Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/28dd30-ec08-4dc8-a1d1-5d3a86494775/1/DAh9q4_8OUCdjwBLixkYkAGd1eM.roa
File:                     DAh9q4_8OUCdjwBLixkYkAGd1eM.roa (raw, json)
Hash identifier:          hhRtkgAMjD0C5xF5C/+FWLjjz4qaoRrh3gGvtUnOl/0=
Subject key identifier:   0C:08:7D:AB:8F:FC:39:40:9D:8F:00:4B:8B:19:18:90:01:9D:D5:E3
Certificate issuer:       /CN=70c9d06c51add6829063f1b67b175d0c0001e736
Certificate serial:       018CC3492149A8F377FBB951AB72C649341D
Authority key identifier: 70:C9:D0:6C:51:AD:D6:82:90:63:F1:B6:7B:17:5D:0C:00:01:E7:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMnQbFGt1oKQY_G2exddDAAB5zY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/28dd30-ec08-4dc8-a1d1-5d3a86494775/1/DAh9q4_8OUCdjwBLixkYkAGd1eM.roa
Signing time:             Mon 01 Jan 2024 04:29:58 +0000
ROA not before:           Mon 01 Jan 2024 04:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16097
IP address blocks:        2a0b:2400::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/28dd30-ec08-4dc8-a1d1-5d3a86494775/1/cMnQbFGt1oKQY_G2exddDAAB5zY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/28dd30-ec08-4dc8-a1d1-5d3a86494775/1/cMnQbFGt1oKQY_G2exddDAAB5zY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMnQbFGt1oKQY_G2exddDAAB5zY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:21:49:a8:f3:77:fb:b9:51:ab:72:c6:49:34:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70c9d06c51add6829063f1b67b175d0c0001e736
        Validity
            Not Before: Jan  1 04:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c087dab8ffc39409d8f004b8b191890019dd5e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:dc:b6:e4:74:97:ba:9a:05:d7:31:82:a1:9d:
                    83:47:e4:c8:d3:db:ad:67:d4:6f:49:ee:f5:19:54:
                    e6:21:30:64:b4:c9:f8:3d:79:50:80:85:b3:f1:8b:
                    88:58:8b:b5:91:ed:ea:7c:ab:eb:49:12:3b:6b:a4:
                    08:53:63:57:7c:47:72:00:6f:66:88:31:ae:a7:bb:
                    78:cb:0f:58:33:07:55:64:2e:fd:71:38:ce:88:82:
                    9c:4e:0e:58:9a:dd:cd:9e:c5:e9:74:c3:0e:1d:11:
                    7f:24:8f:1c:b2:90:3e:ef:92:77:1c:57:86:2b:ed:
                    4a:e5:a1:21:4b:bc:54:82:9e:d0:0c:2f:64:54:75:
                    49:15:ee:90:af:d5:17:e0:00:90:e2:fd:f2:60:10:
                    ec:65:5c:61:81:ab:f6:5c:c2:96:08:1e:63:20:a5:
                    b5:9c:48:7d:f3:43:17:67:84:c1:e4:b0:83:dd:9c:
                    29:fb:c5:4d:1a:56:d9:94:bc:68:b1:36:f0:83:7c:
                    ab:aa:26:b0:ac:13:1e:6a:e0:01:6c:8f:85:c0:e9:
                    c9:21:a6:a9:5f:a5:ca:2f:69:c5:39:74:94:d0:a1:
                    66:a5:d8:03:c7:74:2e:ab:e5:3a:df:0f:15:3f:bb:
                    b9:05:9f:2b:7b:58:59:c2:e4:8a:c8:a0:f0:58:dc:
                    5d:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:08:7D:AB:8F:FC:39:40:9D:8F:00:4B:8B:19:18:90:01:9D:D5:E3
            X509v3 Authority Key Identifier:
                keyid:70:C9:D0:6C:51:AD:D6:82:90:63:F1:B6:7B:17:5D:0C:00:01:E7:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMnQbFGt1oKQY_G2exddDAAB5zY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/28dd30-ec08-4dc8-a1d1-5d3a86494775/1/DAh9q4_8OUCdjwBLixkYkAGd1eM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/28dd30-ec08-4dc8-a1d1-5d3a86494775/1/cMnQbFGt1oKQY_G2exddDAAB5zY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2400::/32

    Signature Algorithm: sha256WithRSAEncryption
         83:0f:97:e5:68:36:3e:c9:33:3b:dd:2b:34:e5:bf:c7:8c:d7:
         5f:23:be:d6:e1:8d:71:cb:4b:1b:b6:73:4a:07:f8:56:f9:87:
         e6:70:7c:8e:53:02:72:32:7d:f7:8a:1b:c6:ba:ce:19:9a:63:
         69:de:0e:14:64:e7:3f:83:8c:3f:ac:f3:72:d7:06:ec:27:ac:
         31:a6:aa:29:6f:97:08:2e:63:93:75:39:3c:38:e5:db:2d:79:
         46:16:7b:3d:1e:92:f8:34:ff:8a:0e:21:5b:92:91:2c:10:df:
         c1:19:e3:fd:15:ec:f7:29:2a:91:23:44:7a:7e:16:8e:d0:64:
         b4:c9:05:8d:ff:86:b2:ed:90:ef:8b:0f:00:b5:52:9c:c7:1d:
         d9:ab:a4:ce:67:59:65:86:48:e7:44:97:8d:11:cf:19:2a:d9:
         d1:e1:f3:e4:80:dd:54:16:a2:86:1e:26:60:7f:9f:ad:46:b7:
         e1:e1:5b:30:0a:a5:48:40:02:88:8c:3d:fb:bc:77:7a:ee:ea:
         6c:d1:6f:55:11:12:c4:39:b9:ea:39:05:1e:33:a8:a8:66:ba:
         0e:e9:71:c2:d0:f6:2d:d9:f5:09:db:50:7f:e9:cd:61:bf:38:
         ac:3e:97:b3:3c:9e:82:36:52:b6:29:9a:59:b1:3e:a8:bb:a3:
         0e:96:12:59
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSSFJqPN3+7lRq3LGSTQdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYzlkMDZjNTFhZGQ2ODI5MDYzZjFiNjdiMTc1ZDBjMDAw
MWU3MzYwHhcNMjQwMTAxMDQyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzA4N2RhYjhmZmMzOTQwOWQ4ZjAwNGI4YjE5MTg5MDAxOWRkNWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApty25HSXupoF1zGCoZ2DR+TI09ut
Z9RvSe71GVTmITBktMn4PXlQgIWz8YuIWIu1ke3qfKvrSRI7a6QIU2NXfEdyAG9m
iDGup7t4yw9YMwdVZC79cTjOiIKcTg5Ymt3NnsXpdMMOHRF/JI8cspA+75J3HFeG
K+1K5aEhS7xUgp7QDC9kVHVJFe6Qr9UX4ACQ4v3yYBDsZVxhgav2XMKWCB5jIKW1
nEh980MXZ4TB5LCD3Zwp+8VNGlbZlLxosTbwg3yrqiawrBMeauABbI+FwOnJIaap
X6XKL2nFOXSU0KFmpdgDx3Quq+U63w8VP7u5BZ8re1hZwuSKyKDwWNxduwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAwIfauP/DlAnY8AS4sZGJABndXjMB8GA1UdIwQY
MBaAFHDJ0GxRrdaCkGPxtnsXXQwAAec2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY01uUWJGR3Qxb0tRWV9HMmV4ZGREQUFCNXpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi8yOGRkMzAtZWMwOC00ZGM4LWExZDEt
NWQzYTg2NDk0Nzc1LzEvREFoOXE0XzhPVUNkandCTGl4a1lrQUdkMWVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi8yOGRkMzAtZWMwOC00ZGM4LWExZDEtNWQzYTg2NDk0Nzc1
LzEvY01uUWJGR3Qxb0tRWV9HMmV4ZGREQUFCNXpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgskADAN
BgkqhkiG9w0BAQsFAAOCAQEAgw+X5Wg2PskzO90rNOW/x4zXXyO+1uGNcctLG7Zz
Sgf4VvmH5nB8jlMCcjJ994obxrrOGZpjad4OFGTnP4OMP6zzctcG7CesMaaqKW+X
CC5jk3U5PDjl2y15RhZ7PR6S+DT/ig4hW5KRLBDfwRnj/RXs9ykqkSNEen4WjtBk
tMkFjf+Gsu2Q74sPALVSnMcd2aukzmdZZYZI50SXjRHPGSrZ0eHz5IDdVBaihh4m
YH+frUa34eFbMAqlSEACiIw9+7x3eu7qbNFvVRESxDm56jkFHjOoqGa6DulxwtD2
Ldn1CdtQf+nNYb84rD6XszyegjZStimaWbE+qLujDpYSWQ==
-----END CERTIFICATE-----