Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UaCABBG4QNupRzJXlwJh3unc4nc.roa
File:                     UaCABBG4QNupRzJXlwJh3unc4nc.roa (raw, json)
Hash identifier:          3cYumUf8WAFXh1YG2x0K1LLy7U6d4uXnzlYBQVN4ics=
Subject key identifier:   51:A0:80:04:11:B8:40:DB:A9:47:32:57:97:02:61:DE:E9:DC:E2:77
Certificate issuer:       /CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
Certificate serial:       01904E3C5230330FF4F52B6CA2C87BE41A19
Authority key identifier: 52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UaCABBG4QNupRzJXlwJh3unc4nc.roa
Signing time:             Tue 25 Jun 2024 07:11:34 +0000
ROA not before:           Tue 25 Jun 2024 07:11:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4e:3c:52:30:33:0f:f4:f5:2b:6c:a2:c8:7b:e4:1a:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
        Validity
            Not Before: Jun 25 07:11:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51a0800411b840dba9473257970261dee9dce277
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b3:3a:2a:d8:65:4d:6f:d6:5b:b9:59:87:60:
                    70:22:c6:31:18:52:35:0c:b5:4d:ff:9e:f9:67:e8:
                    f6:90:91:e2:88:cd:14:90:a0:a7:e5:2d:da:17:09:
                    ac:de:6d:35:3d:f7:68:43:5a:b3:33:54:42:95:3a:
                    f0:92:ee:8d:1a:d9:ca:1a:eb:e4:56:2c:5c:3b:e3:
                    18:33:7f:7d:f9:6f:11:5c:11:77:06:9d:40:e9:b7:
                    6f:e3:ed:e8:c0:ec:37:47:6f:8b:4e:d2:b8:a4:b0:
                    77:e9:63:f9:2b:b1:aa:4b:55:a8:73:8c:a1:1e:14:
                    53:2b:01:d7:52:42:bf:ff:44:62:7f:98:2b:f1:9b:
                    9f:8c:d6:11:e9:88:cd:d1:bb:f9:cf:bd:08:c9:a4:
                    e0:86:bd:84:4a:da:da:20:18:81:cd:94:cf:b2:f1:
                    e6:fe:b1:79:71:16:61:61:ba:eb:5c:50:03:94:ca:
                    f6:f6:49:cf:aa:cf:d6:3d:68:48:32:77:cb:f7:57:
                    28:80:5e:ba:0f:73:5e:f1:24:20:30:77:56:25:1f:
                    1c:a3:86:3b:9e:a7:a9:35:b1:fb:0b:a1:5b:4b:a0:
                    ee:20:ee:96:96:fd:6a:e7:75:2b:47:f6:90:13:5f:
                    fd:d5:a0:c5:f3:5a:d8:9b:fb:df:86:34:d2:9a:6f:
                    d2:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:A0:80:04:11:B8:40:DB:A9:47:32:57:97:02:61:DE:E9:DC:E2:77
            X509v3 Authority Key Identifier:
                keyid:52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UaCABBG4QNupRzJXlwJh3unc4nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:7b:0d:12:f2:aa:4c:ad:0c:af:23:0a:c2:46:88:04:81:e3:
         46:ab:ad:0d:36:27:f4:61:52:4f:0f:04:4a:0e:bb:2e:cb:d0:
         e7:3d:d8:84:05:ef:6f:d7:8a:06:f7:87:83:5d:ff:41:65:db:
         4c:d6:02:5b:b2:a7:ae:4c:a5:be:58:bb:d1:2d:23:c0:1c:39:
         9c:e3:ed:6d:c6:7e:de:3c:37:89:c6:b2:22:12:ac:e8:f8:23:
         e7:3b:61:51:ab:df:36:3c:f6:f5:e0:84:0b:57:9e:06:a5:b3:
         1a:e3:38:60:07:36:0e:e5:c8:a7:2f:11:06:6e:71:23:54:7a:
         52:03:48:0b:f8:3b:4c:a7:fd:c6:9e:7d:bb:bf:45:a0:ea:19:
         26:ad:87:0a:29:69:50:de:1e:45:44:f5:ca:78:cb:9b:61:dc:
         dd:95:2d:9e:53:78:50:bc:80:0e:99:d3:d5:d1:7c:be:2a:d0:
         9e:4d:40:66:d5:42:89:d3:f9:4d:a0:23:40:e5:a0:4b:3e:99:
         e1:04:f1:f9:8e:ea:30:68:17:c9:48:d5:a4:1c:d1:2c:a6:1b:
         63:e6:db:f5:80:8a:af:d5:aa:ca:c0:75:17:4e:a1:46:90:b4:
         63:b6:a6:0d:7e:41:6e:7b:74:46:66:67:a5:5d:35:cc:1a:7f:
         a1:e1:4a:fc
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZBOPFIwMw/09Stsosh75BoZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNjIwNDE1ZDI0OTBhNWVjM2Y2OTI1YjlmNzkwNDBlOGUy
MmRkYmYwHhcNMjQwNjI1MDcxMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWEwODAwNDExYjg0MGRiYTk0NzMyNTc5NzAyNjFkZWU5ZGNlMjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqbM6KthlTW/WW7lZh2BwIsYxGFI1
DLVN/575Z+j2kJHiiM0UkKCn5S3aFwms3m01PfdoQ1qzM1RClTrwku6NGtnKGuvk
VixcO+MYM399+W8RXBF3Bp1A6bdv4+3owOw3R2+LTtK4pLB36WP5K7GqS1Woc4yh
HhRTKwHXUkK//0Rif5gr8ZufjNYR6YjN0bv5z70IyaTghr2EStraIBiBzZTPsvHm
/rF5cRZhYbrrXFADlMr29knPqs/WPWhIMnfL91cogF66D3Ne8SQgMHdWJR8co4Y7
nqepNbH7C6FbS6DuIO6Wlv1q53UrR/aQE1/91aDF81rYm/vfhjTSmm/SCQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFGggAQRuEDbqUcyV5cCYd7p3OJ3MB8GA1UdIwQY
MBaAFFJiBBXSSQpew/aSW595BA6OIt2/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYt
ODgxNDg4ZmZkYmIwLzEvVWFDQUJCRzRRTnVwUnpKWGx3SmgzdW5jNG5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYtODgxNDg4ZmZkYmIw
LzEvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAt7DRLyqkytDK8jCsJG
iASB40arrQ02J/RhUk8PBEoOuy7L0Oc92IQF72/Xigb3h4Nd/0Fl20zWAluyp65M
pb5Yu9EtI8AcOZzj7W3Gft48N4nGsiISrOj4I+c7YVGr3zY89vXghAtXngalsxrj
OGAHNg7lyKcvEQZucSNUelIDSAv4O0yn/caefbu/RaDqGSathwopaVDeHkVE9cp4
y5th3N2VLZ5TeFC8gA6Z09XRfL4q0J5NQGbVQonT+U2gI0DloEs+meEE8fmO6jBo
F8lI1aQc0SymG2Pm2/WAiq/VqsrAdRdOoUaQtGO2pg1+QW57dEZmZ6VdNcwaf6Hh
Svw=
-----END CERTIFICATE-----