Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/bee483-eeb3-4c53-a456-fb4c54b6733a/1/cogAZfWrz6gwjbm1Nv9e3TAAch0.roa
File:                     cogAZfWrz6gwjbm1Nv9e3TAAch0.roa (raw, json)
Hash identifier:          EvJ3soy1b9c8J82D4/FSSRGCc2e36n7pAkP6lj4++78=
Subject key identifier:   72:88:00:65:F5:AB:CF:A8:30:8D:B9:B5:36:FF:5E:DD:30:00:72:1D
Certificate issuer:       /CN=6dd1dc4d2eb7bf2a3f08d545755477055143f174
Certificate serial:       019302C6C71E6843B293AC8DC700D5C91682
Authority key identifier: 6D:D1:DC:4D:2E:B7:BF:2A:3F:08:D5:45:75:54:77:05:51:43:F1:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bdHcTS63vyo_CNVFdVR3BVFD8XQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/bee483-eeb3-4c53-a456-fb4c54b6733a/1/cogAZfWrz6gwjbm1Nv9e3TAAch0.roa
Signing time:             Wed 06 Nov 2024 18:40:01 +0000
ROA not before:           Wed 06 Nov 2024 18:40:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215568
IP address blocks:        2a10:6e44::/30 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/bee483-eeb3-4c53-a456-fb4c54b6733a/1/bdHcTS63vyo_CNVFdVR3BVFD8XQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/bee483-eeb3-4c53-a456-fb4c54b6733a/1/bdHcTS63vyo_CNVFdVR3BVFD8XQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bdHcTS63vyo_CNVFdVR3BVFD8XQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:02:c6:c7:1e:68:43:b2:93:ac:8d:c7:00:d5:c9:16:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6dd1dc4d2eb7bf2a3f08d545755477055143f174
        Validity
            Not Before: Nov  6 18:40:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72880065f5abcfa8308db9b536ff5edd3000721d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e1:47:e2:3d:58:26:a8:4a:0e:8c:77:f9:2d:
                    a0:b2:a5:29:0b:a3:f8:e0:7d:8a:65:fb:36:bb:b7:
                    e2:b0:cd:b7:f9:a4:d0:5e:0e:0d:94:39:0b:5f:36:
                    ca:f8:e1:0a:28:ab:a0:11:f7:dc:36:77:4e:10:1a:
                    8d:92:d0:d7:89:3d:05:85:66:82:e9:7e:02:7d:74:
                    44:a7:6e:97:e9:08:57:59:b9:0a:49:3b:37:fd:e3:
                    d5:3b:e1:ac:e5:0f:98:f3:3f:94:7b:b8:a9:40:52:
                    64:c9:23:c0:81:52:57:a7:55:58:20:91:80:73:5d:
                    0f:69:eb:93:e0:71:73:2e:a3:e7:24:67:16:86:e9:
                    ef:09:3a:4f:08:20:59:d5:5c:49:7e:4c:42:1c:50:
                    73:d8:dc:bf:73:a1:5b:9a:e9:b9:71:cb:d2:59:45:
                    70:9a:20:ff:44:d8:f0:93:c1:93:d7:b7:bd:88:87:
                    3b:f7:b9:22:f0:52:63:6f:bf:e4:dd:92:43:72:b8:
                    f5:44:34:17:7e:85:83:de:d5:93:a0:5e:eb:3c:7c:
                    dd:92:94:e9:99:87:19:97:b7:65:82:c3:81:85:6b:
                    f0:c6:28:4a:2f:91:48:4c:8c:48:2c:99:17:7c:d7:
                    e7:33:98:02:8d:44:53:5b:2c:9d:cd:d9:ca:9b:cc:
                    6b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:88:00:65:F5:AB:CF:A8:30:8D:B9:B5:36:FF:5E:DD:30:00:72:1D
            X509v3 Authority Key Identifier:
                keyid:6D:D1:DC:4D:2E:B7:BF:2A:3F:08:D5:45:75:54:77:05:51:43:F1:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bdHcTS63vyo_CNVFdVR3BVFD8XQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/bee483-eeb3-4c53-a456-fb4c54b6733a/1/cogAZfWrz6gwjbm1Nv9e3TAAch0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/bee483-eeb3-4c53-a456-fb4c54b6733a/1/bdHcTS63vyo_CNVFdVR3BVFD8XQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:6e44::/30

    Signature Algorithm: sha256WithRSAEncryption
         9c:27:f0:5d:a4:89:78:dc:30:fb:72:16:7b:6e:9c:ac:38:c6:
         0d:aa:3a:74:2e:2e:8a:f5:3a:99:bf:9f:0b:4d:22:ae:7d:77:
         6b:f1:54:58:71:99:63:89:f5:e4:59:3d:20:f7:79:94:20:f9:
         41:33:3c:08:44:e1:e5:4c:36:84:f1:1f:64:77:f6:84:c2:94:
         e8:0c:0c:f5:b0:34:d7:95:ec:7a:c7:83:66:53:19:5c:84:e6:
         b9:42:cb:4b:4b:c3:cf:fc:df:5c:be:2a:d2:25:2d:8f:4e:b5:
         45:b5:36:79:0a:04:87:82:1b:84:a8:bd:b3:2e:a0:be:eb:8e:
         50:23:dd:2b:b7:68:c5:08:d0:55:a8:e1:4a:61:51:da:6b:f5:
         89:93:bd:f6:8c:1f:2a:cf:1e:e5:5d:7a:82:dd:9a:3e:ff:58:
         36:8a:7f:d5:3f:b1:fd:50:c5:5b:6b:38:d8:4e:18:94:c7:1a:
         66:16:5d:60:01:36:f1:de:74:f7:a3:4e:ff:de:b5:87:c4:0f:
         24:61:d3:ed:7a:3f:1c:2b:a5:ad:10:35:5d:99:2f:63:02:60:
         b5:ea:c8:4c:9d:e1:c2:35:f7:6c:06:c8:4d:ee:5f:f4:16:e9:
         d9:e4:50:2d:a9:59:2e:01:d1:9d:f9:9c:a4:a2:e1:b5:82:4d:
         a6:2e:ad:a0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZMCxsceaEOyk6yNxwDVyRaCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZDFkYzRkMmViN2JmMmEzZjA4ZDU0NTc1NTQ3NzA1NTE0
M2YxNzQwHhcNMjQxMTA2MTg0MDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mjg4MDA2NWY1YWJjZmE4MzA4ZGI5YjUzNmZmNWVkZDMwMDA3MjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquFH4j1YJqhKDox3+S2gsqUpC6P4
4H2KZfs2u7fisM23+aTQXg4NlDkLXzbK+OEKKKugEffcNndOEBqNktDXiT0FhWaC
6X4CfXREp26X6QhXWbkKSTs3/ePVO+Gs5Q+Y8z+Ue7ipQFJkySPAgVJXp1VYIJGA
c10PaeuT4HFzLqPnJGcWhunvCTpPCCBZ1VxJfkxCHFBz2Ny/c6Fbmum5ccvSWUVw
miD/RNjwk8GT17e9iIc797ki8FJjb7/k3ZJDcrj1RDQXfoWD3tWToF7rPHzdkpTp
mYcZl7dlgsOBhWvwxihKL5FITIxILJkXfNfnM5gCjURTWyydzdnKm8xrKQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHKIAGX1q8+oMI25tTb/Xt0wAHIdMB8GA1UdIwQY
MBaAFG3R3E0ut78qPwjVRXVUdwVRQ/F0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRIY1RTNjN2eW9fQ05WRmRWUjNCVkZEOFhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9iZWU0ODMtZWViMy00YzUzLWE0NTYt
ZmI0YzU0YjY3MzNhLzEvY29nQVpmV3J6Nmd3amJtMU52OWUzVEFBY2gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9iZWU0ODMtZWViMy00YzUzLWE0NTYtZmI0YzU0YjY3MzNh
LzEvYmRIY1RTNjN2eW9fQ05WRmRWUjNCVkZEOFhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUCKhBuRDAN
BgkqhkiG9w0BAQsFAAOCAQEAnCfwXaSJeNww+3IWe26crDjGDao6dC4uivU6mb+f
C00irn13a/FUWHGZY4n15Fk9IPd5lCD5QTM8CETh5Uw2hPEfZHf2hMKU6AwM9bA0
15XseseDZlMZXITmuULLS0vDz/zfXL4q0iUtj061RbU2eQoEh4IbhKi9sy6gvuuO
UCPdK7doxQjQVajhSmFR2mv1iZO99owfKs8e5V16gt2aPv9YNop/1T+x/VDFW2s4
2E4YlMcaZhZdYAE28d5096NO/961h8QPJGHT7Xo/HCulrRA1XZkvYwJgterITJ3h
wjX3bAbITe5f9Bbp2eRQLalZLgHRnfmcpKLhtYJNpi6toA==
-----END CERTIFICATE-----