Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/cpjz9CE0IcU_ESml2MZ9qoKTiXs.roa
File:                     cpjz9CE0IcU_ESml2MZ9qoKTiXs.roa (raw, json)
Hash identifier:          /mJejfZSz+9obSxwX2F6lQDPvdXRl4EznUloIcHkjek=
Subject key identifier:   72:98:F3:F4:21:34:21:C5:3F:11:29:A5:D8:C6:7D:AA:82:93:89:7B
Certificate issuer:       /CN=0c05ca111c0093b56514215be467b515dda56c06
Certificate serial:       018CC56EFB79A74F8975A13FC37EA7129130
Authority key identifier: 0C:05:CA:11:1C:00:93:B5:65:14:21:5B:E4:67:B5:15:DD:A5:6C:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/cpjz9CE0IcU_ESml2MZ9qoKTiXs.roa
Signing time:             Mon 01 Jan 2024 14:30:34 +0000
ROA not before:           Mon 01 Jan 2024 14:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209824
IP address blocks:        217.113.54.0/23 maxlen: 23
                          2a13:e700::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:fb:79:a7:4f:89:75:a1:3f:c3:7e:a7:12:91:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c05ca111c0093b56514215be467b515dda56c06
        Validity
            Not Before: Jan  1 14:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7298f3f4213421c53f1129a5d8c67daa8293897b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c4:88:b4:4c:fc:1a:f0:1e:16:c9:e0:76:22:
                    f1:6d:aa:6b:ae:1e:72:13:a2:19:eb:33:41:ab:70:
                    da:63:26:cc:19:e5:1d:cc:6f:ce:0c:ec:23:38:2b:
                    9e:d8:6e:66:20:82:be:a5:c3:d8:2d:60:87:6d:1c:
                    90:b8:eb:f9:b0:c7:ce:cd:ca:45:87:d8:7d:05:e5:
                    c5:d7:03:28:1f:d0:39:f5:ab:95:1a:97:91:91:fc:
                    a1:ce:0d:07:45:2b:2b:0b:fe:bb:08:d2:3a:d5:65:
                    85:a0:45:1d:d1:e9:d5:55:fa:17:9d:0c:ac:a9:a2:
                    d9:b4:a1:23:47:01:29:ee:f6:84:2f:b3:59:85:9e:
                    d7:6b:6a:f8:15:66:9b:83:6c:89:23:28:bd:5d:f8:
                    92:17:1c:32:3c:35:30:43:5b:03:0c:2e:0b:ad:a3:
                    f4:00:4a:89:58:2e:03:5b:58:b3:24:b0:95:89:92:
                    d1:d7:c8:58:55:6b:df:92:26:0d:f8:e2:ea:01:9d:
                    62:30:3c:92:08:b8:68:a6:c3:e8:08:22:d3:b1:02:
                    a3:e6:93:fc:1d:24:aa:aa:da:6a:d0:94:b1:14:a9:
                    f1:31:9e:33:3f:eb:06:fc:71:fe:81:4b:2f:56:83:
                    2f:77:53:94:79:f6:46:9e:b6:8b:a6:aa:a3:cf:9b:
                    2e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:98:F3:F4:21:34:21:C5:3F:11:29:A5:D8:C6:7D:AA:82:93:89:7B
            X509v3 Authority Key Identifier:
                keyid:0C:05:CA:11:1C:00:93:B5:65:14:21:5B:E4:67:B5:15:DD:A5:6C:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/cpjz9CE0IcU_ESml2MZ9qoKTiXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.113.54.0/23
                IPv6:
                  2a13:e700::/29

    Signature Algorithm: sha256WithRSAEncryption
         ad:dd:1f:16:ff:7b:ba:82:8a:4b:b5:fc:05:7d:86:62:4d:10:
         43:f8:b1:a9:e4:6b:ce:28:82:27:36:a2:c7:03:89:7a:ef:85:
         23:22:0a:b9:be:03:b7:8c:4d:27:3a:0e:6d:40:a5:a5:1b:24:
         7b:9c:a1:2a:1f:c1:d7:1f:fd:5d:36:a3:63:e3:af:fa:cb:5a:
         76:89:9e:2d:5f:0c:4d:a4:37:5f:57:39:ef:79:f6:e2:ec:d4:
         9b:f6:3b:ab:05:15:ed:00:c3:9c:b0:b9:0d:54:56:13:39:d7:
         c1:d8:02:1b:21:f2:dd:fe:b4:36:65:55:ba:c7:89:7d:c0:46:
         54:28:35:d8:8c:2c:2f:5d:9d:ea:e1:16:a2:02:e6:ee:ac:e2:
         dd:14:bd:d6:64:c5:4e:ed:15:46:6c:91:73:ee:8d:b3:3e:35:
         68:0a:d0:8b:6c:71:81:de:3f:0f:ba:45:50:e7:6c:d8:a2:4e:
         1c:17:17:59:04:b4:c4:1a:1b:69:37:e3:23:b6:f5:88:a9:b0:
         72:a7:8f:c8:83:b3:11:65:18:c0:66:ba:42:e4:6b:20:9b:6e:
         db:f8:43:19:be:18:0a:94:9f:db:3b:4d:a1:a0:b5:38:64:98:
         f5:0b:57:3a:81:87:84:80:16:3d:01:56:4e:1c:70:7c:a0:95:
         30:00:46:ed
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbvt5p0+JdaE/w36nEpEwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMDVjYTExMWMwMDkzYjU2NTE0MjE1YmU0NjdiNTE1ZGRh
NTZjMDYwHhcNMjQwMTAxMTQzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mjk4ZjNmNDIxMzQyMWM1M2YxMTI5YTVkOGM2N2RhYTgyOTM4OTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusSItEz8GvAeFsngdiLxbaprrh5y
E6IZ6zNBq3DaYybMGeUdzG/ODOwjOCue2G5mIIK+pcPYLWCHbRyQuOv5sMfOzcpF
h9h9BeXF1wMoH9A59auVGpeRkfyhzg0HRSsrC/67CNI61WWFoEUd0enVVfoXnQys
qaLZtKEjRwEp7vaEL7NZhZ7Xa2r4FWabg2yJIyi9XfiSFxwyPDUwQ1sDDC4LraP0
AEqJWC4DW1izJLCViZLR18hYVWvfkiYN+OLqAZ1iMDySCLhopsPoCCLTsQKj5pP8
HSSqqtpq0JSxFKnxMZ4zP+sG/HH+gUsvVoMvd1OUefZGnraLpqqjz5sukQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHKY8/QhNCHFPxEppdjGfaqCk4l7MB8GA1UdIwQY
MBaAFAwFyhEcAJO1ZRQhW+RntRXdpWwGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREFYS0VSd0FrN1ZsRkNGYjVHZTFGZDJsYkFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8wZmJmNDgtNWRiNy00OWZlLWJmNDQt
NmEzNjcwNWJiYTZmLzEvY3BqejlDRTBJY1VfRVNtbDJNWjlxb0tUaVhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8wZmJmNDgtNWRiNy00OWZlLWJmNDQtNmEzNjcwNWJiYTZm
LzEvREFYS0VSd0FrN1ZsRkNGYjVHZTFGZDJsYkFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQB2XE2MA0E
AgACMAcDBQMqE+cAMA0GCSqGSIb3DQEBCwUAA4IBAQCt3R8W/3u6gopLtfwFfYZi
TRBD+LGp5GvOKIInNqLHA4l674UjIgq5vgO3jE0nOg5tQKWlGyR7nKEqH8HXH/1d
NqNj46/6y1p2iZ4tXwxNpDdfVznvefbi7NSb9jurBRXtAMOcsLkNVFYTOdfB2AIb
IfLd/rQ2ZVW6x4l9wEZUKDXYjCwvXZ3q4RaiAuburOLdFL3WZMVO7RVGbJFz7o2z
PjVoCtCLbHGB3j8PukVQ52zYok4cFxdZBLTEGhtpN+MjtvWIqbByp4/Ig7MRZRjA
ZrpC5Gsgm27b+EMZvhgKlJ/bO02hoLU4ZJj1C1c6gYeEgBY9AVZOHHB8oJUwAEbt
-----END CERTIFICATE-----