Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/S-jvUnhJBX2ESxv5cQgmuooY--8.roa
File:                     S-jvUnhJBX2ESxv5cQgmuooY--8.roa (raw, json)
Hash identifier:          kp4ux+gu0o2uAzWjISYINSZfwRDgIT+4ojEm/t/QxC4=
Subject key identifier:   4B:E8:EF:52:78:49:05:7D:84:4B:1B:F9:71:08:26:BA:8A:18:FB:EF
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018D275A62BEECF5CB4047371D6993566230
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/S-jvUnhJBX2ESxv5cQgmuooY--8.roa
Signing time:             Sat 20 Jan 2024 14:50:51 +0000
ROA not before:           Sat 20 Jan 2024 14:50:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208682
IP address blocks:        2a0d:6f80:3309::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:27:5a:62:be:ec:f5:cb:40:47:37:1d:69:93:56:62:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan 20 14:50:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4be8ef527849057d844b1bf9710826ba8a18fbef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:29:d0:c2:ea:a0:5a:91:3e:69:b0:dd:0b:ac:
                    3b:03:1d:c8:e0:2e:21:4f:d1:a0:80:20:25:5e:fd:
                    ed:ab:c9:24:4b:1a:ae:34:b5:29:5e:ec:51:29:d7:
                    fc:36:ff:b2:19:11:bb:9b:43:d0:2a:49:8f:14:65:
                    70:1c:0d:c4:8f:9e:88:22:58:79:78:6b:36:b7:de:
                    26:0b:d4:d4:d4:30:e6:25:28:d3:c1:0e:c2:6b:45:
                    0d:c3:90:b6:84:2c:92:26:e1:d5:c5:cd:84:19:62:
                    6b:96:a2:64:7f:b5:80:d9:4f:8a:6a:cf:a9:c9:f6:
                    56:52:03:99:cd:42:2b:3d:23:a5:03:44:cf:b4:fe:
                    fe:63:1d:8b:09:b4:df:20:c4:1e:f9:14:f7:e5:3d:
                    cd:c7:05:c3:35:4f:4f:28:e9:f6:e7:19:ee:79:94:
                    e2:27:91:aa:14:7a:5b:b0:ce:31:cb:31:da:a3:f5:
                    89:58:5d:59:55:c1:ae:d4:44:5f:8c:ee:66:5c:25:
                    f0:2b:bf:79:19:ca:da:8a:84:8e:bc:f2:c3:19:65:
                    d9:4c:44:de:b2:14:7b:97:09:3c:c1:f6:55:18:f8:
                    5b:bb:41:23:f9:3f:f8:e0:c4:e1:4a:72:ba:af:b4:
                    d6:dd:41:c3:e8:12:1c:7f:7b:68:79:8f:7f:c1:20:
                    de:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:E8:EF:52:78:49:05:7D:84:4B:1B:F9:71:08:26:BA:8A:18:FB:EF
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/S-jvUnhJBX2ESxv5cQgmuooY--8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:6f80:3309::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:e0:38:2d:ce:4b:20:dc:45:08:0b:1d:56:2f:92:34:44:a0:
         23:5d:0f:a0:f8:d6:f0:cc:5e:99:74:ce:c0:76:db:be:26:9d:
         b9:b4:30:4f:fc:cd:c2:c7:32:81:b7:e3:9b:31:8b:5b:ae:3b:
         7b:24:3d:86:e9:90:88:99:1e:4e:99:92:6a:0f:d7:36:09:66:
         cb:c7:16:b8:80:18:1d:4d:2a:c4:37:80:8d:3e:0d:cd:d6:cb:
         29:e2:db:b8:ae:07:29:8d:99:cb:22:ce:64:cc:95:81:4a:66:
         85:81:f1:4d:c2:2f:f1:b4:4d:b2:e4:5d:a1:98:3d:27:55:56:
         e3:66:c7:76:79:69:13:dd:ae:bf:b4:a3:44:03:d8:42:4a:42:
         07:51:80:b6:b3:57:3c:b5:ec:26:2f:69:22:37:95:ba:dd:7e:
         af:b5:08:57:17:b2:6c:06:cf:fc:f7:34:80:d9:87:46:2d:6b:
         4e:3d:35:c5:91:55:01:2c:c1:9e:2a:11:1a:e7:d6:ee:6c:b9:
         2f:28:cc:21:d4:0f:70:d8:b6:dc:06:32:c6:b7:f0:52:d6:18:
         00:dc:1d:5d:03:ec:b4:08:ae:9b:15:b7:dd:01:90:58:51:49:
         96:af:c4:02:db:a2:25:37:90:43:c7:7d:06:ad:02:74:62:b9:
         43:f9:69:27
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY0nWmK+7PXLQEc3HWmTVmIwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwMTIwMTQ1MDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmU4ZWY1Mjc4NDkwNTdkODQ0YjFiZjk3MTA4MjZiYThhMThmYmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAninQwuqgWpE+abDdC6w7Ax3I4C4h
T9GggCAlXv3tq8kkSxquNLUpXuxRKdf8Nv+yGRG7m0PQKkmPFGVwHA3Ej56IIlh5
eGs2t94mC9TU1DDmJSjTwQ7Ca0UNw5C2hCySJuHVxc2EGWJrlqJkf7WA2U+Kas+p
yfZWUgOZzUIrPSOlA0TPtP7+Yx2LCbTfIMQe+RT35T3NxwXDNU9PKOn25xnueZTi
J5GqFHpbsM4xyzHao/WJWF1ZVcGu1ERfjO5mXCXwK795GcraioSOvPLDGWXZTETe
shR7lwk8wfZVGPhbu0Ej+T/44MThSnK6r7TW3UHD6BIcf3toeY9/wSDeHwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEvo71J4SQV9hEsb+XEIJrqKGPvvMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvUy1qdlVuaEpCWDJFU3h2NWNRZ211b29ZLS04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg1vgDMJ
MA0GCSqGSIb3DQEBCwUAA4IBAQBV4Dgtzksg3EUICx1WL5I0RKAjXQ+g+NbwzF6Z
dM7Adtu+Jp25tDBP/M3CxzKBt+ObMYtbrjt7JD2G6ZCImR5OmZJqD9c2CWbLxxa4
gBgdTSrEN4CNPg3N1ssp4tu4rgcpjZnLIs5kzJWBSmaFgfFNwi/xtE2y5F2hmD0n
VVbjZsd2eWkT3a6/tKNEA9hCSkIHUYC2s1c8tewmL2kiN5W63X6vtQhXF7JsBs/8
9zSA2YdGLWtOPTXFkVUBLMGeKhEa59bubLkvKMwh1A9w2LbcBjLGt/BS1hgA3B1d
A+y0CK6bFbfdAZBYUUmWr8QC26IlN5BDx30GrQJ0YrlD+Wkn
-----END CERTIFICATE-----