Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/CDxDxtHr9ioQ01TaA4ao2l70Zn4.roa
File:                     CDxDxtHr9ioQ01TaA4ao2l70Zn4.roa (raw, json)
Hash identifier:          q0HC9E04HADt2tvFAQ44e2E1Vb7rQWf68W2gAfrBvmM=
Subject key identifier:   08:3C:43:C6:D1:EB:F6:2A:10:D3:54:DA:03:86:A8:DA:5E:F4:66:7E
Certificate issuer:       /CN=9ce94757ac3f70b40f369307d365ebc9657bab69
Certificate serial:       018CC3B7133E76387F214081853C0BABB7DA
Authority key identifier: 9C:E9:47:57:AC:3F:70:B4:0F:36:93:07:D3:65:EB:C9:65:7B:AB:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nOlHV6w_cLQPNpMH02XryWV7q2k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/CDxDxtHr9ioQ01TaA4ao2l70Zn4.roa
Signing time:             Mon 01 Jan 2024 06:30:04 +0000
ROA not before:           Mon 01 Jan 2024 06:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34542
IP address blocks:        156.28.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/nOlHV6w_cLQPNpMH02XryWV7q2k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/nOlHV6w_cLQPNpMH02XryWV7q2k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nOlHV6w_cLQPNpMH02XryWV7q2k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:13:3e:76:38:7f:21:40:81:85:3c:0b:ab:b7:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ce94757ac3f70b40f369307d365ebc9657bab69
        Validity
            Not Before: Jan  1 06:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=083c43c6d1ebf62a10d354da0386a8da5ef4667e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:fd:e5:58:be:18:c5:89:f1:bb:ea:42:33:84:
                    d4:3b:ef:7d:6b:7a:ec:05:0d:e9:fe:b6:1c:f2:ca:
                    00:d2:84:bd:b2:5a:46:39:69:2f:73:fa:9f:c1:9f:
                    b0:b3:67:b8:5a:3f:f8:4a:61:e6:d6:1f:39:d7:c7:
                    55:95:89:05:fd:44:78:73:3f:d2:0f:30:6b:31:ba:
                    ff:af:ba:13:54:b7:bb:f8:be:9b:8c:87:a5:3b:a5:
                    bc:2e:b3:db:ae:7d:52:d6:e6:57:fb:5f:3f:bc:c9:
                    01:12:9c:12:75:c5:e6:96:c7:f8:8a:54:3c:18:1d:
                    60:73:34:bb:a7:5a:27:94:27:a9:b5:54:9a:a5:fe:
                    cf:29:a7:ec:1e:3c:f4:1d:fd:82:91:25:2a:10:fb:
                    9d:51:0f:ac:8c:81:aa:ee:b9:59:01:b7:ef:9e:a6:
                    4b:24:0e:21:95:1a:0f:d4:c8:3a:79:c3:34:84:3a:
                    3c:b1:77:7a:8c:57:4c:47:7d:17:07:ad:5d:a5:f7:
                    e8:18:a9:85:fe:c2:78:5f:60:72:3f:74:01:06:2c:
                    c5:a6:8b:86:c2:17:4b:50:ae:c5:2a:30:ca:df:fe:
                    be:9b:b2:53:8a:5b:3d:7c:91:2a:ab:c0:8d:e4:90:
                    9b:0a:47:10:2e:39:b0:01:09:63:3e:49:be:a6:38:
                    83:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:3C:43:C6:D1:EB:F6:2A:10:D3:54:DA:03:86:A8:DA:5E:F4:66:7E
            X509v3 Authority Key Identifier:
                keyid:9C:E9:47:57:AC:3F:70:B4:0F:36:93:07:D3:65:EB:C9:65:7B:AB:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nOlHV6w_cLQPNpMH02XryWV7q2k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/CDxDxtHr9ioQ01TaA4ao2l70Zn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/nOlHV6w_cLQPNpMH02XryWV7q2k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.28.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d6:dd:ec:44:6b:5b:de:e4:81:0b:ec:19:fb:47:fe:ed:0b:d9:
         a9:24:5c:40:0a:c0:7e:a2:91:7e:da:92:f3:b0:b3:4f:ea:66:
         bb:46:d4:3f:86:b9:9c:ac:17:00:b8:31:bc:e5:99:ac:b9:ce:
         8f:38:e7:e2:a5:3f:c5:73:e8:eb:fc:cf:1c:5a:5f:d5:7a:af:
         8a:03:f4:d9:e7:1d:0b:dd:01:40:c1:f8:99:fc:63:c6:bb:b6:
         6e:3a:02:5e:22:f1:dc:f6:74:05:74:71:9a:c1:40:7c:a6:f1:
         b9:cb:c3:bd:2a:c5:6e:95:14:09:bf:05:b1:a2:13:48:e4:12:
         24:c5:7a:e9:62:1d:14:84:b7:a3:9e:f1:82:fe:88:ef:1b:3d:
         2c:66:28:1d:9a:b0:4e:9b:ee:68:01:e4:70:14:5f:65:2b:65:
         0d:44:7d:9a:4a:f3:e6:44:65:49:56:26:07:f7:e7:19:44:7a:
         74:e9:ae:3b:7f:99:6e:25:c7:5f:4b:ae:c6:0e:9b:5e:f9:d7:
         cc:f5:43:73:fa:40:47:24:27:39:dc:c9:c4:49:2a:46:b4:49:
         83:73:6b:1c:cc:f6:2d:08:27:c0:72:24:49:49:44:eb:6e:27:
         78:e1:7e:0a:f1:46:83:39:a3:19:95:41:bd:5e:4b:88:dc:35:
         c0:f6:aa:74
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzDtxM+djh/IUCBhTwLq7faMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljZTk0NzU3YWMzZjcwYjQwZjM2OTMwN2QzNjVlYmM5NjU3
YmFiNjkwHhcNMjQwMTAxMDYzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODNjNDNjNmQxZWJmNjJhMTBkMzU0ZGEwMzg2YThkYTVlZjQ2NjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1f3lWL4YxYnxu+pCM4TUO+99a3rs
BQ3p/rYc8soA0oS9slpGOWkvc/qfwZ+ws2e4Wj/4SmHm1h8518dVlYkF/UR4cz/S
DzBrMbr/r7oTVLe7+L6bjIelO6W8LrPbrn1S1uZX+18/vMkBEpwSdcXmlsf4ilQ8
GB1gczS7p1onlCeptVSapf7PKafsHjz0Hf2CkSUqEPudUQ+sjIGq7rlZAbfvnqZL
JA4hlRoP1Mg6ecM0hDo8sXd6jFdMR30XB61dpffoGKmF/sJ4X2ByP3QBBizFpouG
whdLUK7FKjDK3/6+m7JTils9fJEqq8CN5JCbCkcQLjmwAQljPkm+pjiDCQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFAg8Q8bR6/YqENNU2gOGqNpe9GZ+MB8GA1UdIwQY
MBaAFJzpR1esP3C0DzaTB9Nl68lle6tpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbk9sSFY2d19jTFFQTnBNSDAyWHJ5V1Y3cTJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS80ODEyNjktZGJkYi00MjVlLTk2NDIt
ZTFlYTQxYzlhMmU2LzEvQ0R4RHh0SHI5aW9RMDFUYUE0YW8ybDcwWm40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS80ODEyNjktZGJkYi00MjVlLTk2NDItZTFlYTQxYzlhMmU2
LzEvbk9sSFY2d19jTFFQTnBNSDAyWHJ5V1Y3cTJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAnBwwDQYJ
KoZIhvcNAQELBQADggEBANbd7ERrW97kgQvsGftH/u0L2akkXEAKwH6ikX7akvOw
s0/qZrtG1D+GuZysFwC4Mbzlmay5zo845+KlP8Vz6Ov8zxxaX9V6r4oD9NnnHQvd
AUDB+Jn8Y8a7tm46Al4i8dz2dAV0cZrBQHym8bnLw70qxW6VFAm/BbGiE0jkEiTF
euliHRSEt6Oe8YL+iO8bPSxmKB2asE6b7mgB5HAUX2UrZQ1EfZpK8+ZEZUlWJgf3
5xlEenTprjt/mW4lx19LrsYOm17518z1Q3P6QEckJzncycRJKka0SYNzaxzM9i0I
J8ByJElJROtuJ3jhfgrxRoM5oxmVQb1eS4jcNcD2qnQ=
-----END CERTIFICATE-----