Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/b7GBmsPSnGGrOwq3v-ycgHV5cu0.roa
File:                     b7GBmsPSnGGrOwq3v-ycgHV5cu0.roa (raw, json)
Hash identifier:          DWtBpuo6jMxSm4cjFHV2DLBr1PxHqu1ffv9/zTuRuVg=
Subject key identifier:   6F:B1:81:9A:C3:D2:9C:61:AB:3B:0A:B7:BF:EC:9C:80:75:79:72:ED
Certificate issuer:       /CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
Certificate serial:       01901ABCBAB430A8F603F84FD94B077AF8D9
Authority key identifier: 52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/b7GBmsPSnGGrOwq3v-ycgHV5cu0.roa
Signing time:             Sat 15 Jun 2024 07:11:34 +0000
ROA not before:           Sat 15 Jun 2024 07:11:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:1a:bc:ba:b4:30:a8:f6:03:f8:4f:d9:4b:07:7a:f8:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
        Validity
            Not Before: Jun 15 07:11:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fb1819ac3d29c61ab3b0ab7bfec9c80757972ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:5a:02:7a:3b:7a:69:40:d4:4a:ff:ab:21:f7:
                    e3:fb:29:f9:15:38:b0:69:e1:15:51:70:0c:36:f0:
                    e5:7b:25:37:0c:ab:27:3e:2b:72:44:ca:ca:e2:24:
                    78:51:a3:08:dc:2d:71:f4:b1:16:b2:56:51:5b:69:
                    6a:cc:9b:89:9e:31:f0:f7:53:4d:0a:7a:2e:80:ee:
                    1d:56:90:36:68:83:a4:cb:43:2f:63:d2:41:a2:11:
                    1a:7e:c3:32:2d:f3:0b:4a:f5:0a:25:37:6a:09:cd:
                    fb:9d:31:86:1c:3e:c7:67:2f:8e:ae:6d:71:eb:fa:
                    a0:60:e7:02:c5:fe:39:8d:0a:55:15:28:f9:94:c1:
                    1c:90:ff:09:63:42:26:ba:60:6a:48:a0:b2:1b:e5:
                    a6:0d:f9:3e:8a:e8:d8:30:71:de:a3:61:89:64:a6:
                    0b:20:c2:79:73:d7:c4:dd:8e:26:89:fb:d9:b7:92:
                    71:7a:5a:d0:07:de:e2:a0:83:04:27:0d:0d:d8:33:
                    e8:9f:80:28:03:63:d8:2c:9a:ae:b8:5b:ad:e6:ce:
                    bf:13:9e:19:b1:e9:db:db:73:52:df:8a:6c:11:59:
                    64:80:c9:f7:64:ed:9c:d0:78:be:86:76:fe:23:2f:
                    2f:01:bb:84:0a:3f:0d:6b:15:b6:58:31:f5:c1:b3:
                    70:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:B1:81:9A:C3:D2:9C:61:AB:3B:0A:B7:BF:EC:9C:80:75:79:72:ED
            X509v3 Authority Key Identifier:
                keyid:52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/b7GBmsPSnGGrOwq3v-ycgHV5cu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:8c:be:6b:db:8f:06:11:3b:b3:12:11:c4:c6:74:77:88:3e:
         d2:89:df:24:af:50:76:41:95:76:bf:7e:19:84:82:33:7e:b0:
         ca:b4:10:a7:81:7d:19:f2:e7:99:3a:db:b4:d2:27:d3:49:37:
         c9:8d:d1:d4:6f:be:58:26:a2:e4:cd:1f:e1:7c:f5:4a:51:e2:
         a2:ea:54:de:9b:d3:a3:1d:d2:a7:af:f2:db:07:31:3d:58:b7:
         e5:c7:5b:27:51:f0:15:f1:1e:ed:1d:57:69:4e:8f:89:4e:35:
         e3:4a:7e:a5:1a:55:ff:ce:f1:14:23:56:09:07:13:d3:be:bf:
         3d:5b:53:66:09:1e:85:f7:d6:0e:b7:2f:d3:de:56:cc:ae:17:
         e7:c2:e6:63:66:4a:3a:19:1b:62:ce:03:c3:04:0e:cf:64:34:
         08:4b:44:e4:ae:8e:4c:e3:83:c5:4a:bd:e7:ca:45:19:89:a6:
         48:ce:01:c5:e3:99:a9:7a:80:1d:20:88:ce:8b:5b:c4:8f:a6:
         3f:61:20:46:fb:09:fd:45:67:f7:83:c6:e2:3f:b4:6e:d2:95:
         e4:82:37:76:f9:c2:c8:65:37:84:b4:67:88:a5:16:5b:98:de:
         de:d5:a6:51:f3:94:ee:57:d1:3b:79:80:fe:3b:4f:97:3b:36:
         cb:77:92:38
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZAavLq0MKj2A/hP2UsHevjZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNjIwNDE1ZDI0OTBhNWVjM2Y2OTI1YjlmNzkwNDBlOGUy
MmRkYmYwHhcNMjQwNjE1MDcxMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmIxODE5YWMzZDI5YzYxYWIzYjBhYjdiZmVjOWM4MDc1Nzk3MmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFoCejt6aUDUSv+rIffj+yn5FTiw
aeEVUXAMNvDleyU3DKsnPityRMrK4iR4UaMI3C1x9LEWslZRW2lqzJuJnjHw91NN
CnougO4dVpA2aIOky0MvY9JBohEafsMyLfMLSvUKJTdqCc37nTGGHD7HZy+Orm1x
6/qgYOcCxf45jQpVFSj5lMEckP8JY0ImumBqSKCyG+WmDfk+iujYMHHeo2GJZKYL
IMJ5c9fE3Y4mifvZt5JxelrQB97ioIMEJw0N2DPon4AoA2PYLJquuFut5s6/E54Z
senb23NS34psEVlkgMn3ZO2c0Hi+hnb+Iy8vAbuECj8NaxW2WDH1wbNwPwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFG+xgZrD0pxhqzsKt7/snIB1eXLtMB8GA1UdIwQY
MBaAFFJiBBXSSQpew/aSW595BA6OIt2/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYt
ODgxNDg4ZmZkYmIwLzEvYjdHQm1zUFNuR0dyT3dxM3YteWNnSFY1Y3UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYtODgxNDg4ZmZkYmIw
LzEvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEeMvmvbjwYRO7MSEcTG
dHeIPtKJ3ySvUHZBlXa/fhmEgjN+sMq0EKeBfRny55k627TSJ9NJN8mN0dRvvlgm
ouTNH+F89UpR4qLqVN6b06Md0qev8tsHMT1Yt+XHWydR8BXxHu0dV2lOj4lONeNK
fqUaVf/O8RQjVgkHE9O+vz1bU2YJHoX31g63L9PeVsyuF+fC5mNmSjoZG2LOA8ME
Ds9kNAhLROSujkzjg8VKvefKRRmJpkjOAcXjmal6gB0giM6LW8SPpj9hIEb7Cf1F
Z/eDxuI/tG7SleSCN3b5wshlN4S0Z4ilFluY3t7VplHzlO5X0Tt5gP47T5c7Nst3
kjg=
-----END CERTIFICATE-----