Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/f92871-0d3a-4d87-afdc-071b991af01f/1/JujD6Pt3T1HeSm5wZFbOh1NdXiU.roa
File:                     JujD6Pt3T1HeSm5wZFbOh1NdXiU.roa (raw, json)
Hash identifier:          yOTO4uAR8THtn92LETUeLgN8J66Q5+WtNjXdrP19hC4=
Subject key identifier:   26:E8:C3:E8:FB:77:4F:51:DE:4A:6E:70:64:56:CE:87:53:5D:5E:25
Certificate issuer:       /CN=4c71b147eb8737abcc335f8020951b25ff2656a6
Certificate serial:       018CC5DC6118C509FCE52633A79A8F10C538
Authority key identifier: 4C:71:B1:47:EB:87:37:AB:CC:33:5F:80:20:95:1B:25:FF:26:56:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/THGxR-uHN6vMM1-AIJUbJf8mVqY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/f92871-0d3a-4d87-afdc-071b991af01f/1/JujD6Pt3T1HeSm5wZFbOh1NdXiU.roa
Signing time:             Mon 01 Jan 2024 16:30:03 +0000
ROA not before:           Mon 01 Jan 2024 16:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35819
IP address blocks:        82.197.52.0/27 maxlen: 27
                          82.197.52.32/27 maxlen: 27

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/f92871-0d3a-4d87-afdc-071b991af01f/1/THGxR-uHN6vMM1-AIJUbJf8mVqY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/f92871-0d3a-4d87-afdc-071b991af01f/1/THGxR-uHN6vMM1-AIJUbJf8mVqY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/THGxR-uHN6vMM1-AIJUbJf8mVqY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:61:18:c5:09:fc:e5:26:33:a7:9a:8f:10:c5:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c71b147eb8737abcc335f8020951b25ff2656a6
        Validity
            Not Before: Jan  1 16:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26e8c3e8fb774f51de4a6e706456ce87535d5e25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:3f:db:9b:39:f9:2a:4b:a7:c0:f6:83:2e:11:
                    04:9e:00:cb:f2:e6:2a:55:d5:3a:b7:0e:79:e7:ab:
                    bf:9a:0f:d0:ec:fc:5f:8c:7a:ef:94:2f:ca:18:dc:
                    71:d0:f9:14:87:e8:0f:8e:f4:a3:c4:5c:81:2b:97:
                    78:af:4a:c4:d3:5f:92:97:f7:b9:cd:e5:3d:5a:2b:
                    bf:1e:b3:86:59:ce:e7:7a:6a:47:3a:31:44:15:09:
                    6e:bb:91:66:cb:f6:90:45:48:88:fa:4e:f8:29:dd:
                    15:9a:ab:79:80:6f:7d:5b:88:ed:69:01:3f:1c:d8:
                    57:d0:a1:7f:c2:03:93:1f:a7:91:31:e1:f6:1a:b7:
                    bc:c7:76:ae:66:33:ba:99:bd:39:56:ac:81:df:b3:
                    d1:24:68:49:5a:fd:77:29:b3:c6:eb:18:f0:3a:6d:
                    52:72:62:c6:39:97:8c:03:b4:e8:32:7f:af:17:b5:
                    ad:e0:bd:66:d9:de:67:4d:df:34:31:44:5a:dd:ee:
                    f0:f9:61:53:ad:2e:2c:b3:82:7f:d7:1b:f7:a7:01:
                    78:98:ca:73:ae:3f:cc:52:2f:f3:26:96:17:1b:2b:
                    d2:60:e5:86:25:ed:55:db:50:dc:dc:a9:bc:83:85:
                    cf:0d:f2:4a:c6:6f:b7:85:c1:71:8c:51:21:3e:1a:
                    02:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:E8:C3:E8:FB:77:4F:51:DE:4A:6E:70:64:56:CE:87:53:5D:5E:25
            X509v3 Authority Key Identifier:
                keyid:4C:71:B1:47:EB:87:37:AB:CC:33:5F:80:20:95:1B:25:FF:26:56:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/THGxR-uHN6vMM1-AIJUbJf8mVqY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/f92871-0d3a-4d87-afdc-071b991af01f/1/JujD6Pt3T1HeSm5wZFbOh1NdXiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/f92871-0d3a-4d87-afdc-071b991af01f/1/THGxR-uHN6vMM1-AIJUbJf8mVqY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.197.52.0/26

    Signature Algorithm: sha256WithRSAEncryption
         2c:ba:a2:d7:30:23:e8:83:c6:00:ce:62:19:3f:5c:a1:a5:63:
         d1:9f:aa:9e:c9:18:af:6f:bc:29:c0:37:d0:f9:e6:e2:98:fe:
         48:84:24:3a:da:8d:09:d8:56:c7:cc:ad:16:b6:95:df:c6:06:
         81:e4:35:82:b4:cb:18:7e:60:57:77:e7:3f:a5:63:e1:31:d6:
         a2:d9:3d:eb:6a:f4:89:e0:aa:ff:dc:d6:dd:5b:f1:c6:0e:a3:
         b9:f4:7b:3e:43:99:64:21:1e:5a:58:04:e3:35:e7:cc:bd:5a:
         d8:78:bb:34:e4:52:6f:47:5e:57:3e:2f:6c:9e:70:04:dd:00:
         2a:52:59:ac:f5:51:7e:72:42:a7:9e:9e:db:0e:f9:ec:d1:7f:
         aa:e0:7d:50:70:1c:d1:67:83:89:e9:b4:ee:0a:45:f0:d6:18:
         b4:30:ac:88:ac:43:5b:fc:50:3f:9f:23:6c:08:72:68:d7:4e:
         13:3d:f2:5b:81:a8:25:66:5c:52:9f:f5:08:4b:d3:22:01:38:
         d9:ad:1d:d8:14:32:7c:d9:30:43:c0:c0:7d:ce:c0:91:80:29:
         19:ac:b8:ef:eb:fc:1c:f0:0f:84:4b:05:94:cf:dd:eb:b4:60:
         14:11:30:1b:0e:f4:3c:4a:00:da:3f:68:95:f1:cd:f0:55:7f:
         2f:48:dc:87
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzF3GEYxQn85SYzp5qPEMU4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNzFiMTQ3ZWI4NzM3YWJjYzMzNWY4MDIwOTUxYjI1ZmYy
NjU2YTYwHhcNMjQwMTAxMTYzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmU4YzNlOGZiNzc0ZjUxZGU0YTZlNzA2NDU2Y2U4NzUzNWQ1ZTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsD/bmzn5KkunwPaDLhEEngDL8uYq
VdU6tw5556u/mg/Q7PxfjHrvlC/KGNxx0PkUh+gPjvSjxFyBK5d4r0rE01+Sl/e5
zeU9Wiu/HrOGWc7nempHOjFEFQluu5Fmy/aQRUiI+k74Kd0Vmqt5gG99W4jtaQE/
HNhX0KF/wgOTH6eRMeH2Gre8x3auZjO6mb05VqyB37PRJGhJWv13KbPG6xjwOm1S
cmLGOZeMA7ToMn+vF7Wt4L1m2d5nTd80MURa3e7w+WFTrS4ss4J/1xv3pwF4mMpz
rj/MUi/zJpYXGyvSYOWGJe1V21Dc3Km8g4XPDfJKxm+3hcFxjFEhPhoCXQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCbow+j7d09R3kpucGRWzodTXV4lMB8GA1UdIwQY
MBaAFExxsUfrhzerzDNfgCCVGyX/JlamMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEhHeFItdUhONnZNTTEtQUlKVWJKZjhtVnFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9mOTI4NzEtMGQzYS00ZDg3LWFmZGMt
MDcxYjk5MWFmMDFmLzEvSnVqRDZQdDNUMUhlU201d1pGYk9oMU5kWGlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9mOTI4NzEtMGQzYS00ZDg3LWFmZGMtMDcxYjk5MWFmMDFm
LzEvVEhHeFItdUhONnZNTTEtQUlKVWJKZjhtVnFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUGUsU0ADAN
BgkqhkiG9w0BAQsFAAOCAQEALLqi1zAj6IPGAM5iGT9coaVj0Z+qnskYr2+8KcA3
0Pnm4pj+SIQkOtqNCdhWx8ytFraV38YGgeQ1grTLGH5gV3fnP6Vj4THWotk962r0
ieCq/9zW3Vvxxg6jufR7PkOZZCEeWlgE4zXnzL1a2Hi7NORSb0deVz4vbJ5wBN0A
KlJZrPVRfnJCp56e2w757NF/quB9UHAc0WeDiem07gpF8NYYtDCsiKxDW/xQP58j
bAhyaNdOEz3yW4GoJWZcUp/1CEvTIgE42a0d2BQyfNkwQ8DAfc7AkYApGay47+v8
HPAPhEsFlM/d67RgFBEwGw70PEoA2j9olfHN8FV/L0jchw==
-----END CERTIFICATE-----