/l8LVFw4pQQ/3wsH5nzy/iASVit3NYYl+462JZDXImNEc27wPeHl6P4Bhp
/aJIv8vZrBqkKz8qHP8/llM6KYGjB8ClVZaU2iYBFVLnB7HLhKiSsRUjvaZGu9BY
d9WIUaVbM57tJ7VCjba52jJLxHVCDU2s4gI1WqSFdfJO8KTyJA7Em4nBKwOdZ9zq
HJQfSSP+O/mmOvugD+kGKRnvR4EHqN/EQlhA5Hsm+LBCWaVlhbUvg9YfRXleePMS
sK057XTfL8eWbkUStTtCGvIGZNCMQc/Jfy5/AltRw7OOV4Oqk3RsC7JQJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJQVyvS+oT9oWVvF8YCrKBhZ7bjGMB8GA1UdIwQY
MBaAFAxRQCglkfmRL5Y57hQSttHc/whhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUt
ZGU5MTQ2OWQzNzcyLzEvbEJYSzlMNmhQMmhaVzhYeGdLc29HRm50dU1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUtZGU5MTQ2OWQzNzcy
LzEvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEgoMA0G
CSqGSIb3DQEBCwUAA4IBAQBGUlUzAEaF3ayMYOF++FDbUEnaLR1oLhDWo6kqrq8F
VdeaWCkPbDhmW07aWM8aezFs3UnEqGKgQ6SaU2oMvprA8jLp2ttaOnShnUc3pZ15
Zcnkd7fyWHJOF6yg6aPVvgLacOuMZIHuwDlBwrFs4Om/fblQuU7t9RJJdob8OMWG
3qOidAPa2GD4PNdC4uMyj10HJFoxWDbYFVoLXWsJTrS9+j/uZz87hJ4G99TcUHmP
KvQd2oq+ruw5rd+toNT9RLO465WcFJbk522Gz+iv3iAZSvrCgbDD7ytxSefmEEPa
yFSzbfWS6+LLRHJRzxQNH0tdqCTXCUlj7c1fLgEb8ixq
-----END CERTIFICATE-----