Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/Ow9Ezaq-Irz4UqtH4F7iN6aHIlk.roa
File:                     Ow9Ezaq-Irz4UqtH4F7iN6aHIlk.roa (raw, json)
Hash identifier:          4SxUXciK9hx/avcoecTMLtngfh2ayyVx2I1X1qM6bmc=
Subject key identifier:   3B:0F:44:CD:AA:BE:22:BC:F8:52:AB:47:E0:5E:E2:37:A6:87:22:59
Certificate issuer:       /CN=0c5140282591f9912f9639ee1412b6d1dcff0861
Certificate serial:       019285C856FE1A3A84E4F7AC707EF8FBB91A
Authority key identifier: 0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/Ow9Ezaq-Irz4UqtH4F7iN6aHIlk.roa
Signing time:             Sun 13 Oct 2024 12:09:12 +0000
ROA not before:           Sun 13 Oct 2024 12:09:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205473
IP address blocks:        188.72.0.0/24 maxlen: 24
                          188.72.1.0/24 maxlen: 24
                          188.72.20.0/24 maxlen: 24
                          188.72.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:85:c8:56:fe:1a:3a:84:e4:f7:ac:70:7e:f8:fb:b9:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c5140282591f9912f9639ee1412b6d1dcff0861
        Validity
            Not Before: Oct 13 12:09:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b0f44cdaabe22bcf852ab47e05ee237a6872259
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:da:18:9e:d4:f1:5d:b9:07:e5:5b:c9:89:d8:
                    2d:f9:f7:43:ff:f6:1f:b7:57:53:f6:20:25:cb:65:
                    91:94:70:89:a7:e8:05:67:30:1f:5f:ac:d6:0e:ee:
                    b6:3f:44:79:f7:29:ab:ed:69:55:2a:36:b3:e5:b0:
                    ea:5a:46:e9:b5:5e:ad:df:86:da:25:3a:c2:4f:d9:
                    13:23:5f:9c:81:ca:13:f2:b1:65:66:42:d3:7d:05:
                    97:27:b7:f8:9e:fa:d4:a5:55:d4:e8:89:0b:b9:27:
                    ec:ec:1e:2c:4e:8f:69:aa:9b:60:60:5a:09:1d:21:
                    e8:af:98:17:b2:86:14:55:b0:e1:d3:ce:ee:45:59:
                    2f:13:17:5c:e6:66:c1:8e:cb:94:e4:4a:b4:13:fe:
                    92:8f:5c:93:4b:85:a2:24:91:d6:29:af:33:c5:6c:
                    ad:d7:4a:94:89:61:bf:ab:9c:0d:cc:5f:0a:db:da:
                    8e:31:28:9d:2d:42:82:4d:c0:ed:27:43:54:b1:29:
                    b0:0d:32:50:e4:47:a4:18:66:25:cf:ef:e3:4f:b9:
                    a1:7a:4f:71:71:af:fa:83:2c:98:bf:a3:e1:65:c3:
                    29:1a:28:25:40:72:3d:2c:c3:89:53:d0:a9:bd:52:
                    21:63:11:51:fc:95:69:4f:e2:3d:ee:4f:14:cc:a4:
                    1d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:0F:44:CD:AA:BE:22:BC:F8:52:AB:47:E0:5E:E2:37:A6:87:22:59
            X509v3 Authority Key Identifier:
                keyid:0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/Ow9Ezaq-Irz4UqtH4F7iN6aHIlk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.72.0.0/23
                  188.72.20.0/24
                  188.72.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:02:56:7c:8e:65:2d:04:d1:9d:13:dd:e6:c9:10:0c:77:2e:
         b3:e5:0c:2b:67:1e:a7:63:10:42:a2:22:77:1d:fc:ea:2d:70:
         20:2d:71:09:12:1b:95:4a:3d:08:7c:3f:ec:cc:02:30:00:3b:
         e9:5e:3c:34:1d:0c:93:49:8d:29:71:34:17:4e:c1:5e:33:5a:
         38:62:41:f6:ea:b9:2c:af:03:20:90:09:c5:2a:67:f7:01:9d:
         64:3e:3b:de:3b:27:4a:f4:0d:d6:78:57:aa:d2:e3:8d:c9:8c:
         84:f7:2e:03:6c:f9:b3:19:d1:c0:a4:16:75:1f:5a:04:5b:c2:
         c5:09:19:aa:c4:27:07:05:0b:0c:66:a9:4e:4c:d5:5f:c8:cc:
         b9:51:ee:9b:14:dd:33:41:22:02:6d:e0:5f:72:23:b0:93:09:
         ea:8d:45:77:50:bc:1b:06:57:1e:00:5a:24:7a:92:d5:04:b4:
         58:4d:8f:96:ff:93:34:4c:49:20:02:c3:54:58:fb:00:97:c1:
         53:d7:2c:7d:06:c3:c6:19:6c:ce:d9:b4:6b:68:f6:fa:79:94:
         fe:c2:25:ab:25:88:7b:f9:5b:10:52:3d:94:0c:0f:4d:c3:53:
         73:54:6b:94:3d:6d:1c:58:dd:b7:37:06:0b:83:4b:e9:47:97:
         7b:c3:9b:c6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZKFyFb+GjqE5PescH74+7kaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNTE0MDI4MjU5MWY5OTEyZjk2MzllZTE0MTJiNmQxZGNm
ZjA4NjEwHhcNMjQxMDEzMTIwOTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjBmNDRjZGFhYmUyMmJjZjg1MmFiNDdlMDVlZTIzN2E2ODcyMjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNoYntTxXbkH5VvJidgt+fdD//Yf
t1dT9iAly2WRlHCJp+gFZzAfX6zWDu62P0R59ymr7WlVKjaz5bDqWkbptV6t34ba
JTrCT9kTI1+cgcoT8rFlZkLTfQWXJ7f4nvrUpVXU6IkLuSfs7B4sTo9pqptgYFoJ
HSHor5gXsoYUVbDh087uRVkvExdc5mbBjsuU5Eq0E/6Sj1yTS4WiJJHWKa8zxWyt
10qUiWG/q5wNzF8K29qOMSidLUKCTcDtJ0NUsSmwDTJQ5EekGGYlz+/jT7mhek9x
ca/6gyyYv6PhZcMpGiglQHI9LMOJU9CpvVIhYxFR/JVpT+I97k8UzKQdxwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDsPRM2qviK8+FKrR+Be4jemhyJZMB8GA1UdIwQY
MBaAFAxRQCglkfmRL5Y57hQSttHc/whhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUt
ZGU5MTQ2OWQzNzcyLzEvT3c5RXphcS1Jcno0VXF0SDRGN2lONmFISWxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUtZGU5MTQ2OWQzNzcy
LzEvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBvEgAAwQA
vEgUAwQAvEgzMA0GCSqGSIb3DQEBCwUAA4IBAQBYAlZ8jmUtBNGdE93myRAMdy6z
5QwrZx6nYxBCoiJ3HfzqLXAgLXEJEhuVSj0IfD/szAIwADvpXjw0HQyTSY0pcTQX
TsFeM1o4YkH26rksrwMgkAnFKmf3AZ1kPjveOydK9A3WeFeq0uONyYyE9y4DbPmz
GdHApBZ1H1oEW8LFCRmqxCcHBQsMZqlOTNVfyMy5Ue6bFN0zQSICbeBfciOwkwnq
jUV3ULwbBlceAFokepLVBLRYTY+W/5M0TEkgAsNUWPsAl8FT1yx9BsPGGWzO2bRr
aPb6eZT+wiWrJYh7+VsQUj2UDA9Nw1NzVGuUPW0cWN23NwYLg0vpR5d7w5vG
-----END CERTIFICATE-----