Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/PCoH-gPZ26KtF3c-zUPLxurErEM.roa
File:                     PCoH-gPZ26KtF3c-zUPLxurErEM.roa (raw, json)
Hash identifier:          CBlAdEfhMvPDfcZlIfNM68185kTCC2cg6gslzv0Dqck=
Subject key identifier:   3C:2A:07:FA:03:D9:DB:A2:AD:17:77:3E:CD:43:CB:C6:EA:C4:AC:43
Certificate issuer:       /CN=20c5ee02d2e05861dd906fe06b3844f04d378c73
Certificate serial:       018F1568FE08BB1BC825E182E860189A2A4D
Authority key identifier: 20:C5:EE:02:D2:E0:58:61:DD:90:6F:E0:6B:38:44:F0:4D:37:8C:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IMXuAtLgWGHdkG_gazhE8E03jHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/PCoH-gPZ26KtF3c-zUPLxurErEM.roa
Signing time:             Thu 25 Apr 2024 13:19:13 +0000
ROA not before:           Thu 25 Apr 2024 13:19:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56740
IP address blocks:        2a0a:7d80:2::/48 maxlen: 48
                          2a0a:7d80:1000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/IMXuAtLgWGHdkG_gazhE8E03jHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/IMXuAtLgWGHdkG_gazhE8E03jHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IMXuAtLgWGHdkG_gazhE8E03jHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:15:68:fe:08:bb:1b:c8:25:e1:82:e8:60:18:9a:2a:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20c5ee02d2e05861dd906fe06b3844f04d378c73
        Validity
            Not Before: Apr 25 13:19:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c2a07fa03d9dba2ad17773ecd43cbc6eac4ac43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:3c:e6:02:06:a7:8b:c8:82:3a:0e:e3:bc:81:
                    ae:78:e0:ca:a3:f3:3b:57:50:f7:8e:69:2b:d4:9e:
                    6b:38:f5:c9:6d:ac:3c:a8:b6:60:65:3f:1c:79:24:
                    47:19:87:20:70:28:ee:87:a1:f0:0f:88:78:fd:ba:
                    ad:4f:3a:d6:3f:35:60:7f:67:a0:64:22:15:ca:b9:
                    88:f9:01:f3:15:78:c3:cf:b2:73:4d:bb:96:6b:42:
                    b0:51:76:0a:83:27:b5:54:ef:a8:d3:64:f7:66:99:
                    d0:da:f0:35:97:45:e6:db:8f:b2:cf:68:26:73:5a:
                    45:93:11:ce:15:3f:08:dc:0a:25:5d:0e:59:fa:0b:
                    be:2d:0f:fc:9f:8b:d9:83:17:f8:1b:4d:72:d7:2a:
                    d6:45:56:35:eb:a0:92:d3:c1:84:a3:77:16:37:9c:
                    bc:31:0c:12:01:85:45:88:84:50:02:a1:12:a6:f0:
                    7d:3d:7f:54:9d:12:38:4b:f8:0d:69:6e:6f:60:62:
                    e0:fe:2e:55:63:50:d3:dc:6b:b2:f4:b7:d0:22:08:
                    b1:97:76:5f:28:50:43:f0:d8:32:d4:37:48:0e:ff:
                    c1:27:d0:d8:e3:24:e7:71:eb:21:1b:8d:8c:c7:09:
                    d8:b9:f8:52:5f:f9:83:48:7c:44:d4:6f:13:bd:e5:
                    78:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:2A:07:FA:03:D9:DB:A2:AD:17:77:3E:CD:43:CB:C6:EA:C4:AC:43
            X509v3 Authority Key Identifier:
                keyid:20:C5:EE:02:D2:E0:58:61:DD:90:6F:E0:6B:38:44:F0:4D:37:8C:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IMXuAtLgWGHdkG_gazhE8E03jHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/PCoH-gPZ26KtF3c-zUPLxurErEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/IMXuAtLgWGHdkG_gazhE8E03jHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:7d80:2::/48
                  2a0a:7d80:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         3d:f5:d5:83:74:88:25:93:72:8e:3e:8d:e3:27:1f:b3:55:3f:
         26:34:8a:d1:6f:6f:95:3c:09:54:ee:44:30:5c:77:fc:27:db:
         38:27:d1:93:dc:92:e0:e6:da:49:9c:14:be:2c:30:45:6b:14:
         d0:56:ab:01:44:2d:b6:5c:6a:b1:d5:48:e1:56:40:69:d5:28:
         a5:b9:07:61:e3:9f:9d:ad:b2:a3:5d:7c:a7:52:39:d5:1d:c0:
         f6:4e:6e:c1:6b:47:58:49:40:d4:6a:78:60:75:f7:ee:36:c2:
         ec:3e:40:1c:68:e9:55:23:a4:59:bd:4a:1b:8f:64:c5:03:97:
         32:f5:fe:48:87:d2:5a:84:39:95:5f:aa:1a:b9:24:a5:58:9c:
         9d:75:4b:69:d3:b6:f5:07:ca:85:be:fd:dd:b0:f1:96:64:04:
         ce:e5:5e:75:c9:54:28:c1:f6:95:69:e1:d6:40:db:2e:0e:4f:
         cb:c6:b2:e7:0a:5e:a0:c1:77:6f:b0:7e:e4:82:37:e1:c0:26:
         0d:c0:b1:ca:4f:40:94:b4:74:f9:a0:57:02:6c:e7:3f:4d:d2:
         8d:99:73:7d:74:65:95:17:4b:c8:a3:5f:1b:f4:b1:b4:eb:97:
         4a:07:d9:8b:d1:24:7d:b5:13:32:ae:73:d1:24:77:64:00:6e:
         02:8e:75:55
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAY8VaP4IuxvIJeGC6GAYmipNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYzVlZTAyZDJlMDU4NjFkZDkwNmZlMDZiMzg0NGYwNGQz
NzhjNzMwHhcNMjQwNDI1MTMxOTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzJhMDdmYTAzZDlkYmEyYWQxNzc3M2VjZDQzY2JjNmVhYzRhYzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozzmAgani8iCOg7jvIGueODKo/M7
V1D3jmkr1J5rOPXJbaw8qLZgZT8ceSRHGYcgcCjuh6HwD4h4/bqtTzrWPzVgf2eg
ZCIVyrmI+QHzFXjDz7JzTbuWa0KwUXYKgye1VO+o02T3ZpnQ2vA1l0Xm24+yz2gm
c1pFkxHOFT8I3AolXQ5Z+gu+LQ/8n4vZgxf4G01y1yrWRVY166CS08GEo3cWN5y8
MQwSAYVFiIRQAqESpvB9PX9UnRI4S/gNaW5vYGLg/i5VY1DT3Guy9LfQIgixl3Zf
KFBD8Ngy1DdIDv/BJ9DY4yTnceshG42MxwnYufhSX/mDSHxE1G8TveV4jQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFDwqB/oD2duirRd3Ps1Dy8bqxKxDMB8GA1UdIwQY
MBaAFCDF7gLS4Fhh3ZBv4Gs4RPBNN4xzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU1YdUF0TGdXR0hka0dfZ2F6aEU4RTAzakhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC85NzkyOTYtZWY3YS00YmFjLThjMTUt
Njc3NzEzNTlhMmIzLzEvUENvSC1nUFoyNkt0RjNjLXpVUEx4dXJFckVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC85NzkyOTYtZWY3YS00YmFjLThjMTUtNjc3NzEzNTlhMmIz
LzEvSU1YdUF0TGdXR0hka0dfZ2F6aEU4RTAzakhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAKgp9gAAC
AwYEKgp9gBAwDQYJKoZIhvcNAQELBQADggEBAD311YN0iCWTco4+jeMnH7NVPyY0
itFvb5U8CVTuRDBcd/wn2zgn0ZPckuDm2kmcFL4sMEVrFNBWqwFELbZcarHVSOFW
QGnVKKW5B2Hjn52tsqNdfKdSOdUdwPZObsFrR1hJQNRqeGB19+42wuw+QBxo6VUj
pFm9ShuPZMUDlzL1/kiH0lqEOZVfqhq5JKVYnJ11S2nTtvUHyoW+/d2w8ZZkBM7l
XnXJVCjB9pVp4dZA2y4OT8vGsucKXqDBd2+wfuSCN+HAJg3AscpPQJS0dPmgVwJs
5z9N0o2Zc310ZZUXS8ijXxv0sbTrl0oH2YvRJH21EzKuc9Ekd2QAbgKOdVU=
-----END CERTIFICATE-----