Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/_elz_pgFoWpO_TbPj909CdYNnIs.roa
File:                     _elz_pgFoWpO_TbPj909CdYNnIs.roa (raw, json)
Hash identifier:          aE95tYFH5jbd9dqMqWzGNPjt5kTLG+okwfy9yPEJK/s=
Subject key identifier:   FD:E9:73:FE:98:05:A1:6A:4E:FD:36:CF:8F:DD:3D:09:D6:0D:9C:8B
Certificate issuer:       /CN=8e3f1663996be1707611fdce1ddea8920dd398a3
Certificate serial:       019007D36B218C5378AB8371D5A1C2C919A2
Authority key identifier: 8E:3F:16:63:99:6B:E1:70:76:11:FD:CE:1D:DE:A8:92:0D:D3:98:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jj8WY5lr4XB2Ef3OHd6okg3TmKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/_elz_pgFoWpO_TbPj909CdYNnIs.roa
Signing time:             Tue 11 Jun 2024 15:03:34 +0000
ROA not before:           Tue 11 Jun 2024 15:03:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53107
IP address blocks:        45.139.208.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/jj8WY5lr4XB2Ef3OHd6okg3TmKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/jj8WY5lr4XB2Ef3OHd6okg3TmKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jj8WY5lr4XB2Ef3OHd6okg3TmKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:07:d3:6b:21:8c:53:78:ab:83:71:d5:a1:c2:c9:19:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e3f1663996be1707611fdce1ddea8920dd398a3
        Validity
            Not Before: Jun 11 15:03:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fde973fe9805a16a4efd36cf8fdd3d09d60d9c8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:19:e0:89:13:cb:5c:47:6c:ca:58:28:1f:ed:
                    fe:53:e2:1f:c7:70:ed:6f:63:ab:0b:59:1b:8f:05:
                    e7:07:35:60:e9:ae:0d:9d:8b:45:d8:b5:fa:af:c2:
                    ff:b2:04:cf:9d:df:04:36:46:52:77:15:a3:36:d2:
                    02:64:bf:6c:96:a5:d4:7d:c6:13:96:b7:b7:e0:ee:
                    1b:b8:bd:fe:42:59:52:83:4a:90:7c:33:4a:1e:8d:
                    05:d7:7b:37:39:3f:79:72:ce:bd:2d:d7:83:71:8c:
                    e1:fa:1e:2e:eb:e3:26:b0:6d:d4:c2:e6:51:4d:c3:
                    e6:c8:34:b8:e2:16:a1:5b:cd:c8:a8:fc:6f:4d:56:
                    df:2d:ea:0d:91:91:e2:09:b2:70:be:76:5f:59:5b:
                    c3:81:7c:c3:4b:41:c3:3a:e4:2f:1a:cc:f6:82:02:
                    9d:67:c0:ed:07:dc:71:87:64:70:94:d6:17:63:e0:
                    18:e3:39:92:24:f1:40:b7:31:62:bf:c4:a8:58:be:
                    3b:a2:1b:d5:d7:76:33:72:48:d3:1f:1c:b6:61:b9:
                    bb:cd:cb:a7:f9:56:b2:56:e9:0b:fe:dc:19:b2:f0:
                    ee:f4:43:5b:12:fc:dc:cf:e5:1b:0a:4b:fe:a7:ad:
                    24:fa:07:44:6a:62:1f:d7:20:4b:c3:32:5d:7a:66:
                    ba:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:E9:73:FE:98:05:A1:6A:4E:FD:36:CF:8F:DD:3D:09:D6:0D:9C:8B
            X509v3 Authority Key Identifier:
                keyid:8E:3F:16:63:99:6B:E1:70:76:11:FD:CE:1D:DE:A8:92:0D:D3:98:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jj8WY5lr4XB2Ef3OHd6okg3TmKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/_elz_pgFoWpO_TbPj909CdYNnIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/jj8WY5lr4XB2Ef3OHd6okg3TmKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:c9:16:81:0d:4b:56:71:17:8c:be:92:8b:37:7e:ad:50:67:
         7d:12:81:2f:fb:67:69:2c:b1:2e:66:56:ae:a5:73:15:6b:e6:
         bc:e5:fa:de:3b:75:a1:e9:5b:65:f4:6e:ca:8c:f5:21:64:c4:
         6a:84:d4:27:65:6f:cc:cc:47:3f:1a:f0:c3:e9:af:ae:b2:0d:
         58:47:24:3e:dd:ee:25:49:5c:03:cf:3d:86:8f:5e:ee:86:80:
         49:f0:e9:f7:ce:43:30:29:27:1c:ba:f9:47:89:05:a6:3b:97:
         56:a9:06:d2:98:6d:15:e2:9c:e4:fa:a9:ee:54:dc:a4:04:07:
         b7:9d:82:62:a4:ae:dc:95:05:50:01:17:fd:30:d6:ae:29:6a:
         40:c1:8a:20:34:f7:bd:30:a8:bb:fb:5b:26:7f:c0:86:12:2d:
         1c:4f:c0:a1:2a:79:b3:d9:ef:01:2c:31:16:d5:bd:66:f1:26:
         a0:43:56:a1:5f:85:db:4f:c1:bd:80:01:0f:28:f0:ac:9e:de:
         fb:a2:01:a2:de:f3:1a:b3:4f:b8:df:4f:0e:0c:1f:b6:ca:8c:
         4c:e3:ba:21:f0:da:be:05:f3:1d:49:35:2a:c2:b3:64:23:5a:
         ae:ca:0e:04:17:4b:77:ee:2d:2f:ec:33:aa:49:43:f3:e6:5e:
         ef:75:6d:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAH02shjFN4q4Nx1aHCyRmiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlM2YxNjYzOTk2YmUxNzA3NjExZmRjZTFkZGVhODkyMGRk
Mzk4YTMwHhcNMjQwNjExMTUwMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGU5NzNmZTk4MDVhMTZhNGVmZDM2Y2Y4ZmRkM2QwOWQ2MGQ5YzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hngiRPLXEdsylgoH+3+U+Ifx3Dt
b2OrC1kbjwXnBzVg6a4NnYtF2LX6r8L/sgTPnd8ENkZSdxWjNtICZL9slqXUfcYT
lre34O4buL3+QllSg0qQfDNKHo0F13s3OT95cs69LdeDcYzh+h4u6+MmsG3UwuZR
TcPmyDS44hahW83IqPxvTVbfLeoNkZHiCbJwvnZfWVvDgXzDS0HDOuQvGsz2ggKd
Z8DtB9xxh2RwlNYXY+AY4zmSJPFAtzFiv8SoWL47ohvV13YzckjTHxy2Ybm7zcun
+VayVukL/twZsvDu9ENbEvzcz+UbCkv+p60k+gdEamIf1yBLwzJdema6QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP3pc/6YBaFqTv02z4/dPQnWDZyLMB8GA1UdIwQY
MBaAFI4/FmOZa+FwdhH9zh3eqJIN05ijMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamo4V1k1bHI0WEIyRWYzT0hkNm9rZzNUbUtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9jZDk3Y2MtY2UyYi00MjY0LTllNzkt
YzhmOWJlN2QxOWRmLzEvX2Vsel9wZ0ZvV3BPX1RiUGo5MDlDZFlObklzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9jZDk3Y2MtY2UyYi00MjY0LTllNzktYzhmOWJlN2QxOWRm
LzEvamo4V1k1bHI0WEIyRWYzT0hkNm9rZzNUbUtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYvQMA0G
CSqGSIb3DQEBCwUAA4IBAQB0yRaBDUtWcReMvpKLN36tUGd9EoEv+2dpLLEuZlau
pXMVa+a85freO3Wh6Vtl9G7KjPUhZMRqhNQnZW/MzEc/GvDD6a+usg1YRyQ+3e4l
SVwDzz2Gj17uhoBJ8On3zkMwKSccuvlHiQWmO5dWqQbSmG0V4pzk+qnuVNykBAe3
nYJipK7clQVQARf9MNauKWpAwYogNPe9MKi7+1smf8CGEi0cT8ChKnmz2e8BLDEW
1b1m8SagQ1ahX4XbT8G9gAEPKPCsnt77ogGi3vMas0+4308ODB+2yoxM47oh8Nq+
BfMdSTUqwrNkI1quyg4EF0t37i0v7DOqSUPz5l7vdW0V
-----END CERTIFICATE-----