Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cohpE-i17fYuOAWthg4wqfoAv-U.roa
File:                     cohpE-i17fYuOAWthg4wqfoAv-U.roa (raw, json)
Hash identifier:          s5tKW4HTawo0vP/upDbb29GODagWUcQiyWWpkDbcXNU=
Subject key identifier:   72:88:69:13:E8:B5:ED:F6:2E:38:05:AD:86:0E:30:A9:FA:00:BF:E5
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019329D0CECE99EEFA5AD59AB5061958DA23
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cohpE-i17fYuOAWthg4wqfoAv-U.roa
Signing time:             Thu 14 Nov 2024 08:36:10 +0000
ROA not before:           Thu 14 Nov 2024 08:36:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        194.105.90.0/24 maxlen: 24
                          213.130.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:29:d0:ce:ce:99:ee:fa:5a:d5:9a:b5:06:19:58:da:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov 14 08:36:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72886913e8b5edf62e3805ad860e30a9fa00bfe5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ac:36:84:9c:a4:19:45:0d:b4:de:cd:68:a3:
                    3a:a3:89:61:79:e5:6e:35:70:90:8c:83:e8:b6:51:
                    4c:31:2f:e0:0f:09:fe:ea:28:88:c5:c8:36:65:55:
                    54:a3:59:2b:01:a2:7e:46:98:9f:44:cd:39:cc:3c:
                    a5:25:91:81:9b:cf:d8:5d:b4:a0:2a:56:aa:b2:f7:
                    de:ff:75:61:31:af:0f:f3:33:82:a6:a7:aa:51:ab:
                    fd:b2:9a:28:09:90:07:1c:0b:a6:c8:49:30:e6:35:
                    ee:ed:11:09:e1:17:53:24:ba:81:81:24:78:0a:eb:
                    95:e6:f2:5f:95:e7:5e:26:df:ce:7c:12:ba:38:d1:
                    99:bc:0e:18:4a:4b:69:47:6c:37:51:d8:22:a9:37:
                    ca:da:b4:23:f5:4d:83:2b:ed:92:96:70:10:86:72:
                    1b:2d:e9:ec:c8:a7:ac:19:22:eb:e8:09:9e:7a:ff:
                    72:9d:1c:11:8b:7b:d0:dc:93:5f:23:76:60:5c:1a:
                    42:a8:2c:ce:f2:41:fa:6f:47:cf:d3:b3:0b:c3:12:
                    ed:85:4d:d4:65:06:ce:10:a5:e9:93:ec:77:d4:d9:
                    1c:92:b9:da:16:44:6b:25:47:38:8f:8c:20:0f:b4:
                    e9:0f:b2:f7:f0:c7:49:81:49:f2:01:ec:b6:71:b0:
                    e8:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:88:69:13:E8:B5:ED:F6:2E:38:05:AD:86:0E:30:A9:FA:00:BF:E5
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cohpE-i17fYuOAWthg4wqfoAv-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.105.90.0/24
                  213.130.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:cb:5f:39:6d:08:73:ab:6c:89:95:f7:90:80:69:be:02:e9:
         04:4d:3b:f3:21:3f:c7:25:0e:f9:ae:e5:f4:42:30:62:af:ba:
         09:4b:9d:f2:5e:18:ee:dc:ff:17:45:a2:17:5f:7f:7f:ce:c1:
         40:71:d2:af:80:50:97:88:b1:d3:7f:0d:99:ce:69:a6:cb:1f:
         db:92:3b:2b:42:93:47:9e:8f:46:99:6d:b6:1a:cc:43:73:a1:
         12:55:9c:0f:b3:9f:40:34:c3:be:a6:73:46:4d:2c:7e:1c:58:
         1f:f9:f6:2f:68:31:8d:a4:a6:b7:9a:8a:3e:1e:26:50:7a:d4:
         b3:76:f1:24:23:44:ed:32:57:87:2a:81:16:8e:15:ca:72:70:
         97:2d:97:5b:ed:ee:59:98:2a:34:30:bd:83:f3:2e:ff:b0:c0:
         f4:48:18:7e:28:2d:bc:73:bf:24:ee:e0:df:5e:f9:7d:16:02:
         f4:46:40:3b:39:eb:92:8c:3a:91:ab:5b:b5:89:f3:99:c5:d1:
         f2:81:b4:84:c3:ad:94:08:fa:c7:eb:a0:e8:74:34:25:ef:41:
         a3:f2:1e:72:74:61:e3:18:d0:01:c5:87:16:dc:69:50:ba:d9:
         89:83:d2:49:4c:f3:ce:10:62:aa:ce:b2:b6:1c:74:d3:85:e9:
         e5:c4:37:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZMp0M7Ome76WtWatQYZWNojMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQxMTE0MDgzNjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mjg4NjkxM2U4YjVlZGY2MmUzODA1YWQ4NjBlMzBhOWZhMDBiZmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6w2hJykGUUNtN7NaKM6o4lheeVu
NXCQjIPotlFMMS/gDwn+6iiIxcg2ZVVUo1krAaJ+RpifRM05zDylJZGBm8/YXbSg
Klaqsvfe/3VhMa8P8zOCpqeqUav9spooCZAHHAumyEkw5jXu7REJ4RdTJLqBgSR4
CuuV5vJfledeJt/OfBK6ONGZvA4YSktpR2w3UdgiqTfK2rQj9U2DK+2SlnAQhnIb
LensyKesGSLr6Ameev9ynRwRi3vQ3JNfI3ZgXBpCqCzO8kH6b0fP07MLwxLthU3U
ZQbOEKXpk+x31NkckrnaFkRrJUc4j4wgD7TpD7L38MdJgUnyAey2cbDotQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHKIaRPote32LjgFrYYOMKn6AL/lMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvY29ocEUtaTE3Zll1T0FXdGhnNHdxZm9Bdi1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwmlaAwQA
1YKKMA0GCSqGSIb3DQEBCwUAA4IBAQATy185bQhzq2yJlfeQgGm+AukETTvzIT/H
JQ75ruX0QjBir7oJS53yXhju3P8XRaIXX39/zsFAcdKvgFCXiLHTfw2Zzmmmyx/b
kjsrQpNHno9GmW22GsxDc6ESVZwPs59ANMO+pnNGTSx+HFgf+fYvaDGNpKa3moo+
HiZQetSzdvEkI0TtMleHKoEWjhXKcnCXLZdb7e5ZmCo0ML2D8y7/sMD0SBh+KC28
c78k7uDfXvl9FgL0RkA7OeuSjDqRq1u1ifOZxdHygbSEw62UCPrH66DodDQl70Gj
8h5ydGHjGNABxYcW3GlQutmJg9JJTPPOEGKqzrK2HHTThenlxDc4
-----END CERTIFICATE-----