Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/_bI6K-ZoPQgwkvosUu8PgQUiYfQ.roa
File:                     _bI6K-ZoPQgwkvosUu8PgQUiYfQ.roa (raw, json)
Hash identifier:          p6pK8Z4wZ9Urb2i0zS2vD3Xe3u6EzvLSWajJfguFh+A=
Subject key identifier:   FD:B2:3A:2B:E6:68:3D:08:30:92:FA:2C:52:EF:0F:81:05:22:61:F4
Certificate issuer:       /CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
Certificate serial:       019019E0161EB363705EC6E0444894408D01
Authority key identifier: 52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/_bI6K-ZoPQgwkvosUu8PgQUiYfQ.roa
Signing time:             Sat 15 Jun 2024 03:10:34 +0000
ROA not before:           Sat 15 Jun 2024 03:10:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 20:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:19:e0:16:1e:b3:63:70:5e:c6:e0:44:48:94:40:8d:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
        Validity
            Not Before: Jun 15 03:10:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdb23a2be6683d083092fa2c52ef0f81052261f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:81:fa:41:2d:76:87:37:03:f7:84:b9:1b:23:
                    d4:ba:34:6a:71:0d:12:c4:3e:af:7e:a9:19:87:b0:
                    4a:94:08:14:7d:b0:87:55:fe:a4:f6:8d:dd:6c:0d:
                    f6:83:95:00:b6:8b:74:36:1d:a2:bb:67:86:73:db:
                    07:c9:f1:f4:60:c8:dd:4e:72:60:14:5c:7f:64:1d:
                    1b:2c:bb:ad:8c:43:70:64:6c:75:2d:aa:86:48:2e:
                    a3:14:66:55:36:1a:c3:7e:c7:e4:1d:75:24:e3:77:
                    f4:55:f6:56:5f:73:b7:56:71:2b:f0:53:74:fc:3d:
                    30:be:db:ec:31:30:a9:7b:fd:3c:5e:26:9f:8a:44:
                    1f:ca:da:ee:5f:6f:e4:1f:ea:07:df:02:15:c1:74:
                    38:3b:39:7e:c5:bc:b7:5c:8f:c4:56:9b:41:d8:ee:
                    9a:b4:8e:f5:88:36:78:b9:d6:bf:19:d7:b9:d9:91:
                    a5:64:71:7d:1c:5e:0c:68:5e:57:47:46:f1:35:00:
                    3f:8f:bc:48:0d:53:e1:79:b7:64:59:91:c1:1a:3e:
                    9e:fc:5a:61:e2:b9:3b:ce:fd:ea:2e:2e:ae:6c:88:
                    48:be:cd:ef:80:97:eb:c0:d9:52:0a:26:a0:82:05:
                    cc:a9:5a:a1:8b:ca:bc:12:e1:65:4c:22:14:c0:10:
                    9d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:B2:3A:2B:E6:68:3D:08:30:92:FA:2C:52:EF:0F:81:05:22:61:F4
            X509v3 Authority Key Identifier:
                keyid:52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/_bI6K-ZoPQgwkvosUu8PgQUiYfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:ef:61:3d:80:91:f2:5d:6d:85:48:b5:17:92:d4:69:1e:26:
         b8:69:81:c9:5e:45:d7:f2:fd:b4:6f:6e:9d:95:a1:70:c5:c9:
         ed:a7:91:4a:a4:90:10:08:61:fc:d6:f7:0b:94:9f:77:39:e1:
         aa:59:c1:93:d5:8f:46:7c:22:07:fc:f8:df:d9:89:a2:e3:82:
         4a:67:b5:17:0b:11:5f:7f:64:0b:a3:e3:22:ea:e9:af:c0:fe:
         e1:93:c9:1a:b3:9a:f7:2e:d0:b0:ac:3b:be:6a:70:2c:07:9b:
         02:a7:aa:dc:16:4e:f5:e5:10:a0:fb:e1:ac:77:90:25:6f:e9:
         b9:3d:12:59:64:42:bd:1d:20:ec:16:f0:29:5f:da:64:49:a4:
         67:98:bc:dd:9f:79:71:b9:b9:cd:ac:02:65:46:12:f5:7d:e9:
         61:01:9c:55:4e:14:f1:53:81:2e:64:01:22:b8:4c:b1:19:3a:
         50:f8:05:97:b2:39:23:49:33:f3:e5:54:87:a3:74:71:7d:72:
         a5:dd:f3:86:c0:f2:0b:d0:2f:2d:02:3c:44:e1:37:64:b2:ff:
         cd:f8:e3:4e:b0:6e:7c:57:ca:4d:01:13:29:b1:0e:8b:a1:d0:
         8f:90:f0:40:69:62:4f:88:33:15:b4:5a:65:26:19:a0:de:37:
         4b:0f:b2:16
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZAZ4BYes2NwXsbgREiUQI0BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNjIwNDE1ZDI0OTBhNWVjM2Y2OTI1YjlmNzkwNDBlOGUy
MmRkYmYwHhcNMjQwNjE1MDMxMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGIyM2EyYmU2NjgzZDA4MzA5MmZhMmM1MmVmMGY4MTA1MjI2MWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIH6QS12hzcD94S5GyPUujRqcQ0S
xD6vfqkZh7BKlAgUfbCHVf6k9o3dbA32g5UAtot0Nh2iu2eGc9sHyfH0YMjdTnJg
FFx/ZB0bLLutjENwZGx1LaqGSC6jFGZVNhrDfsfkHXUk43f0VfZWX3O3VnEr8FN0
/D0wvtvsMTCpe/08XiafikQfytruX2/kH+oH3wIVwXQ4Ozl+xby3XI/EVptB2O6a
tI71iDZ4uda/Gde52ZGlZHF9HF4MaF5XR0bxNQA/j7xIDVPhebdkWZHBGj6e/Fph
4rk7zv3qLi6ubIhIvs3vgJfrwNlSCiagggXMqVqhi8q8EuFlTCIUwBCd6QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFP2yOivmaD0IMJL6LFLvD4EFImH0MB8GA1UdIwQY
MBaAFFJiBBXSSQpew/aSW595BA6OIt2/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYt
ODgxNDg4ZmZkYmIwLzEvX2JJNkstWm9QUWd3a3Zvc1V1OFBnUVVpWWZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYtODgxNDg4ZmZkYmIw
LzEvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFbvYT2AkfJdbYVItReS
1GkeJrhpgcleRdfy/bRvbp2VoXDFye2nkUqkkBAIYfzW9wuUn3c54apZwZPVj0Z8
Igf8+N/ZiaLjgkpntRcLEV9/ZAuj4yLq6a/A/uGTyRqzmvcu0LCsO75qcCwHmwKn
qtwWTvXlEKD74ax3kCVv6bk9EllkQr0dIOwW8Clf2mRJpGeYvN2feXG5uc2sAmVG
EvV96WEBnFVOFPFTgS5kASK4TLEZOlD4BZeyOSNJM/PlVIejdHF9cqXd84bA8gvQ
Ly0CPEThN2Sy/834406wbnxXyk0BEymxDouh0I+Q8EBpYk+IMxW0WmUmGaDeN0sP
shY=
-----END CERTIFICATE-----