Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/m4f4JgjOZW1WhVX4EQ7gFVUBkQY.roa
File:                     m4f4JgjOZW1WhVX4EQ7gFVUBkQY.roa (raw, json)
Hash identifier:          /apsUol1Qz8bSPnUkcEpqeTAlQA2oqVux5Da+/3DQgg=
Subject key identifier:   9B:87:F8:26:08:CE:65:6D:56:85:55:F8:11:0E:E0:15:55:01:91:06
Certificate issuer:       /CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
Certificate serial:       01900FC96296186FB4B67F4E8F566D57656E
Authority key identifier: 52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/m4f4JgjOZW1WhVX4EQ7gFVUBkQY.roa
Signing time:             Thu 13 Jun 2024 04:09:34 +0000
ROA not before:           Thu 13 Jun 2024 04:09:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0f:c9:62:96:18:6f:b4:b6:7f:4e:8f:56:6d:57:65:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
        Validity
            Not Before: Jun 13 04:09:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b87f82608ce656d568555f8110ee01555019106
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:2f:13:03:b8:57:25:e0:43:63:88:57:4b:49:
                    36:6f:64:9d:e8:c6:9d:18:5f:f7:b8:5d:e1:44:56:
                    d4:d9:2a:0b:9e:a0:72:7a:30:a2:41:60:06:e7:73:
                    96:ef:72:4b:21:30:c1:80:52:88:6c:a1:29:63:5e:
                    36:a3:93:18:42:64:d4:e2:45:ae:44:37:39:97:7a:
                    55:df:21:70:12:54:f2:2f:2a:be:39:fb:19:74:b2:
                    d7:c8:ea:86:16:89:c0:99:13:17:72:7f:5a:7d:27:
                    e0:22:62:b0:5a:fc:6c:14:8d:2b:1a:cd:16:38:88:
                    2a:d1:e7:bb:11:ed:29:f4:da:df:50:92:f2:40:5e:
                    64:da:a9:24:a9:f7:0a:8f:68:f3:6a:de:e3:e7:a6:
                    5b:37:75:31:95:46:8e:79:99:7f:53:e5:28:e1:0f:
                    e7:61:5c:d1:b2:ed:ea:20:8e:3b:b1:d0:b1:e2:2c:
                    4a:68:75:c4:e4:80:5f:32:7e:7e:3d:16:95:09:7d:
                    38:0a:1c:53:2d:42:bc:c7:42:99:ad:3e:56:17:5b:
                    75:64:87:50:55:33:57:3d:45:c1:93:5c:51:7f:c3:
                    3d:c7:58:db:77:62:81:3e:f8:ad:d8:a9:9a:02:80:
                    2d:95:ab:e9:c5:ed:5a:62:a4:89:32:e7:6f:d2:a6:
                    24:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:87:F8:26:08:CE:65:6D:56:85:55:F8:11:0E:E0:15:55:01:91:06
            X509v3 Authority Key Identifier:
                keyid:52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/m4f4JgjOZW1WhVX4EQ7gFVUBkQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:2a:5b:25:af:84:12:c6:b8:7c:91:7d:ee:c3:3e:76:2d:c6:
         c0:20:d4:71:64:a1:c4:e7:d3:fd:2e:35:5c:97:b4:9b:d8:41:
         75:94:da:63:bb:59:54:8a:3b:8f:58:c1:87:8f:b1:8f:22:63:
         22:7d:f4:d6:37:9d:ab:bc:1a:7a:a2:3e:fd:65:7f:ec:82:27:
         27:c9:7d:b6:37:1b:d8:f7:12:70:0e:7d:3b:f2:af:4a:b7:fb:
         7c:60:19:02:56:ff:32:13:9d:30:53:4d:ba:40:47:4d:31:9a:
         d5:ff:dd:7d:8b:24:e6:96:fa:0a:dd:bf:63:a5:82:3e:0b:20:
         21:b3:b9:d4:23:94:bc:9f:42:99:ca:e8:55:9b:84:33:1d:9e:
         af:f0:17:68:16:bc:e9:22:55:76:40:32:96:13:34:db:77:7e:
         40:76:e6:ed:f7:58:40:13:13:d1:ec:4b:37:6c:1c:19:23:0d:
         fe:b4:1b:7d:49:91:f8:b3:09:0a:4f:49:48:90:ed:67:ef:06:
         7d:5a:2e:13:03:f4:1f:e7:bb:2b:85:f4:cf:77:a7:aa:b5:c7:
         9d:0b:95:7a:27:75:44:78:b7:4c:b9:5a:e9:ec:9c:5d:5b:4e:
         1d:14:a6:80:6b:fc:28:d9:b9:ad:11:22:2b:69:c2:0d:51:e8:
         6e:d8:e9:59
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZAPyWKWGG+0tn9Oj1ZtV2VuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNjIwNDE1ZDI0OTBhNWVjM2Y2OTI1YjlmNzkwNDBlOGUy
MmRkYmYwHhcNMjQwNjEzMDQwOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yjg3ZjgyNjA4Y2U2NTZkNTY4NTU1ZjgxMTBlZTAxNTU1MDE5MTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0i8TA7hXJeBDY4hXS0k2b2Sd6Mad
GF/3uF3hRFbU2SoLnqByejCiQWAG53OW73JLITDBgFKIbKEpY142o5MYQmTU4kWu
RDc5l3pV3yFwElTyLyq+OfsZdLLXyOqGFonAmRMXcn9afSfgImKwWvxsFI0rGs0W
OIgq0ee7Ee0p9NrfUJLyQF5k2qkkqfcKj2jzat7j56ZbN3UxlUaOeZl/U+Uo4Q/n
YVzRsu3qII47sdCx4ixKaHXE5IBfMn5+PRaVCX04ChxTLUK8x0KZrT5WF1t1ZIdQ
VTNXPUXBk1xRf8M9x1jbd2KBPvit2KmaAoAtlavpxe1aYqSJMudv0qYkiwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJuH+CYIzmVtVoVV+BEO4BVVAZEGMB8GA1UdIwQY
MBaAFFJiBBXSSQpew/aSW595BA6OIt2/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYt
ODgxNDg4ZmZkYmIwLzEvbTRmNEpnak9aVzFXaFZYNEVRN2dGVlVCa1FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYtODgxNDg4ZmZkYmIw
LzEvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJkqWyWvhBLGuHyRfe7D
PnYtxsAg1HFkocTn0/0uNVyXtJvYQXWU2mO7WVSKO49YwYePsY8iYyJ99NY3nau8
GnqiPv1lf+yCJyfJfbY3G9j3EnAOfTvyr0q3+3xgGQJW/zITnTBTTbpAR00xmtX/
3X2LJOaW+grdv2Olgj4LICGzudQjlLyfQpnK6FWbhDMdnq/wF2gWvOkiVXZAMpYT
NNt3fkB25u33WEATE9HsSzdsHBkjDf60G31JkfizCQpPSUiQ7WfvBn1aLhMD9B/n
uyuF9M93p6q1x50LlXondUR4t0y5WunsnF1bTh0UpoBr/CjZua0RIitpwg1R6G7Y
6Vk=
-----END CERTIFICATE-----