Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/e387ff-5348-4b32-b136-d05184c25e9a/1/JuzJv2whUaGWSIt2wcajXmUD5zI.roa
File:                     JuzJv2whUaGWSIt2wcajXmUD5zI.roa (raw, json)
Hash identifier:          RQ8bEyAdCH9JfvTAquhnEneX+ZhdPiNYVLtxPsIVxvQ=
Subject key identifier:   26:EC:C9:BF:6C:21:51:A1:96:48:8B:76:C1:C6:A3:5E:65:03:E7:32
Certificate issuer:       /CN=633bca0ed1f9b60bc0ed423022d0389e29b6cdd4
Certificate serial:       018CC3492DB4E0CC4A71FA3B09AC0CA1EEDD
Authority key identifier: 63:3B:CA:0E:D1:F9:B6:0B:C0:ED:42:30:22:D0:38:9E:29:B6:CD:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YzvKDtH5tgvA7UIwItA4nim2zdQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/e387ff-5348-4b32-b136-d05184c25e9a/1/JuzJv2whUaGWSIt2wcajXmUD5zI.roa
Signing time:             Mon 01 Jan 2024 04:30:02 +0000
ROA not before:           Mon 01 Jan 2024 04:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208548
IP address blocks:        2a11:5cc1:b00c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/e387ff-5348-4b32-b136-d05184c25e9a/1/YzvKDtH5tgvA7UIwItA4nim2zdQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/e387ff-5348-4b32-b136-d05184c25e9a/1/YzvKDtH5tgvA7UIwItA4nim2zdQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YzvKDtH5tgvA7UIwItA4nim2zdQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:2d:b4:e0:cc:4a:71:fa:3b:09:ac:0c:a1:ee:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=633bca0ed1f9b60bc0ed423022d0389e29b6cdd4
        Validity
            Not Before: Jan  1 04:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26ecc9bf6c2151a196488b76c1c6a35e6503e732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:70:33:5c:4f:9c:fd:22:f5:c2:5c:11:53:ed:
                    85:2e:89:9a:d3:01:4a:53:a2:2d:30:ee:66:b3:c2:
                    31:4f:46:a6:c2:9e:76:ab:d1:62:19:49:55:47:e0:
                    0d:0f:c8:9c:23:51:2c:8e:a0:3a:b9:9c:36:af:8d:
                    87:ea:4c:41:11:42:b6:22:63:20:d0:16:af:88:0c:
                    f1:df:96:7d:47:55:ab:3c:e0:8d:02:b8:29:2c:03:
                    77:41:84:8b:bb:8a:62:f8:0b:c3:95:d2:69:73:6c:
                    dc:b2:57:82:1c:b6:09:3b:4d:d3:e9:8b:5f:fd:d5:
                    ed:61:3c:0b:ab:00:3a:0d:f5:52:eb:15:a7:eb:f4:
                    2d:65:83:8b:a5:f9:9d:ed:6e:ba:14:f3:67:35:77:
                    7b:55:73:dd:fc:b6:7c:24:fe:68:e9:81:18:c3:eb:
                    67:2d:a4:01:b5:19:19:c2:7c:81:ab:77:03:8b:99:
                    42:67:e1:b0:57:ae:a6:8f:4d:4a:61:f4:4e:69:f7:
                    a4:45:01:d1:47:90:84:a9:b4:ee:dc:1f:8b:0f:a7:
                    79:f9:38:df:d7:77:2f:2b:ce:95:f1:b1:c3:cf:30:
                    21:6b:81:20:94:44:79:ae:ee:f9:3e:db:0b:ef:b0:
                    06:c4:d6:2d:d3:6e:4a:6d:0f:bf:c6:bb:2a:63:60:
                    ad:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:EC:C9:BF:6C:21:51:A1:96:48:8B:76:C1:C6:A3:5E:65:03:E7:32
            X509v3 Authority Key Identifier:
                keyid:63:3B:CA:0E:D1:F9:B6:0B:C0:ED:42:30:22:D0:38:9E:29:B6:CD:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YzvKDtH5tgvA7UIwItA4nim2zdQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/e387ff-5348-4b32-b136-d05184c25e9a/1/JuzJv2whUaGWSIt2wcajXmUD5zI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/e387ff-5348-4b32-b136-d05184c25e9a/1/YzvKDtH5tgvA7UIwItA4nim2zdQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:5cc1:b00c::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:e3:f7:3e:a6:9a:ae:d9:27:6c:5d:b9:e5:ae:2b:52:9a:f5:
         1d:99:54:04:6b:50:42:03:c8:35:22:0d:ed:ab:38:d7:7d:0a:
         fb:29:58:fd:41:a0:56:fd:26:4f:e0:2d:19:e6:a4:fb:00:c6:
         0d:8c:50:72:ca:6a:40:93:ce:d7:a4:52:f7:28:7b:21:a7:5e:
         5e:ef:fc:c6:5a:ac:86:a8:15:b8:4f:96:33:ad:39:35:fe:8e:
         f2:17:73:78:58:2b:a0:3c:56:95:ae:1c:34:14:76:ae:32:63:
         95:94:93:b4:dc:59:d4:06:7e:a0:54:d1:64:49:4f:74:8b:6f:
         fa:a2:7b:ea:47:db:ca:47:9b:b8:46:f3:35:46:16:b7:6e:04:
         0f:0e:cf:3d:fd:5e:ae:f9:38:42:18:d9:52:30:c0:bb:26:91:
         44:d0:48:c8:23:d4:b0:05:06:af:95:bd:79:26:d7:55:1c:0d:
         01:80:a1:f4:bd:17:9a:2b:5a:b1:07:5f:6e:6c:2a:a0:85:db:
         0a:21:8f:2d:f7:75:68:11:29:62:b7:79:db:8c:77:fb:85:ea:
         46:a7:8f:13:e6:56:85:11:c6:b8:9a:8c:98:49:1a:8d:0d:11:
         b4:96:1c:cf:44:67:fb:95:21:05:3a:fe:c6:ff:cb:52:2f:38:
         b1:02:cc:f1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSS204MxKcfo7CawMoe7dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzM2JjYTBlZDFmOWI2MGJjMGVkNDIzMDIyZDAzODllMjli
NmNkZDQwHhcNMjQwMTAxMDQzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmVjYzliZjZjMjE1MWExOTY0ODhiNzZjMWM2YTM1ZTY1MDNlNzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnAzXE+c/SL1wlwRU+2FLoma0wFK
U6ItMO5ms8IxT0amwp52q9FiGUlVR+AND8icI1EsjqA6uZw2r42H6kxBEUK2ImMg
0BaviAzx35Z9R1WrPOCNArgpLAN3QYSLu4pi+AvDldJpc2zcsleCHLYJO03T6Ytf
/dXtYTwLqwA6DfVS6xWn6/QtZYOLpfmd7W66FPNnNXd7VXPd/LZ8JP5o6YEYw+tn
LaQBtRkZwnyBq3cDi5lCZ+GwV66mj01KYfROafekRQHRR5CEqbTu3B+LD6d5+Tjf
13cvK86V8bHDzzAha4EglER5ru75PtsL77AGxNYt025KbQ+/xrsqY2CtqwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCbsyb9sIVGhlkiLdsHGo15lA+cyMB8GA1UdIwQY
MBaAFGM7yg7R+bYLwO1CMCLQOJ4pts3UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXp2S0R0SDV0Z3ZBN1VJd0l0QTRuaW0yemRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9lMzg3ZmYtNTM0OC00YjMyLWIxMzYt
ZDA1MTg0YzI1ZTlhLzEvSnV6SnYyd2hVYUdXU0l0MndjYWpYbVVENXpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9lMzg3ZmYtNTM0OC00YjMyLWIxMzYtZDA1MTg0YzI1ZTlh
LzEvWXp2S0R0SDV0Z3ZBN1VJd0l0QTRuaW0yemRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhFcwbAM
MA0GCSqGSIb3DQEBCwUAA4IBAQBS4/c+ppqu2SdsXbnlritSmvUdmVQEa1BCA8g1
Ig3tqzjXfQr7KVj9QaBW/SZP4C0Z5qT7AMYNjFByympAk87XpFL3KHshp15e7/zG
WqyGqBW4T5YzrTk1/o7yF3N4WCugPFaVrhw0FHauMmOVlJO03FnUBn6gVNFkSU90
i2/6onvqR9vKR5u4RvM1Rha3bgQPDs89/V6u+ThCGNlSMMC7JpFE0EjII9SwBQav
lb15JtdVHA0BgKH0vReaK1qxB19ubCqghdsKIY8t93VoESlit3nbjHf7hepGp48T
5laFEca4moyYSRqNDRG0lhzPRGf7lSEFOv7G/8tSLzixAszx
-----END CERTIFICATE-----