Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/CicAHWRR5XOwNMJCvxwZATnlww8.roa
File:                     CicAHWRR5XOwNMJCvxwZATnlww8.roa (raw, json)
Hash identifier:          HD4XTQ66LapfO87iOiV3HPYGdxRYCImk1DdsXwOnng0=
Subject key identifier:   0A:27:00:1D:64:51:E5:73:B0:34:C2:42:BF:1C:19:01:39:E5:C3:0F
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       018CC5DCF81E647F67319D6B24B05FFAC556
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/CicAHWRR5XOwNMJCvxwZATnlww8.roa
Signing time:             Mon 01 Jan 2024 16:30:42 +0000
ROA not before:           Mon 01 Jan 2024 16:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207705
IP address blocks:        2a0f:607:1072::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:f8:1e:64:7f:67:31:9d:6b:24:b0:5f:fa:c5:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 16:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a27001d6451e573b034c242bf1c190139e5c30f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:91:42:24:cb:93:4f:d8:32:8d:b1:9a:97:86:
                    3a:7e:0d:26:30:a1:90:08:7a:f4:53:50:db:28:14:
                    ce:b3:91:e2:64:75:3e:c6:46:5f:30:eb:d5:d4:07:
                    5b:ee:f8:cf:76:a3:31:c1:3a:fe:ed:f3:86:5c:f5:
                    6c:44:59:45:a5:40:4c:6c:44:c9:d7:a6:05:b5:98:
                    7a:48:a8:bc:96:d6:48:56:2a:6e:c8:84:71:8d:d3:
                    bf:ec:5f:35:65:e6:4d:6c:5c:3c:a7:cb:7c:b3:c5:
                    5e:a4:3f:05:aa:d5:89:2f:db:1a:7c:3c:02:c7:45:
                    fd:ca:1e:49:aa:44:43:5c:ec:9a:1f:02:fb:00:ac:
                    66:3e:2f:02:c6:c7:56:a9:cd:26:eb:b3:d4:e6:2b:
                    f7:15:98:59:f4:87:85:b4:12:90:e5:83:5b:0e:e7:
                    4f:11:cf:6e:0d:3e:b3:50:06:e5:50:48:5e:ea:c7:
                    ed:e5:64:a1:a5:26:1d:8f:1f:15:a6:4c:a7:9c:21:
                    b6:a7:b7:d3:d1:c5:6f:d8:fe:d5:50:0a:75:26:72:
                    b8:3b:d2:2a:fd:b2:06:d3:fe:da:b6:6b:f1:81:f8:
                    f5:06:15:06:d6:42:46:e4:b6:d6:bd:00:34:2e:40:
                    08:fb:04:da:7b:88:d4:ed:c2:d3:ff:8e:01:a8:fa:
                    f0:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:27:00:1D:64:51:E5:73:B0:34:C2:42:BF:1C:19:01:39:E5:C3:0F
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/CicAHWRR5XOwNMJCvxwZATnlww8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1072::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:eb:18:cd:db:77:4c:4d:c8:fc:ea:d0:ec:14:80:cf:da:fb:
         a6:1b:7c:13:be:40:82:71:7a:4d:d9:2a:4f:f8:59:67:87:2d:
         7c:e8:ec:dd:36:02:9b:90:01:59:15:f3:08:9c:cf:b4:c1:d5:
         83:30:35:8f:0d:2e:32:11:1b:31:a3:61:87:6d:5a:8f:5f:be:
         2d:ca:e5:27:92:c2:da:41:b1:84:1c:f6:e9:2b:79:65:92:7d:
         db:99:c2:e8:bd:1d:20:8d:11:1e:b4:8a:68:85:5d:27:f7:4b:
         d4:5e:57:ee:7f:e3:0e:47:a6:19:8f:7c:27:61:48:ad:59:ee:
         51:a8:26:8f:ee:13:62:84:99:22:d3:6b:00:18:1e:ec:e1:b6:
         fd:60:09:89:be:c2:71:52:98:46:dd:94:e0:b8:3c:7d:22:12:
         a9:69:ca:bd:31:f2:9d:42:08:35:b1:c6:df:ec:f1:39:5f:b8:
         7a:05:05:e2:f6:6f:9e:2c:63:2c:d8:99:ba:ac:7c:9b:8c:33:
         93:12:b5:f0:c1:73:a1:e1:38:88:8e:5a:73:52:ff:ab:ac:7f:
         1f:30:bd:cc:50:c9:4a:2a:5d:42:34:9f:9a:4d:87:07:30:f3:
         f2:01:23:cc:71:a5:fe:93:d7:ac:c4:cf:2e:c0:20:99:02:71:
         d8:97:71:91
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3PgeZH9nMZ1rJLBf+sVWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjQwMTAxMTYzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTI3MDAxZDY0NTFlNTczYjAzNGMyNDJiZjFjMTkwMTM5ZTVjMzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ZFCJMuTT9gyjbGal4Y6fg0mMKGQ
CHr0U1DbKBTOs5HiZHU+xkZfMOvV1Adb7vjPdqMxwTr+7fOGXPVsRFlFpUBMbETJ
16YFtZh6SKi8ltZIVipuyIRxjdO/7F81ZeZNbFw8p8t8s8VepD8FqtWJL9safDwC
x0X9yh5JqkRDXOyaHwL7AKxmPi8CxsdWqc0m67PU5iv3FZhZ9IeFtBKQ5YNbDudP
Ec9uDT6zUAblUEhe6sft5WShpSYdjx8VpkynnCG2p7fT0cVv2P7VUAp1JnK4O9Iq
/bIG0/7atmvxgfj1BhUG1kJG5LbWvQA0LkAI+wTae4jU7cLT/44BqPrwmQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAonAB1kUeVzsDTCQr8cGQE55cMPMB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvQ2ljQUhXUlI1WE93Tk1KQ3Z4d1pBVG5sd3c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg8GBxBy
MA0GCSqGSIb3DQEBCwUAA4IBAQCd6xjN23dMTcj86tDsFIDP2vumG3wTvkCCcXpN
2SpP+Flnhy186OzdNgKbkAFZFfMInM+0wdWDMDWPDS4yERsxo2GHbVqPX74tyuUn
ksLaQbGEHPbpK3llkn3bmcLovR0gjREetIpohV0n90vUXlfuf+MOR6YZj3wnYUit
We5RqCaP7hNihJki02sAGB7s4bb9YAmJvsJxUphG3ZTguDx9IhKpacq9MfKdQgg1
scbf7PE5X7h6BQXi9m+eLGMs2Jm6rHybjDOTErXwwXOh4TiIjlpzUv+rrH8fML3M
UMlKKl1CNJ+aTYcHMPPyASPMcaX+k9esxM8uwCCZAnHYl3GR
-----END CERTIFICATE-----
Generated at Sun May 19 10:58:28 2024 by rpki-client on console-fra.rpki-client.org