Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/a0147b-058d-4f2d-b603-61f9e54ed239/1/CoIXKGDTZzoh2Q-9NqJ9O2xH9F8.roa
File:                     CoIXKGDTZzoh2Q-9NqJ9O2xH9F8.roa (raw, json)
Hash identifier:          GLcd6+ApbVLDcQEBdZZ5I0x8Qjzla0qsnoQs+aN6ms8=
Subject key identifier:   0A:82:17:28:60:D3:67:3A:21:D9:0F:BD:36:A2:7D:3B:6C:47:F4:5F
Certificate issuer:       /CN=ed476a7486b785451293571126c5f9da3ec485d8
Certificate serial:       018CC7957A10872876D34B2FB3501FFA1C49
Authority key identifier: ED:47:6A:74:86:B7:85:45:12:93:57:11:26:C5:F9:DA:3E:C4:85:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7UdqdIa3hUUSk1cRJsX52j7Ehdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/a0147b-058d-4f2d-b603-61f9e54ed239/1/CoIXKGDTZzoh2Q-9NqJ9O2xH9F8.roa
Signing time:             Tue 02 Jan 2024 00:31:51 +0000
ROA not before:           Tue 02 Jan 2024 00:31:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        193.160.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/a0147b-058d-4f2d-b603-61f9e54ed239/1/7UdqdIa3hUUSk1cRJsX52j7Ehdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/a0147b-058d-4f2d-b603-61f9e54ed239/1/7UdqdIa3hUUSk1cRJsX52j7Ehdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7UdqdIa3hUUSk1cRJsX52j7Ehdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:7a:10:87:28:76:d3:4b:2f:b3:50:1f:fa:1c:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed476a7486b785451293571126c5f9da3ec485d8
        Validity
            Not Before: Jan  2 00:31:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a82172860d3673a21d90fbd36a27d3b6c47f45f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:e8:ad:80:96:88:d4:d2:8c:7c:e3:13:55:59:
                    cf:ac:47:94:1d:f6:3b:31:d6:e8:d9:ce:77:f3:6c:
                    3a:50:83:85:a2:93:20:ad:98:db:8c:06:b9:59:15:
                    a3:30:bd:46:a0:35:91:09:a1:43:b5:08:8d:f2:03:
                    cb:29:b9:39:3b:ec:93:3a:ae:e7:bb:11:f1:62:6c:
                    ce:82:c5:b5:28:4a:9d:59:17:6a:86:ec:80:33:cd:
                    88:91:37:f4:da:f7:d4:65:8c:e1:55:dc:11:d6:7e:
                    0e:85:f2:5b:80:5f:41:78:af:ac:f1:1d:a3:a4:ab:
                    34:3b:17:56:df:d4:df:4f:03:0c:87:21:b9:63:20:
                    34:b0:75:f2:10:3e:fe:ec:64:c0:07:2d:73:0c:29:
                    19:63:f9:aa:f2:12:e1:7f:35:c8:a7:df:8c:c9:27:
                    0a:65:16:85:05:32:10:07:68:f1:2b:fe:3c:0a:cc:
                    55:58:78:0c:6d:14:0e:50:f3:8a:23:76:9d:b3:97:
                    d0:c4:26:81:05:37:d1:56:80:5e:c0:78:1a:81:37:
                    f8:ed:43:87:18:96:c2:01:c9:16:b9:74:06:5e:38:
                    17:3d:b0:f8:02:82:2e:0a:e4:d2:c0:9c:21:9f:d2:
                    a6:fe:c2:8f:c2:3c:ad:d2:c1:b9:a6:29:be:0a:61:
                    a2:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:82:17:28:60:D3:67:3A:21:D9:0F:BD:36:A2:7D:3B:6C:47:F4:5F
            X509v3 Authority Key Identifier:
                keyid:ED:47:6A:74:86:B7:85:45:12:93:57:11:26:C5:F9:DA:3E:C4:85:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7UdqdIa3hUUSk1cRJsX52j7Ehdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a0147b-058d-4f2d-b603-61f9e54ed239/1/CoIXKGDTZzoh2Q-9NqJ9O2xH9F8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a0147b-058d-4f2d-b603-61f9e54ed239/1/7UdqdIa3hUUSk1cRJsX52j7Ehdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:46:05:4b:97:08:a5:ae:22:c0:d6:6f:90:69:2b:d0:b9:ca:
         93:c4:f8:1f:12:29:cb:67:92:8a:0a:44:23:b5:12:af:7b:e4:
         4f:83:71:64:3a:5b:e6:d8:0f:a7:77:79:53:c8:ec:c0:33:05:
         c5:dc:ca:36:ba:88:6f:2a:d9:80:14:25:fa:98:0a:45:fa:9f:
         33:d4:0a:d1:c7:4e:dc:74:a8:18:9f:57:28:4e:f5:e7:af:4a:
         e0:e3:24:c5:dc:35:ce:c6:39:63:c8:ea:c8:64:dd:62:31:80:
         61:06:b1:28:bf:f6:1a:7f:72:b0:e9:45:a3:b9:09:dd:a4:e4:
         73:8b:6a:02:6b:c9:f9:3f:48:aa:85:81:07:86:d3:4e:ac:20:
         2e:94:a4:7c:6f:42:04:b5:3f:0b:d3:cc:40:4f:a6:c7:89:9d:
         e6:98:61:00:77:c8:32:56:ef:e4:38:2d:1b:70:44:f3:f5:b8:
         29:eb:71:c8:0b:5f:fe:10:15:7e:08:f3:57:c7:b8:49:20:a2:
         76:a1:36:b1:ef:63:6f:51:3b:d9:5f:09:d9:ba:83:bb:01:b9:
         e4:eb:7f:07:08:db:56:45:7a:a7:3b:ae:da:d9:52:93:dc:dc:
         06:07:76:aa:98:d3:ef:e1:f7:71:35:20:cd:8b:ed:02:bb:bf:
         eb:53:c7:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlXoQhyh200svs1Af+hxJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNDc2YTc0ODZiNzg1NDUxMjkzNTcxMTI2YzVmOWRhM2Vj
NDg1ZDgwHhcNMjQwMTAyMDAzMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTgyMTcyODYwZDM2NzNhMjFkOTBmYmQzNmEyN2QzYjZjNDdmNDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OitgJaI1NKMfOMTVVnPrEeUHfY7
Mdbo2c5382w6UIOFopMgrZjbjAa5WRWjML1GoDWRCaFDtQiN8gPLKbk5O+yTOq7n
uxHxYmzOgsW1KEqdWRdqhuyAM82IkTf02vfUZYzhVdwR1n4OhfJbgF9BeK+s8R2j
pKs0OxdW39TfTwMMhyG5YyA0sHXyED7+7GTABy1zDCkZY/mq8hLhfzXIp9+MyScK
ZRaFBTIQB2jxK/48CsxVWHgMbRQOUPOKI3ads5fQxCaBBTfRVoBewHgagTf47UOH
GJbCAckWuXQGXjgXPbD4AoIuCuTSwJwhn9Km/sKPwjyt0sG5pim+CmGiQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAqCFyhg02c6IdkPvTaifTtsR/RfMB8GA1UdIwQY
MBaAFO1HanSGt4VFEpNXESbF+do+xIXYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1VkcWRJYTNoVVVTazFjUkpzWDUyajdFaGRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9hMDE0N2ItMDU4ZC00ZjJkLWI2MDMt
NjFmOWU1NGVkMjM5LzEvQ29JWEtHRFRaem9oMlEtOU5xSjlPMnhIOUY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9hMDE0N2ItMDU4ZC00ZjJkLWI2MDMtNjFmOWU1NGVkMjM5
LzEvN1VkcWRJYTNoVVVTazFjUkpzWDUyajdFaGRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaAcMA0G
CSqGSIb3DQEBCwUAA4IBAQBQRgVLlwilriLA1m+QaSvQucqTxPgfEinLZ5KKCkQj
tRKve+RPg3FkOlvm2A+nd3lTyOzAMwXF3Mo2uohvKtmAFCX6mApF+p8z1ArRx07c
dKgYn1coTvXnr0rg4yTF3DXOxjljyOrIZN1iMYBhBrEov/Yaf3Kw6UWjuQndpORz
i2oCa8n5P0iqhYEHhtNOrCAulKR8b0IEtT8L08xAT6bHiZ3mmGEAd8gyVu/kOC0b
cETz9bgp63HIC1/+EBV+CPNXx7hJIKJ2oTax72NvUTvZXwnZuoO7Abnk638HCNtW
RXqnO67a2VKT3NwGB3aqmNPv4fdxNSDNi+0Cu7/rU8ed
-----END CERTIFICATE-----