Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/c9x1IHh8_iCOG8QK_cvLQvBE5qs.roa
File:                     c9x1IHh8_iCOG8QK_cvLQvBE5qs.roa (raw, json)
Hash identifier:          1HTkoM1VdeHfcBLFtNBuiCl4BZcKtrwtAkBYBS1kEqg=
Subject key identifier:   73:DC:75:20:78:7C:FE:20:8E:1B:C4:0A:FD:CB:CB:42:F0:44:E6:AB
Certificate issuer:       /CN=0e0f4872ad1c1f4fcb213b6b2edb388a2d9c9a23
Certificate serial:       018CC3B7040E4657C2534586094E7653408B
Authority key identifier: 0E:0F:48:72:AD:1C:1F:4F:CB:21:3B:6B:2E:DB:38:8A:2D:9C:9A:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dg9Icq0cH0_LITtrLts4ii2cmiM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/c9x1IHh8_iCOG8QK_cvLQvBE5qs.roa
Signing time:             Mon 01 Jan 2024 06:30:00 +0000
ROA not before:           Mon 01 Jan 2024 06:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1902
IP address blocks:        188.125.16.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/Dg9Icq0cH0_LITtrLts4ii2cmiM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/Dg9Icq0cH0_LITtrLts4ii2cmiM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dg9Icq0cH0_LITtrLts4ii2cmiM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:04:0e:46:57:c2:53:45:86:09:4e:76:53:40:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e0f4872ad1c1f4fcb213b6b2edb388a2d9c9a23
        Validity
            Not Before: Jan  1 06:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73dc7520787cfe208e1bc40afdcbcb42f044e6ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:77:42:1c:f3:6e:71:b8:83:ad:09:1e:50:db:
                    48:38:b3:0c:19:ba:8b:9c:ad:ae:c1:f6:08:46:20:
                    56:1d:42:8c:e7:37:0e:fe:a5:9f:f4:b4:77:f9:83:
                    b2:e4:99:d8:ff:2f:2e:59:e4:4e:78:b9:92:98:ea:
                    af:81:e8:38:35:c6:86:4e:ed:a9:1c:cd:be:68:11:
                    0f:d9:5f:a5:5a:7c:6d:59:a8:6b:e5:f2:64:4d:43:
                    bb:11:42:b0:17:25:c6:f2:22:f6:8a:5d:ab:5b:34:
                    ae:4b:19:80:7c:b9:b6:64:d8:5b:3b:52:d9:8d:e7:
                    c0:22:8b:5b:be:67:eb:6f:1e:eb:7f:4c:37:e1:66:
                    12:c8:62:42:4b:be:2a:60:34:81:51:7b:79:05:e6:
                    85:52:b2:05:9d:8d:d5:ec:46:d1:f7:4f:a9:04:25:
                    2f:5c:0a:d6:3b:5d:76:ba:f2:c8:b6:7b:0c:5d:5a:
                    c7:82:13:9d:b0:2b:62:e2:a4:ed:9e:6e:8f:5b:36:
                    81:3d:e4:fd:7c:6c:1d:6b:db:d8:44:24:8e:73:f6:
                    ca:d2:ab:50:b7:6b:2e:da:54:86:8a:96:6c:0c:04:
                    aa:79:2a:46:cc:dd:42:62:52:55:d0:2a:ab:f1:4c:
                    f3:5c:cc:77:8a:df:12:3c:86:d5:fa:b0:35:ab:90:
                    ad:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:DC:75:20:78:7C:FE:20:8E:1B:C4:0A:FD:CB:CB:42:F0:44:E6:AB
            X509v3 Authority Key Identifier:
                keyid:0E:0F:48:72:AD:1C:1F:4F:CB:21:3B:6B:2E:DB:38:8A:2D:9C:9A:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dg9Icq0cH0_LITtrLts4ii2cmiM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/c9x1IHh8_iCOG8QK_cvLQvBE5qs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/Dg9Icq0cH0_LITtrLts4ii2cmiM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.125.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         10:e3:89:4b:f2:9d:30:7e:01:6a:58:fb:c6:42:b9:d0:68:9e:
         98:4d:44:22:1e:18:5a:4c:8c:3e:d2:3d:b6:a9:a2:da:8e:b5:
         ba:35:dd:b2:f6:c0:48:72:51:77:d2:ff:42:22:22:33:e5:f3:
         86:d7:29:70:8b:25:bc:0b:f5:a0:91:ea:ec:4d:c3:1b:1e:a6:
         7a:ad:c1:de:13:aa:59:98:4f:84:57:6e:58:68:29:e6:34:bc:
         68:81:95:9f:f4:33:66:4b:29:b0:cd:0d:8b:f9:67:e2:37:29:
         02:18:6d:db:4f:47:ec:26:e4:d6:ec:e0:32:91:51:f4:b5:75:
         3e:e8:5d:56:01:25:1e:04:00:d0:e7:5e:2b:29:e4:99:62:72:
         5c:f0:c3:c3:91:da:ad:82:38:e4:ea:22:8f:12:32:b5:30:ab:
         69:bb:ab:06:8f:53:32:92:3c:10:a9:4d:be:af:0f:25:97:16:
         8e:49:67:8e:2a:2b:22:9a:ea:ca:37:04:2c:b8:36:15:9b:23:
         1a:61:3a:b9:33:4e:1f:6e:e8:92:67:d9:d6:d4:6b:e7:60:8e:
         e2:a2:c8:f3:3b:b3:27:d2:5c:ec:57:fd:1b:2c:7c:bf:56:01:
         20:03:0a:3f:92:aa:fb:4f:95:9c:0a:4a:82:4f:74:c1:da:eb:
         b0:78:c5:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtwQORlfCU0WGCU52U0CLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMGY0ODcyYWQxYzFmNGZjYjIxM2I2YjJlZGIzODhhMmQ5
YzlhMjMwHhcNMjQwMTAxMDYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2RjNzUyMDc4N2NmZTIwOGUxYmM0MGFmZGNiY2I0MmYwNDRlNmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3dCHPNucbiDrQkeUNtIOLMMGbqL
nK2uwfYIRiBWHUKM5zcO/qWf9LR3+YOy5JnY/y8uWeROeLmSmOqvgeg4NcaGTu2p
HM2+aBEP2V+lWnxtWahr5fJkTUO7EUKwFyXG8iL2il2rWzSuSxmAfLm2ZNhbO1LZ
jefAIotbvmfrbx7rf0w34WYSyGJCS74qYDSBUXt5BeaFUrIFnY3V7EbR90+pBCUv
XArWO112uvLItnsMXVrHghOdsCti4qTtnm6PWzaBPeT9fGwda9vYRCSOc/bK0qtQ
t2su2lSGipZsDASqeSpGzN1CYlJV0Cqr8UzzXMx3it8SPIbV+rA1q5CtKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHPcdSB4fP4gjhvECv3Ly0LwROarMB8GA1UdIwQY
MBaAFA4PSHKtHB9PyyE7ay7bOIotnJojMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGc5SWNxMGNIMF9MSVR0ckx0czRpaTJjbWlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9kYzVhNjItMDY0Yi00NWIwLWI4OWQt
YzAxZjgwYTFjODA1LzEvYzl4MUlIaDhfaUNPRzhRS19jdkxRdkJFNXFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9kYzVhNjItMDY0Yi00NWIwLWI4OWQtYzAxZjgwYTFjODA1
LzEvRGc5SWNxMGNIMF9MSVR0ckx0czRpaTJjbWlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEvH0QMA0G
CSqGSIb3DQEBCwUAA4IBAQAQ44lL8p0wfgFqWPvGQrnQaJ6YTUQiHhhaTIw+0j22
qaLajrW6Nd2y9sBIclF30v9CIiIz5fOG1ylwiyW8C/WgkersTcMbHqZ6rcHeE6pZ
mE+EV25YaCnmNLxogZWf9DNmSymwzQ2L+WfiNykCGG3bT0fsJuTW7OAykVH0tXU+
6F1WASUeBADQ514rKeSZYnJc8MPDkdqtgjjk6iKPEjK1MKtpu6sGj1MykjwQqU2+
rw8llxaOSWeOKisimurKNwQsuDYVmyMaYTq5M04fbuiSZ9nW1GvnYI7iosjzO7Mn
0lzsV/0bLHy/VgEgAwo/kqr7T5WcCkqCT3TB2uuweMXQ
-----END CERTIFICATE-----