Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/73e52f-42e3-4a31-9736-a6b7600871a6/1/C6xcogrA_3_VMFA9_9eilLpFGH8.roa
File:                     C6xcogrA_3_VMFA9_9eilLpFGH8.roa (raw, json)
Hash identifier:          +FxcROHSqKYi4wnKDP8r51cvgZeouVzUpDApDDNQkHY=
Subject key identifier:   0B:AC:5C:A2:0A:C0:FF:7F:D5:30:50:3D:FF:D7:A2:94:BA:45:18:7F
Certificate issuer:       /CN=9c28a6ed0f5cfce772d5ce5b03bb42932c8a64d0
Certificate serial:       018CC493111814BDB64D432A47F65454E2B8
Authority key identifier: 9C:28:A6:ED:0F:5C:FC:E7:72:D5:CE:5B:03:BB:42:93:2C:8A:64:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nCim7Q9c_Ody1c5bA7tCkyyKZNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/73e52f-42e3-4a31-9736-a6b7600871a6/1/C6xcogrA_3_VMFA9_9eilLpFGH8.roa
Signing time:             Mon 01 Jan 2024 10:30:21 +0000
ROA not before:           Mon 01 Jan 2024 10:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215960
IP address blocks:        2a07:e043::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/73e52f-42e3-4a31-9736-a6b7600871a6/1/nCim7Q9c_Ody1c5bA7tCkyyKZNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/73e52f-42e3-4a31-9736-a6b7600871a6/1/nCim7Q9c_Ody1c5bA7tCkyyKZNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nCim7Q9c_Ody1c5bA7tCkyyKZNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:11:18:14:bd:b6:4d:43:2a:47:f6:54:54:e2:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c28a6ed0f5cfce772d5ce5b03bb42932c8a64d0
        Validity
            Not Before: Jan  1 10:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bac5ca20ac0ff7fd530503dffd7a294ba45187f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:14:6d:c3:10:b2:8d:1c:47:28:b5:cc:2d:7e:
                    c3:2c:94:e3:93:4f:2a:4b:b6:b6:ed:67:ff:a3:9c:
                    44:c7:f7:1f:f0:77:d7:81:73:64:82:3c:06:67:e7:
                    78:1e:7d:73:e4:cb:09:18:a7:95:fa:4d:a7:61:e5:
                    c4:43:8e:72:bf:de:b8:b4:80:ef:6f:69:be:4b:0b:
                    ef:a8:f6:d3:ac:5e:f8:67:42:3a:9e:4a:42:1b:b6:
                    18:06:9d:89:47:dd:4a:57:bf:41:2e:e4:eb:77:fc:
                    e9:cc:7f:76:ec:8c:1a:17:48:1c:e4:76:cc:2c:5b:
                    85:8d:55:21:e1:9f:17:09:73:bc:53:bd:a4:3d:1c:
                    ea:29:cb:20:53:e3:e3:85:af:b1:f0:52:9e:7e:db:
                    a4:51:31:b9:56:01:7e:dd:92:31:69:8b:e5:ad:60:
                    c8:e8:d9:46:e4:4d:03:66:c7:18:81:95:b4:7a:10:
                    77:7e:c9:6a:10:b4:45:28:dd:b4:cd:60:f8:24:34:
                    7d:be:18:5e:00:02:b0:07:5d:a5:3f:d7:b1:cb:4c:
                    cb:81:57:af:33:61:dc:48:48:69:b5:0c:40:d7:6a:
                    d9:b5:45:be:f3:cc:ff:01:d4:f0:93:4c:e7:bb:d0:
                    6a:4d:33:70:1d:f6:ca:88:c6:71:ca:cc:d8:ac:31:
                    1e:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:AC:5C:A2:0A:C0:FF:7F:D5:30:50:3D:FF:D7:A2:94:BA:45:18:7F
            X509v3 Authority Key Identifier:
                keyid:9C:28:A6:ED:0F:5C:FC:E7:72:D5:CE:5B:03:BB:42:93:2C:8A:64:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nCim7Q9c_Ody1c5bA7tCkyyKZNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/73e52f-42e3-4a31-9736-a6b7600871a6/1/C6xcogrA_3_VMFA9_9eilLpFGH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/73e52f-42e3-4a31-9736-a6b7600871a6/1/nCim7Q9c_Ody1c5bA7tCkyyKZNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:e043::/32

    Signature Algorithm: sha256WithRSAEncryption
         86:b0:d0:9a:2c:6a:36:8a:0c:5b:5c:9d:2d:6b:11:f8:38:6e:
         1a:be:b1:9a:e4:7c:a1:f1:4f:b3:d4:87:16:b7:70:62:93:2c:
         d2:00:d1:8e:aa:e6:2b:ce:4d:de:7c:3b:2b:b0:b6:5c:65:5a:
         26:ba:55:79:70:24:9b:f6:dc:18:6e:bb:00:56:11:1e:79:86:
         35:dd:bd:a9:aa:b1:18:17:f5:40:22:89:48:a6:8f:c4:c2:b4:
         88:0c:9b:53:b8:03:b5:82:f7:90:6b:58:92:b5:d6:a5:fa:fd:
         59:6e:90:be:ca:71:92:7d:a3:4b:16:ab:b3:84:a0:21:39:b7:
         2d:c6:29:7b:53:39:24:4b:36:d3:1e:d1:d4:2f:20:76:90:47:
         84:a5:8d:2d:95:1e:c5:0d:c8:00:e3:6c:5c:71:fd:26:54:d3:
         be:6f:79:aa:2a:27:d0:14:62:00:35:b9:b2:fb:78:f3:97:71:
         77:47:b8:df:db:0a:e8:f7:48:05:cb:27:b3:14:54:df:2b:b6:
         fc:cd:9e:36:55:21:d8:39:74:a1:7a:c1:97:c9:46:68:4d:aa:
         89:24:49:ea:2f:aa:9a:07:96:71:a3:f5:26:30:5e:60:62:d2:
         8e:83:30:95:b3:ba:4c:ba:69:b6:bf:04:ee:db:87:c3:28:62:
         a1:50:67:f0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEkxEYFL22TUMqR/ZUVOK4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMjhhNmVkMGY1Y2ZjZTc3MmQ1Y2U1YjAzYmI0MjkzMmM4
YTY0ZDAwHhcNMjQwMTAxMTAzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmFjNWNhMjBhYzBmZjdmZDUzMDUwM2RmZmQ3YTI5NGJhNDUxODdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjRRtwxCyjRxHKLXMLX7DLJTjk08q
S7a27Wf/o5xEx/cf8HfXgXNkgjwGZ+d4Hn1z5MsJGKeV+k2nYeXEQ45yv964tIDv
b2m+SwvvqPbTrF74Z0I6nkpCG7YYBp2JR91KV79BLuTrd/zpzH927IwaF0gc5HbM
LFuFjVUh4Z8XCXO8U72kPRzqKcsgU+Pjha+x8FKeftukUTG5VgF+3ZIxaYvlrWDI
6NlG5E0DZscYgZW0ehB3fslqELRFKN20zWD4JDR9vhheAAKwB12lP9exy0zLgVev
M2HcSEhptQxA12rZtUW+88z/AdTwk0znu9BqTTNwHfbKiMZxyszYrDEeEQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAusXKIKwP9/1TBQPf/XopS6RRh/MB8GA1UdIwQY
MBaAFJwopu0PXPznctXOWwO7QpMsimTQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkNpbTdROWNfT2R5MWM1YkE3dENreXlLWk5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy83M2U1MmYtNDJlMy00YTMxLTk3MzYt
YTZiNzYwMDg3MWE2LzEvQzZ4Y29nckFfM19WTUZBOV85ZWlsTHBGR0g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy83M2U1MmYtNDJlMy00YTMxLTk3MzYtYTZiNzYwMDg3MWE2
LzEvbkNpbTdROWNfT2R5MWM1YkE3dENreXlLWk5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgfgQzAN
BgkqhkiG9w0BAQsFAAOCAQEAhrDQmixqNooMW1ydLWsR+DhuGr6xmuR8ofFPs9SH
FrdwYpMs0gDRjqrmK85N3nw7K7C2XGVaJrpVeXAkm/bcGG67AFYRHnmGNd29qaqx
GBf1QCKJSKaPxMK0iAybU7gDtYL3kGtYkrXWpfr9WW6Qvspxkn2jSxars4SgITm3
LcYpe1M5JEs20x7R1C8gdpBHhKWNLZUexQ3IAONsXHH9JlTTvm95qion0BRiADW5
svt485dxd0e439sK6PdIBcsnsxRU3yu2/M2eNlUh2Dl0oXrBl8lGaE2qiSRJ6i+q
mgeWcaP1JjBeYGLSjoMwlbO6TLpptr8E7tuHwyhioVBn8A==
-----END CERTIFICATE-----