Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/CqCOspiZPaSMQj2EFF1KdKb0gVM.roa
File:                     CqCOspiZPaSMQj2EFF1KdKb0gVM.roa (raw, json)
Hash identifier:          Kv7tfE615zIZEqoU92hnNnOz5q7LolO7fkWU7RBTXfg=
Subject key identifier:   0A:A0:8E:B2:98:99:3D:A4:8C:42:3D:84:14:5D:4A:74:A6:F4:81:53
Certificate issuer:       /CN=c089423af1be03027196d1f81df22992978cda6e
Certificate serial:       018CC64B77FDF7094B173FB9B0F56B80868E
Authority key identifier: C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/CqCOspiZPaSMQj2EFF1KdKb0gVM.roa
Signing time:             Mon 01 Jan 2024 18:31:23 +0000
ROA not before:           Mon 01 Jan 2024 18:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134196
IP address blocks:        2a0d:2480::/29 maxlen: 29
                          2a0c:f480::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:77:fd:f7:09:4b:17:3f:b9:b0:f5:6b:80:86:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c089423af1be03027196d1f81df22992978cda6e
        Validity
            Not Before: Jan  1 18:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0aa08eb298993da48c423d84145d4a74a6f48153
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:0f:54:09:b9:41:0c:be:0d:ec:dc:9b:1f:aa:
                    61:f5:c8:56:63:0f:90:86:d4:48:38:c8:3f:02:41:
                    69:3c:eb:17:83:92:32:14:bb:96:57:e1:c5:c1:97:
                    93:b7:b1:25:d7:fd:cd:2c:17:71:c5:d3:0f:eb:c7:
                    b0:5d:66:74:03:38:f5:af:80:89:83:a7:8f:bf:38:
                    a6:6f:78:bd:08:17:45:c6:08:4f:a8:c1:5b:82:39:
                    35:92:b6:10:2b:db:ed:69:13:be:94:03:9e:88:32:
                    16:75:8c:59:aa:f2:7f:15:fe:f7:ea:d4:1e:0f:dc:
                    b4:a4:12:5c:5e:ef:6c:47:04:30:d2:dd:ae:74:b9:
                    1e:12:fa:19:c9:e7:bc:14:83:93:06:52:c8:9a:f1:
                    67:cf:6c:33:90:15:89:60:71:13:b9:eb:fa:c5:43:
                    2f:ea:2e:e4:6f:a3:54:2c:b3:25:62:c7:8e:d5:fb:
                    86:9a:be:54:d2:32:3b:07:9d:3e:60:d3:2f:31:57:
                    e7:3c:6a:98:d4:59:1f:45:a6:b6:b4:f1:29:4c:98:
                    8c:a2:83:ca:23:9d:d2:c0:29:1c:b8:13:e2:11:5c:
                    fd:a6:20:ff:22:d0:09:6f:47:84:56:9c:7b:3a:69:
                    17:e7:04:cd:93:76:81:56:e7:9f:3e:f3:80:f2:45:
                    1c:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:A0:8E:B2:98:99:3D:A4:8C:42:3D:84:14:5D:4A:74:A6:F4:81:53
            X509v3 Authority Key Identifier:
                keyid:C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/CqCOspiZPaSMQj2EFF1KdKb0gVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:f480::/29
                  2a0d:2480::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:44:16:8c:46:77:09:fb:52:1e:90:08:c9:c4:c5:60:3f:3a:
         50:72:88:8e:27:2f:0f:d9:05:dc:8f:a0:44:57:d9:7d:dc:3a:
         a1:92:01:55:6c:96:41:aa:9f:d3:51:58:f0:53:3a:5b:93:6d:
         59:6c:3c:d5:bf:a1:c3:f0:df:9f:48:41:3b:3b:79:c9:d0:06:
         1b:21:b7:7a:0d:02:92:fc:1d:95:d8:4b:2f:fb:46:07:0a:8e:
         48:e9:36:57:fd:f7:32:71:a7:ac:60:98:29:81:09:a1:30:be:
         15:d6:5d:1a:d5:4b:be:46:78:79:21:14:8e:6c:ce:8c:a6:1f:
         70:71:00:0e:0d:ea:de:1a:ab:b9:81:16:7b:ac:14:39:1d:53:
         e7:1a:1c:56:ec:6c:bb:bf:00:6e:4a:56:8a:92:72:5b:00:14:
         ef:5d:d0:ee:b3:a2:a7:11:1d:58:06:96:72:6b:54:1c:a2:1d:
         1f:b8:3f:0e:e8:a9:54:8b:62:cd:cf:9c:43:07:22:8b:5b:98:
         99:67:0c:55:b4:b2:4c:09:52:43:d0:57:a4:ef:98:27:89:05:
         0b:c1:95:19:0b:77:46:2b:75:8e:69:65:0f:c4:6b:73:6e:d1:
         3f:c8:38:8b:e4:93:ae:a8:3e:9c:ef:b9:fa:bf:a6:00:94:88:
         fc:21:5c:28
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGS3f99wlLFz+5sPVrgIaOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwODk0MjNhZjFiZTAzMDI3MTk2ZDFmODFkZjIyOTkyOTc4
Y2RhNmUwHhcNMjQwMTAxMTgzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWEwOGViMjk4OTkzZGE0OGM0MjNkODQxNDVkNGE3NGE2ZjQ4MTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzw9UCblBDL4N7NybH6ph9chWYw+Q
htRIOMg/AkFpPOsXg5IyFLuWV+HFwZeTt7El1/3NLBdxxdMP68ewXWZ0Azj1r4CJ
g6ePvzimb3i9CBdFxghPqMFbgjk1krYQK9vtaRO+lAOeiDIWdYxZqvJ/Ff736tQe
D9y0pBJcXu9sRwQw0t2udLkeEvoZyee8FIOTBlLImvFnz2wzkBWJYHETuev6xUMv
6i7kb6NULLMlYseO1fuGmr5U0jI7B50+YNMvMVfnPGqY1FkfRaa2tPEpTJiMooPK
I53SwCkcuBPiEVz9piD/ItAJb0eEVpx7OmkX5wTNk3aBVuefPvOA8kUcoQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAqgjrKYmT2kjEI9hBRdSnSm9IFTMB8GA1UdIwQY
MBaAFMCJQjrxvgMCcZbR+B3yKZKXjNpuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgt
NjUzMzJiNDdmNWViLzEvQ3FDT3NwaVpQYVNNUWoyRUZGMUtkS2IwZ1ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgtNjUzMzJiNDdmNWVi
LzEvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgz0gAMF
AyoNJIAwDQYJKoZIhvcNAQELBQADggEBADxEFoxGdwn7Uh6QCMnExWA/OlByiI4n
Lw/ZBdyPoERX2X3cOqGSAVVslkGqn9NRWPBTOluTbVlsPNW/ocPw359IQTs7ecnQ
Bhsht3oNApL8HZXYSy/7RgcKjkjpNlf99zJxp6xgmCmBCaEwvhXWXRrVS75GeHkh
FI5szoymH3BxAA4N6t4aq7mBFnusFDkdU+caHFbsbLu/AG5KVoqSclsAFO9d0O6z
oqcRHVgGlnJrVByiHR+4Pw7oqVSLYs3PnEMHIotbmJlnDFW0skwJUkPQV6TvmCeJ
BQvBlRkLd0YrdY5pZQ/Ea3Nu0T/IOIvkk66oPpzvufq/pgCUiPwhXCg=
-----END CERTIFICATE-----