Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/cosKVmOGqINDSqahoGbSBiCI_MY.roa
File:                     cosKVmOGqINDSqahoGbSBiCI_MY.roa (raw, json)
Hash identifier:          YgkpMd46QR4ZWjKgGhX1McCbaC4YvLqoBEMtzcEqWso=
Subject key identifier:   72:8B:0A:56:63:86:A8:83:43:4A:A6:A1:A0:66:D2:06:20:88:FC:C6
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA2973759B931A70F45098FCDE623147
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/cosKVmOGqINDSqahoGbSBiCI_MY.roa
Signing time:             Tue 02 Jan 2024 12:32:43 +0000
ROA not before:           Tue 02 Jan 2024 12:32:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212746
IP address blocks:        2a0e:8f02:2040::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:73:75:9b:93:1a:70:f4:50:98:fc:de:62:31:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=728b0a566386a883434aa6a1a066d2062088fcc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e6:5f:55:0c:21:6c:26:39:2c:54:d7:e4:7d:
                    39:0f:40:24:30:64:dd:be:20:56:16:cf:1f:1c:20:
                    02:65:31:9c:27:9d:5f:71:9d:97:05:08:4f:d1:4a:
                    b5:d6:17:48:24:ee:b7:b6:65:73:1d:82:ce:52:82:
                    5c:c3:a4:24:98:17:03:14:54:b1:50:85:06:5d:4f:
                    e6:8f:46:5b:b5:35:d0:b1:38:92:3f:1b:a2:b5:91:
                    b7:52:25:a2:e0:6c:fd:bf:c1:54:4d:e9:ae:57:d0:
                    99:55:0e:82:78:e1:4e:13:b9:51:8a:8d:5d:14:80:
                    cf:88:bb:69:09:5e:8f:41:94:ff:98:0f:1d:bf:1e:
                    45:ff:55:e6:55:05:8f:1a:24:be:3f:6c:fc:68:7c:
                    ed:48:75:17:4a:69:10:74:ba:fd:ec:14:30:eb:45:
                    10:5b:71:e9:6d:86:d0:ad:8a:11:b8:98:db:93:eb:
                    32:ff:e7:e4:97:ca:92:ca:ee:fa:40:ae:ea:59:c0:
                    3e:d0:e3:3a:a6:aa:55:ff:3b:02:53:5e:29:fc:a9:
                    5b:05:34:92:4d:3a:a8:61:34:9f:3f:59:be:b4:66:
                    18:13:9b:9b:5f:a2:94:2a:ba:bc:ae:45:ab:28:23:
                    e9:e2:ba:2b:17:21:3a:33:20:1d:9c:44:b3:e5:a3:
                    e5:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:8B:0A:56:63:86:A8:83:43:4A:A6:A1:A0:66:D2:06:20:88:FC:C6
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/cosKVmOGqINDSqahoGbSBiCI_MY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:2040::/44

    Signature Algorithm: sha256WithRSAEncryption
         8e:6d:31:79:5d:50:9f:ea:be:64:1c:9e:89:87:76:59:57:2f:
         0f:58:7c:54:c2:65:71:3c:e4:8b:b0:d8:f2:66:a7:b4:03:b0:
         2c:be:62:1b:29:e7:00:e3:03:6a:a6:35:f1:30:f8:ef:10:e0:
         5b:be:17:10:33:83:bb:68:29:e8:90:81:49:0d:32:b8:0d:27:
         d4:f5:8e:52:22:86:75:e6:e6:04:a1:ee:af:c6:f1:a4:ad:69:
         bf:81:97:1e:b9:c6:bf:8f:c5:f9:58:97:de:32:75:9d:b3:c4:
         47:92:1a:8f:5e:13:f2:a2:82:80:3e:84:b9:59:c2:d6:a0:f1:
         0b:d4:8c:ba:b6:76:a9:84:e6:35:b6:cd:53:cf:1b:fa:29:65:
         5c:3d:34:59:4e:ea:1e:cb:78:d9:e5:19:21:fb:fc:f0:aa:6d:
         de:b1:33:75:10:89:06:1d:42:e6:50:a2:10:21:81:18:a9:4b:
         99:40:c4:cd:03:1a:36:bb:98:41:b9:56:e9:5c:8f:f7:5b:0b:
         01:bb:9d:b9:e0:84:c0:ad:eb:68:6d:13:1b:e7:4a:03:a5:d3:
         16:1f:ad:d2:fe:c6:4c:fb:b0:3d:4d:b2:2f:40:85:0e:9d:78:
         4d:77:85:c5:92:a2:ef:1e:f2:bd:d4:07:ac:e2:5b:d4:be:1c:
         45:76:d1:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKXN1m5MacPRQmPzeYjFHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjhiMGE1NjYzODZhODgzNDM0YWE2YTFhMDY2ZDIwNjIwODhmY2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOZfVQwhbCY5LFTX5H05D0AkMGTd
viBWFs8fHCACZTGcJ51fcZ2XBQhP0Uq11hdIJO63tmVzHYLOUoJcw6QkmBcDFFSx
UIUGXU/mj0ZbtTXQsTiSPxuitZG3UiWi4Gz9v8FUTemuV9CZVQ6CeOFOE7lRio1d
FIDPiLtpCV6PQZT/mA8dvx5F/1XmVQWPGiS+P2z8aHztSHUXSmkQdLr97BQw60UQ
W3HpbYbQrYoRuJjbk+sy/+fkl8qSyu76QK7qWcA+0OM6pqpV/zsCU14p/KlbBTSS
TTqoYTSfP1m+tGYYE5ubX6KUKrq8rkWrKCPp4rorFyE6MyAdnESz5aPlGwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHKLClZjhqiDQ0qmoaBm0gYgiPzGMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvY29zS1ZtT0dxSU5EU3FhaG9HYlNCaUNJX01ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiBA
MA0GCSqGSIb3DQEBCwUAA4IBAQCObTF5XVCf6r5kHJ6Jh3ZZVy8PWHxUwmVxPOSL
sNjyZqe0A7AsvmIbKecA4wNqpjXxMPjvEOBbvhcQM4O7aCnokIFJDTK4DSfU9Y5S
IoZ15uYEoe6vxvGkrWm/gZceuca/j8X5WJfeMnWds8RHkhqPXhPyooKAPoS5WcLW
oPEL1Iy6tnaphOY1ts1Tzxv6KWVcPTRZTuoey3jZ5Rkh+/zwqm3esTN1EIkGHULm
UKIQIYEYqUuZQMTNAxo2u5hBuVbpXI/3WwsBu5254ITAretobRMb50oDpdMWH63S
/sZM+7A9TbIvQIUOnXhNd4XFkqLvHvK91Aes4lvUvhxFdtGP
-----END CERTIFICATE-----