Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/5ctNzSWNKhYvPgM7W-7AEdIzPcI.roa
File:                     5ctNzSWNKhYvPgM7W-7AEdIzPcI.roa (raw, json)
Hash identifier:          ol7GdcA4iRJIkSBh12Xly77s+yztKqUGmLoC9Xa8ZSs=
Subject key identifier:   E5:CB:4D:CD:25:8D:2A:16:2F:3E:03:3B:5B:EE:C0:11:D2:33:3D:C2
Certificate issuer:       /CN=0c5140282591f9912f9639ee1412b6d1dcff0861
Certificate serial:       018CC500DB6C1FB317990A00B8C5F7531D0D
Authority key identifier: 0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/5ctNzSWNKhYvPgM7W-7AEdIzPcI.roa
Signing time:             Mon 01 Jan 2024 12:30:16 +0000
ROA not before:           Mon 01 Jan 2024 12:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212330
IP address blocks:        188.72.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:db:6c:1f:b3:17:99:0a:00:b8:c5:f7:53:1d:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c5140282591f9912f9639ee1412b6d1dcff0861
        Validity
            Not Before: Jan  1 12:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5cb4dcd258d2a162f3e033b5beec011d2333dc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:f4:06:d8:28:73:e5:22:d7:a7:95:2d:17:30:
                    78:6a:bb:06:82:f0:e9:3d:b1:96:9d:09:8e:56:74:
                    e4:50:2a:1a:2f:7b:7f:b0:f2:e8:29:fe:67:d2:55:
                    3b:51:e7:9f:91:4f:9a:1f:65:7d:9f:3a:8f:0a:80:
                    90:8e:a5:1a:e8:ac:ba:74:9f:ae:87:41:82:6e:f0:
                    b2:65:c0:0f:02:22:d2:ed:02:05:98:be:f9:b3:80:
                    9f:cd:5b:69:95:1d:b7:9a:6b:8e:51:09:51:ee:81:
                    e4:0d:7c:43:75:6a:3d:32:16:a5:7d:0c:86:2b:1b:
                    8f:e1:7a:5b:94:9b:8b:df:ea:d2:4d:1f:88:35:35:
                    56:02:64:28:3a:3f:38:05:89:77:3f:c4:9b:cc:b6:
                    71:d2:11:09:59:a4:76:ba:06:5a:c1:15:e1:e3:01:
                    68:d9:46:dc:4d:7e:64:9a:fe:ff:1b:8d:cd:34:39:
                    b2:3f:73:2f:e3:62:90:b3:d7:09:66:8e:81:ff:c6:
                    ff:ec:02:15:5d:99:e7:a8:80:22:9a:96:74:5f:52:
                    fc:ac:ee:da:95:0b:98:b2:0f:40:cd:1d:97:a5:32:
                    85:11:46:30:a9:77:2b:43:62:80:c7:0d:5c:9c:55:
                    59:26:6c:73:b7:2f:2b:71:27:82:7a:0f:87:c7:9c:
                    d5:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:CB:4D:CD:25:8D:2A:16:2F:3E:03:3B:5B:EE:C0:11:D2:33:3D:C2
            X509v3 Authority Key Identifier:
                keyid:0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/5ctNzSWNKhYvPgM7W-7AEdIzPcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.72.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:bb:74:56:d8:9f:1a:72:e2:54:de:84:7f:ba:60:43:36:9d:
         39:f1:0a:b8:7d:44:09:80:26:2c:7c:1b:58:6b:19:e0:0b:98:
         9d:41:47:1f:6c:36:e1:b9:cf:c3:6a:17:65:9c:70:8e:8a:43:
         57:65:6e:5f:d5:f7:06:db:ce:cb:70:40:42:09:b4:69:63:f6:
         3a:09:4f:de:05:ec:c0:92:07:02:17:52:c2:2f:d6:2d:3e:64:
         56:17:c9:1a:37:8b:cf:36:11:9f:26:a5:76:79:6c:0d:69:dc:
         50:84:4b:a3:65:43:7b:87:6e:41:19:89:a7:61:9e:0a:d8:9e:
         20:12:30:7f:85:eb:41:fb:45:fe:07:2c:9a:b9:47:a4:d6:68:
         39:38:14:59:cd:0c:f4:2c:2b:0e:b4:59:a4:7a:80:1a:9e:19:
         66:48:ad:c3:8e:2e:3d:0f:0f:99:45:db:2c:ea:cb:cb:66:cc:
         62:0d:0a:1a:ce:02:74:da:fe:3c:ac:b8:6e:1e:17:72:2e:6b:
         f1:fa:02:d4:ed:55:57:83:2f:11:b5:a9:83:53:59:90:23:50:
         3d:fe:36:1c:39:39:b7:43:5d:ab:f6:7a:60:c4:45:c2:fc:7b:
         cd:4f:97:00:c9:bd:cc:ba:ff:2f:11:6b:b2:d5:3c:e9:5e:9a:
         2d:ad:f9:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFANtsH7MXmQoAuMX3Ux0NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNTE0MDI4MjU5MWY5OTEyZjk2MzllZTE0MTJiNmQxZGNm
ZjA4NjEwHhcNMjQwMTAxMTIzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWNiNGRjZDI1OGQyYTE2MmYzZTAzM2I1YmVlYzAxMWQyMzMzZGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/QG2Chz5SLXp5UtFzB4arsGgvDp
PbGWnQmOVnTkUCoaL3t/sPLoKf5n0lU7UeefkU+aH2V9nzqPCoCQjqUa6Ky6dJ+u
h0GCbvCyZcAPAiLS7QIFmL75s4CfzVtplR23mmuOUQlR7oHkDXxDdWo9MhalfQyG
KxuP4XpblJuL3+rSTR+INTVWAmQoOj84BYl3P8SbzLZx0hEJWaR2ugZawRXh4wFo
2UbcTX5kmv7/G43NNDmyP3Mv42KQs9cJZo6B/8b/7AIVXZnnqIAimpZ0X1L8rO7a
lQuYsg9AzR2XpTKFEUYwqXcrQ2KAxw1cnFVZJmxzty8rcSeCeg+Hx5zVPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOXLTc0ljSoWLz4DO1vuwBHSMz3CMB8GA1UdIwQY
MBaAFAxRQCglkfmRL5Y57hQSttHc/whhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUt
ZGU5MTQ2OWQzNzcyLzEvNWN0TnpTV05LaFl2UGdNN1ctN0FFZEl6UGNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUtZGU5MTQ2OWQzNzcy
LzEvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEgBMA0G
CSqGSIb3DQEBCwUAA4IBAQDRu3RW2J8acuJU3oR/umBDNp058Qq4fUQJgCYsfBtY
axngC5idQUcfbDbhuc/DahdlnHCOikNXZW5f1fcG287LcEBCCbRpY/Y6CU/eBezA
kgcCF1LCL9YtPmRWF8kaN4vPNhGfJqV2eWwNadxQhEujZUN7h25BGYmnYZ4K2J4g
EjB/hetB+0X+ByyauUek1mg5OBRZzQz0LCsOtFmkeoAanhlmSK3Dji49Dw+ZRdss
6svLZsxiDQoazgJ02v48rLhuHhdyLmvx+gLU7VVXgy8RtamDU1mQI1A9/jYcOTm3
Q12r9npgxEXC/HvNT5cAyb3Muv8vEWuy1TzpXpotrfnV
-----END CERTIFICATE-----