Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/1c7c09-e02c-4cbf-9e67-9685555190c4/1/pCOA0Rv_XVKsVV0sqQm08VkenfA.roa
File:                     pCOA0Rv_XVKsVV0sqQm08VkenfA.roa (raw, json)
Hash identifier:          uw5q/lzqjphfRUWBEUa65wJcW6ndpO5WnC4IwS9nvR0=
Subject key identifier:   A4:23:80:D1:1B:FF:5D:52:AC:55:5D:2C:A9:09:B4:F1:59:1E:9D:F0
Certificate issuer:       /CN=d81d42aae019e4ea44a616378eb66b389de8c511
Certificate serial:       018CC5000466D241CD44A8D4A3886B4C8006
Authority key identifier: D8:1D:42:AA:E0:19:E4:EA:44:A6:16:37:8E:B6:6B:38:9D:E8:C5:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2B1CquAZ5OpEphY3jrZrOJ3oxRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/1c7c09-e02c-4cbf-9e67-9685555190c4/1/pCOA0Rv_XVKsVV0sqQm08VkenfA.roa
Signing time:             Mon 01 Jan 2024 12:29:21 +0000
ROA not before:           Mon 01 Jan 2024 12:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50902
IP address blocks:        2a0f:fc80::/32 maxlen: 32
                          2a0f:fc81::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/1c7c09-e02c-4cbf-9e67-9685555190c4/1/2B1CquAZ5OpEphY3jrZrOJ3oxRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/1c7c09-e02c-4cbf-9e67-9685555190c4/1/2B1CquAZ5OpEphY3jrZrOJ3oxRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2B1CquAZ5OpEphY3jrZrOJ3oxRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:04:66:d2:41:cd:44:a8:d4:a3:88:6b:4c:80:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d81d42aae019e4ea44a616378eb66b389de8c511
        Validity
            Not Before: Jan  1 12:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a42380d11bff5d52ac555d2ca909b4f1591e9df0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:98:7f:7a:bf:81:51:5e:db:ba:a9:9e:ec:45:
                    cb:6e:cd:7c:e8:87:d4:13:86:a3:39:32:23:92:04:
                    44:c0:2f:83:fa:cf:73:d9:63:e9:a5:ef:31:d4:91:
                    b2:47:1b:80:a3:21:50:37:a1:84:c5:f4:fa:b7:5d:
                    bc:a9:30:a9:fd:3d:b7:70:d8:d2:84:60:d5:3f:4d:
                    80:a2:cd:e0:b5:00:1f:19:7d:da:83:38:62:d8:4c:
                    ef:cf:ff:77:93:8e:e1:5c:fc:dd:ef:09:ff:2e:1b:
                    09:2a:0b:a6:2c:ff:2c:7b:b0:0a:9d:eb:43:3e:b9:
                    04:9e:f0:8b:31:8c:6e:c2:5e:1b:89:b3:98:c1:62:
                    6a:fc:f7:e8:dd:ac:09:e1:8c:74:29:3a:5e:b1:a5:
                    3c:e8:43:b1:34:3f:43:58:37:f2:dc:2b:1d:65:b5:
                    74:2d:8d:a2:bf:a0:03:d1:4d:38:e2:12:aa:cf:37:
                    d7:1c:3f:9a:6c:d6:f7:28:94:d8:79:3f:c0:e4:4a:
                    26:42:93:b2:c4:6f:42:96:c3:e6:52:12:7a:28:b4:
                    d5:83:06:61:ab:36:01:f3:83:3f:f4:da:50:d5:1a:
                    39:49:d0:58:dd:f5:74:64:96:63:76:6e:55:76:5e:
                    20:41:53:e2:8c:64:26:0f:35:24:1e:fb:76:37:3c:
                    29:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:23:80:D1:1B:FF:5D:52:AC:55:5D:2C:A9:09:B4:F1:59:1E:9D:F0
            X509v3 Authority Key Identifier:
                keyid:D8:1D:42:AA:E0:19:E4:EA:44:A6:16:37:8E:B6:6B:38:9D:E8:C5:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2B1CquAZ5OpEphY3jrZrOJ3oxRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/1c7c09-e02c-4cbf-9e67-9685555190c4/1/pCOA0Rv_XVKsVV0sqQm08VkenfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/1c7c09-e02c-4cbf-9e67-9685555190c4/1/2B1CquAZ5OpEphY3jrZrOJ3oxRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:fc80::/31

    Signature Algorithm: sha256WithRSAEncryption
         c1:b9:73:38:83:a3:25:8d:a3:68:97:7d:d7:1a:01:ae:c3:ee:
         dc:f1:a4:6c:b1:ff:62:37:a6:34:e7:1e:5e:ff:3d:16:d8:09:
         c5:8a:41:eb:b4:80:42:8e:5b:1d:51:3b:18:e5:2a:6d:42:41:
         fd:8e:11:88:95:ee:60:30:70:04:39:4d:53:44:24:ee:0a:47:
         55:91:cc:76:4b:bc:f0:ac:5b:94:20:31:3a:cc:d6:ba:f8:fb:
         55:fe:4e:69:f4:38:36:d3:b1:e3:e6:0d:5a:e4:ec:13:04:5e:
         8d:41:37:78:b0:80:2d:fb:e6:13:42:34:3b:04:41:2a:9c:88:
         b8:db:35:95:c1:2f:cb:08:77:e2:19:8f:64:82:13:fc:a0:50:
         37:fd:72:8a:92:b8:3c:28:b0:73:bb:7d:d8:88:6f:da:8a:8d:
         67:85:32:3c:89:ff:26:f5:2b:e8:fd:d6:29:a9:7a:b4:48:78:
         3f:26:c2:d7:43:bf:be:1e:9e:d0:c3:8f:6a:c9:b1:17:75:8c:
         25:7b:0b:42:6d:1f:52:18:88:5d:a1:73:d9:b6:72:86:95:8d:
         83:1d:97:90:dd:14:ef:ae:7a:3e:9c:b9:f9:4d:88:36:18:58:
         09:2d:ca:44:0d:23:d2:77:8a:dd:4d:01:25:08:4c:3a:e1:51:
         4c:cd:2d:4f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFAARm0kHNRKjUo4hrTIAGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MWQ0MmFhZTAxOWU0ZWE0NGE2MTYzNzhlYjY2YjM4OWRl
OGM1MTEwHhcNMjQwMTAxMTIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDIzODBkMTFiZmY1ZDUyYWM1NTVkMmNhOTA5YjRmMTU5MWU5ZGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJh/er+BUV7buqme7EXLbs186IfU
E4ajOTIjkgREwC+D+s9z2WPppe8x1JGyRxuAoyFQN6GExfT6t128qTCp/T23cNjS
hGDVP02Aos3gtQAfGX3agzhi2Ezvz/93k47hXPzd7wn/LhsJKgumLP8se7AKnetD
PrkEnvCLMYxuwl4bibOYwWJq/Pfo3awJ4Yx0KTpesaU86EOxND9DWDfy3CsdZbV0
LY2iv6AD0U044hKqzzfXHD+abNb3KJTYeT/A5EomQpOyxG9ClsPmUhJ6KLTVgwZh
qzYB84M/9NpQ1Ro5SdBY3fV0ZJZjdm5Vdl4gQVPijGQmDzUkHvt2NzwpBQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKQjgNEb/11SrFVdLKkJtPFZHp3wMB8GA1UdIwQY
MBaAFNgdQqrgGeTqRKYWN462azid6MURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkIxQ3F1QVo1T3BFcGhZM2pyWnJPSjNveFJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8xYzdjMDktZTAyYy00Y2JmLTllNjct
OTY4NTU1NTE5MGM0LzEvcENPQTBSdl9YVktzVlYwc3FRbTA4VmtlbmZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8xYzdjMDktZTAyYy00Y2JmLTllNjctOTY4NTU1NTE5MGM0
LzEvMkIxQ3F1QVo1T3BFcGhZM2pyWnJPSjNveFJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKg/8gDAN
BgkqhkiG9w0BAQsFAAOCAQEAwblzOIOjJY2jaJd91xoBrsPu3PGkbLH/YjemNOce
Xv89FtgJxYpB67SAQo5bHVE7GOUqbUJB/Y4RiJXuYDBwBDlNU0Qk7gpHVZHMdku8
8KxblCAxOszWuvj7Vf5OafQ4NtOx4+YNWuTsEwRejUE3eLCALfvmE0I0OwRBKpyI
uNs1lcEvywh34hmPZIIT/KBQN/1yipK4PCiwc7t92Ihv2oqNZ4UyPIn/JvUr6P3W
Kal6tEh4PybC10O/vh6e0MOPasmxF3WMJXsLQm0fUhiIXaFz2bZyhpWNgx2XkN0U
7656Ppy5+U2INhhYCS3KRA0j0neK3U0BJQhMOuFRTM0tTw==
-----END CERTIFICATE-----