Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/30c84e-e0b0-491c-971b-f1d4629ccd77/1/eIHZIm2NQhGi6jjKdapLXAB8-hA.roa
File:                     eIHZIm2NQhGi6jjKdapLXAB8-hA.roa (raw, json)
Hash identifier:          Y4q1lYuGbB+acMdi5WiqB8wpAZTT48XyS8csgL6j/1o=
Subject key identifier:   78:81:D9:22:6D:8D:42:11:A2:EA:38:CA:75:AA:4B:5C:00:7C:FA:10
Certificate issuer:       /CN=906d4fbf6ddc6f5cb745a68cc6818a942eaee20e
Certificate serial:       018CCA2A546F1FD35080C4C2F76798B25BEE
Authority key identifier: 90:6D:4F:BF:6D:DC:6F:5C:B7:45:A6:8C:C6:81:8A:94:2E:AE:E2:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kG1Pv23cb1y3RaaMxoGKlC6u4g4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/30c84e-e0b0-491c-971b-f1d4629ccd77/1/eIHZIm2NQhGi6jjKdapLXAB8-hA.roa
Signing time:             Tue 02 Jan 2024 12:33:40 +0000
ROA not before:           Tue 02 Jan 2024 12:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29491
IP address blocks:        2a09:66c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/30c84e-e0b0-491c-971b-f1d4629ccd77/1/kG1Pv23cb1y3RaaMxoGKlC6u4g4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/30c84e-e0b0-491c-971b-f1d4629ccd77/1/kG1Pv23cb1y3RaaMxoGKlC6u4g4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kG1Pv23cb1y3RaaMxoGKlC6u4g4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:54:6f:1f:d3:50:80:c4:c2:f7:67:98:b2:5b:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=906d4fbf6ddc6f5cb745a68cc6818a942eaee20e
        Validity
            Not Before: Jan  2 12:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7881d9226d8d4211a2ea38ca75aa4b5c007cfa10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:73:2f:aa:5a:1b:5c:22:80:b1:f8:22:0b:cc:
                    d3:db:0d:38:9c:95:df:fb:a8:fa:25:b7:49:bb:d7:
                    c1:7f:d5:38:30:9e:c0:3e:86:ed:b7:e2:ac:8c:d6:
                    64:62:57:56:9a:63:db:3f:86:f5:cc:95:4a:dd:c2:
                    2a:a1:65:df:d9:7f:25:c7:7e:c6:d6:ce:8d:60:a8:
                    49:7a:08:c0:1e:56:6d:a5:f9:08:4d:e3:20:1f:b7:
                    97:cc:b3:2c:65:5c:33:b1:5a:3e:fd:4b:26:4c:f2:
                    13:a5:a7:74:37:54:d7:29:10:8a:58:75:a1:e1:1a:
                    12:db:b9:99:8d:60:84:f1:d0:12:cc:a5:c1:f9:c6:
                    6d:49:59:f6:d0:39:22:77:e0:84:d8:51:3e:e0:d5:
                    97:3a:1b:7e:aa:23:77:ed:3d:ac:8a:6d:0f:15:11:
                    88:e0:8f:24:70:80:4b:89:9f:8c:05:af:42:61:62:
                    a6:df:f5:40:f0:b7:ce:53:74:9d:c8:be:11:32:2e:
                    64:8e:34:c2:b0:ec:bb:59:97:5f:fa:f8:ad:dd:44:
                    ad:c7:dd:7b:29:44:63:b2:15:3d:e2:73:a8:e7:73:
                    6a:02:82:f0:1e:7a:ab:ca:73:5b:d4:c7:a8:17:17:
                    ae:39:8e:72:1a:38:7c:89:95:a6:48:12:1a:ba:c9:
                    d9:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:81:D9:22:6D:8D:42:11:A2:EA:38:CA:75:AA:4B:5C:00:7C:FA:10
            X509v3 Authority Key Identifier:
                keyid:90:6D:4F:BF:6D:DC:6F:5C:B7:45:A6:8C:C6:81:8A:94:2E:AE:E2:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kG1Pv23cb1y3RaaMxoGKlC6u4g4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/30c84e-e0b0-491c-971b-f1d4629ccd77/1/eIHZIm2NQhGi6jjKdapLXAB8-hA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/30c84e-e0b0-491c-971b-f1d4629ccd77/1/kG1Pv23cb1y3RaaMxoGKlC6u4g4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:66c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         23:bd:59:9e:aa:e5:c9:18:ce:8c:5b:08:21:1f:7c:df:ea:29:
         a2:a4:fb:3f:cb:08:8e:87:a4:32:36:db:de:79:99:a2:8b:97:
         18:e6:9b:c9:a0:07:26:df:9b:fc:f2:c1:ff:89:bc:31:6a:5b:
         ef:9c:4a:16:33:87:a8:7a:a6:cf:3f:98:bf:bb:50:20:1b:c7:
         5a:6e:2b:5c:2a:95:ec:d7:5b:2b:bf:e2:07:28:51:37:3a:03:
         2e:88:8c:1d:2c:21:91:4e:d8:0a:2e:40:e9:e5:34:48:41:f6:
         1d:2d:62:1c:7b:ee:1f:38:17:49:53:86:f8:a5:38:6a:37:db:
         e5:6e:5a:80:49:96:a6:7b:d0:25:27:a3:29:71:8d:0e:7c:a4:
         80:73:0e:94:e1:c1:29:6b:8f:94:54:76:38:c5:0d:cb:e2:fe:
         41:0d:9a:1f:c8:d0:ce:ea:e4:ef:d2:ca:bf:72:02:7b:79:7d:
         d9:78:67:95:8e:35:e2:86:c5:e4:5f:ef:09:a7:7d:28:a2:54:
         a3:fd:b5:70:76:6c:42:0d:72:28:81:e0:05:3f:81:70:2e:c0:
         55:72:a3:69:76:83:76:09:ce:69:cc:bc:85:10:1e:41:35:85:
         f5:23:7e:15:23:bb:43:80:a1:48:90:18:1d:bf:dc:13:0b:da:
         c1:bf:33:b4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKKlRvH9NQgMTC92eYslvuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNmQ0ZmJmNmRkYzZmNWNiNzQ1YTY4Y2M2ODE4YTk0MmVh
ZWUyMGUwHhcNMjQwMTAyMTIzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODgxZDkyMjZkOGQ0MjExYTJlYTM4Y2E3NWFhNGI1YzAwN2NmYTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3MvqlobXCKAsfgiC8zT2w04nJXf
+6j6JbdJu9fBf9U4MJ7APobtt+KsjNZkYldWmmPbP4b1zJVK3cIqoWXf2X8lx37G
1s6NYKhJegjAHlZtpfkITeMgH7eXzLMsZVwzsVo+/UsmTPITpad0N1TXKRCKWHWh
4RoS27mZjWCE8dASzKXB+cZtSVn20Dkid+CE2FE+4NWXOht+qiN37T2sim0PFRGI
4I8kcIBLiZ+MBa9CYWKm3/VA8LfOU3SdyL4RMi5kjjTCsOy7WZdf+vit3UStx917
KURjshU94nOo53NqAoLwHnqrynNb1MeoFxeuOY5yGjh8iZWmSBIausnZpQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHiB2SJtjUIRouo4ynWqS1wAfPoQMB8GA1UdIwQY
MBaAFJBtT79t3G9ct0WmjMaBipQuruIOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0cxUHYyM2NiMXkzUmFhTXhvR0tsQzZ1NGc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8zMGM4NGUtZTBiMC00OTFjLTk3MWIt
ZjFkNDYyOWNjZDc3LzEvZUlIWkltMk5RaEdpNmpqS2RhcExYQUI4LWhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8zMGM4NGUtZTBiMC00OTFjLTk3MWItZjFkNDYyOWNjZDc3
LzEva0cxUHYyM2NiMXkzUmFhTXhvR0tsQzZ1NGc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKglmwDAN
BgkqhkiG9w0BAQsFAAOCAQEAI71ZnqrlyRjOjFsIIR983+opoqT7P8sIjoekMjbb
3nmZoouXGOabyaAHJt+b/PLB/4m8MWpb75xKFjOHqHqmzz+Yv7tQIBvHWm4rXCqV
7NdbK7/iByhRNzoDLoiMHSwhkU7YCi5A6eU0SEH2HS1iHHvuHzgXSVOG+KU4ajfb
5W5agEmWpnvQJSejKXGNDnykgHMOlOHBKWuPlFR2OMUNy+L+QQ2aH8jQzurk79LK
v3ICe3l92XhnlY414obF5F/vCad9KKJUo/21cHZsQg1yKIHgBT+BcC7AVXKjaXaD
dgnOacy8hRAeQTWF9SN+FSO7Q4ChSJAYHb/cEwvawb8ztA==
-----END CERTIFICATE-----