Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/qbPzeyOyVpR-hTTYak_cAIVlUxU.roa
File:                     qbPzeyOyVpR-hTTYak_cAIVlUxU.roa (raw, json)
Hash identifier:          4WBiQEDvdSVdyVX2f9w51mwS759qk8V8zXCte9gLZS8=
Subject key identifier:   A9:B3:F3:7B:23:B2:56:94:7E:85:34:D8:6A:4F:DC:00:85:65:53:15
Certificate issuer:       /CN=0c5140282591f9912f9639ee1412b6d1dcff0861
Certificate serial:       018CC500D8E20798C306BA118E522001495F
Authority key identifier: 0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/qbPzeyOyVpR-hTTYak_cAIVlUxU.roa
Signing time:             Mon 01 Jan 2024 12:30:16 +0000
ROA not before:           Mon 01 Jan 2024 12:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205473
IP address blocks:        188.72.0.0/24 maxlen: 24
                          188.72.1.0/24 maxlen: 24
                          188.72.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jul 2024 04:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:d8:e2:07:98:c3:06:ba:11:8e:52:20:01:49:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c5140282591f9912f9639ee1412b6d1dcff0861
        Validity
            Not Before: Jan  1 12:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9b3f37b23b256947e8534d86a4fdc0085655315
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b7:89:4b:c2:c8:b4:be:dc:98:66:15:f1:da:
                    e1:22:db:73:92:34:ba:42:ae:3a:2d:9a:ad:01:24:
                    65:b6:fa:c7:55:71:83:15:af:85:60:82:0d:c6:a4:
                    b3:79:3f:e6:cb:ff:80:7c:07:e7:43:7e:e1:94:a0:
                    b4:12:8b:ad:06:f2:5a:6a:cd:c0:0b:5b:76:d3:51:
                    79:3b:fd:ce:dc:c2:2d:00:49:a4:e3:d8:cd:ac:96:
                    93:87:92:80:71:c4:42:8f:d9:44:36:0d:fe:8d:31:
                    58:68:ae:d3:0e:32:04:c3:53:e1:34:29:13:5f:a8:
                    64:c5:c0:f6:83:0f:60:93:71:68:95:58:84:1a:28:
                    6c:5c:69:03:54:0c:86:7b:f9:49:38:25:88:91:d8:
                    f4:74:07:67:a6:2b:16:dd:c5:32:5b:c3:ad:fc:cd:
                    de:37:6e:5c:3d:49:e8:c7:de:7a:3f:7e:bb:6c:0d:
                    84:12:4c:ab:fb:65:59:42:ee:12:1a:8a:74:8b:16:
                    fa:61:52:89:9f:fb:2d:bc:08:55:86:ca:26:5f:63:
                    99:f7:08:f4:e9:83:84:0f:95:4d:49:71:19:e1:20:
                    e0:14:60:8a:c5:81:2b:71:f7:12:70:d4:0d:9b:0e:
                    a1:5c:ff:c0:da:52:2f:ff:89:75:47:86:bc:55:a4:
                    52:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:B3:F3:7B:23:B2:56:94:7E:85:34:D8:6A:4F:DC:00:85:65:53:15
            X509v3 Authority Key Identifier:
                keyid:0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/qbPzeyOyVpR-hTTYak_cAIVlUxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.72.0.0/23
                  188.72.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:fe:e2:ad:c9:0a:d0:c7:50:1d:a2:4e:19:8a:3e:b8:1d:ab:
         8c:c7:df:b7:23:b4:d5:2e:0c:64:d1:3c:7a:5d:a3:cc:93:7f:
         4f:80:de:d2:80:33:af:82:c6:7e:77:30:d7:b7:28:22:df:13:
         8e:dc:1b:13:31:7d:ac:9c:e1:a4:cd:65:51:b1:5d:06:93:33:
         db:0c:45:0e:3b:ea:f8:b9:b4:83:b1:72:5b:05:78:07:ee:94:
         47:31:66:70:a2:d0:97:8f:52:2a:c6:43:16:03:44:f7:7f:e7:
         79:dd:b8:67:67:b3:7a:cc:2b:cc:29:52:0e:fd:72:68:aa:44:
         75:13:f9:c1:d2:4f:bb:df:fd:de:86:20:c0:25:2a:e8:7c:2d:
         b7:44:86:bd:01:ef:be:69:e3:17:c5:a2:d8:f8:0a:43:dd:8d:
         b3:76:ee:06:7b:22:e1:33:e7:73:30:04:15:e2:22:7b:d1:1c:
         61:0c:ea:14:79:b4:3e:35:f2:95:bb:b2:ee:cb:d9:5f:b9:e7:
         41:7a:8d:24:1b:92:ed:74:0f:b7:cf:86:60:df:fc:f1:86:8a:
         ce:08:8b:c8:6e:20:d1:4a:7d:f7:9b:9e:d6:d9:50:d2:67:ea:
         c1:d1:1b:e9:7c:13:de:7b:a7:10:37:c8:bd:75:8e:62:76:ad:
         8b:41:3a:21
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFANjiB5jDBroRjlIgAUlfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNTE0MDI4MjU5MWY5OTEyZjk2MzllZTE0MTJiNmQxZGNm
ZjA4NjEwHhcNMjQwMTAxMTIzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWIzZjM3YjIzYjI1Njk0N2U4NTM0ZDg2YTRmZGMwMDg1NjU1MzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLeJS8LItL7cmGYV8drhIttzkjS6
Qq46LZqtASRltvrHVXGDFa+FYIINxqSzeT/my/+AfAfnQ37hlKC0EoutBvJaas3A
C1t201F5O/3O3MItAEmk49jNrJaTh5KAccRCj9lENg3+jTFYaK7TDjIEw1PhNCkT
X6hkxcD2gw9gk3FolViEGihsXGkDVAyGe/lJOCWIkdj0dAdnpisW3cUyW8Ot/M3e
N25cPUnox956P367bA2EEkyr+2VZQu4SGop0ixb6YVKJn/stvAhVhsomX2OZ9wj0
6YOED5VNSXEZ4SDgFGCKxYErcfcScNQNmw6hXP/A2lIv/4l1R4a8VaRSkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKmz83sjslaUfoU02GpP3ACFZVMVMB8GA1UdIwQY
MBaAFAxRQCglkfmRL5Y57hQSttHc/whhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUt
ZGU5MTQ2OWQzNzcyLzEvcWJQemV5T3lWcFItaFRUWWFrX2NBSVZsVXhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUtZGU5MTQ2OWQzNzcy
LzEvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBvEgAAwQA
vEgzMA0GCSqGSIb3DQEBCwUAA4IBAQBx/uKtyQrQx1Adok4Zij64HauMx9+3I7TV
Lgxk0Tx6XaPMk39PgN7SgDOvgsZ+dzDXtygi3xOO3BsTMX2snOGkzWVRsV0GkzPb
DEUOO+r4ubSDsXJbBXgH7pRHMWZwotCXj1IqxkMWA0T3f+d53bhnZ7N6zCvMKVIO
/XJoqkR1E/nB0k+73/3ehiDAJSrofC23RIa9Ae++aeMXxaLY+ApD3Y2zdu4GeyLh
M+dzMAQV4iJ70RxhDOoUebQ+NfKVu7Luy9lfuedBeo0kG5LtdA+3z4Zg3/zxhorO
CIvIbiDRSn33m57W2VDSZ+rB0RvpfBPee6cQN8i9dY5idq2LQToh
-----END CERTIFICATE-----