Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/au_CtqGBdjBmh0iZROyib551aDY.roa
File:                     au_CtqGBdjBmh0iZROyib551aDY.roa (raw, json)
Hash identifier:          a8Cgj8nz0wQtr/4axCXKvdu/xYMM5MwXYGYJEdyH1LI=
Subject key identifier:   6A:EF:C2:B6:A1:81:76:30:66:87:48:99:44:EC:A2:6F:9E:75:68:36
Certificate issuer:       /CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
Certificate serial:       019011EF9DC96A63A6B2CE30097D1D6AEC4E
Authority key identifier: 52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/au_CtqGBdjBmh0iZROyib551aDY.roa
Signing time:             Thu 13 Jun 2024 14:10:34 +0000
ROA not before:           Thu 13 Jun 2024 14:10:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:11:ef:9d:c9:6a:63:a6:b2:ce:30:09:7d:1d:6a:ec:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
        Validity
            Not Before: Jun 13 14:10:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6aefc2b6a18176306687489944eca26f9e756836
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b6:cf:38:31:42:33:00:bd:44:0e:60:ca:9b:
                    35:9d:6d:71:70:ef:1d:a8:ad:91:b1:57:28:e8:f5:
                    2b:1f:c4:84:52:2d:f2:fe:26:26:00:db:d9:1a:81:
                    cf:eb:bd:3f:46:95:2f:ce:82:7f:4e:da:51:33:e5:
                    26:5a:31:c2:80:a8:c0:18:5e:77:8d:ae:2f:47:f2:
                    c6:cb:06:8b:0e:ef:cb:a7:f6:9e:08:46:35:f8:35:
                    23:04:8d:a0:5e:1b:c5:29:10:42:4b:7f:23:61:38:
                    61:73:1a:f5:b7:75:9a:26:e4:18:9f:84:87:ef:b7:
                    69:cb:67:56:6d:af:12:74:14:95:12:ce:63:bd:4c:
                    eb:ad:6e:f2:1e:9e:a8:82:57:aa:f9:9f:64:9e:d4:
                    db:ea:13:cd:67:e6:2b:e7:69:2d:e8:f2:3f:5b:70:
                    e7:93:24:b1:e6:11:be:af:cd:a3:dd:e1:9b:22:27:
                    47:52:61:1d:91:b4:db:9b:aa:66:46:8e:5c:ca:cd:
                    8c:c3:c6:69:fc:18:ac:92:ac:00:25:23:28:07:4b:
                    57:d2:69:1d:5c:20:df:e3:54:0a:ce:2f:cf:81:e6:
                    f5:6c:9a:5e:96:e3:03:76:0c:fd:31:aa:60:26:54:
                    62:64:13:9f:a5:d8:ba:81:1b:81:70:42:e2:90:f4:
                    23:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:EF:C2:B6:A1:81:76:30:66:87:48:99:44:EC:A2:6F:9E:75:68:36
            X509v3 Authority Key Identifier:
                keyid:52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/au_CtqGBdjBmh0iZROyib551aDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:87:58:ee:52:0d:2f:77:f0:ff:8e:a0:39:fa:8c:f1:8a:4a:
         1d:9b:be:89:55:f8:a0:af:99:95:bb:58:a1:56:ae:92:87:8e:
         07:5e:f4:e9:07:33:f9:65:50:4b:d9:b8:3a:7b:89:53:23:ad:
         1a:ea:61:3d:e6:5d:42:69:2f:d4:6d:05:89:b6:51:59:16:00:
         e8:db:f2:f3:83:0b:de:18:67:04:3a:08:80:72:ae:ca:96:0e:
         5d:ab:55:87:95:d6:3f:f8:0a:cd:87:ae:3a:22:ca:26:61:62:
         53:5d:cb:7e:5e:96:7f:ad:9e:2c:69:bf:d3:64:a7:06:ee:43:
         1f:a6:df:a9:3f:77:9b:dd:7f:f5:30:42:c5:95:7c:72:3c:a9:
         83:5b:07:71:27:22:26:4b:aa:95:32:b2:a8:f3:4b:80:2e:3b:
         71:25:60:48:bb:31:c0:51:1c:94:b2:77:e0:2e:a2:11:7f:0c:
         55:02:61:44:7b:57:99:f1:23:74:13:89:d6:2e:5e:39:dc:22:
         8b:0b:23:47:7b:d7:9a:8c:6c:d2:ce:ed:39:87:c0:94:b2:38:
         ab:7c:78:b3:a1:a7:4d:ce:40:0f:99:f0:18:da:4b:2e:5f:fe:
         bf:34:3f:34:b2:01:b2:73:c9:28:3c:75:5c:79:5a:20:8a:07:
         2b:0f:50:b8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZAR753JamOmss4wCX0dauxOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNjIwNDE1ZDI0OTBhNWVjM2Y2OTI1YjlmNzkwNDBlOGUy
MmRkYmYwHhcNMjQwNjEzMTQxMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWVmYzJiNmExODE3NjMwNjY4NzQ4OTk0NGVjYTI2ZjllNzU2ODM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrbPODFCMwC9RA5gyps1nW1xcO8d
qK2RsVco6PUrH8SEUi3y/iYmANvZGoHP670/RpUvzoJ/TtpRM+UmWjHCgKjAGF53
ja4vR/LGywaLDu/Lp/aeCEY1+DUjBI2gXhvFKRBCS38jYThhcxr1t3WaJuQYn4SH
77dpy2dWba8SdBSVEs5jvUzrrW7yHp6ogleq+Z9kntTb6hPNZ+Yr52kt6PI/W3Dn
kySx5hG+r82j3eGbIidHUmEdkbTbm6pmRo5cys2Mw8Zp/BiskqwAJSMoB0tX0mkd
XCDf41QKzi/Pgeb1bJpeluMDdgz9MapgJlRiZBOfpdi6gRuBcELikPQj0QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGrvwrahgXYwZodImUTsom+edWg2MB8GA1UdIwQY
MBaAFFJiBBXSSQpew/aSW595BA6OIt2/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYt
ODgxNDg4ZmZkYmIwLzEvYXVfQ3RxR0JkakJtaDBpWlJPeWliNTUxYURZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYtODgxNDg4ZmZkYmIw
LzEvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACCHWO5SDS938P+OoDn6
jPGKSh2bvolV+KCvmZW7WKFWrpKHjgde9OkHM/llUEvZuDp7iVMjrRrqYT3mXUJp
L9RtBYm2UVkWAOjb8vODC94YZwQ6CIByrsqWDl2rVYeV1j/4Cs2HrjoiyiZhYlNd
y35eln+tnixpv9NkpwbuQx+m36k/d5vdf/UwQsWVfHI8qYNbB3EnIiZLqpUysqjz
S4AuO3ElYEi7McBRHJSyd+AuohF/DFUCYUR7V5nxI3QTidYuXjncIosLI0d715qM
bNLO7TmHwJSyOKt8eLOhp03OQA+Z8BjaSy5f/r80PzSyAbJzySg8dVx5WiCKBysP
ULg=
-----END CERTIFICATE-----