Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/CJ38vsUglLYOya47YrmR1ErxmKI.roa
File:                     CJ38vsUglLYOya47YrmR1ErxmKI.roa (raw, json)
Hash identifier:          cIKHObsWsy+6Sw2GuTn0LnMh/KmxRXbeL+4vm5WKnz4=
Subject key identifier:   08:9D:FC:BE:C5:20:94:B6:0E:C9:AE:3B:62:B9:91:D4:4A:F1:98:A2
Certificate issuer:       /CN=0e0f4872ad1c1f4fcb213b6b2edb388a2d9c9a23
Certificate serial:       018CC3B70536225081454EB52F82DCDCD4D9
Authority key identifier: 0E:0F:48:72:AD:1C:1F:4F:CB:21:3B:6B:2E:DB:38:8A:2D:9C:9A:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dg9Icq0cH0_LITtrLts4ii2cmiM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/CJ38vsUglLYOya47YrmR1ErxmKI.roa
Signing time:             Mon 01 Jan 2024 06:30:00 +0000
ROA not before:           Mon 01 Jan 2024 06:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13046
IP address blocks:        188.125.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/Dg9Icq0cH0_LITtrLts4ii2cmiM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/Dg9Icq0cH0_LITtrLts4ii2cmiM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dg9Icq0cH0_LITtrLts4ii2cmiM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:05:36:22:50:81:45:4e:b5:2f:82:dc:dc:d4:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e0f4872ad1c1f4fcb213b6b2edb388a2d9c9a23
        Validity
            Not Before: Jan  1 06:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=089dfcbec52094b60ec9ae3b62b991d44af198a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:95:a8:eb:7a:67:00:6c:d5:09:2b:3f:bb:a3:
                    ed:22:46:bc:77:ca:5e:27:64:1d:93:cc:32:28:d0:
                    3d:31:5e:13:8d:f6:ba:d5:f7:cf:4c:5b:69:53:c1:
                    03:b9:f7:29:7d:8d:8c:d6:26:cd:08:67:14:8d:be:
                    0b:3e:8f:6c:ef:80:80:72:06:8a:98:67:b7:20:44:
                    d4:88:b7:46:95:7d:c7:2f:cd:75:5f:ce:c3:ec:58:
                    0d:cf:e0:14:7e:75:9a:b0:1f:9a:ec:cd:f8:41:ab:
                    0c:b2:59:ae:f9:b5:94:f0:95:a9:84:b7:d6:df:6e:
                    0c:15:f2:0e:f9:26:bb:9c:27:88:a9:f6:26:87:69:
                    a7:a2:af:9a:ce:90:38:b9:6c:c7:02:76:dd:31:3d:
                    f4:13:6d:6d:0b:5a:bf:05:67:4f:01:a0:ac:c4:37:
                    cf:ee:bc:1e:38:8e:d1:0b:42:ec:84:7f:6c:d7:ba:
                    9a:ed:cc:63:e2:39:59:14:bb:9d:12:b2:9f:b2:35:
                    e2:c6:aa:81:c5:3b:19:3d:bf:6b:f2:44:51:1d:fe:
                    f9:09:25:b8:96:1e:bb:62:ce:9f:d4:1f:31:d6:d5:
                    e2:b4:4f:0e:a8:58:66:e8:10:0b:f0:06:a1:42:06:
                    70:05:2e:b3:89:f2:be:2b:b7:d8:1f:c1:e7:03:53:
                    5f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:9D:FC:BE:C5:20:94:B6:0E:C9:AE:3B:62:B9:91:D4:4A:F1:98:A2
            X509v3 Authority Key Identifier:
                keyid:0E:0F:48:72:AD:1C:1F:4F:CB:21:3B:6B:2E:DB:38:8A:2D:9C:9A:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dg9Icq0cH0_LITtrLts4ii2cmiM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/CJ38vsUglLYOya47YrmR1ErxmKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/Dg9Icq0cH0_LITtrLts4ii2cmiM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.125.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:c6:94:07:d5:e8:ca:d4:95:b6:ae:1d:80:df:84:11:bf:cb:
         5e:f7:f2:6d:ff:4a:ad:0c:c6:a5:86:b2:26:9c:aa:54:cd:1a:
         bd:a0:f2:4a:70:c1:01:af:85:a0:67:df:0e:11:19:f9:40:57:
         68:6f:61:92:5d:77:01:12:f9:11:3c:7f:3a:e3:5e:c2:77:1d:
         0c:64:00:15:43:10:18:f4:74:f1:97:c7:7a:0f:0e:cd:34:c6:
         88:19:49:01:75:82:8c:7f:29:8f:01:4f:a2:23:6b:16:ae:f5:
         61:dc:70:73:17:88:9e:74:ac:cd:d2:63:9f:89:25:df:0b:2e:
         d5:9f:94:8a:f2:bf:61:2d:84:1f:7e:ab:60:e3:6e:79:71:d8:
         fd:a0:a2:09:af:61:9c:8c:a0:74:6d:2b:f1:8b:4b:8b:67:ae:
         d0:07:42:47:3f:12:0b:d0:23:c7:60:af:dd:ce:0a:7a:da:44:
         26:16:dd:cb:16:f3:4d:1f:29:f9:e6:6e:0a:90:2a:7f:60:ef:
         78:a0:b2:31:31:49:0c:75:6e:e0:1e:49:1c:d9:1b:e1:8b:2b:
         0b:65:e5:66:16:d7:76:26:1d:bd:10:5b:e6:33:d3:70:f9:60:
         d7:65:31:71:bf:d1:91:62:76:e7:7d:da:b6:2d:fd:63:57:18:
         c5:77:d0:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtwU2IlCBRU61L4Lc3NTZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMGY0ODcyYWQxYzFmNGZjYjIxM2I2YjJlZGIzODhhMmQ5
YzlhMjMwHhcNMjQwMTAxMDYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODlkZmNiZWM1MjA5NGI2MGVjOWFlM2I2MmI5OTFkNDRhZjE5OGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA15Wo63pnAGzVCSs/u6PtIka8d8pe
J2Qdk8wyKNA9MV4Tjfa61ffPTFtpU8EDufcpfY2M1ibNCGcUjb4LPo9s74CAcgaK
mGe3IETUiLdGlX3HL811X87D7FgNz+AUfnWasB+a7M34QasMslmu+bWU8JWphLfW
324MFfIO+Sa7nCeIqfYmh2mnoq+azpA4uWzHAnbdMT30E21tC1q/BWdPAaCsxDfP
7rweOI7RC0LshH9s17qa7cxj4jlZFLudErKfsjXixqqBxTsZPb9r8kRRHf75CSW4
lh67Ys6f1B8x1tXitE8OqFhm6BAL8AahQgZwBS6zifK+K7fYH8HnA1NfBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAid/L7FIJS2DsmuO2K5kdRK8ZiiMB8GA1UdIwQY
MBaAFA4PSHKtHB9PyyE7ay7bOIotnJojMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGc5SWNxMGNIMF9MSVR0ckx0czRpaTJjbWlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9kYzVhNjItMDY0Yi00NWIwLWI4OWQt
YzAxZjgwYTFjODA1LzEvQ0ozOHZzVWdsTFlPeWE0N1lybVIxRXJ4bUtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9kYzVhNjItMDY0Yi00NWIwLWI4OWQtYzAxZjgwYTFjODA1
LzEvRGc5SWNxMGNIMF9MSVR0ckx0czRpaTJjbWlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvH0PMA0G
CSqGSIb3DQEBCwUAA4IBAQBjxpQH1ejK1JW2rh2A34QRv8te9/Jt/0qtDMalhrIm
nKpUzRq9oPJKcMEBr4WgZ98OERn5QFdob2GSXXcBEvkRPH86417Cdx0MZAAVQxAY
9HTxl8d6Dw7NNMaIGUkBdYKMfymPAU+iI2sWrvVh3HBzF4iedKzN0mOfiSXfCy7V
n5SK8r9hLYQffqtg4255cdj9oKIJr2GcjKB0bSvxi0uLZ67QB0JHPxIL0CPHYK/d
zgp62kQmFt3LFvNNHyn55m4KkCp/YO94oLIxMUkMdW7gHkkc2RvhiysLZeVmFtd2
Jh29EFvmM9Nw+WDXZTFxv9GRYnbnfdq2Lf1jVxjFd9Cp
-----END CERTIFICATE-----