Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/16634f-9724-4d8d-962d-698f818bbd33/1/z52VXDGyTEUV4divpmluQ7zXz3g.roa
File:                     z52VXDGyTEUV4divpmluQ7zXz3g.roa (raw, json)
Hash identifier:          TfsnREbXLycGRMqsq/0Z2beUA3wAI+++BgyyGIFXCr0=
Subject key identifier:   CF:9D:95:5C:31:B2:4C:45:15:E1:D8:AF:A6:69:6E:43:BC:D7:CF:78
Certificate issuer:       /CN=db269d0ea8caa40c7a704382cab53e1b026d6b43
Certificate serial:       018CC9B9A02111C7611ADE133E43BB9D7CD8
Authority key identifier: DB:26:9D:0E:A8:CA:A4:0C:7A:70:43:82:CA:B5:3E:1B:02:6D:6B:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2yadDqjKpAx6cEOCyrU-GwJta0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/16634f-9724-4d8d-962d-698f818bbd33/1/z52VXDGyTEUV4divpmluQ7zXz3g.roa
Signing time:             Tue 02 Jan 2024 10:30:34 +0000
ROA not before:           Tue 02 Jan 2024 10:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62336
IP address blocks:        85.209.60.0/22 maxlen: 22
                          2a09:88c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/16634f-9724-4d8d-962d-698f818bbd33/1/2yadDqjKpAx6cEOCyrU-GwJta0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/16634f-9724-4d8d-962d-698f818bbd33/1/2yadDqjKpAx6cEOCyrU-GwJta0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2yadDqjKpAx6cEOCyrU-GwJta0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:b9:a0:21:11:c7:61:1a:de:13:3e:43:bb:9d:7c:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db269d0ea8caa40c7a704382cab53e1b026d6b43
        Validity
            Not Before: Jan  2 10:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf9d955c31b24c4515e1d8afa6696e43bcd7cf78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:bb:70:e3:95:a9:69:e4:25:47:3f:39:d4:2f:
                    c5:06:c0:58:36:a0:c4:36:6c:c6:87:c4:2f:3d:ef:
                    a9:af:af:ba:0b:32:2b:c0:74:90:78:82:c3:59:90:
                    35:d5:fa:3b:dd:90:67:bf:6f:f0:91:75:5e:81:ab:
                    64:d9:63:8c:d8:23:b5:06:dd:60:f6:cd:f7:66:6a:
                    8b:e8:d5:88:dd:73:c8:f8:65:34:7f:aa:02:df:95:
                    2e:be:c1:f3:02:7c:54:f4:dd:98:1c:57:ad:04:fd:
                    ff:be:e5:3f:4c:87:20:12:a3:2f:56:bd:6e:3a:84:
                    64:4c:4b:7f:e1:25:6a:43:c2:8e:50:b5:17:08:67:
                    72:e1:87:d9:d1:e5:97:82:fe:8a:a6:ee:75:2b:a0:
                    b3:66:9f:ab:9e:49:91:15:d8:11:a0:08:eb:43:f3:
                    6b:62:cc:b8:ce:c4:44:9c:51:df:de:20:bd:50:46:
                    74:02:1c:68:85:e6:0a:c5:48:f6:08:b8:8a:65:f4:
                    a3:48:39:39:63:3f:97:3a:b0:b5:ff:6d:6f:49:07:
                    b9:af:e7:1a:5d:43:45:83:ce:88:09:6f:b0:ec:72:
                    55:a3:28:ad:9c:d1:5a:8e:b1:bc:f0:1a:9b:29:c6:
                    d0:a6:b0:94:6b:e1:9a:9c:6a:26:de:97:31:45:a8:
                    02:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:9D:95:5C:31:B2:4C:45:15:E1:D8:AF:A6:69:6E:43:BC:D7:CF:78
            X509v3 Authority Key Identifier:
                keyid:DB:26:9D:0E:A8:CA:A4:0C:7A:70:43:82:CA:B5:3E:1B:02:6D:6B:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2yadDqjKpAx6cEOCyrU-GwJta0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/16634f-9724-4d8d-962d-698f818bbd33/1/z52VXDGyTEUV4divpmluQ7zXz3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/16634f-9724-4d8d-962d-698f818bbd33/1/2yadDqjKpAx6cEOCyrU-GwJta0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.60.0/22
                IPv6:
                  2a09:88c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:74:82:7f:f3:8d:37:59:0c:d8:de:8a:1d:2e:b2:e5:37:df:
         2f:34:09:ea:a3:02:6f:e8:64:c7:fd:59:b2:88:f7:33:e8:a8:
         d3:8d:18:0b:50:a2:81:37:63:2c:56:b1:68:41:60:8f:73:b0:
         8d:97:81:a6:3c:03:69:ad:90:3c:19:38:56:51:f3:ee:f3:98:
         35:d0:a4:6d:ac:f9:7d:36:44:79:ae:32:26:1f:a6:ab:93:a1:
         2a:62:71:06:5a:95:b6:ec:ea:43:b9:ea:e9:c0:84:a2:71:f9:
         b6:6d:d1:cf:21:92:b9:1d:b2:06:47:55:a6:29:89:79:bc:39:
         95:b2:79:6a:e6:14:13:5c:ad:c8:86:1d:71:e8:d3:67:f3:6c:
         6a:05:19:43:c4:23:2a:7f:fc:23:6d:c2:fc:58:7e:8b:87:96:
         3c:ea:26:02:86:86:b7:7c:23:bd:fa:a8:b1:27:1d:aa:e8:48:
         7f:42:a7:aa:2a:3a:4d:16:68:38:7e:5f:c2:67:5a:ec:14:24:
         71:cc:d4:fd:4c:74:22:b1:bb:06:a6:2e:33:74:ad:11:5a:de:
         58:dd:f2:89:2c:68:a8:16:53:85:72:8d:8b:34:4f:75:d8:26:
         b0:bc:45:40:58:57:d8:8c:f8:f1:d5:d5:c7:fb:7d:3f:fc:85:
         14:c2:18:f6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJuaAhEcdhGt4TPkO7nXzYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMjY5ZDBlYThjYWE0MGM3YTcwNDM4MmNhYjUzZTFiMDI2
ZDZiNDMwHhcNMjQwMTAyMTAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjlkOTU1YzMxYjI0YzQ1MTVlMWQ4YWZhNjY5NmU0M2JjZDdjZjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLtw45WpaeQlRz851C/FBsBYNqDE
NmzGh8QvPe+pr6+6CzIrwHSQeILDWZA11fo73ZBnv2/wkXVegatk2WOM2CO1Bt1g
9s33ZmqL6NWI3XPI+GU0f6oC35UuvsHzAnxU9N2YHFetBP3/vuU/TIcgEqMvVr1u
OoRkTEt/4SVqQ8KOULUXCGdy4YfZ0eWXgv6Kpu51K6CzZp+rnkmRFdgRoAjrQ/Nr
Ysy4zsREnFHf3iC9UEZ0AhxoheYKxUj2CLiKZfSjSDk5Yz+XOrC1/21vSQe5r+ca
XUNFg86ICW+w7HJVoyitnNFajrG88BqbKcbQprCUa+GanGom3pcxRagC9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM+dlVwxskxFFeHYr6ZpbkO81894MB8GA1UdIwQY
MBaAFNsmnQ6oyqQMenBDgsq1PhsCbWtDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnlhZERxaktwQXg2Y0VPQ3lyVS1Hd0p0YTBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8xNjYzNGYtOTcyNC00ZDhkLTk2MmQt
Njk4ZjgxOGJiZDMzLzEvejUyVlhER3lURVVWNGRpdnBtbHVRN3pYejNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8xNjYzNGYtOTcyNC00ZDhkLTk2MmQtNjk4ZjgxOGJiZDMz
LzEvMnlhZERxaktwQXg2Y0VPQ3lyVS1Hd0p0YTBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCVdE8MA0E
AgACMAcDBQMqCYjAMA0GCSqGSIb3DQEBCwUAA4IBAQBJdIJ/8403WQzY3oodLrLl
N98vNAnqowJv6GTH/VmyiPcz6KjTjRgLUKKBN2MsVrFoQWCPc7CNl4GmPANprZA8
GThWUfPu85g10KRtrPl9NkR5rjImH6ark6EqYnEGWpW27OpDuerpwISicfm2bdHP
IZK5HbIGR1WmKYl5vDmVsnlq5hQTXK3Ihh1x6NNn82xqBRlDxCMqf/wjbcL8WH6L
h5Y86iYChoa3fCO9+qixJx2q6Eh/QqeqKjpNFmg4fl/CZ1rsFCRxzNT9THQisbsG
pi4zdK0RWt5Y3fKJLGioFlOFco2LNE912CawvEVAWFfYjPjx1dXH+30//IUUwhj2
-----END CERTIFICATE-----