Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/coCw4HSibwooBwGXrgmdAWHFfZ0.roa
File:                     coCw4HSibwooBwGXrgmdAWHFfZ0.roa (raw, json)
Hash identifier:          tIzyQTmWe/hHYDWwxwjR8/KK9x6ztx9ru6htVoN/qmM=
Subject key identifier:   72:80:B0:E0:74:A2:6F:0A:28:07:01:97:AE:09:9D:01:61:C5:7D:9D
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       019298A9198C11CCF908BA06281F9AEC4E3E
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/coCw4HSibwooBwGXrgmdAWHFfZ0.roa
Signing time:             Thu 17 Oct 2024 04:07:51 +0000
ROA not before:           Thu 17 Oct 2024 04:07:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216246
IP address blocks:        2a11:fc80::/30 maxlen: 30
                          2a11:fc84::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:98:a9:19:8c:11:cc:f9:08:ba:06:28:1f:9a:ec:4e:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Oct 17 04:07:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7280b0e074a26f0a28070197ae099d0161c57d9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:8f:fd:98:c8:5c:93:76:c4:84:d9:bb:5d:f0:
                    d6:e2:9b:18:01:61:15:97:cc:72:a8:ef:0f:5f:2f:
                    35:6a:6b:71:26:3d:8b:60:16:67:18:98:08:83:d5:
                    56:c8:66:61:cb:0d:e2:9e:83:d4:66:6c:a6:0b:7c:
                    79:b4:2b:29:a1:d8:3f:fc:74:3d:30:0a:67:36:0e:
                    63:79:c5:51:14:12:df:49:bf:41:2e:36:67:f2:39:
                    48:69:96:51:bc:fa:28:8c:4e:3c:bf:92:98:8c:15:
                    0a:0a:7c:0f:43:e9:42:e1:38:b5:65:ce:bd:7c:00:
                    e4:19:c4:74:a7:0e:88:87:37:b0:e9:9e:b5:12:98:
                    1f:55:98:66:6f:6a:36:17:bf:e9:e2:ad:bc:7e:1c:
                    fd:bb:5f:c6:42:c0:87:b5:ed:9a:0d:65:e4:73:18:
                    af:7e:47:7b:7a:77:09:8d:db:9c:ab:fa:80:f1:01:
                    ba:25:46:fe:7d:07:78:a4:e5:e6:91:13:59:16:2c:
                    3d:f7:70:89:01:ae:58:7b:90:d5:25:fe:e0:23:b0:
                    6b:95:92:0f:b1:a7:29:c5:2b:90:b1:d4:0a:88:1e:
                    ef:11:ba:69:7d:d9:3e:0f:35:5a:24:34:02:e3:84:
                    b2:42:ab:49:56:13:c8:c5:d5:73:cc:05:8c:57:04:
                    65:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:80:B0:E0:74:A2:6F:0A:28:07:01:97:AE:09:9D:01:61:C5:7D:9D
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/coCw4HSibwooBwGXrgmdAWHFfZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:fc80::/29

    Signature Algorithm: sha256WithRSAEncryption
         2f:0f:c0:55:f3:e5:96:01:e2:8f:86:66:24:f4:c2:9e:ff:74:
         d2:71:66:c9:59:69:4e:b4:1d:37:97:68:1e:cd:0d:45:6d:ef:
         3d:02:b7:40:73:33:a0:65:d5:3b:a4:d0:ce:d9:92:c5:2a:19:
         9d:8a:d0:36:2e:74:eb:5a:60:1e:a7:39:64:2d:5a:d5:99:a7:
         8e:bd:35:83:4d:2c:41:39:ad:3c:89:95:9a:6c:3c:23:42:06:
         72:3c:17:26:c4:02:88:21:aa:a0:8e:09:2f:4b:33:8b:81:84:
         a0:75:dc:06:2e:0c:48:23:e8:9f:9a:21:2b:2f:77:d4:49:02:
         d0:d5:1d:85:30:97:51:04:25:2b:2f:12:a8:fe:56:68:ff:3b:
         1f:eb:5b:c6:dd:73:83:96:d9:e3:f6:6f:62:d2:ae:37:d3:17:
         73:6c:40:9d:86:40:82:87:f5:6d:f9:be:03:b4:f3:2e:6f:23:
         66:6d:dc:0a:5b:31:2c:fb:c0:70:a6:95:45:11:ba:1f:c7:44:
         1e:05:54:bd:50:03:dd:9c:da:1e:33:42:7f:94:07:b8:19:5b:
         28:7b:00:40:44:a5:08:6d:47:b1:8f:97:40:81:22:34:45:d4:
         97:81:f9:43:a1:3c:18:48:73:e3:bb:ab:90:42:f0:87:f0:07:
         73:e3:c7:58
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZKYqRmMEcz5CLoGKB+a7E4+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQxMDE3MDQwNzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjgwYjBlMDc0YTI2ZjBhMjgwNzAxOTdhZTA5OWQwMTYxYzU3ZDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2o/9mMhck3bEhNm7XfDW4psYAWEV
l8xyqO8PXy81amtxJj2LYBZnGJgIg9VWyGZhyw3inoPUZmymC3x5tCspodg//HQ9
MApnNg5jecVRFBLfSb9BLjZn8jlIaZZRvPoojE48v5KYjBUKCnwPQ+lC4Ti1Zc69
fADkGcR0pw6Ihzew6Z61EpgfVZhmb2o2F7/p4q28fhz9u1/GQsCHte2aDWXkcxiv
fkd7encJjducq/qA8QG6JUb+fQd4pOXmkRNZFiw993CJAa5Ye5DVJf7gI7BrlZIP
sacpxSuQsdQKiB7vEbppfdk+DzVaJDQC44SyQqtJVhPIxdVzzAWMVwRlcwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHKAsOB0om8KKAcBl64JnQFhxX2dMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvY29DdzRIU2lid29vQndHWHJnbWRBV0hGZlowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhH8gDAN
BgkqhkiG9w0BAQsFAAOCAQEALw/AVfPllgHij4ZmJPTCnv900nFmyVlpTrQdN5do
Hs0NRW3vPQK3QHMzoGXVO6TQztmSxSoZnYrQNi5061pgHqc5ZC1a1Zmnjr01g00s
QTmtPImVmmw8I0IGcjwXJsQCiCGqoI4JL0szi4GEoHXcBi4MSCPon5ohKy931EkC
0NUdhTCXUQQlKy8SqP5WaP87H+tbxt1zg5bZ4/ZvYtKuN9MXc2xAnYZAgof1bfm+
A7TzLm8jZm3cClsxLPvAcKaVRRG6H8dEHgVUvVAD3ZzaHjNCf5QHuBlbKHsAQESl
CG1HsY+XQIEiNEXUl4H5Q6E8GEhz47urkELwh/AHc+PHWA==
-----END CERTIFICATE-----