Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/nMMBCqF1qE81oJlP-owpNRR4F2g.roa
File:                     nMMBCqF1qE81oJlP-owpNRR4F2g.roa (raw, json)
Hash identifier:          jizOXrZ1T8oAFayiTcLTQ+5RlpRVn+9c1xUSwHwdUEo=
Subject key identifier:   9C:C3:01:0A:A1:75:A8:4F:35:A0:99:4F:FA:8C:29:35:14:78:17:68
Certificate issuer:       /CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
Certificate serial:       019025030966C56B339002041062C38774A5
Authority key identifier: 52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/nMMBCqF1qE81oJlP-owpNRR4F2g.roa
Signing time:             Mon 17 Jun 2024 07:04:34 +0000
ROA not before:           Mon 17 Jun 2024 07:04:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:190:2502:c6f9/128 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:25:03:09:66:c5:6b:33:90:02:04:10:62:c3:87:74:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
        Validity
            Not Before: Jun 17 07:04:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9cc3010aa175a84f35a0994ffa8c293514781768
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:f4:1e:3d:72:9d:8c:d0:96:ec:66:95:0c:ab:
                    d5:4f:1c:e3:cb:30:34:5a:3e:98:1e:82:36:81:b0:
                    2e:c4:cb:33:85:3f:96:97:66:b3:fd:1c:6a:00:a7:
                    76:f9:76:0a:11:8c:7a:11:cd:d2:29:db:ba:cc:7e:
                    62:70:f1:25:d6:6b:53:ee:f9:78:00:fa:ea:b1:b4:
                    6b:70:17:57:e7:49:76:22:2b:78:e2:a0:69:24:4f:
                    ed:47:ec:31:f4:0e:41:2e:2b:b9:5e:e8:a0:bf:e6:
                    cc:2f:21:97:f6:fe:dd:39:c1:40:01:22:45:02:86:
                    2f:32:fc:24:0b:ef:6a:51:94:9f:39:73:9b:18:cb:
                    4d:0c:3c:54:89:43:af:1d:c9:86:82:b0:22:02:40:
                    45:84:45:55:63:88:9f:a3:42:d4:a4:74:30:5c:68:
                    83:e4:97:e6:90:72:8e:87:7f:7e:d9:b5:94:01:88:
                    c1:2e:c0:b4:e3:b2:44:d6:e2:f6:9c:98:6c:7d:a9:
                    76:c8:37:3f:08:f3:eb:93:d2:1e:a0:03:15:1d:cf:
                    31:f6:47:73:6e:9b:11:85:d5:83:d2:b4:55:2d:99:
                    08:3f:ef:cb:89:76:aa:b0:df:b3:dd:ea:f1:8b:12:
                    02:6d:37:a3:fd:c9:7a:b7:96:28:a8:2b:41:95:65:
                    c2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:C3:01:0A:A1:75:A8:4F:35:A0:99:4F:FA:8C:29:35:14:78:17:68
            X509v3 Authority Key Identifier:
                keyid:52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/nMMBCqF1qE81oJlP-owpNRR4F2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:1b:e1:33:e7:65:d9:57:23:49:0b:4d:80:12:4c:b0:c5:38:
         4c:fc:3e:3e:f3:4f:cd:c5:aa:ca:92:a4:5c:47:a9:d3:aa:a7:
         0d:1c:41:80:00:33:c6:15:c1:80:43:42:80:cc:f6:06:d7:79:
         98:2e:5e:dc:7d:7e:73:73:ff:8f:bb:81:d6:9f:eb:b2:6d:86:
         4c:60:b5:d8:c1:25:0a:e6:85:54:20:94:15:c6:5f:ae:9d:f3:
         c8:6a:1b:39:5e:46:19:63:69:1a:07:c7:ec:33:4e:fd:30:28:
         02:f8:8e:01:75:71:24:b1:a0:2a:da:05:1e:2d:56:05:cb:b9:
         ca:1a:a4:6f:83:24:b1:5c:3b:49:80:85:16:d5:0c:c2:c5:72:
         cc:95:57:41:24:05:69:83:33:71:ad:9c:bc:6f:89:b3:fc:42:
         70:db:b3:d8:d6:9a:6d:44:8f:a5:cc:7a:85:85:32:95:97:a3:
         bf:9a:40:4a:62:62:07:4d:4a:b8:0a:d8:c8:a7:bf:c3:7c:d2:
         ad:de:b7:2c:7c:7d:27:fa:1f:60:7b:4a:db:71:32:bc:c3:7f:
         8b:4b:ef:d1:de:3b:5c:df:31:f2:d6:f6:b8:12:e9:56:01:74:
         de:ba:2e:1a:62:39:82:03:d3:0a:3c:a3:a4:06:05:18:7b:e8:
         50:6e:3c:03
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZAlAwlmxWszkAIEEGLDh3SlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNjIwNDE1ZDI0OTBhNWVjM2Y2OTI1YjlmNzkwNDBlOGUy
MmRkYmYwHhcNMjQwNjE3MDcwNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2MzMDEwYWExNzVhODRmMzVhMDk5NGZmYThjMjkzNTE0NzgxNzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAivQePXKdjNCW7GaVDKvVTxzjyzA0
Wj6YHoI2gbAuxMszhT+Wl2az/RxqAKd2+XYKEYx6Ec3SKdu6zH5icPEl1mtT7vl4
APrqsbRrcBdX50l2Iit44qBpJE/tR+wx9A5BLiu5Xuigv+bMLyGX9v7dOcFAASJF
AoYvMvwkC+9qUZSfOXObGMtNDDxUiUOvHcmGgrAiAkBFhEVVY4ifo0LUpHQwXGiD
5JfmkHKOh39+2bWUAYjBLsC047JE1uL2nJhsfal2yDc/CPPrk9IeoAMVHc8x9kdz
bpsRhdWD0rRVLZkIP+/LiXaqsN+z3erxixICbTej/cl6t5YoqCtBlWXC+QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJzDAQqhdahPNaCZT/qMKTUUeBdoMB8GA1UdIwQY
MBaAFFJiBBXSSQpew/aSW595BA6OIt2/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYt
ODgxNDg4ZmZkYmIwLzEvbk1NQkNxRjFxRTgxb0psUC1vd3BOUlI0RjJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYtODgxNDg4ZmZkYmIw
LzEvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABIb4TPnZdlXI0kLTYAS
TLDFOEz8Pj7zT83FqsqSpFxHqdOqpw0cQYAAM8YVwYBDQoDM9gbXeZguXtx9fnNz
/4+7gdaf67JthkxgtdjBJQrmhVQglBXGX66d88hqGzleRhljaRoHx+wzTv0wKAL4
jgF1cSSxoCraBR4tVgXLucoapG+DJLFcO0mAhRbVDMLFcsyVV0EkBWmDM3GtnLxv
ibP8QnDbs9jWmm1Ej6XMeoWFMpWXo7+aQEpiYgdNSrgK2Minv8N80q3etyx8fSf6
H2B7SttxMrzDf4tL79HeO1zfMfLW9rgS6VYBdN66LhpiOYID0wo8o6QGBRh76FBu
PAM=
-----END CERTIFICATE-----