Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/CoCJql22w5g3yJWxhGWNeyWaBxY.roa
File:                     CoCJql22w5g3yJWxhGWNeyWaBxY.roa (raw, json)
Hash identifier:          Z3uOoICCv/HoEQOXxLYeh+NJC2mTj0mwuyd83rj56Io=
Subject key identifier:   0A:80:89:AA:5D:B6:C3:98:37:C8:95:B1:84:65:8D:7B:25:9A:07:16
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       01916AE7339FE8C317C958DD6F81059E65AB
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/CoCJql22w5g3yJWxhGWNeyWaBxY.roa
Signing time:             Mon 19 Aug 2024 13:50:22 +0000
ROA not before:           Mon 19 Aug 2024 13:50:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196863
IP address blocks:        2a02:2808:2301::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6a:e7:33:9f:e8:c3:17:c9:58:dd:6f:81:05:9e:65:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Aug 19 13:50:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a8089aa5db6c39837c895b184658d7b259a0716
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:cd:25:cc:16:39:ff:5d:12:21:4a:de:a3:0d:
                    5d:68:b3:9b:d0:cb:de:be:aa:7e:52:2c:20:66:c9:
                    72:72:a0:9f:3f:ce:54:2f:27:3d:85:c0:73:1d:23:
                    42:6b:85:ef:ed:ed:70:4e:06:d3:68:a2:10:e0:49:
                    2e:8f:0f:18:ff:70:fa:da:e7:1c:d0:32:bb:69:98:
                    b7:08:d4:e1:8a:35:6e:54:20:6d:b4:ea:df:26:27:
                    66:7c:64:97:fe:e8:d2:30:dd:15:eb:db:0c:84:55:
                    df:f6:6a:6a:a2:f5:a4:75:8e:b1:5b:e6:da:13:b7:
                    fb:be:5a:d2:72:7f:c1:7f:fe:f4:35:c7:02:01:4e:
                    a4:6f:7b:27:c9:2c:f8:eb:1a:36:e1:47:34:0e:8a:
                    83:b9:61:0f:e6:08:42:7e:6c:c2:ff:d3:22:9a:d2:
                    40:d0:57:62:9a:74:3e:44:50:5e:b0:05:e9:45:37:
                    17:b7:21:26:ae:0c:05:e2:80:30:ba:b3:09:4d:a7:
                    c2:88:62:28:bd:8e:3d:ea:0f:19:ea:f8:90:77:f1:
                    84:0d:c6:31:6f:e7:ea:4e:42:25:c5:08:b2:c1:02:
                    7a:d4:7c:fe:e3:a2:d3:80:63:af:6c:34:6c:35:c3:
                    df:68:7c:4e:96:f1:01:54:1d:74:ff:a4:93:62:a5:
                    fe:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:80:89:AA:5D:B6:C3:98:37:C8:95:B1:84:65:8D:7B:25:9A:07:16
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/CoCJql22w5g3yJWxhGWNeyWaBxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2808:2301::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:a3:24:26:7e:d6:34:0c:34:4d:40:92:dc:dd:ee:8b:1d:56:
         85:2a:24:dc:55:9c:21:19:af:91:65:fa:be:58:bc:1b:55:e4:
         2d:c9:86:95:40:b0:47:42:5a:55:b1:72:f6:a5:d6:b8:16:dc:
         57:db:d2:d0:7f:57:e5:5a:f9:d1:d3:69:e9:d4:a8:50:ee:de:
         45:70:78:2d:37:2d:54:75:db:51:cc:53:2b:b7:70:d8:33:a3:
         88:75:73:90:97:b5:a2:35:69:0e:19:14:81:b9:d8:a6:99:b6:
         40:66:76:5b:a1:f6:76:f7:f1:13:da:00:dd:da:3a:a9:35:14:
         81:30:a7:f0:f2:82:22:40:e8:aa:54:38:73:af:f9:7a:22:2a:
         f3:de:f7:ad:ec:b9:29:09:c8:19:f8:fc:bc:34:80:c8:23:46:
         11:a4:f9:ff:0f:d7:3d:79:ec:f8:04:8b:79:90:e2:bf:c3:9b:
         6f:29:62:0b:bf:66:37:0f:33:28:25:31:ea:5a:22:95:9c:1d:
         12:a0:90:a8:9d:91:01:8c:60:fe:0c:73:90:66:cc:36:d7:ce:
         7f:44:ee:a9:50:79:fe:fe:67:9a:ef:fc:75:28:d4:ee:e1:d7:
         d9:4a:d4:54:d6:f2:e5:1b:7d:e4:c2:82:a8:80:d6:78:91:25:
         c2:55:e1:46
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZFq5zOf6MMXyVjdb4EFnmWrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjQwODE5MTM1MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTgwODlhYTVkYjZjMzk4MzdjODk1YjE4NDY1OGQ3YjI1OWEwNzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuc0lzBY5/10SIUreow1daLOb0Mve
vqp+UiwgZslycqCfP85ULyc9hcBzHSNCa4Xv7e1wTgbTaKIQ4Ekujw8Y/3D62ucc
0DK7aZi3CNThijVuVCBttOrfJidmfGSX/ujSMN0V69sMhFXf9mpqovWkdY6xW+ba
E7f7vlrScn/Bf/70NccCAU6kb3snySz46xo24Uc0DoqDuWEP5ghCfmzC/9MimtJA
0FdimnQ+RFBesAXpRTcXtyEmrgwF4oAwurMJTafCiGIovY496g8Z6viQd/GEDcYx
b+fqTkIlxQiywQJ61Hz+46LTgGOvbDRsNcPfaHxOlvEBVB10/6STYqX+RQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAqAiapdtsOYN8iVsYRljXslmgcWMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvQ29DSnFsMjJ3NWczeUpXeGhHV05leVdhQnhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIoCCMB
MA0GCSqGSIb3DQEBCwUAA4IBAQCToyQmftY0DDRNQJLc3e6LHVaFKiTcVZwhGa+R
Zfq+WLwbVeQtyYaVQLBHQlpVsXL2pda4FtxX29LQf1flWvnR02np1KhQ7t5FcHgt
Ny1UddtRzFMrt3DYM6OIdXOQl7WiNWkOGRSBudimmbZAZnZbofZ29/ET2gDd2jqp
NRSBMKfw8oIiQOiqVDhzr/l6Iirz3vet7LkpCcgZ+Py8NIDII0YRpPn/D9c9eez4
BIt5kOK/w5tvKWILv2Y3DzMoJTHqWiKVnB0SoJConZEBjGD+DHOQZsw2185/RO6p
UHn+/mea7/x1KNTu4dfZStRU1vLlG33kwoKogNZ4kSXCVeFG
-----END CERTIFICATE-----