Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/2Er_a4tXsvAjFyi8R9kkNx8HZ3E.roa
File:                     2Er_a4tXsvAjFyi8R9kkNx8HZ3E.roa (raw, json)
Hash identifier:          A27X46pG+vHqWCQSWeuahMVUQtR8l3NQmpN6D4b61UU=
Subject key identifier:   D8:4A:FF:6B:8B:57:B2:F0:23:17:28:BC:47:D9:24:37:1F:07:67:71
Certificate issuer:       /CN=0c5140282591f9912f9639ee1412b6d1dcff0861
Certificate serial:       0191B2F0AC2459B9142E8CCAF43A75C68786
Authority key identifier: 0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/2Er_a4tXsvAjFyi8R9kkNx8HZ3E.roa
Signing time:             Mon 02 Sep 2024 13:33:22 +0000
ROA not before:           Mon 02 Sep 2024 13:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212460
IP address blocks:        188.72.0.0/24 maxlen: 24
                          188.72.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b2:f0:ac:24:59:b9:14:2e:8c:ca:f4:3a:75:c6:87:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c5140282591f9912f9639ee1412b6d1dcff0861
        Validity
            Not Before: Sep  2 13:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d84aff6b8b57b2f0231728bc47d924371f076771
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ca:f1:8e:3a:a7:51:65:7c:a3:b6:80:12:ea:
                    a3:93:1f:2f:2a:25:35:ff:fe:4a:eb:2b:d4:72:56:
                    4e:c0:cf:d5:07:83:a1:e8:03:34:94:d0:7c:fd:98:
                    fc:a0:15:0e:2e:e2:bd:e6:9c:80:72:c8:db:1d:cc:
                    fa:7e:37:22:88:68:6b:82:02:88:ae:17:54:95:b2:
                    c8:9c:77:78:62:a6:7a:74:d4:24:d4:cc:4c:56:1e:
                    8e:fa:81:04:a0:87:3a:a3:b1:3b:b6:13:42:af:5d:
                    52:37:7a:8f:36:87:50:f6:d2:4b:45:e4:62:68:f5:
                    be:69:5f:d8:b8:60:34:31:b1:bc:94:86:65:d5:20:
                    45:57:98:3a:99:f0:45:6e:d4:3e:14:40:8b:9c:74:
                    14:a0:f8:1b:02:75:d9:a9:07:8b:62:e6:cf:2c:69:
                    4e:16:5f:06:80:99:9e:1d:9f:55:e8:14:f2:d7:e0:
                    a6:14:54:ca:29:81:8f:47:ec:35:58:98:09:ad:fb:
                    c4:55:f5:52:6b:53:94:8f:2c:92:c4:08:9f:c7:d3:
                    94:c1:84:74:63:d2:cf:2a:b1:d8:ae:00:f0:a8:f3:
                    b0:7d:81:f8:b5:b1:d6:9f:0c:b5:ba:8f:f6:e6:5f:
                    78:94:c3:0b:69:57:14:13:b1:81:71:d2:49:1d:06:
                    79:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:4A:FF:6B:8B:57:B2:F0:23:17:28:BC:47:D9:24:37:1F:07:67:71
            X509v3 Authority Key Identifier:
                keyid:0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/2Er_a4tXsvAjFyi8R9kkNx8HZ3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.72.0.0/24
                  188.72.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:77:c2:12:35:8a:31:77:2f:ed:21:3b:9d:b7:6c:56:42:18:
         a7:7b:1f:14:b3:9f:ba:75:7d:d2:18:fc:dd:21:ad:9f:bc:25:
         e3:3a:84:9c:2d:5c:20:33:44:6d:94:05:0f:10:4b:b6:86:8d:
         1c:b3:3b:f2:d3:d2:70:66:33:ed:59:8d:4f:d8:05:fb:50:da:
         22:61:0e:6d:5e:56:2f:81:4b:73:7b:ea:7b:23:32:05:28:0b:
         4e:54:48:47:fd:ef:d1:9b:cd:60:9c:e0:09:f8:bc:21:a2:63:
         9a:bd:ff:56:bc:1f:46:52:52:8e:e9:62:eb:a2:72:3a:5c:d8:
         b2:bb:fa:17:19:fc:4d:fe:bd:85:c9:b1:f5:7b:86:3f:6d:5d:
         6d:7d:d7:d5:f8:75:89:c5:d1:88:8f:75:5f:59:fc:e5:a3:16:
         7d:db:96:53:30:61:d7:89:b5:17:92:7b:98:a8:bd:df:07:f7:
         dc:89:8b:14:81:95:98:e6:26:b8:5e:f2:be:8e:a2:19:d5:ae:
         74:30:bf:23:7f:3f:5c:1a:ed:23:50:64:92:66:56:d9:39:ba:
         62:b1:76:77:a8:f3:2e:56:7c:57:0c:a3:51:9e:bb:56:db:64:
         0d:da:5c:91:6f:0e:ad:93:10:9b:3c:67:e4:2c:4d:b0:72:36:
         9b:c2:25:6b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGy8KwkWbkULozK9Dp1xoeGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNTE0MDI4MjU5MWY5OTEyZjk2MzllZTE0MTJiNmQxZGNm
ZjA4NjEwHhcNMjQwOTAyMTMzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODRhZmY2YjhiNTdiMmYwMjMxNzI4YmM0N2Q5MjQzNzFmMDc2NzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMrxjjqnUWV8o7aAEuqjkx8vKiU1
//5K6yvUclZOwM/VB4Oh6AM0lNB8/Zj8oBUOLuK95pyAcsjbHcz6fjciiGhrggKI
rhdUlbLInHd4YqZ6dNQk1MxMVh6O+oEEoIc6o7E7thNCr11SN3qPNodQ9tJLReRi
aPW+aV/YuGA0MbG8lIZl1SBFV5g6mfBFbtQ+FECLnHQUoPgbAnXZqQeLYubPLGlO
Fl8GgJmeHZ9V6BTy1+CmFFTKKYGPR+w1WJgJrfvEVfVSa1OUjyySxAifx9OUwYR0
Y9LPKrHYrgDwqPOwfYH4tbHWnwy1uo/25l94lMMLaVcUE7GBcdJJHQZ5uQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNhK/2uLV7LwIxcovEfZJDcfB2dxMB8GA1UdIwQY
MBaAFAxRQCglkfmRL5Y57hQSttHc/whhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUt
ZGU5MTQ2OWQzNzcyLzEvMkVyX2E0dFhzdkFqRnlpOFI5a2tOeDhIWjNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUtZGU5MTQ2OWQzNzcy
LzEvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvEgAAwQA
vEgzMA0GCSqGSIb3DQEBCwUAA4IBAQBOd8ISNYoxdy/tITudt2xWQhinex8Us5+6
dX3SGPzdIa2fvCXjOoScLVwgM0RtlAUPEEu2ho0cszvy09JwZjPtWY1P2AX7UNoi
YQ5tXlYvgUtze+p7IzIFKAtOVEhH/e/Rm81gnOAJ+LwhomOavf9WvB9GUlKO6WLr
onI6XNiyu/oXGfxN/r2FybH1e4Y/bV1tfdfV+HWJxdGIj3VfWfzloxZ925ZTMGHX
ibUXknuYqL3fB/fciYsUgZWY5ia4XvK+jqIZ1a50ML8jfz9cGu0jUGSSZlbZObpi
sXZ3qPMuVnxXDKNRnrtW22QN2lyRbw6tkxCbPGfkLE2wcjabwiVr
-----END CERTIFICATE-----