Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/coIHIgxOWZV4Y-zK1C6E1z73qA0.roa
File:                     coIHIgxOWZV4Y-zK1C6E1z73qA0.roa (raw, json)
Hash identifier:          wOIH7o09lQaLD++lBrtg5h6V7rDCYTYEWQ7xeXJscZ0=
Subject key identifier:   72:82:07:22:0C:4E:59:95:78:63:EC:CA:D4:2E:84:D7:3E:F7:A8:0D
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       0190CA58DAA7706CF958CE26D282FD8D818D
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/coIHIgxOWZV4Y-zK1C6E1z73qA0.roa
Signing time:             Fri 19 Jul 2024 09:35:38 +0000
ROA not before:           Fri 19 Jul 2024 09:35:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214911
IP address blocks:        2a0f:7803:dd00::/40 maxlen: 48
                          2a0f:7804:da00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ca:58:da:a7:70:6c:f9:58:ce:26:d2:82:fd:8d:81:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jul 19 09:35:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=728207220c4e59957863eccad42e84d73ef7a80d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:06:ea:da:a1:63:1f:4a:2f:0a:0e:02:7a:f9:
                    21:e9:2b:f7:4e:ec:a8:f4:92:00:f9:04:2d:2a:e0:
                    2b:21:60:2e:93:94:fc:f0:1e:f5:03:e7:76:1c:e6:
                    87:91:f6:01:de:23:62:03:86:9c:27:fc:42:20:35:
                    33:ec:d3:cf:80:cc:67:51:b4:f6:93:6f:1a:27:e0:
                    38:68:21:60:94:a4:db:ef:89:34:45:20:13:93:df:
                    5a:eb:d3:70:12:da:35:86:14:c3:ff:a4:c7:b5:21:
                    44:b9:3d:32:8b:c1:cd:8b:0e:69:a1:e1:2e:0f:d7:
                    08:d5:06:e7:98:fa:28:17:e3:b9:98:8b:62:62:d0:
                    1a:08:41:c7:28:d9:a6:72:8d:c0:5a:4b:5d:94:01:
                    38:f8:81:8f:17:01:1d:73:a2:2f:32:f9:b8:33:7b:
                    ec:58:75:f7:02:2b:f6:d3:81:72:c8:2d:5f:b9:fd:
                    40:59:50:f2:3e:a8:3a:c7:e9:46:5d:52:56:22:fd:
                    21:3e:06:48:30:1c:b3:4b:1a:06:44:9c:f3:57:05:
                    84:84:f3:ef:60:cb:65:14:68:2b:48:9e:43:75:ac:
                    17:3d:f7:93:f8:61:98:12:0b:71:f7:ae:55:cd:62:
                    a6:24:db:95:ca:85:f4:ca:d1:f0:a1:97:c2:1a:0e:
                    5f:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:82:07:22:0C:4E:59:95:78:63:EC:CA:D4:2E:84:D7:3E:F7:A8:0D
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/coIHIgxOWZV4Y-zK1C6E1z73qA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:dd00::/40
                  2a0f:7804:da00::/40

    Signature Algorithm: sha256WithRSAEncryption
         7c:4d:56:13:0c:27:cc:21:ec:ca:86:81:1e:f3:2f:32:7a:16:
         da:f7:8c:c1:ad:a1:48:02:78:50:80:1c:df:47:8b:c9:2f:1f:
         a1:c4:10:75:ab:eb:ae:f1:f3:69:e0:9d:00:b4:50:66:03:c8:
         ef:4f:5e:4a:fd:1a:8f:63:8a:d1:f1:11:41:1e:0a:8b:43:b6:
         67:73:b3:99:f9:9b:ba:94:c0:9f:0e:f9:6f:bf:51:de:79:31:
         83:01:96:e2:99:0f:88:fe:83:dd:0f:0e:54:06:f2:43:30:d5:
         77:b5:d2:1e:25:2d:36:cc:38:d7:17:31:6d:25:90:59:f8:a3:
         69:f1:a4:76:7e:ea:9a:3a:e7:b6:7b:04:16:68:57:43:fa:78:
         bf:c0:17:4a:07:d8:fb:31:05:4e:7d:89:45:94:1c:ca:59:23:
         a9:f9:c0:9d:69:14:2d:6b:e1:65:3b:f1:59:9b:4c:43:a9:0a:
         1a:80:10:cb:91:c5:04:8c:a0:d4:10:5b:08:1b:eb:db:00:5a:
         c6:7f:55:73:22:63:93:97:40:1d:c4:e5:08:b6:b8:eb:f7:61:
         d7:e2:79:a2:f5:ad:6f:ed:f1:c0:52:c0:10:67:c2:99:69:d4:
         7a:43:91:47:fc:a0:ba:28:28:16:27:58:7b:1d:e9:71:46:6f:
         51:bd:82:7f
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZDKWNqncGz5WM4m0oL9jYGNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwNzE5MDkzNTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjgyMDcyMjBjNGU1OTk1Nzg2M2VjY2FkNDJlODRkNzNlZjdhODBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQbq2qFjH0ovCg4Cevkh6Sv3Tuyo
9JIA+QQtKuArIWAuk5T88B71A+d2HOaHkfYB3iNiA4acJ/xCIDUz7NPPgMxnUbT2
k28aJ+A4aCFglKTb74k0RSATk99a69NwEto1hhTD/6THtSFEuT0yi8HNiw5poeEu
D9cI1QbnmPooF+O5mItiYtAaCEHHKNmmco3AWktdlAE4+IGPFwEdc6IvMvm4M3vs
WHX3Aiv204FyyC1fuf1AWVDyPqg6x+lGXVJWIv0hPgZIMByzSxoGRJzzVwWEhPPv
YMtlFGgrSJ5DdawXPfeT+GGYEgtx965VzWKmJNuVyoX0ytHwoZfCGg5fuwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFHKCByIMTlmVeGPsytQuhNc+96gNMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvY29JSElneE9XWlY0WS16SzFDNkUxejczcUEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYAKg94A90D
BgAqD3gE2jANBgkqhkiG9w0BAQsFAAOCAQEAfE1WEwwnzCHsyoaBHvMvMnoW2veM
wa2hSAJ4UIAc30eLyS8focQQdavrrvHzaeCdALRQZgPI709eSv0aj2OK0fERQR4K
i0O2Z3OzmfmbupTAnw75b79R3nkxgwGW4pkPiP6D3Q8OVAbyQzDVd7XSHiUtNsw4
1xcxbSWQWfijafGkdn7qmjrntnsEFmhXQ/p4v8AXSgfY+zEFTn2JRZQcylkjqfnA
nWkULWvhZTvxWZtMQ6kKGoAQy5HFBIyg1BBbCBvr2wBaxn9VcyJjk5dAHcTlCLa4
6/dh1+J5ovWtb+3xwFLAEGfCmWnUekORR/yguigoFidYex3pcUZvUb2Cfw==
-----END CERTIFICATE-----