Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/26a971-f2fd-4f2d-8303-6e6e76f37946/1/CoDtlxbUD898jvtvmIpg-0QwYDg.roa
File:                     CoDtlxbUD898jvtvmIpg-0QwYDg.roa (raw, json)
Hash identifier:          Z8Ldf308pfgPNHfziY30zfMv/hsmv2PCC2O+mi6CpsU=
Subject key identifier:   0A:80:ED:97:16:D4:0F:CF:7C:8E:FB:6F:98:8A:60:FB:44:30:60:38
Certificate issuer:       /CN=e27e66e403d31c7958335298168de60a215c0c0f
Certificate serial:       0190ED1C2B4AE0FE6141D53E6A5A9C73632F
Authority key identifier: E2:7E:66:E4:03:D3:1C:79:58:33:52:98:16:8D:E6:0A:21:5C:0C:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4n5m5APTHHlYM1KYFo3mCiFcDA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/26a971-f2fd-4f2d-8303-6e6e76f37946/1/CoDtlxbUD898jvtvmIpg-0QwYDg.roa
Signing time:             Fri 26 Jul 2024 03:36:04 +0000
ROA not before:           Fri 26 Jul 2024 03:36:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        85.204.106.0/24 maxlen: 24
                          188.241.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/26a971-f2fd-4f2d-8303-6e6e76f37946/1/4n5m5APTHHlYM1KYFo3mCiFcDA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/26a971-f2fd-4f2d-8303-6e6e76f37946/1/4n5m5APTHHlYM1KYFo3mCiFcDA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4n5m5APTHHlYM1KYFo3mCiFcDA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ed:1c:2b:4a:e0:fe:61:41:d5:3e:6a:5a:9c:73:63:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e27e66e403d31c7958335298168de60a215c0c0f
        Validity
            Not Before: Jul 26 03:36:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a80ed9716d40fcf7c8efb6f988a60fb44306038
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:70:3f:8e:7b:3c:f2:19:af:31:19:8e:93:4e:
                    a1:e8:c1:62:d0:da:e7:91:00:37:c8:8d:02:2e:a7:
                    e6:d6:15:7e:20:07:bd:61:c4:ed:3e:9f:57:8d:ba:
                    e7:49:96:8d:2c:1d:07:e4:77:7d:73:d6:e7:0a:89:
                    bd:7e:2a:5b:ef:27:d2:99:ce:5e:d0:f0:2c:c1:35:
                    92:0e:c6:36:b7:47:a1:b0:02:b2:5a:fd:d1:91:3e:
                    3f:ab:e9:9e:7e:6c:b9:b5:9e:7c:47:d5:14:c7:44:
                    d2:9d:c0:b3:22:af:9b:22:a4:1e:a0:1c:86:6e:e3:
                    73:15:ff:d9:39:0a:1d:0e:12:46:b3:ed:1d:f8:fd:
                    5a:da:39:97:6e:64:98:29:be:9a:21:f1:1d:08:22:
                    39:14:63:28:66:1d:0b:14:f1:6c:07:1e:63:fa:f0:
                    2d:49:83:e8:54:f7:15:de:40:38:1b:eb:ed:35:3e:
                    fb:d1:68:35:0a:c3:bf:93:77:e6:4f:e6:01:6f:87:
                    19:96:b9:ec:d7:e6:9b:0f:af:11:ed:1f:4c:55:13:
                    f6:f3:42:41:f3:da:e5:9c:3c:c5:d9:b1:d6:ac:7f:
                    d5:1f:db:06:62:46:73:3f:63:e7:bd:2d:5a:5c:10:
                    13:09:7b:c7:97:5e:e9:45:e7:f4:99:4b:b2:e0:2e:
                    e6:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:80:ED:97:16:D4:0F:CF:7C:8E:FB:6F:98:8A:60:FB:44:30:60:38
            X509v3 Authority Key Identifier:
                keyid:E2:7E:66:E4:03:D3:1C:79:58:33:52:98:16:8D:E6:0A:21:5C:0C:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4n5m5APTHHlYM1KYFo3mCiFcDA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/26a971-f2fd-4f2d-8303-6e6e76f37946/1/CoDtlxbUD898jvtvmIpg-0QwYDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/26a971-f2fd-4f2d-8303-6e6e76f37946/1/4n5m5APTHHlYM1KYFo3mCiFcDA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.106.0/24
                  188.241.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:1e:d4:5b:6c:73:9d:77:f0:59:9c:55:6d:5e:50:a0:09:b9:
         d1:2d:78:9e:69:a2:e9:ca:4a:c1:b8:2c:d0:ab:20:e4:66:e0:
         2e:7b:25:75:ea:dd:a5:9d:3b:1c:7c:86:c1:74:2d:04:07:01:
         bc:3a:51:24:bf:a5:a7:b7:6f:34:3e:52:9e:f7:7b:bd:7f:0b:
         ca:61:0f:9e:57:1a:25:d5:84:ca:fd:d2:ef:16:ca:af:89:df:
         12:f2:bb:f5:cb:18:48:ae:8d:72:be:00:e3:72:9a:dc:62:4b:
         8c:ec:31:d6:01:db:4a:21:65:1c:55:76:c7:cb:d2:f4:30:25:
         cb:cb:85:16:de:19:6b:66:d4:72:73:ac:8d:07:d2:ea:59:d0:
         fe:f4:af:57:b8:a1:0c:06:be:6c:76:3d:4c:98:ef:d4:8b:38:
         f6:e9:2f:c0:77:78:13:0e:79:c4:f6:31:3c:46:35:d9:2c:af:
         7d:de:03:7e:ce:fd:5d:f7:c0:d6:e2:22:b5:71:4e:72:05:d0:
         3e:25:bb:4c:96:9c:e6:bf:d9:be:d2:e5:37:fc:af:34:2b:5f:
         3a:42:c8:a2:e9:f9:e5:31:f1:c5:0e:19:09:6e:fb:07:0f:29:
         f4:e8:45:3c:f6:5b:9e:43:f4:8d:52:f9:2a:03:f3:68:f8:7a:
         4c:01:a7:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZDtHCtK4P5hQdU+alqcc2MvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyN2U2NmU0MDNkMzFjNzk1ODMzNTI5ODE2OGRlNjBhMjE1
YzBjMGYwHhcNMjQwNzI2MDMzNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTgwZWQ5NzE2ZDQwZmNmN2M4ZWZiNmY5ODhhNjBmYjQ0MzA2MDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHA/jns88hmvMRmOk06h6MFi0Nrn
kQA3yI0CLqfm1hV+IAe9YcTtPp9XjbrnSZaNLB0H5Hd9c9bnCom9fipb7yfSmc5e
0PAswTWSDsY2t0ehsAKyWv3RkT4/q+mefmy5tZ58R9UUx0TSncCzIq+bIqQeoByG
buNzFf/ZOQodDhJGs+0d+P1a2jmXbmSYKb6aIfEdCCI5FGMoZh0LFPFsBx5j+vAt
SYPoVPcV3kA4G+vtNT770Wg1CsO/k3fmT+YBb4cZlrns1+abD68R7R9MVRP280JB
89rlnDzF2bHWrH/VH9sGYkZzP2PnvS1aXBATCXvHl17pRef0mUuy4C7mxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAqA7ZcW1A/PfI77b5iKYPtEMGA4MB8GA1UdIwQY
MBaAFOJ+ZuQD0xx5WDNSmBaN5gohXAwPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNG41bTVBUFRISGxZTTFLWUZvM21DaUZjREE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8yNmE5NzEtZjJmZC00ZjJkLTgzMDMt
NmU2ZTc2ZjM3OTQ2LzEvQ29EdGx4YlVEODk4anZ0dm1JcGctMFF3WURnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8yNmE5NzEtZjJmZC00ZjJkLTgzMDMtNmU2ZTc2ZjM3OTQ2
LzEvNG41bTVBUFRISGxZTTFLWUZvM21DaUZjREE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVcxqAwQA
vPHcMA0GCSqGSIb3DQEBCwUAA4IBAQA8HtRbbHOdd/BZnFVtXlCgCbnRLXieaaLp
ykrBuCzQqyDkZuAueyV16t2lnTscfIbBdC0EBwG8OlEkv6Wnt280PlKe93u9fwvK
YQ+eVxol1YTK/dLvFsqvid8S8rv1yxhIro1yvgDjcprcYkuM7DHWAdtKIWUcVXbH
y9L0MCXLy4UW3hlrZtRyc6yNB9LqWdD+9K9XuKEMBr5sdj1MmO/Uizj26S/Ad3gT
DnnE9jE8RjXZLK993gN+zv1d98DW4iK1cU5yBdA+JbtMlpzmv9m+0uU3/K80K186
Qsii6fnlMfHFDhkJbvsHDyn06EU89lueQ/SNUvkqA/No+HpMAafH
-----END CERTIFICATE-----