Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/1JcENA_cQY77r3e7HMbFfTw6KjU.roa
File:                     1JcENA_cQY77r3e7HMbFfTw6KjU.roa (raw, json)
Hash identifier:          YTmnBViGGAcmjZIdGzVuifTFYVdi4lML7HizeR9wH+k=
Subject key identifier:   D4:97:04:34:0F:DC:41:8E:FB:AF:77:BB:1C:C6:C5:7D:3C:3A:2A:35
Certificate issuer:       /CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
Certificate serial:       0190106E2D7796FDD6F3AADA54EC5FF48005
Authority key identifier: 52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/1JcENA_cQY77r3e7HMbFfTw6KjU.roa
Signing time:             Thu 13 Jun 2024 07:09:34 +0000
ROA not before:           Thu 13 Jun 2024 07:09:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:10:6e:2d:77:96:fd:d6:f3:aa:da:54:ec:5f:f4:80:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
        Validity
            Not Before: Jun 13 07:09:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d49704340fdc418efbaf77bb1cc6c57d3c3a2a35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:45:e5:29:b1:e0:63:02:6d:c0:4a:db:f8:97:
                    6f:da:4a:76:ca:af:c9:25:e1:ae:e0:9e:9b:65:ad:
                    d8:b7:a7:b7:02:59:49:0e:0e:4f:2d:15:9b:94:d7:
                    a0:05:54:1b:93:1f:33:ac:c9:89:67:6d:f2:83:d0:
                    a0:f6:7c:a2:44:4e:67:67:83:4b:ae:a3:45:26:f8:
                    19:a0:ac:98:f8:52:88:a8:82:d0:41:c6:79:ed:e7:
                    e7:3f:4a:2d:21:6c:08:8c:58:76:34:da:82:fa:2f:
                    ab:63:d9:92:c3:a3:55:53:20:b5:10:a2:73:fa:81:
                    73:6f:76:db:67:2a:6d:70:0f:55:fd:d5:9b:45:2d:
                    30:34:0f:09:10:c7:f4:b2:63:99:f3:7a:6d:7c:5f:
                    dd:b7:c6:b3:eb:c9:21:db:62:b0:4b:0a:86:39:fa:
                    72:50:21:9c:01:be:09:dc:65:f1:cd:aa:1d:4e:c6:
                    25:59:62:bb:e0:ab:f8:e4:f7:f4:ce:bd:5f:26:09:
                    27:17:d2:0f:49:e1:39:20:b3:43:9c:bd:26:dc:d6:
                    b2:da:ba:ee:d0:06:7d:31:95:bd:bf:45:d9:f3:a1:
                    ab:8d:b9:e1:3e:49:0f:e3:2d:18:46:fd:fe:eb:9a:
                    67:b2:b8:0c:48:ee:37:5e:db:ab:ea:a3:c1:d8:62:
                    72:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:97:04:34:0F:DC:41:8E:FB:AF:77:BB:1C:C6:C5:7D:3C:3A:2A:35
            X509v3 Authority Key Identifier:
                keyid:52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/1JcENA_cQY77r3e7HMbFfTw6KjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:27:77:10:57:34:69:92:69:c6:25:fd:47:9f:69:d4:db:2b:
         94:f2:66:35:22:81:7f:9d:20:57:79:d0:74:cb:19:11:a2:bd:
         ee:15:2c:cd:c4:31:a2:41:e8:ea:eb:2d:3b:c0:f1:dc:47:3e:
         83:68:5d:48:55:0b:6a:99:36:72:67:ee:4a:ce:16:0e:d7:76:
         e8:d4:61:11:3c:54:d4:6c:e5:eb:32:c3:b3:59:8c:f4:77:53:
         f4:0e:95:cd:c4:9d:b8:44:0e:3f:c5:cf:97:b5:94:3a:4c:42:
         35:d2:98:46:43:df:c1:78:d9:4d:b6:b5:21:b7:80:ca:0f:af:
         f5:81:99:6b:f9:48:62:2e:ad:8c:9e:ae:d1:06:de:4d:eb:1e:
         88:b3:19:04:f9:af:e6:3f:84:f7:d2:d4:04:04:b0:21:03:e0:
         9c:90:9c:0e:b1:70:38:fa:77:16:cb:85:7c:ed:1f:3b:ad:ec:
         7a:98:7b:b4:6d:97:c4:b2:21:58:47:25:81:6b:bb:2d:aa:25:
         a6:2e:34:7d:5a:22:fc:86:d0:58:20:27:18:16:38:26:c2:dc:
         b5:f9:a1:ee:8b:93:66:dc:73:51:4d:e9:7a:08:ad:f0:9e:e2:
         2b:50:a9:2e:ca:bc:c5:b6:6d:8c:83:90:86:6d:6e:dc:4b:6e:
         3d:88:ae:49
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZAQbi13lv3W86raVOxf9IAFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNjIwNDE1ZDI0OTBhNWVjM2Y2OTI1YjlmNzkwNDBlOGUy
MmRkYmYwHhcNMjQwNjEzMDcwOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDk3MDQzNDBmZGM0MThlZmJhZjc3YmIxY2M2YzU3ZDNjM2EyYTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0XlKbHgYwJtwErb+Jdv2kp2yq/J
JeGu4J6bZa3Yt6e3AllJDg5PLRWblNegBVQbkx8zrMmJZ23yg9Cg9nyiRE5nZ4NL
rqNFJvgZoKyY+FKIqILQQcZ57efnP0otIWwIjFh2NNqC+i+rY9mSw6NVUyC1EKJz
+oFzb3bbZyptcA9V/dWbRS0wNA8JEMf0smOZ83ptfF/dt8az68kh22KwSwqGOfpy
UCGcAb4J3GXxzaodTsYlWWK74Kv45Pf0zr1fJgknF9IPSeE5ILNDnL0m3Nay2rru
0AZ9MZW9v0XZ86GrjbnhPkkP4y0YRv3+65pnsrgMSO43Xtur6qPB2GJybwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNSXBDQP3EGO+693uxzGxX08Oio1MB8GA1UdIwQY
MBaAFFJiBBXSSQpew/aSW595BA6OIt2/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYt
ODgxNDg4ZmZkYmIwLzEvMUpjRU5BX2NRWTc3cjNlN0hNYkZmVHc2S2pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYtODgxNDg4ZmZkYmIw
LzEvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACsndxBXNGmSacYl/Uef
adTbK5TyZjUigX+dIFd50HTLGRGive4VLM3EMaJB6OrrLTvA8dxHPoNoXUhVC2qZ
NnJn7krOFg7XdujUYRE8VNRs5esyw7NZjPR3U/QOlc3EnbhEDj/Fz5e1lDpMQjXS
mEZD38F42U22tSG3gMoPr/WBmWv5SGIurYyertEG3k3rHoizGQT5r+Y/hPfS1AQE
sCED4JyQnA6xcDj6dxbLhXztHzut7HqYe7Rtl8SyIVhHJYFruy2qJaYuNH1aIvyG
0FggJxgWOCbC3LX5oe6Lk2bcc1FN6XoIrfCe4itQqS7KvMW2bYyDkIZtbtxLbj2I
rkk=
-----END CERTIFICATE-----