Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/aea465-ba45-49ac-9c68-7b41fabc6f67/1/9ij6_n4bjTVypxcUsx6GYajxRlg.roa
File:                     9ij6_n4bjTVypxcUsx6GYajxRlg.roa (raw, json)
Hash identifier:          g9BrinXupf0n7OptmOsEOzPuj/eGV5FyIFeg5ehfn1E=
Subject key identifier:   F6:28:FA:FE:7E:1B:8D:35:72:A7:17:14:B3:1E:86:61:A8:F1:46:58
Certificate issuer:       /CN=41e383c5807e9b32f576d0a5b8ee7744cacfb717
Certificate serial:       018F064000F10D5FF01C10E1956A21A32FCF
Authority key identifier: 41:E3:83:C5:80:7E:9B:32:F5:76:D0:A5:B8:EE:77:44:CA:CF:B7:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QeODxYB-mzL1dtCluO53RMrPtxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/aea465-ba45-49ac-9c68-7b41fabc6f67/1/9ij6_n4bjTVypxcUsx6GYajxRlg.roa
Signing time:             Mon 22 Apr 2024 14:40:08 +0000
ROA not before:           Mon 22 Apr 2024 14:40:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a06:9080::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/aea465-ba45-49ac-9c68-7b41fabc6f67/1/QeODxYB-mzL1dtCluO53RMrPtxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/aea465-ba45-49ac-9c68-7b41fabc6f67/1/QeODxYB-mzL1dtCluO53RMrPtxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QeODxYB-mzL1dtCluO53RMrPtxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:06:40:00:f1:0d:5f:f0:1c:10:e1:95:6a:21:a3:2f:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41e383c5807e9b32f576d0a5b8ee7744cacfb717
        Validity
            Not Before: Apr 22 14:40:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f628fafe7e1b8d3572a71714b31e8661a8f14658
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:04:4e:9b:92:cd:1f:36:06:6f:27:fa:5f:e4:
                    c7:fc:66:73:39:b9:1a:95:94:ea:67:a5:0c:d7:00:
                    65:7a:6d:45:41:31:af:9d:7c:6e:48:3f:4c:89:82:
                    a4:36:a4:1d:d2:37:af:95:55:ba:7f:93:d2:11:f7:
                    e0:ad:d4:9d:12:8f:e6:5c:4d:db:5c:a1:9f:de:bd:
                    5e:8c:ba:c9:f7:f4:6f:00:a6:d8:c3:e9:e5:fd:b2:
                    59:85:1a:a4:02:71:a8:72:8d:33:20:44:9a:5b:b4:
                    99:e4:f2:c0:b2:bb:1b:0a:bf:ad:b4:f3:49:a7:e1:
                    03:44:f4:dd:2d:2e:0e:d5:3b:18:e2:b1:a2:e4:77:
                    ab:ae:67:8f:96:2a:69:c0:4c:3f:41:3e:ec:ea:99:
                    13:83:78:c9:8d:4c:83:c0:78:02:cb:c2:38:a1:ec:
                    7f:22:eb:42:97:b5:79:a7:6e:ea:03:cd:b7:d9:04:
                    d3:c9:07:1a:06:7b:1f:e2:e0:83:98:23:99:5f:84:
                    68:b7:4c:92:fc:ae:57:0f:bc:1a:9e:20:95:e9:ed:
                    8a:84:80:66:0f:ae:ac:8b:24:50:0f:9d:64:03:ee:
                    56:d7:be:cd:87:bd:76:3a:29:23:e9:11:ae:3e:9f:
                    7f:43:13:ba:46:77:cb:3d:33:65:00:c8:f1:9b:a7:
                    af:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:28:FA:FE:7E:1B:8D:35:72:A7:17:14:B3:1E:86:61:A8:F1:46:58
            X509v3 Authority Key Identifier:
                keyid:41:E3:83:C5:80:7E:9B:32:F5:76:D0:A5:B8:EE:77:44:CA:CF:B7:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QeODxYB-mzL1dtCluO53RMrPtxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/aea465-ba45-49ac-9c68-7b41fabc6f67/1/9ij6_n4bjTVypxcUsx6GYajxRlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/aea465-ba45-49ac-9c68-7b41fabc6f67/1/QeODxYB-mzL1dtCluO53RMrPtxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9080::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:f9:49:b0:de:fb:74:d7:24:51:56:3b:c5:53:8c:63:5a:2f:
         08:bf:75:63:94:05:4a:f7:f0:19:80:7c:54:8e:72:eb:fc:e0:
         d6:83:9b:3b:61:f7:c5:e1:9b:1a:5e:26:64:cf:b7:c8:33:82:
         fd:43:8c:26:9b:5e:f0:0a:1c:72:ac:09:df:42:2b:ba:2d:40:
         72:24:d5:c6:a7:ad:2d:48:19:2a:37:a9:7f:f0:64:21:a7:62:
         55:ec:94:1a:51:f0:54:1f:60:89:5b:65:7c:51:9c:34:02:9f:
         bc:7d:4f:b6:eb:dd:49:ff:d4:e8:d4:07:2d:2a:3e:7e:41:9e:
         3b:20:fe:51:21:b2:5d:8f:c5:bf:d2:ad:db:33:95:bb:91:37:
         db:d3:d2:76:8d:6f:8e:93:20:58:6e:57:f6:f9:98:be:54:1e:
         6c:57:d2:c5:a8:de:3d:dc:d3:13:01:35:d2:9f:73:ee:8d:0f:
         72:57:c5:87:47:37:92:84:d5:61:2d:d2:5e:51:40:8a:71:6e:
         84:61:23:a3:5a:06:87:16:96:ba:e9:20:37:42:17:df:47:b8:
         ad:73:08:f0:f0:f6:a4:48:39:25:6d:d1:b8:ac:ba:d6:87:f7:
         28:43:fe:2f:ad:12:f5:7c:6b:55:16:a0:69:fe:7b:68:4e:ea:
         8c:bd:cc:4c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8GQADxDV/wHBDhlWohoy/PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZTM4M2M1ODA3ZTliMzJmNTc2ZDBhNWI4ZWU3NzQ0Y2Fj
ZmI3MTcwHhcNMjQwNDIyMTQ0MDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjI4ZmFmZTdlMWI4ZDM1NzJhNzE3MTRiMzFlODY2MWE4ZjE0NjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAROm5LNHzYGbyf6X+TH/GZzObka
lZTqZ6UM1wBlem1FQTGvnXxuSD9MiYKkNqQd0jevlVW6f5PSEffgrdSdEo/mXE3b
XKGf3r1ejLrJ9/RvAKbYw+nl/bJZhRqkAnGoco0zIESaW7SZ5PLAsrsbCr+ttPNJ
p+EDRPTdLS4O1TsY4rGi5HerrmePlippwEw/QT7s6pkTg3jJjUyDwHgCy8I4oex/
IutCl7V5p27qA8232QTTyQcaBnsf4uCDmCOZX4Rot0yS/K5XD7waniCV6e2KhIBm
D66siyRQD51kA+5W177Nh712Oikj6RGuPp9/QxO6RnfLPTNlAMjxm6evhQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPYo+v5+G401cqcXFLMehmGo8UZYMB8GA1UdIwQY
MBaAFEHjg8WAfpsy9XbQpbjud0TKz7cXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWVPRHhZQi1tekwxZHRDbHVPNTNSTXJQdHhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9hZWE0NjUtYmE0NS00OWFjLTljNjgt
N2I0MWZhYmM2ZjY3LzEvOWlqNl9uNGJqVFZ5cHhjVXN4NkdZYWp4UmxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9hZWE0NjUtYmE0NS00OWFjLTljNjgtN2I0MWZhYmM2ZjY3
LzEvUWVPRHhZQi1tekwxZHRDbHVPNTNSTXJQdHhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgaQgDAN
BgkqhkiG9w0BAQsFAAOCAQEAJflJsN77dNckUVY7xVOMY1ovCL91Y5QFSvfwGYB8
VI5y6/zg1oObO2H3xeGbGl4mZM+3yDOC/UOMJpte8AoccqwJ30Irui1AciTVxqet
LUgZKjepf/BkIadiVeyUGlHwVB9giVtlfFGcNAKfvH1PtuvdSf/U6NQHLSo+fkGe
OyD+USGyXY/Fv9Kt2zOVu5E329PSdo1vjpMgWG5X9vmYvlQebFfSxajePdzTEwE1
0p9z7o0PclfFh0c3koTVYS3SXlFAinFuhGEjo1oGhxaWuukgN0IX30e4rXMI8PD2
pEg5JW3RuKy61of3KEP+L60S9XxrVRagaf57aE7qjL3MTA==
-----END CERTIFICATE-----