Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/0_dv6_hKNqZ-4nTsvvkqnn4eqkg.roa
File:                     0_dv6_hKNqZ-4nTsvvkqnn4eqkg.roa (raw, json)
Hash identifier:          FmNRQIGEjlH2YkVaVaK37VyRMbjXxoBjD2UyFB5IzJs=
Subject key identifier:   D3:F7:6F:EB:F8:4A:36:A6:7E:E2:74:EC:BE:F9:2A:9E:7E:1E:AA:48
Certificate issuer:       /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial:       018CC86F1FA9B738BBB0A72A094DEC3B8084
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/0_dv6_hKNqZ-4nTsvvkqnn4eqkg.roa
Signing time:             Tue 02 Jan 2024 04:29:34 +0000
ROA not before:           Tue 02 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12670
IP address blocks:        80.231.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:1f:a9:b7:38:bb:b0:a7:2a:09:4d:ec:3b:80:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
        Validity
            Not Before: Jan  2 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3f76febf84a36a67ee274ecbef92a9e7e1eaa48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:98:77:86:3a:7d:b7:a6:d0:49:b2:0e:b8:ae:
                    7f:d6:64:9a:fd:bc:23:32:78:4d:18:9e:1b:fa:57:
                    c4:1d:0f:9f:17:88:a8:23:a4:fe:b8:08:4e:d7:ac:
                    3a:1f:5b:ff:12:4e:a5:33:4f:25:aa:b3:ff:cc:45:
                    57:9d:6f:b6:53:30:46:32:64:f5:ad:6f:2d:40:48:
                    df:de:74:c8:2c:79:85:9b:0e:c7:a2:6e:49:9d:e6:
                    42:8b:62:1b:ea:9f:5c:e2:76:31:1d:33:03:bf:cb:
                    3d:d6:1d:f0:e7:fd:9d:76:a3:c4:33:dd:60:fd:e3:
                    55:ec:be:bd:ad:fd:b7:87:46:6f:4d:62:f9:6f:e7:
                    6b:9e:5e:e8:45:eb:6f:b6:05:32:f6:68:90:1a:2f:
                    32:86:67:33:d2:b0:31:fd:9f:83:77:38:d5:dd:55:
                    58:39:34:3b:45:89:a4:9b:fd:f2:6e:b7:b1:55:6f:
                    ea:90:50:2f:20:3e:f5:c7:f2:15:2c:ff:69:2c:7a:
                    46:7c:69:12:b7:f6:82:35:a6:39:9d:e2:ce:70:e6:
                    8a:18:8a:ba:2c:a0:87:65:16:d0:02:a7:3b:dc:ac:
                    a6:b5:1c:44:5e:58:41:ba:a6:a8:31:f6:f6:95:7a:
                    ff:80:22:83:9b:0c:0d:8a:9c:4d:bf:b6:d0:46:11:
                    fa:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:F7:6F:EB:F8:4A:36:A6:7E:E2:74:EC:BE:F9:2A:9E:7E:1E:AA:48
            X509v3 Authority Key Identifier:
                keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/0_dv6_hKNqZ-4nTsvvkqnn4eqkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.231.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:06:6d:87:9c:28:2b:63:6c:92:35:02:2c:c0:a0:ec:64:b8:
         e5:4c:a0:77:6a:52:df:5f:bc:e9:54:c7:e8:71:24:66:a3:d0:
         83:3a:ef:08:45:fe:82:ce:de:49:44:e4:81:bf:ea:db:86:bd:
         73:ff:b7:ee:99:a5:92:85:a8:b8:a5:32:bc:bb:3d:9a:cd:2e:
         42:36:5d:0b:08:0e:5d:9f:46:57:8d:13:01:84:4a:91:44:8e:
         9d:6e:3d:20:e7:f3:2b:0c:be:50:16:18:d9:00:72:53:0d:b9:
         57:ee:3a:d3:c3:86:a0:73:28:05:5a:ed:a6:1b:4f:ef:3a:e2:
         69:b2:98:b3:3d:b9:1a:b8:c4:7f:fb:9b:55:36:22:50:ef:e2:
         41:7e:4f:93:ff:bb:8d:d3:24:30:45:0b:0b:7e:90:ae:b7:0c:
         9f:6b:a0:a2:d8:0a:91:2d:47:ee:22:eb:4f:c1:7f:fb:cb:45:
         f0:23:ae:2c:bf:ea:2c:70:ff:0a:ae:d7:d8:ba:a0:5b:0a:93:
         73:b5:a3:26:5e:a1:55:5d:6d:7c:fd:a9:cf:c0:ef:ef:9b:8f:
         83:5f:88:d2:47:09:11:ea:bc:36:94:1b:26:93:b8:02:66:3e:
         c3:b0:f4:4a:e4:f2:59:36:b6:e2:0a:12:a4:11:e6:11:bb:7c:
         91:a8:10:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbx+ptzi7sKcqCU3sO4CEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjQwMTAyMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2Y3NmZlYmY4NGEzNmE2N2VlMjc0ZWNiZWY5MmE5ZTdlMWVhYTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnph3hjp9t6bQSbIOuK5/1mSa/bwj
MnhNGJ4b+lfEHQ+fF4ioI6T+uAhO16w6H1v/Ek6lM08lqrP/zEVXnW+2UzBGMmT1
rW8tQEjf3nTILHmFmw7Hom5JneZCi2Ib6p9c4nYxHTMDv8s91h3w5/2ddqPEM91g
/eNV7L69rf23h0ZvTWL5b+drnl7oRetvtgUy9miQGi8yhmcz0rAx/Z+DdzjV3VVY
OTQ7RYmkm/3ybrexVW/qkFAvID71x/IVLP9pLHpGfGkSt/aCNaY5neLOcOaKGIq6
LKCHZRbQAqc73KymtRxEXlhBuqaoMfb2lXr/gCKDmwwNipxNv7bQRhH6UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNP3b+v4SjamfuJ07L75Kp5+HqpIMB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvMF9kdjZfaEtOcVotNG5Uc3Z2a3FubjRlcWtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUOcJMA0G
CSqGSIb3DQEBCwUAA4IBAQC4Bm2HnCgrY2ySNQIswKDsZLjlTKB3alLfX7zpVMfo
cSRmo9CDOu8IRf6Czt5JROSBv+rbhr1z/7fumaWShai4pTK8uz2azS5CNl0LCA5d
n0ZXjRMBhEqRRI6dbj0g5/MrDL5QFhjZAHJTDblX7jrTw4agcygFWu2mG0/vOuJp
spizPbkauMR/+5tVNiJQ7+JBfk+T/7uN0yQwRQsLfpCutwyfa6Ci2AqRLUfuIutP
wX/7y0XwI64sv+oscP8KrtfYuqBbCpNztaMmXqFVXW18/anPwO/vm4+DX4jSRwkR
6rw2lBsmk7gCZj7DsPRK5PJZNrbiChKkEeYRu3yRqBB0
-----END CERTIFICATE-----