Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/z_PiXAs60_JevgxyXpxtBaiokm4.roa
File:                     z_PiXAs60_JevgxyXpxtBaiokm4.roa (raw, json)
Hash identifier:          8kvun45LLfkqbVZVolUIbXYUO2zgU8tITj7m8IrWIwo=
Subject key identifier:   CF:F3:E2:5C:0B:3A:D3:F2:5E:BE:0C:72:5E:9C:6D:05:A8:A8:92:6E
Certificate issuer:       /CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
Certificate serial:       019025774FE3F173C86DDC44D27D2659EBB1
Authority key identifier: 52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/z_PiXAs60_JevgxyXpxtBaiokm4.roa
Signing time:             Mon 17 Jun 2024 09:11:34 +0000
ROA not before:           Mon 17 Jun 2024 09:11:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:25:77:4f:e3:f1:73:c8:6d:dc:44:d2:7d:26:59:eb:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
        Validity
            Not Before: Jun 17 09:11:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cff3e25c0b3ad3f25ebe0c725e9c6d05a8a8926e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:3d:d4:b1:05:79:77:f2:54:60:f2:b9:96:f4:
                    81:62:8a:45:cb:dc:73:cd:82:35:6e:81:79:47:3a:
                    f1:56:a2:df:52:62:8e:17:a9:fc:a4:4d:c7:fc:d7:
                    c1:1d:af:63:0a:e5:cf:8a:d9:24:c1:79:cf:d5:79:
                    50:d6:f1:b9:90:be:7b:39:9f:88:97:3d:68:59:c0:
                    11:e6:59:3a:c4:5f:83:1a:22:f2:ca:7a:b1:a4:28:
                    4c:c7:76:1d:db:89:de:87:88:44:d1:85:1d:5f:4e:
                    8f:27:1b:ca:c9:be:47:26:50:23:63:d5:a9:bd:8d:
                    ff:12:3c:9e:5c:82:4a:46:15:b1:13:ee:1c:bb:0b:
                    46:5d:74:e7:86:61:3d:2f:d6:e4:d3:72:f4:22:ef:
                    e6:95:5b:0e:36:28:52:e8:8e:1b:71:bf:1f:2f:15:
                    ff:79:0b:17:68:6c:3c:ee:23:fa:74:d4:df:84:b3:
                    2c:92:57:b6:66:4a:4b:0b:da:cf:e0:be:ca:58:ba:
                    0b:73:60:8a:6e:16:9b:55:82:88:31:17:94:c2:50:
                    5f:51:e5:cb:30:c4:8a:ac:80:e3:c2:ca:58:a8:58:
                    82:eb:ae:79:8c:40:3d:cb:43:85:fb:57:e5:fc:98:
                    63:ef:d3:c2:4a:90:23:81:fc:f5:00:e8:b4:f1:23:
                    57:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:F3:E2:5C:0B:3A:D3:F2:5E:BE:0C:72:5E:9C:6D:05:A8:A8:92:6E
            X509v3 Authority Key Identifier:
                keyid:52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/z_PiXAs60_JevgxyXpxtBaiokm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:31:2b:78:7f:b4:22:22:40:ee:7e:a1:c0:35:d1:c6:c7:d7:
         db:c3:43:84:10:9e:29:79:97:c2:ef:7b:ab:17:52:fe:9b:ce:
         02:b8:e6:a5:58:d4:9b:68:26:01:3b:7c:1b:d0:02:44:e9:67:
         b3:fa:32:8a:d4:24:69:49:3d:19:44:4f:e7:c9:f3:2f:cd:ac:
         70:a2:2b:a4:ec:7a:d3:f3:c5:5b:7e:71:31:25:27:47:29:06:
         3e:86:ec:b2:8e:bb:58:7a:32:8e:54:35:5c:ae:5d:78:c6:c0:
         42:53:d4:af:35:4d:d9:58:34:a8:ab:26:8b:4a:50:8a:02:46:
         32:74:60:d5:49:10:4a:f2:4d:ad:57:fb:2f:87:38:af:cf:54:
         e2:66:b6:ce:9c:50:86:38:31:a6:15:42:3f:0e:60:7c:58:dc:
         1a:dd:f8:d3:eb:2c:71:c9:9f:1a:6e:fe:fc:39:30:51:70:fd:
         d0:90:d2:65:ed:ff:c8:61:8e:6e:f4:41:2a:5e:29:83:9e:77:
         3a:04:78:b7:ff:52:53:79:30:c9:b2:33:11:5a:32:7f:d6:18:
         eb:7d:36:59:77:c8:95:23:10:cd:62:d6:4d:2a:58:10:84:5f:
         44:d6:1f:d4:a7:c2:e7:53:34:55:3b:3a:a9:b9:01:54:86:21:
         8a:ae:f6:24
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZAld0/j8XPIbdxE0n0mWeuxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNjIwNDE1ZDI0OTBhNWVjM2Y2OTI1YjlmNzkwNDBlOGUy
MmRkYmYwHhcNMjQwNjE3MDkxMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmYzZTI1YzBiM2FkM2YyNWViZTBjNzI1ZTljNmQwNWE4YTg5MjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjD3UsQV5d/JUYPK5lvSBYopFy9xz
zYI1boF5RzrxVqLfUmKOF6n8pE3H/NfBHa9jCuXPitkkwXnP1XlQ1vG5kL57OZ+I
lz1oWcAR5lk6xF+DGiLyynqxpChMx3Yd24neh4hE0YUdX06PJxvKyb5HJlAjY9Wp
vY3/EjyeXIJKRhWxE+4cuwtGXXTnhmE9L9bk03L0Iu/mlVsONihS6I4bcb8fLxX/
eQsXaGw87iP6dNTfhLMskle2ZkpLC9rP4L7KWLoLc2CKbhabVYKIMReUwlBfUeXL
MMSKrIDjwspYqFiC6655jEA9y0OF+1fl/Jhj79PCSpAjgfz1AOi08SNXnQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFM/z4lwLOtPyXr4Mcl6cbQWoqJJuMB8GA1UdIwQY
MBaAFFJiBBXSSQpew/aSW595BA6OIt2/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYt
ODgxNDg4ZmZkYmIwLzEvel9QaVhBczYwX0pldmd4eVhweHRCYWlva200LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYtODgxNDg4ZmZkYmIw
LzEvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACoxK3h/tCIiQO5+ocA1
0cbH19vDQ4QQnil5l8Lve6sXUv6bzgK45qVY1JtoJgE7fBvQAkTpZ7P6MorUJGlJ
PRlET+fJ8y/NrHCiK6TsetPzxVt+cTElJ0cpBj6G7LKOu1h6Mo5UNVyuXXjGwEJT
1K81TdlYNKirJotKUIoCRjJ0YNVJEEryTa1X+y+HOK/PVOJmts6cUIY4MaYVQj8O
YHxY3Brd+NPrLHHJnxpu/vw5MFFw/dCQ0mXt/8hhjm70QSpeKYOedzoEeLf/UlN5
MMmyMxFaMn/WGOt9Nll3yJUjEM1i1k0qWBCEX0TWH9SnwudTNFU7Oqm5AVSGIYqu
9iQ=
-----END CERTIFICATE-----