Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/JzAV7DuU5JO32pmPKUmg1wPkqP0.roa
File:                     JzAV7DuU5JO32pmPKUmg1wPkqP0.roa (raw, json)
Hash identifier:          WFfxhT9iPy7srJ4mGD3dVv0ayyDa4Y9y1MCV0u6GzTk=
Subject key identifier:   27:30:15:EC:3B:94:E4:93:B7:DA:99:8F:29:49:A0:D7:03:E4:A8:FD
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018D275A6246D194D8B76A88E43DB38ABBBC
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/JzAV7DuU5JO32pmPKUmg1wPkqP0.roa
Signing time:             Sat 20 Jan 2024 14:50:51 +0000
ROA not before:           Sat 20 Jan 2024 14:50:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201288
IP address blocks:        2a0d:6f80:41a2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:27:5a:62:46:d1:94:d8:b7:6a:88:e4:3d:b3:8a:bb:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan 20 14:50:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=273015ec3b94e493b7da998f2949a0d703e4a8fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:af:45:72:24:21:25:80:ff:04:c8:f5:5e:b7:
                    72:20:9a:bb:46:eb:54:86:76:f7:4d:0a:ed:83:68:
                    23:61:64:e6:7e:c3:d5:5f:4f:ad:cf:12:62:93:d7:
                    0d:7d:d7:d1:74:f5:01:1f:19:c2:7e:5e:58:90:c5:
                    c9:9b:f1:69:07:95:b5:69:16:d2:b1:17:8a:ab:d6:
                    dc:84:f2:02:8b:48:84:6d:73:5d:e0:9c:31:be:08:
                    b0:0b:70:07:c7:64:46:f7:ba:85:39:12:9f:1d:a1:
                    87:ed:d6:44:9f:fa:c1:b9:99:ec:a4:20:8a:c4:74:
                    2b:d6:97:bc:6c:76:fe:5a:af:e1:df:39:4a:be:48:
                    44:0b:44:49:e3:6b:c6:77:d0:ec:12:7f:a4:2a:be:
                    63:68:85:de:4b:36:68:2c:9b:76:74:b6:81:6c:41:
                    e9:24:68:4b:f0:8d:a9:a0:fa:03:c7:bc:17:41:86:
                    83:50:71:1b:c3:bb:d6:14:5f:7d:31:8d:5c:42:29:
                    ac:63:c7:11:b7:5f:29:6c:fa:6a:72:ca:ec:52:dd:
                    02:4b:88:47:1e:a7:fc:f8:b3:1b:23:c3:14:d8:b5:
                    74:6d:d7:2b:bf:d8:fa:af:34:d2:4f:77:ae:a0:82:
                    3d:15:76:a6:31:8e:91:bd:d6:80:e2:89:5d:40:0d:
                    10:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:30:15:EC:3B:94:E4:93:B7:DA:99:8F:29:49:A0:D7:03:E4:A8:FD
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/JzAV7DuU5JO32pmPKUmg1wPkqP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:6f80:41a2::/48

    Signature Algorithm: sha256WithRSAEncryption
         53:c2:c2:1d:2f:da:d2:98:e2:09:46:e3:72:e0:4c:a4:1a:88:
         fd:b5:08:36:37:64:db:e2:ed:33:3d:12:2d:fa:47:85:78:14:
         47:48:b9:d7:df:b0:52:68:56:72:f2:f4:00:b6:dd:07:64:c0:
         81:5d:07:1c:d6:5f:0a:93:fc:4e:58:90:f2:95:b0:18:be:45:
         8c:0d:63:2b:89:49:b4:d8:7a:19:72:0c:bc:9b:a0:b3:cc:c5:
         89:ac:0f:0f:21:21:79:05:b9:51:39:82:7b:a6:b8:18:8c:56:
         da:7e:ce:c8:57:e7:9c:a6:8e:a5:32:b5:66:50:92:74:9a:d1:
         ff:e8:db:ae:01:c8:08:4c:a6:90:23:bc:58:81:85:f6:7d:c7:
         44:1a:b6:fe:35:4b:da:3f:bc:59:0c:b3:83:43:2c:dc:19:a4:
         bd:5f:a3:a8:1f:37:87:9d:d8:6c:b2:74:71:3e:fc:e4:4c:04:
         ad:d0:c7:e8:e4:14:ae:08:93:24:46:2b:30:31:78:d7:b7:93:
         84:79:33:b1:d3:a7:54:3a:08:27:73:e9:77:09:ac:3c:83:8b:
         fb:56:e0:68:3e:4c:84:e2:d6:26:6a:ea:a5:88:6b:f9:97:af:
         65:cc:4d:84:9f:d6:dd:42:68:b9:3a:0b:78:e9:ec:6f:97:e8:
         13:3b:b1:c8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY0nWmJG0ZTYt2qI5D2ziru8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwMTIwMTQ1MDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzMwMTVlYzNiOTRlNDkzYjdkYTk5OGYyOTQ5YTBkNzAzZTRhOGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA469FciQhJYD/BMj1XrdyIJq7RutU
hnb3TQrtg2gjYWTmfsPVX0+tzxJik9cNfdfRdPUBHxnCfl5YkMXJm/FpB5W1aRbS
sReKq9bchPICi0iEbXNd4JwxvgiwC3AHx2RG97qFORKfHaGH7dZEn/rBuZnspCCK
xHQr1pe8bHb+Wq/h3zlKvkhEC0RJ42vGd9DsEn+kKr5jaIXeSzZoLJt2dLaBbEHp
JGhL8I2poPoDx7wXQYaDUHEbw7vWFF99MY1cQimsY8cRt18pbPpqcsrsUt0CS4hH
Hqf8+LMbI8MU2LV0bdcrv9j6rzTST3euoII9FXamMY6RvdaA4oldQA0QnQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCcwFew7lOSTt9qZjylJoNcD5Kj9MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvSnpBVjdEdVU1Sk8zMnBtUEtVbWcxd1BrcVAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg1vgEGi
MA0GCSqGSIb3DQEBCwUAA4IBAQBTwsIdL9rSmOIJRuNy4EykGoj9tQg2N2Tb4u0z
PRIt+keFeBRHSLnX37BSaFZy8vQAtt0HZMCBXQcc1l8Kk/xOWJDylbAYvkWMDWMr
iUm02HoZcgy8m6CzzMWJrA8PISF5BblROYJ7prgYjFbafs7IV+ecpo6lMrVmUJJ0
mtH/6NuuAcgITKaQI7xYgYX2fcdEGrb+NUvaP7xZDLODQyzcGaS9X6OoHzeHndhs
snRxPvzkTASt0Mfo5BSuCJMkRiswMXjXt5OEeTOx06dUOggnc+l3Caw8g4v7VuBo
PkyE4tYmauqliGv5l69lzE2En9bdQmi5Ogt46exvl+gTO7HI
-----END CERTIFICATE-----