Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/C9G0rRGZ6GKhihzmHim48PQOkME.roa
File:                     C9G0rRGZ6GKhihzmHim48PQOkME.roa (raw, json)
Hash identifier:          CI1YI7t2w11PUQ+nJL3IVXQDI4OkRpveh4G9p1l0o8k=
Subject key identifier:   0B:D1:B4:AD:11:99:E8:62:A1:8A:1C:E6:1E:29:B8:F0:F4:0E:90:C1
Certificate issuer:       /CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
Certificate serial:       019016DFF675F106391F8C67291497B2F9C9
Authority key identifier: 52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/C9G0rRGZ6GKhihzmHim48PQOkME.roa
Signing time:             Fri 14 Jun 2024 13:11:34 +0000
ROA not before:           Fri 14 Jun 2024 13:11:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:16:df:f6:75:f1:06:39:1f:8c:67:29:14:97:b2:f9:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
        Validity
            Not Before: Jun 14 13:11:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bd1b4ad1199e862a18a1ce61e29b8f0f40e90c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:dc:bc:47:16:dc:84:b0:b2:7a:4f:9c:de:07:
                    ca:70:04:bb:bc:f0:d1:1c:97:37:99:96:c5:db:8d:
                    dd:5f:f9:47:e3:86:53:72:a9:70:da:b6:fe:35:e6:
                    81:e8:25:dd:b3:c9:87:56:6c:2a:49:1f:78:0c:70:
                    1f:0a:11:b8:c9:12:e5:4b:78:83:0a:24:9d:ab:1b:
                    57:d4:be:5d:ef:9a:54:62:a8:6c:a7:96:a9:16:e0:
                    10:49:75:5a:1f:44:c3:c3:37:0f:7c:21:2b:28:1f:
                    ca:44:a0:4d:dc:05:a1:c5:87:10:92:d3:9c:fb:bc:
                    5c:ca:bb:6d:5e:72:53:fb:30:4a:87:02:90:2c:f0:
                    b7:50:39:26:29:0c:53:66:78:e6:2a:65:72:6c:2d:
                    06:31:97:9f:3e:60:01:d1:87:87:b4:8e:d8:09:5c:
                    c8:14:f7:da:cf:5e:ab:6a:08:19:78:59:fd:fc:96:
                    5a:10:01:57:b0:b5:86:d0:1b:4a:e6:09:65:4c:ea:
                    53:14:19:e8:0b:83:64:75:8c:9e:45:d0:48:2a:81:
                    73:c0:55:7f:e9:8b:d9:46:e5:90:36:16:30:85:f8:
                    aa:0f:82:9c:3d:54:00:e2:8f:2f:1a:d1:3c:8c:70:
                    1a:b4:a0:45:9a:8f:fa:f6:b6:54:f1:31:96:81:6b:
                    28:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:D1:B4:AD:11:99:E8:62:A1:8A:1C:E6:1E:29:B8:F0:F4:0E:90:C1
            X509v3 Authority Key Identifier:
                keyid:52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/C9G0rRGZ6GKhihzmHim48PQOkME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:86:c1:2c:33:0a:21:10:24:f0:6e:de:c9:65:15:b0:9e:c7:
         f5:1c:f1:f4:bf:38:92:2f:b9:68:51:74:b7:d4:33:e1:eb:0e:
         ad:49:7e:65:3a:20:a8:ab:e1:f2:77:e9:46:5f:a8:63:3d:dd:
         e6:25:23:b2:35:80:6b:63:c4:62:05:77:22:6a:f2:f4:2a:ad:
         0c:a1:0e:fb:6a:d5:7d:e2:eb:6f:5d:ba:d8:77:dc:74:c8:49:
         7b:29:7a:95:d8:a5:0e:43:c5:c1:72:84:48:1c:d3:cf:da:23:
         38:1b:27:93:71:6c:f2:2c:b7:56:38:2f:ee:72:19:19:70:78:
         ec:35:27:0c:6e:cb:a0:9d:d4:8e:e0:b3:1e:dd:15:c6:d1:fa:
         c5:fb:f8:65:f0:51:bb:7c:21:ff:4f:5b:9a:bc:e3:47:33:bc:
         1e:03:c1:4a:b5:49:d2:3c:f4:5a:a1:a4:b0:58:da:8d:a6:34:
         76:f8:a4:68:9e:39:f6:e5:f5:42:42:67:60:f1:64:27:b6:e9:
         bf:9f:30:93:8a:81:a9:ae:32:2f:c4:24:28:f1:ba:ba:53:60:
         ee:5d:71:27:d8:5b:33:9b:f6:f8:07:be:9b:c7:52:bb:0e:0f:
         ff:50:29:e0:9a:44:fd:7e:cb:a1:45:0a:31:d0:1c:e1:35:d7:
         c8:76:ce:3c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZAW3/Z18QY5H4xnKRSXsvnJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNjIwNDE1ZDI0OTBhNWVjM2Y2OTI1YjlmNzkwNDBlOGUy
MmRkYmYwHhcNMjQwNjE0MTMxMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmQxYjRhZDExOTllODYyYTE4YTFjZTYxZTI5YjhmMGY0MGU5MGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9dy8RxbchLCyek+c3gfKcAS7vPDR
HJc3mZbF243dX/lH44ZTcqlw2rb+NeaB6CXds8mHVmwqSR94DHAfChG4yRLlS3iD
CiSdqxtX1L5d75pUYqhsp5apFuAQSXVaH0TDwzcPfCErKB/KRKBN3AWhxYcQktOc
+7xcyrttXnJT+zBKhwKQLPC3UDkmKQxTZnjmKmVybC0GMZefPmAB0YeHtI7YCVzI
FPfaz16raggZeFn9/JZaEAFXsLWG0BtK5gllTOpTFBnoC4NkdYyeRdBIKoFzwFV/
6YvZRuWQNhYwhfiqD4KcPVQA4o8vGtE8jHAatKBFmo/69rZU8TGWgWsorwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAvRtK0RmehioYoc5h4puPD0DpDBMB8GA1UdIwQY
MBaAFFJiBBXSSQpew/aSW595BA6OIt2/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYt
ODgxNDg4ZmZkYmIwLzEvQzlHMHJSR1o2R0toaWh6bUhpbTQ4UFFPa01FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYtODgxNDg4ZmZkYmIw
LzEvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGCGwSwzCiEQJPBu3sll
FbCex/Uc8fS/OJIvuWhRdLfUM+HrDq1JfmU6IKir4fJ36UZfqGM93eYlI7I1gGtj
xGIFdyJq8vQqrQyhDvtq1X3i629duth33HTISXspepXYpQ5DxcFyhEgc08/aIzgb
J5NxbPIst1Y4L+5yGRlweOw1Jwxuy6Cd1I7gsx7dFcbR+sX7+GXwUbt8If9PW5q8
40czvB4DwUq1SdI89FqhpLBY2o2mNHb4pGieOfbl9UJCZ2DxZCe26b+fMJOKgamu
Mi/EJCjxurpTYO5dcSfYWzOb9vgHvpvHUrsOD/9QKeCaRP1+y6FFCjHQHOE118h2
zjw=
-----END CERTIFICATE-----