Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/N9WxWJobn35Rr9mDkg-hRaQ9OAU.roa
File:                     N9WxWJobn35Rr9mDkg-hRaQ9OAU.roa (raw, json)
Hash identifier:          JKBOcQHAxp7NOHwCh24khWopo1EwIlCoIjNVRENYPfs=
Subject key identifier:   37:D5:B1:58:9A:1B:9F:7E:51:AF:D9:83:92:0F:A1:45:A4:3D:38:05
Certificate issuer:       /CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
Certificate serial:       01901AF2BE2CDD374B298A06F362FE3574AF
Authority key identifier: 52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/N9WxWJobn35Rr9mDkg-hRaQ9OAU.roa
Signing time:             Sat 15 Jun 2024 08:10:34 +0000
ROA not before:           Sat 15 Jun 2024 08:10:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:1a:f2:be:2c:dd:37:4b:29:8a:06:f3:62:fe:35:74:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
        Validity
            Not Before: Jun 15 08:10:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37d5b1589a1b9f7e51afd983920fa145a43d3805
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:37:04:4a:99:38:72:eb:c0:f2:b1:44:59:9b:
                    dc:52:3a:73:c0:ce:0b:82:e3:08:4d:83:d7:26:15:
                    cf:8d:c2:bc:75:c9:fa:13:c8:ac:c8:a7:a3:b1:ff:
                    db:ee:14:4f:c0:9b:dd:c2:5e:4f:50:2b:ad:ca:2e:
                    f2:1a:23:3c:8f:fc:b8:29:e7:c0:82:eb:b4:d8:74:
                    e6:eb:22:12:c1:54:c1:b0:7d:66:4c:cb:7d:40:1a:
                    e0:a4:8d:1b:bf:aa:fb:c7:45:62:ef:cc:6a:32:d0:
                    43:dd:26:f7:93:62:f9:d4:75:1d:c3:e3:47:e4:90:
                    20:a5:89:f6:e8:89:ca:8a:71:5c:4d:3f:7f:ec:f3:
                    87:ae:77:28:18:f3:47:d8:af:b2:49:4a:e1:51:b4:
                    21:6e:02:fa:e2:65:2f:1f:d7:ef:a4:0d:fe:63:dc:
                    1d:2a:7b:13:d0:51:c0:88:d7:a2:9e:c0:a5:d8:67:
                    c2:2e:bc:f3:90:96:53:42:8d:f3:33:86:18:00:59:
                    a6:0b:60:cc:c1:2f:45:9b:aa:fd:22:7f:78:97:61:
                    84:93:d6:74:a5:8f:e5:ec:44:29:88:d0:51:52:b3:
                    d6:5d:7c:23:9c:f8:5c:94:2b:ae:56:4a:88:a4:d0:
                    32:12:27:20:23:d0:26:b8:f1:aa:f1:94:27:b0:d8:
                    2e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:D5:B1:58:9A:1B:9F:7E:51:AF:D9:83:92:0F:A1:45:A4:3D:38:05
            X509v3 Authority Key Identifier:
                keyid:52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/N9WxWJobn35Rr9mDkg-hRaQ9OAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:ed:08:1f:52:20:40:64:43:7a:f2:85:8c:6c:6f:a2:e9:81:
         ab:ee:36:48:4e:dc:7d:79:30:b6:3f:ad:6d:1b:8a:98:78:ff:
         cd:02:02:ad:c4:23:72:72:7f:89:1a:58:59:ff:7a:0a:5b:de:
         f7:e3:61:e6:62:c2:94:eb:ce:2f:fb:d2:50:50:26:fc:cb:4a:
         a0:d8:fb:84:94:7e:17:6e:99:c1:d5:d2:a9:64:20:2b:70:c3:
         13:0f:67:ab:40:1f:d6:31:c3:3c:6d:d1:26:a0:20:f3:ca:0c:
         f4:d0:24:2b:2c:37:f1:70:10:3d:92:b2:c0:fa:ab:ed:3d:04:
         da:93:45:4b:b1:ab:8d:39:0b:ab:2c:4e:31:0b:86:fa:26:d5:
         af:3d:08:a9:1f:d9:9e:57:e3:2b:40:0a:d1:4e:f5:fb:ae:5f:
         13:44:1a:8d:47:2c:41:4f:b9:cd:13:d4:d3:c7:a2:10:3c:e8:
         5a:b4:25:e6:35:14:ec:80:57:cc:a7:32:52:c8:2a:a2:36:ed:
         15:f9:60:33:7a:74:6c:9c:40:c4:63:fb:ac:ef:d6:ba:ee:98:
         9c:2b:d4:c7:82:02:a1:ec:e6:2c:ee:0d:30:30:6a:fb:4b:60:
         0b:4e:21:07:1a:f8:10:7b:54:35:05:83:7c:28:f1:6c:eb:ff:
         03:d2:b1:9f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZAa8r4s3TdLKYoG82L+NXSvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNjIwNDE1ZDI0OTBhNWVjM2Y2OTI1YjlmNzkwNDBlOGUy
MmRkYmYwHhcNMjQwNjE1MDgxMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2Q1YjE1ODlhMWI5ZjdlNTFhZmQ5ODM5MjBmYTE0NWE0M2QzODA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjcESpk4cuvA8rFEWZvcUjpzwM4L
guMITYPXJhXPjcK8dcn6E8isyKejsf/b7hRPwJvdwl5PUCutyi7yGiM8j/y4KefA
guu02HTm6yISwVTBsH1mTMt9QBrgpI0bv6r7x0Vi78xqMtBD3Sb3k2L51HUdw+NH
5JAgpYn26InKinFcTT9/7POHrncoGPNH2K+ySUrhUbQhbgL64mUvH9fvpA3+Y9wd
KnsT0FHAiNeinsCl2GfCLrzzkJZTQo3zM4YYAFmmC2DMwS9Fm6r9In94l2GEk9Z0
pY/l7EQpiNBRUrPWXXwjnPhclCuuVkqIpNAyEicgI9AmuPGq8ZQnsNgurQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDfVsViaG59+Ua/Zg5IPoUWkPTgFMB8GA1UdIwQY
MBaAFFJiBBXSSQpew/aSW595BA6OIt2/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYt
ODgxNDg4ZmZkYmIwLzEvTjlXeFdKb2JuMzVScjltRGtnLWhSYVE5T0FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYtODgxNDg4ZmZkYmIw
LzEvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAD7tCB9SIEBkQ3ryhYxs
b6LpgavuNkhO3H15MLY/rW0biph4/80CAq3EI3Jyf4kaWFn/egpb3vfjYeZiwpTr
zi/70lBQJvzLSqDY+4SUfhdumcHV0qlkICtwwxMPZ6tAH9Yxwzxt0SagIPPKDPTQ
JCssN/FwED2SssD6q+09BNqTRUuxq405C6ssTjELhvom1a89CKkf2Z5X4ytACtFO
9fuuXxNEGo1HLEFPuc0T1NPHohA86Fq0JeY1FOyAV8ynMlLIKqI27RX5YDN6dGyc
QMRj+6zv1rrumJwr1MeCAqHs5izuDTAwavtLYAtOIQca+BB7VDUFg3wo8Wzr/wPS
sZ8=
-----END CERTIFICATE-----