Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/21345b-4de7-4086-9abf-d4edc20cc1ac/1/52IMZoeWu_TKTAzcp7pii6l-Ysg.roa
File:                     52IMZoeWu_TKTAzcp7pii6l-Ysg.roa (raw, json)
Hash identifier:          YcUkxJ/c5hNUiSrqZw+bccNUtKPImVJ5ZjcgmPqPd7E=
Subject key identifier:   E7:62:0C:66:87:96:BB:F4:CA:4C:0C:DC:A7:BA:62:8B:A9:7E:62:C8
Certificate issuer:       /CN=a86057859d1660e8d872979ee6d6a6b2c433a305
Certificate serial:       018CC492FF8F73E2581B4E623ED7CE95895F
Authority key identifier: A8:60:57:85:9D:16:60:E8:D8:72:97:9E:E6:D6:A6:B2:C4:33:A3:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qGBXhZ0WYOjYcpee5tamssQzowU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/21345b-4de7-4086-9abf-d4edc20cc1ac/1/52IMZoeWu_TKTAzcp7pii6l-Ysg.roa
Signing time:             Mon 01 Jan 2024 10:30:17 +0000
ROA not before:           Mon 01 Jan 2024 10:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35565
IP address blocks:        194.187.60.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/21345b-4de7-4086-9abf-d4edc20cc1ac/1/qGBXhZ0WYOjYcpee5tamssQzowU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/21345b-4de7-4086-9abf-d4edc20cc1ac/1/qGBXhZ0WYOjYcpee5tamssQzowU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qGBXhZ0WYOjYcpee5tamssQzowU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:ff:8f:73:e2:58:1b:4e:62:3e:d7:ce:95:89:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a86057859d1660e8d872979ee6d6a6b2c433a305
        Validity
            Not Before: Jan  1 10:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7620c668796bbf4ca4c0cdca7ba628ba97e62c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:92:6d:bd:76:c5:c7:ec:32:69:00:2d:07:3b:
                    c7:e9:a6:13:3e:68:86:a3:1d:a1:93:e8:78:92:ea:
                    1f:1d:3c:79:08:c3:54:f1:77:4c:b3:93:e1:e9:5c:
                    a4:15:a5:42:e2:e3:ba:71:f3:2f:fb:62:40:7c:23:
                    bf:51:5f:6b:72:40:f4:dd:f4:26:e9:54:db:dc:82:
                    86:f8:c2:bf:95:2d:54:6d:88:4d:c8:a8:fb:60:66:
                    0f:6a:e9:39:ac:ab:f2:15:cf:59:6e:3e:ff:69:e0:
                    e7:79:70:68:c6:95:2c:a2:a9:c3:4c:f6:23:8e:39:
                    a9:28:75:1d:f0:5b:70:d8:93:23:b0:4d:67:f3:e6:
                    43:ca:12:aa:11:bb:b9:95:93:42:1c:a4:b0:92:34:
                    87:d6:6c:30:78:59:77:ad:58:fe:3d:81:a8:d6:d1:
                    4c:3a:e1:1a:b6:80:a1:6a:3d:dc:c5:25:de:4b:3f:
                    da:0c:c0:fa:28:b6:ad:14:ce:ae:66:d3:33:27:48:
                    95:b0:86:22:19:45:cf:d7:76:3b:0d:82:ab:fc:4b:
                    e4:ea:26:ac:7b:bf:a9:e6:80:df:72:7a:d9:1a:34:
                    dd:74:b5:70:0c:42:38:3f:35:bf:d0:ab:a4:ef:35:
                    78:58:cf:52:fa:6a:78:85:72:45:f5:66:45:67:aa:
                    48:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:62:0C:66:87:96:BB:F4:CA:4C:0C:DC:A7:BA:62:8B:A9:7E:62:C8
            X509v3 Authority Key Identifier:
                keyid:A8:60:57:85:9D:16:60:E8:D8:72:97:9E:E6:D6:A6:B2:C4:33:A3:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGBXhZ0WYOjYcpee5tamssQzowU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/21345b-4de7-4086-9abf-d4edc20cc1ac/1/52IMZoeWu_TKTAzcp7pii6l-Ysg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/21345b-4de7-4086-9abf-d4edc20cc1ac/1/qGBXhZ0WYOjYcpee5tamssQzowU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:78:5b:9e:0d:16:c5:11:e8:ab:20:a2:3f:57:09:55:64:1e:
         54:6d:cc:7f:ee:e8:d4:72:11:f7:a6:e5:ee:40:6c:26:03:18:
         be:8d:f4:93:e6:72:d9:f6:30:79:60:b1:20:69:3d:95:2c:f6:
         74:3a:92:26:54:ec:7a:f2:6a:39:07:56:12:15:8c:87:d4:37:
         ea:d2:fb:ad:1a:64:0e:7e:ac:04:e5:10:53:36:fa:cf:0a:9b:
         95:c5:cc:a2:94:9b:39:f0:0e:68:bc:2c:4c:5c:49:d4:df:c9:
         24:1e:f0:2a:ae:cb:31:24:ec:9c:cc:fb:71:d4:3b:84:ee:fe:
         d3:86:89:83:0a:4a:ba:3d:f6:f5:50:09:fa:3d:03:0d:25:59:
         34:17:c2:60:9d:80:15:26:c6:6e:8a:08:2d:22:e3:d8:cc:7b:
         0d:ea:d2:28:fb:15:01:ae:3b:72:73:7d:57:02:ff:56:dc:b0:
         c1:af:eb:ed:ac:12:e0:1e:60:a9:2f:d5:ec:13:7a:ef:34:39:
         e2:7d:3f:5a:a6:05:4e:53:79:37:f2:70:6a:e8:36:07:f9:73:
         f2:87:a7:0e:9d:ad:d7:f1:5f:a8:3c:ea:41:b2:8d:e2:3b:fa:
         9d:04:8e:f6:70:1a:cf:fb:e4:fc:f4:a2:f8:6c:5e:c7:58:cb:
         dd:cd:dc:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkv+Pc+JYG05iPtfOlYlfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjA1Nzg1OWQxNjYwZThkODcyOTc5ZWU2ZDZhNmIyYzQz
M2EzMDUwHhcNMjQwMTAxMTAzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzYyMGM2Njg3OTZiYmY0Y2E0YzBjZGNhN2JhNjI4YmE5N2U2MmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pJtvXbFx+wyaQAtBzvH6aYTPmiG
ox2hk+h4kuofHTx5CMNU8XdMs5Ph6VykFaVC4uO6cfMv+2JAfCO/UV9rckD03fQm
6VTb3IKG+MK/lS1UbYhNyKj7YGYPauk5rKvyFc9Zbj7/aeDneXBoxpUsoqnDTPYj
jjmpKHUd8Ftw2JMjsE1n8+ZDyhKqEbu5lZNCHKSwkjSH1mwweFl3rVj+PYGo1tFM
OuEatoChaj3cxSXeSz/aDMD6KLatFM6uZtMzJ0iVsIYiGUXP13Y7DYKr/Evk6ias
e7+p5oDfcnrZGjTddLVwDEI4PzW/0Kuk7zV4WM9S+mp4hXJF9WZFZ6pI3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOdiDGaHlrv0ykwM3Ke6YoupfmLIMB8GA1UdIwQY
MBaAFKhgV4WdFmDo2HKXnubWprLEM6MFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdCWGhaMFdZT2pZY3BlZTV0YW1zc1F6b3dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS8yMTM0NWItNGRlNy00MDg2LTlhYmYt
ZDRlZGMyMGNjMWFjLzEvNTJJTVpvZVd1X1RLVEF6Y3A3cGlpNmwtWXNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS8yMTM0NWItNGRlNy00MDg2LTlhYmYtZDRlZGMyMGNjMWFj
LzEvcUdCWGhaMFdZT2pZY3BlZTV0YW1zc1F6b3dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwrs8MA0G
CSqGSIb3DQEBCwUAA4IBAQA8eFueDRbFEeirIKI/VwlVZB5Ubcx/7ujUchH3puXu
QGwmAxi+jfST5nLZ9jB5YLEgaT2VLPZ0OpImVOx68mo5B1YSFYyH1Dfq0vutGmQO
fqwE5RBTNvrPCpuVxcyilJs58A5ovCxMXEnU38kkHvAqrssxJOyczPtx1DuE7v7T
homDCkq6Pfb1UAn6PQMNJVk0F8JgnYAVJsZuiggtIuPYzHsN6tIo+xUBrjtyc31X
Av9W3LDBr+vtrBLgHmCpL9XsE3rvNDnifT9apgVOU3k38nBq6DYH+XPyh6cOna3X
8V+oPOpBso3iO/qdBI72cBrP++T89KL4bF7HWMvdzdw7
-----END CERTIFICATE-----