Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/KofCe6a63xx-6ZxwYR9n9kVzTP4.roa
File:                     KofCe6a63xx-6ZxwYR9n9kVzTP4.roa (raw, json)
Hash identifier:          DUSBIgj3viPqRbOj6It2m7v5J9VvH2Nk/uqaNb0hAdE=
Subject key identifier:   2A:87:C2:7B:A6:BA:DF:1C:7E:E9:9C:70:61:1F:67:F6:45:73:4C:FE
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       018CC6B9481C5A339DFA6BC27288375FEBBC
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/KofCe6a63xx-6ZxwYR9n9kVzTP4.roa
Signing time:             Mon 01 Jan 2024 20:31:20 +0000
ROA not before:           Mon 01 Jan 2024 20:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210212
IP address blocks:        151.237.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:48:1c:5a:33:9d:fa:6b:c2:72:88:37:5f:eb:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  1 20:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a87c27ba6badf1c7ee99c70611f67f645734cfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:60:76:59:7d:c2:12:96:61:00:67:dd:94:82:
                    e8:f5:42:ac:3b:2b:ac:b0:d0:be:fe:b2:91:1d:98:
                    21:70:c5:cc:c0:b1:e3:b1:00:d9:8d:92:8f:40:47:
                    68:33:f2:e2:93:78:8b:27:ac:56:6e:40:02:97:04:
                    67:d5:9d:e1:0a:ab:9e:c2:89:f0:28:a1:35:d2:6e:
                    a5:8f:46:5d:a5:be:ae:36:b5:a1:11:00:2b:ff:87:
                    8c:8d:9e:72:c8:ad:54:5b:30:f9:83:c2:20:6f:9b:
                    18:d5:9e:1a:17:d3:05:57:62:72:2d:aa:87:86:44:
                    86:d8:99:21:f1:06:d7:15:9f:b9:c1:94:2c:92:da:
                    a4:72:b9:af:6e:9d:fb:b0:84:fc:d8:a8:61:31:d8:
                    1b:3f:7e:7d:52:ae:98:55:e4:ea:57:7f:3d:e2:b9:
                    7f:79:5d:e7:ec:b6:ce:a2:73:d8:af:3b:0e:fa:91:
                    60:22:e6:ea:df:93:5e:f4:8a:68:67:6f:27:bc:d9:
                    7e:c6:4b:16:5c:58:e2:c0:39:5a:8d:4e:da:8d:81:
                    81:3c:2b:d7:fe:02:ed:2e:63:c3:70:64:e0:dc:bb:
                    09:7c:aa:b1:16:12:ab:5b:5e:24:38:58:13:54:5a:
                    2f:f8:1e:48:99:38:b2:a4:f6:bf:88:33:8a:53:4f:
                    41:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:87:C2:7B:A6:BA:DF:1C:7E:E9:9C:70:61:1F:67:F6:45:73:4C:FE
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/KofCe6a63xx-6ZxwYR9n9kVzTP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.237.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:08:c5:38:9b:2f:00:0d:c7:a0:84:5f:41:90:ce:3c:b1:6e:
         73:1e:9f:b6:7b:f3:d4:7f:63:73:fb:ca:8c:01:ac:2d:bb:3f:
         7d:aa:54:74:c1:c3:db:c7:0a:76:16:1e:18:f5:f4:11:99:f1:
         59:6e:47:98:5f:b8:e6:be:f7:e4:41:4f:34:b9:4f:bb:46:05:
         87:3a:b3:8c:e1:40:dd:e0:bc:31:59:2d:df:78:13:42:3d:2d:
         a8:10:d4:80:87:2d:b8:ef:73:ef:0e:59:3d:a6:3d:aa:c5:16:
         3e:86:10:af:5d:24:83:77:bf:df:79:cc:3a:0a:26:ef:73:5f:
         75:0a:f5:e4:65:4d:05:98:fd:ee:97:e3:13:ab:a5:5c:77:81:
         bd:60:35:86:b3:32:88:99:d7:c5:36:a1:33:a3:b4:c5:0e:72:
         4a:57:62:5c:a8:19:0b:1a:77:ca:d1:85:31:74:0c:23:a4:81:
         d8:e6:b6:e1:a8:a5:31:99:b2:31:4c:ee:9b:5a:4f:d2:cb:3e:
         02:27:6c:7e:11:2d:6f:19:72:3f:da:13:fb:11:59:a9:b2:25:
         d3:3a:fe:f5:ce:b9:05:c8:ca:c1:a2:1f:f4:03:84:34:1e:8e:
         b7:7c:92:d0:dc:d7:bd:49:58:22:2c:e3:fb:03:9e:9c:c5:a4:
         4a:f7:e6:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuUgcWjOd+mvCcog3X+u8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjQwMTAxMjAzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTg3YzI3YmE2YmFkZjFjN2VlOTljNzA2MTFmNjdmNjQ1NzM0Y2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhWB2WX3CEpZhAGfdlILo9UKsOyus
sNC+/rKRHZghcMXMwLHjsQDZjZKPQEdoM/Lik3iLJ6xWbkAClwRn1Z3hCquewonw
KKE10m6lj0Zdpb6uNrWhEQAr/4eMjZ5yyK1UWzD5g8Igb5sY1Z4aF9MFV2JyLaqH
hkSG2Jkh8QbXFZ+5wZQsktqkcrmvbp37sIT82KhhMdgbP359Uq6YVeTqV3894rl/
eV3n7LbOonPYrzsO+pFgIubq35Ne9IpoZ28nvNl+xksWXFjiwDlajU7ajYGBPCvX
/gLtLmPDcGTg3LsJfKqxFhKrW14kOFgTVFov+B5ImTiypPa/iDOKU09BBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqHwnumut8cfumccGEfZ/ZFc0z+MB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvS29mQ2U2YTYzeHgtNlp4d1lSOW45a1Z6VFA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl+0bMA0G
CSqGSIb3DQEBCwUAA4IBAQB5CMU4my8ADceghF9BkM48sW5zHp+2e/PUf2Nz+8qM
Aawtuz99qlR0wcPbxwp2Fh4Y9fQRmfFZbkeYX7jmvvfkQU80uU+7RgWHOrOM4UDd
4LwxWS3feBNCPS2oENSAhy2473PvDlk9pj2qxRY+hhCvXSSDd7/fecw6Cibvc191
CvXkZU0FmP3ul+MTq6Vcd4G9YDWGszKImdfFNqEzo7TFDnJKV2JcqBkLGnfK0YUx
dAwjpIHY5rbhqKUxmbIxTO6bWk/Syz4CJ2x+ES1vGXI/2hP7EVmpsiXTOv71zrkF
yMrBoh/0A4Q0Ho63fJLQ3Ne9SVgiLOP7A56cxaRK9+ai
-----END CERTIFICATE-----