Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/e387ff-5348-4b32-b136-d05184c25e9a/1/wMRua81DP0XDP8KptHbiHx1Ay-w.roa
File:                     wMRua81DP0XDP8KptHbiHx1Ay-w.roa (raw, json)
Hash identifier:          TfJKVEyaCPziNkBiGr7HwkTnXLN9sJXXH0nQfXyGVY0=
Subject key identifier:   C0:C4:6E:6B:CD:43:3F:45:C3:3F:C2:A9:B4:76:E2:1F:1D:40:CB:EC
Certificate issuer:       /CN=633bca0ed1f9b60bc0ed423022d0389e29b6cdd4
Certificate serial:       018CC3492E209A8A49F665866F0E059C2147
Authority key identifier: 63:3B:CA:0E:D1:F9:B6:0B:C0:ED:42:30:22:D0:38:9E:29:B6:CD:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YzvKDtH5tgvA7UIwItA4nim2zdQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/e387ff-5348-4b32-b136-d05184c25e9a/1/wMRua81DP0XDP8KptHbiHx1Ay-w.roa
Signing time:             Mon 01 Jan 2024 04:30:02 +0000
ROA not before:           Mon 01 Jan 2024 04:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212149
IP address blocks:        2a11:5cc1:b00b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/e387ff-5348-4b32-b136-d05184c25e9a/1/YzvKDtH5tgvA7UIwItA4nim2zdQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/e387ff-5348-4b32-b136-d05184c25e9a/1/YzvKDtH5tgvA7UIwItA4nim2zdQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YzvKDtH5tgvA7UIwItA4nim2zdQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:2e:20:9a:8a:49:f6:65:86:6f:0e:05:9c:21:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=633bca0ed1f9b60bc0ed423022d0389e29b6cdd4
        Validity
            Not Before: Jan  1 04:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0c46e6bcd433f45c33fc2a9b476e21f1d40cbec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:33:18:76:9f:2a:59:91:f8:d4:b2:df:37:dc:
                    57:0c:f4:fb:0f:69:85:c6:7f:08:a4:fc:5a:24:f9:
                    a8:09:bc:77:97:73:26:f3:42:f9:9e:82:37:1c:4b:
                    34:4e:d1:03:21:9c:0b:3c:f1:4e:ab:a3:5c:10:c4:
                    23:15:72:58:be:9b:b3:b5:7c:84:3d:bb:ad:5f:b1:
                    8d:cc:f4:6a:ba:b2:dd:59:de:f6:dc:71:4d:08:e4:
                    c8:84:4f:92:8a:af:8a:b9:0a:a3:e2:35:a1:5e:2a:
                    13:f4:5b:ff:8b:11:4f:a7:75:ae:34:0d:52:5f:09:
                    4f:63:c8:53:7e:e6:2b:86:cf:f1:82:db:3e:e5:a6:
                    33:9d:29:f6:55:45:ee:9c:2a:ea:70:e4:35:49:88:
                    8b:b2:83:ef:33:8c:80:de:22:00:34:0d:a6:e2:e8:
                    99:b9:9c:b0:71:23:97:c5:19:4c:78:2b:3a:3c:b8:
                    99:9e:df:2b:c4:a8:26:02:83:5f:d9:d1:bd:13:45:
                    db:db:fd:f0:78:70:d0:b2:42:43:0f:66:df:ab:b9:
                    ec:8f:cf:46:47:1f:3a:99:80:9c:46:eb:a5:e5:c6:
                    53:6a:03:03:28:c0:55:3d:7c:e5:f5:ee:7a:2b:f1:
                    ce:71:07:a3:cc:bb:86:0f:ae:7c:e3:91:cc:8a:8e:
                    5d:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:C4:6E:6B:CD:43:3F:45:C3:3F:C2:A9:B4:76:E2:1F:1D:40:CB:EC
            X509v3 Authority Key Identifier:
                keyid:63:3B:CA:0E:D1:F9:B6:0B:C0:ED:42:30:22:D0:38:9E:29:B6:CD:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YzvKDtH5tgvA7UIwItA4nim2zdQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/e387ff-5348-4b32-b136-d05184c25e9a/1/wMRua81DP0XDP8KptHbiHx1Ay-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/e387ff-5348-4b32-b136-d05184c25e9a/1/YzvKDtH5tgvA7UIwItA4nim2zdQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:5cc1:b00b::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:99:78:f8:bb:5c:48:14:0c:a9:0c:b0:7c:26:60:33:85:71:
         c5:18:38:a3:ee:d8:63:19:b6:e6:97:ba:a0:4e:61:99:f4:f7:
         7e:25:46:66:7f:51:6e:58:da:03:04:2b:24:59:2e:96:b9:75:
         d2:fb:d1:dc:5a:3e:33:fc:a0:63:8d:69:a7:0e:39:6b:42:57:
         8b:b0:d8:a0:49:de:a7:64:bb:03:f7:0c:0d:cf:4d:e0:20:3b:
         28:e5:0c:95:79:9d:42:8d:31:12:87:02:d4:18:d5:02:87:9f:
         fb:35:ac:91:2a:cb:e5:04:45:a3:f2:34:4f:88:05:62:5c:70:
         dc:9c:cd:d6:1f:ea:0f:2c:0a:41:90:c8:b0:3d:15:63:52:91:
         f8:cc:fe:b2:28:1e:63:16:07:fb:20:62:fb:f6:9a:41:15:6d:
         4c:41:93:ff:95:f0:1a:11:59:83:99:14:bc:04:8a:eb:23:fc:
         a4:14:57:ce:ba:11:4c:eb:b7:e3:33:d0:4a:1e:9e:d2:10:f9:
         12:cf:98:77:95:f0:39:4e:96:05:89:36:56:af:0f:b5:b9:50:
         41:de:87:fe:b5:da:cb:03:6f:a4:af:ab:50:21:eb:d4:aa:2f:
         3f:0c:4e:a8:35:8f:dc:09:39:a2:01:aa:ce:83:29:4e:d1:33:
         3e:36:e4:cc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSS4gmopJ9mWGbw4FnCFHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzM2JjYTBlZDFmOWI2MGJjMGVkNDIzMDIyZDAzODllMjli
NmNkZDQwHhcNMjQwMTAxMDQzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGM0NmU2YmNkNDMzZjQ1YzMzZmMyYTliNDc2ZTIxZjFkNDBjYmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTMYdp8qWZH41LLfN9xXDPT7D2mF
xn8IpPxaJPmoCbx3l3Mm80L5noI3HEs0TtEDIZwLPPFOq6NcEMQjFXJYvpuztXyE
PbutX7GNzPRqurLdWd723HFNCOTIhE+Siq+KuQqj4jWhXioT9Fv/ixFPp3WuNA1S
XwlPY8hTfuYrhs/xgts+5aYznSn2VUXunCrqcOQ1SYiLsoPvM4yA3iIANA2m4uiZ
uZywcSOXxRlMeCs6PLiZnt8rxKgmAoNf2dG9E0Xb2/3weHDQskJDD2bfq7nsj89G
Rx86mYCcRuul5cZTagMDKMBVPXzl9e56K/HOcQejzLuGD65845HMio5dcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMDEbmvNQz9Fwz/CqbR24h8dQMvsMB8GA1UdIwQY
MBaAFGM7yg7R+bYLwO1CMCLQOJ4pts3UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXp2S0R0SDV0Z3ZBN1VJd0l0QTRuaW0yemRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9lMzg3ZmYtNTM0OC00YjMyLWIxMzYt
ZDA1MTg0YzI1ZTlhLzEvd01SdWE4MURQMFhEUDhLcHRIYmlIeDFBeS13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9lMzg3ZmYtNTM0OC00YjMyLWIxMzYtZDA1MTg0YzI1ZTlh
LzEvWXp2S0R0SDV0Z3ZBN1VJd0l0QTRuaW0yemRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhFcwbAL
MA0GCSqGSIb3DQEBCwUAA4IBAQAemXj4u1xIFAypDLB8JmAzhXHFGDij7thjGbbm
l7qgTmGZ9Pd+JUZmf1FuWNoDBCskWS6WuXXS+9HcWj4z/KBjjWmnDjlrQleLsNig
Sd6nZLsD9wwNz03gIDso5QyVeZ1CjTEShwLUGNUCh5/7NayRKsvlBEWj8jRPiAVi
XHDcnM3WH+oPLApBkMiwPRVjUpH4zP6yKB5jFgf7IGL79ppBFW1MQZP/lfAaEVmD
mRS8BIrrI/ykFFfOuhFM67fjM9BKHp7SEPkSz5h3lfA5TpYFiTZWrw+1uVBB3of+
tdrLA2+kr6tQIevUqi8/DE6oNY/cCTmiAarOgylO0TM+NuTM
-----END CERTIFICATE-----