Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/hOTTZX2nB8Ex2j8KdDkYa49HjZc.roa
File:                     hOTTZX2nB8Ex2j8KdDkYa49HjZc.roa (raw, json)
Hash identifier:          SRw+VXrpYtjp042rUqAOKVRYQnc5ZKAaDbLxqDv2tQ0=
Subject key identifier:   84:E4:D3:65:7D:A7:07:C1:31:DA:3F:0A:74:39:18:6B:8F:47:8D:97
Certificate issuer:       /CN=c1eb076d16702c7dbea972e2972ef576a1f2c873
Certificate serial:       018F3DC38DA5DBEFAD584E7E4021B9D1B249
Authority key identifier: C1:EB:07:6D:16:70:2C:7D:BE:A9:72:E2:97:2E:F5:76:A1:F2:C8:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wesHbRZwLH2-qXLily71dqHyyHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/hOTTZX2nB8Ex2j8KdDkYa49HjZc.roa
Signing time:             Fri 03 May 2024 09:22:56 +0000
ROA not before:           Fri 03 May 2024 09:22:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16140
IP address blocks:        2a03:d280:1f00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/wesHbRZwLH2-qXLily71dqHyyHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/wesHbRZwLH2-qXLily71dqHyyHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wesHbRZwLH2-qXLily71dqHyyHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3d:c3:8d:a5:db:ef:ad:58:4e:7e:40:21:b9:d1:b2:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1eb076d16702c7dbea972e2972ef576a1f2c873
        Validity
            Not Before: May  3 09:22:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84e4d3657da707c131da3f0a7439186b8f478d97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:51:17:23:e6:e9:34:ca:77:2d:2d:3b:9e:98:
                    16:96:1b:d5:84:79:c1:82:48:4f:64:15:0b:2b:e2:
                    dd:f1:4a:f5:b6:8c:00:f3:ca:3f:51:9a:4c:07:ef:
                    82:d1:e6:82:8c:a3:b9:c8:5a:26:d1:f7:57:ea:e4:
                    0e:d3:47:55:17:26:c3:6b:b9:26:ab:b9:8c:54:2f:
                    20:9f:ca:4a:a0:2b:e3:8f:2c:4f:4b:7b:aa:f9:8f:
                    54:0b:a2:e9:50:65:b1:7e:8a:74:28:32:6c:a2:4e:
                    ad:15:2c:0d:5b:8e:47:39:df:f1:47:f1:b2:12:35:
                    f4:4c:32:44:5c:61:c1:43:2e:d0:82:cb:b5:69:bc:
                    be:88:29:93:95:e6:18:1e:e2:41:66:af:a1:89:08:
                    9b:a0:28:bc:61:80:ae:dc:ef:e3:6c:2c:d3:9d:4e:
                    32:c7:12:84:e0:11:b9:03:55:5a:4b:a3:4b:e7:3b:
                    d6:55:a1:f6:b3:de:e6:c9:02:8e:10:cf:69:3b:31:
                    14:5a:14:e6:7d:60:3f:f1:80:85:19:23:00:8e:74:
                    ab:fb:24:bd:af:93:2b:a6:26:4b:52:91:de:77:62:
                    3a:4e:a5:36:48:bf:5e:ba:e1:01:72:e3:b8:c7:b0:
                    17:dc:e5:20:fe:f0:37:fe:90:9e:9d:3b:b9:31:75:
                    71:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:E4:D3:65:7D:A7:07:C1:31:DA:3F:0A:74:39:18:6B:8F:47:8D:97
            X509v3 Authority Key Identifier:
                keyid:C1:EB:07:6D:16:70:2C:7D:BE:A9:72:E2:97:2E:F5:76:A1:F2:C8:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wesHbRZwLH2-qXLily71dqHyyHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/hOTTZX2nB8Ex2j8KdDkYa49HjZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/wesHbRZwLH2-qXLily71dqHyyHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:d280:1f00::/40

    Signature Algorithm: sha256WithRSAEncryption
         14:93:30:bf:7d:25:7e:cd:e5:a0:e7:4e:7e:cf:d2:25:d3:6c:
         bc:59:29:96:4b:8d:7d:ce:89:18:a2:89:af:89:ed:0a:ab:dd:
         cc:7f:00:8f:f8:27:75:9b:20:c6:de:26:8d:15:c6:a7:d6:99:
         0e:f0:dc:5e:8d:0b:a3:95:09:af:19:e4:2f:65:56:90:ad:b8:
         e7:74:78:3f:30:d6:b4:38:e0:9e:76:c9:d1:40:0d:ad:ee:af:
         83:f2:92:b1:b9:a3:2f:25:94:39:7e:00:8e:b1:c0:dd:9f:d0:
         b3:a4:96:3a:87:bf:59:89:1c:30:8c:83:53:fa:de:0f:3d:50:
         d5:a5:7d:cf:92:d1:d4:11:56:97:c9:7e:70:71:0a:55:c2:f4:
         b1:69:2e:4e:c2:5b:da:e6:41:e0:c3:76:31:e1:4f:1b:af:a4:
         01:f3:a0:e7:ae:b7:90:07:f3:c1:01:4a:51:cf:e0:0d:a1:67:
         8c:11:0d:db:70:a2:ac:71:dd:a7:15:61:33:27:90:4f:d1:35:
         42:c7:ef:37:cc:c3:24:e9:33:82:c1:a0:ec:c7:7b:85:a5:9c:
         f4:03:e1:f8:3e:0d:83:de:f0:19:77:e9:27:c2:b8:08:99:86:
         62:63:c1:0b:79:8a:53:b8:6f:b7:22:36:09:07:93:ab:8a:0e:
         69:bb:b8:06
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY89w42l2++tWE5+QCG50bJJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZWIwNzZkMTY3MDJjN2RiZWE5NzJlMjk3MmVmNTc2YTFm
MmM4NzMwHhcNMjQwNTAzMDkyMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGU0ZDM2NTdkYTcwN2MxMzFkYTNmMGE3NDM5MTg2YjhmNDc4ZDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+FEXI+bpNMp3LS07npgWlhvVhHnB
gkhPZBULK+Ld8Ur1towA88o/UZpMB++C0eaCjKO5yFom0fdX6uQO00dVFybDa7km
q7mMVC8gn8pKoCvjjyxPS3uq+Y9UC6LpUGWxfop0KDJsok6tFSwNW45HOd/xR/Gy
EjX0TDJEXGHBQy7Qgsu1aby+iCmTleYYHuJBZq+hiQiboCi8YYCu3O/jbCzTnU4y
xxKE4BG5A1VaS6NL5zvWVaH2s97myQKOEM9pOzEUWhTmfWA/8YCFGSMAjnSr+yS9
r5MrpiZLUpHed2I6TqU2SL9euuEBcuO4x7AX3OUg/vA3/pCenTu5MXVxcQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFITk02V9pwfBMdo/CnQ5GGuPR42XMB8GA1UdIwQY
MBaAFMHrB20WcCx9vqly4pcu9Xah8shzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2VzSGJSWndMSDItcVhMaWx5NzFkcUh5eUhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9hNDNjNmUtMzQ5Yy00OTE0LThkYTMt
NmMzMmE2YWIxZWYyLzEvaE9UVFpYMm5COEV4Mmo4S2REa1lhNDlIalpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9hNDNjNmUtMzQ5Yy00OTE0LThkYTMtNmMzMmE2YWIxZWYy
LzEvd2VzSGJSWndMSDItcVhMaWx5NzFkcUh5eUhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgPSgB8w
DQYJKoZIhvcNAQELBQADggEBABSTML99JX7N5aDnTn7P0iXTbLxZKZZLjX3OiRii
ia+J7Qqr3cx/AI/4J3WbIMbeJo0VxqfWmQ7w3F6NC6OVCa8Z5C9lVpCtuOd0eD8w
1rQ44J52ydFADa3ur4PykrG5oy8llDl+AI6xwN2f0LOkljqHv1mJHDCMg1P63g89
UNWlfc+S0dQRVpfJfnBxClXC9LFpLk7CW9rmQeDDdjHhTxuvpAHzoOeut5AH88EB
SlHP4A2hZ4wRDdtwoqxx3acVYTMnkE/RNULH7zfMwyTpM4LBoOzHe4WlnPQD4fg+
DYPe8Bl36SfCuAiZhmJjwQt5ilO4b7ciNgkHk6uKDmm7uAY=
-----END CERTIFICATE-----