Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/a7851c-bb78-4f29-a1d9-7b991824bd83/1/knSoepLGJSp-AcCQZkV1qY93TX0.roa
File:                     knSoepLGJSp-AcCQZkV1qY93TX0.roa (raw, json)
Hash identifier:          UNoumTmvOXs23mYqEtBhu7K/0fDFevHJ7fthEimTcaU=
Subject key identifier:   92:74:A8:7A:92:C6:25:2A:7E:01:C0:90:66:45:75:A9:8F:77:4D:7D
Certificate issuer:       /CN=cf275d0fe63998ea1b7d39e518fb329f76bed166
Certificate serial:       019258147588B4A98757E5000150D32D973C
Authority key identifier: CF:27:5D:0F:E6:39:98:EA:1B:7D:39:E5:18:FB:32:9F:76:BE:D1:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zyddD-Y5mOobfTnlGPsyn3a-0WY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/a7851c-bb78-4f29-a1d9-7b991824bd83/1/knSoepLGJSp-AcCQZkV1qY93TX0.roa
Signing time:             Fri 04 Oct 2024 15:09:48 +0000
ROA not before:           Fri 04 Oct 2024 15:09:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206506
IP address blocks:        2a0c:8200::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/a7851c-bb78-4f29-a1d9-7b991824bd83/1/zyddD-Y5mOobfTnlGPsyn3a-0WY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/a7851c-bb78-4f29-a1d9-7b991824bd83/1/zyddD-Y5mOobfTnlGPsyn3a-0WY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zyddD-Y5mOobfTnlGPsyn3a-0WY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Nov 2024 09:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:58:14:75:88:b4:a9:87:57:e5:00:01:50:d3:2d:97:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf275d0fe63998ea1b7d39e518fb329f76bed166
        Validity
            Not Before: Oct  4 15:09:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9274a87a92c6252a7e01c090664575a98f774d7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:14:b6:ca:47:50:91:08:18:e6:27:51:36:21:
                    43:15:1f:6b:9d:e1:4f:7c:99:76:ea:4c:2c:e1:5b:
                    27:a0:d5:55:6b:43:49:1e:a9:70:35:ad:74:85:c3:
                    8f:14:8e:fd:92:db:e4:e1:e9:8e:38:51:97:81:dd:
                    cc:35:39:14:7e:bf:c0:31:2a:6d:80:ab:05:7f:6b:
                    8a:1d:1e:12:8c:f1:e8:80:e5:e3:a5:80:8b:3f:97:
                    91:bc:42:6b:e8:ac:de:97:f6:36:94:bd:6f:d9:7e:
                    3b:ae:b0:e1:ed:ff:a7:0c:2a:7c:bb:50:ba:c7:52:
                    5e:a0:d4:55:a0:4f:ef:a9:5a:34:ea:4b:e6:d3:77:
                    b9:e0:f8:7a:69:e4:4f:d8:a6:3f:dc:78:50:bb:75:
                    7e:4b:ec:93:89:f2:09:68:19:c5:98:a0:80:e9:84:
                    af:78:ed:ed:0a:da:6d:84:0a:06:a0:d5:84:68:21:
                    f2:a5:be:cf:72:7e:4b:7e:2c:81:d7:84:f7:35:3b:
                    3f:c5:af:c0:1c:86:ec:2d:aa:b0:1d:cd:9b:e5:55:
                    f3:9a:a1:36:fc:2d:a5:45:e0:9f:b4:ca:5b:6f:0b:
                    d3:38:7d:95:a6:40:76:ea:39:67:9a:1c:e7:22:22:
                    80:e6:25:a9:49:0a:2d:15:9e:f0:61:2e:a6:62:e9:
                    54:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:74:A8:7A:92:C6:25:2A:7E:01:C0:90:66:45:75:A9:8F:77:4D:7D
            X509v3 Authority Key Identifier:
                keyid:CF:27:5D:0F:E6:39:98:EA:1B:7D:39:E5:18:FB:32:9F:76:BE:D1:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zyddD-Y5mOobfTnlGPsyn3a-0WY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/a7851c-bb78-4f29-a1d9-7b991824bd83/1/knSoepLGJSp-AcCQZkV1qY93TX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/a7851c-bb78-4f29-a1d9-7b991824bd83/1/zyddD-Y5mOobfTnlGPsyn3a-0WY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:8200::/29

    Signature Algorithm: sha256WithRSAEncryption
         36:b3:db:b0:46:72:60:b1:47:c9:89:12:7e:2b:16:5f:bd:2d:
         73:f0:78:c9:48:66:36:c3:79:af:df:d0:fa:1e:b5:bd:d7:4d:
         cc:cc:94:ff:c2:96:d1:02:c5:bc:3d:d5:92:82:69:12:9f:81:
         3c:88:f9:16:3a:37:3b:16:46:8a:52:9d:d5:b8:5b:c1:67:2d:
         e2:c4:43:7a:6e:39:22:ad:d8:9c:1c:80:4c:c5:f8:b1:06:a6:
         b7:63:c8:70:b0:32:93:9f:ce:dc:20:0e:e7:e8:82:1a:f9:9a:
         13:8b:01:46:81:65:de:fa:b8:0c:08:ee:14:08:59:77:ec:a8:
         54:1e:cd:b5:a8:d1:5c:54:1c:7f:30:f7:1f:3b:2f:c1:ae:c8:
         a9:dd:37:cb:2a:19:58:b8:c9:6b:3c:5e:97:af:93:98:3e:97:
         c5:18:f7:9b:18:12:71:9a:f5:0e:52:a5:2c:2d:8b:bc:d1:65:
         a9:71:ee:5f:87:43:92:00:94:a7:ee:78:6d:90:c2:bb:ab:e9:
         f5:51:08:1c:8b:66:2f:e0:3f:0c:99:bf:3e:ba:f2:aa:e7:34:
         4b:7d:7e:5e:a7:e9:b9:19:7b:d7:ed:1a:cf:ec:e4:a1:48:5b:
         1f:02:dc:1b:36:89:28:bb:bd:5b:0c:30:57:9a:3c:09:70:0e:
         c0:ad:5e:0d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZJYFHWItKmHV+UAAVDTLZc8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMjc1ZDBmZTYzOTk4ZWExYjdkMzllNTE4ZmIzMjlmNzZi
ZWQxNjYwHhcNMjQxMDA0MTUwOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mjc0YTg3YTkyYzYyNTJhN2UwMWMwOTA2NjQ1NzVhOThmNzc0ZDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhxS2ykdQkQgY5idRNiFDFR9rneFP
fJl26kws4VsnoNVVa0NJHqlwNa10hcOPFI79ktvk4emOOFGXgd3MNTkUfr/AMSpt
gKsFf2uKHR4SjPHogOXjpYCLP5eRvEJr6Kzel/Y2lL1v2X47rrDh7f+nDCp8u1C6
x1JeoNRVoE/vqVo06kvm03e54Ph6aeRP2KY/3HhQu3V+S+yTifIJaBnFmKCA6YSv
eO3tCtpthAoGoNWEaCHypb7Pcn5LfiyB14T3NTs/xa/AHIbsLaqwHc2b5VXzmqE2
/C2lReCftMpbbwvTOH2VpkB26jlnmhznIiKA5iWpSQotFZ7wYS6mYulUYQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJJ0qHqSxiUqfgHAkGZFdamPd019MB8GA1UdIwQY
MBaAFM8nXQ/mOZjqG3055Rj7Mp92vtFmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenlkZEQtWTVtT29iZlRubEdQc3luM2EtMFdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9hNzg1MWMtYmI3OC00ZjI5LWExZDkt
N2I5OTE4MjRiZDgzLzEva25Tb2VwTEdKU3AtQWNDUVprVjFxWTkzVFgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9hNzg1MWMtYmI3OC00ZjI5LWExZDktN2I5OTE4MjRiZDgz
LzEvenlkZEQtWTVtT29iZlRubEdQc3luM2EtMFdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgyCADAN
BgkqhkiG9w0BAQsFAAOCAQEANrPbsEZyYLFHyYkSfisWX70tc/B4yUhmNsN5r9/Q
+h61vddNzMyU/8KW0QLFvD3VkoJpEp+BPIj5Fjo3OxZGilKd1bhbwWct4sRDem45
Iq3YnByATMX4sQamt2PIcLAyk5/O3CAO5+iCGvmaE4sBRoFl3vq4DAjuFAhZd+yo
VB7NtajRXFQcfzD3Hzsvwa7Iqd03yyoZWLjJazxel6+TmD6XxRj3mxgScZr1DlKl
LC2LvNFlqXHuX4dDkgCUp+54bZDCu6vp9VEIHItmL+A/DJm/Prryquc0S31+Xqfp
uRl71+0az+zkoUhbHwLcGzaJKLu9WwwwV5o8CXAOwK1eDQ==
-----END CERTIFICATE-----