Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/ElBNamiGixpZz_l00IXECfbKodM.roa
File:                     ElBNamiGixpZz_l00IXECfbKodM.roa (raw, json)
Hash identifier:          com0NIM9WeL2GEvN2OJSaX4gbjScrQvUpEBULhGotIo=
Subject key identifier:   12:50:4D:6A:68:86:8B:1A:59:CF:F9:74:D0:85:C4:09:F6:CA:A1:D3
Certificate issuer:       /CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
Certificate serial:       018CC26D30FCAACB5678C39262AD4273FCAF
Authority key identifier: 29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/ElBNamiGixpZz_l00IXECfbKodM.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205631
IP address blocks:        185.95.30.0/24 maxlen: 24
                          2a05:1500:400::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:30:fc:aa:cb:56:78:c3:92:62:ad:42:73:fc:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12504d6a68868b1a59cff974d085c409f6caa1d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:c3:fd:c0:41:c4:3f:91:ce:28:a6:4d:a6:a5:
                    cc:3d:8a:75:13:31:bc:9c:ab:96:03:e2:45:45:22:
                    83:1a:40:35:65:64:d4:5a:9a:b1:17:b6:92:c1:36:
                    ba:6e:c9:20:d6:41:79:32:e5:b1:09:44:0d:be:69:
                    29:c6:18:b8:a7:80:18:2b:21:a5:5d:90:c4:e6:2d:
                    9b:b3:df:d1:42:33:b2:49:48:4e:b1:cc:48:f9:f8:
                    98:ec:f4:ef:a7:4a:af:d8:be:48:21:2b:5f:20:54:
                    16:40:fd:d2:11:78:ee:ce:a1:9e:96:ab:1d:7a:5f:
                    fd:b7:c9:ff:ea:50:c4:bf:87:82:4f:9e:21:1e:c2:
                    b2:00:a4:72:7b:91:e1:63:9b:12:6d:40:e8:d5:4a:
                    34:9d:8a:45:82:2b:18:4d:e5:95:8c:c1:a4:9d:eb:
                    69:42:5a:9f:cf:15:ba:10:fc:bf:0b:7f:a5:6e:a9:
                    27:b8:3f:06:8e:b6:e0:f3:bc:3b:89:68:e6:94:13:
                    4e:35:c0:16:eb:ea:64:2c:c7:f8:d6:8e:2b:87:6e:
                    e1:78:98:6d:e9:d4:27:c7:72:23:81:3b:fd:98:0b:
                    cd:b6:d7:05:f6:3c:e7:65:26:2b:49:8b:44:2b:c2:
                    ed:7e:c8:02:dd:0a:73:11:3c:87:b8:16:e5:6e:54:
                    9b:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:50:4D:6A:68:86:8B:1A:59:CF:F9:74:D0:85:C4:09:F6:CA:A1:D3
            X509v3 Authority Key Identifier:
                keyid:29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/ElBNamiGixpZz_l00IXECfbKodM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.30.0/24
                IPv6:
                  2a05:1500:400::/40

    Signature Algorithm: sha256WithRSAEncryption
         32:24:2e:9f:91:21:37:55:4c:1b:7a:84:b1:21:b8:1a:78:67:
         a6:02:f1:28:06:c0:e0:34:8a:b9:b6:60:48:56:14:70:4b:60:
         b9:be:36:10:fa:20:f4:fd:78:11:93:41:cb:80:fb:12:8a:27:
         d7:79:d4:d8:38:69:c9:ef:f8:52:63:b5:0a:0b:f6:ff:da:ea:
         ef:ba:64:68:98:c1:9f:e4:07:d3:e3:ae:3d:c1:a5:82:b5:bc:
         9d:85:90:f3:ab:4f:e5:c6:7c:ba:7b:e5:19:47:8d:1c:00:0c:
         7b:47:4d:24:fd:8e:71:f7:85:b4:fc:83:ba:24:e5:98:b0:5c:
         84:c8:d9:e2:c6:1d:e8:04:3e:13:f5:82:aa:b9:ba:3f:0b:7c:
         43:59:fd:ed:be:4e:28:1f:12:f0:58:49:9a:4f:70:4e:37:6e:
         db:d7:fc:5e:71:a9:3b:c7:c3:2f:53:b1:44:31:8a:70:c1:dc:
         22:b8:34:6d:41:0f:cf:41:2a:9b:08:49:fb:98:cc:91:d3:cb:
         0e:d5:04:a5:2c:eb:c8:5a:3c:8e:8f:b4:cf:44:22:93:46:4c:
         13:81:40:da:0e:a9:bb:13:15:ef:0a:92:6b:78:eb:31:0a:ca:
         6d:fd:03:cb:d0:4f:2d:35:c1:d8:7b:57:d8:c8:78:36:41:b8:
         4e:5b:81:b4
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzCbTD8qstWeMOSYq1Cc/yvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDlmZmZjZDgxYTY2YmM5OGI2MjlkNGMwNTc5MjQ3NjQ1
ZjBmZTQwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjUwNGQ2YTY4ODY4YjFhNTljZmY5NzRkMDg1YzQwOWY2Y2FhMWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cP9wEHEP5HOKKZNpqXMPYp1EzG8
nKuWA+JFRSKDGkA1ZWTUWpqxF7aSwTa6bskg1kF5MuWxCUQNvmkpxhi4p4AYKyGl
XZDE5i2bs9/RQjOySUhOscxI+fiY7PTvp0qv2L5IIStfIFQWQP3SEXjuzqGelqsd
el/9t8n/6lDEv4eCT54hHsKyAKRye5HhY5sSbUDo1Uo0nYpFgisYTeWVjMGknetp
QlqfzxW6EPy/C3+lbqknuD8Gjrbg87w7iWjmlBNONcAW6+pkLMf41o4rh27heJht
6dQnx3IjgTv9mAvNttcF9jznZSYrSYtEK8LtfsgC3QpzETyHuBblblSbFwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFBJQTWpohosaWc/5dNCFxAn2yqHTMB8GA1UdIwQY
MBaAFCkJ//zYGma8mLYp1MBXkkdkXw/kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2Qt
ZjJhZTdiYzdlY2M1LzEvRWxCTmFtaUdpeHBael9sMDBJWEVDZmJLb2RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2QtZjJhZTdiYzdlY2M1
LzEvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAuV8eMA4E
AgACMAgDBgAqBRUABDANBgkqhkiG9w0BAQsFAAOCAQEAMiQun5EhN1VMG3qEsSG4
GnhnpgLxKAbA4DSKubZgSFYUcEtgub42EPog9P14EZNBy4D7Eoon13nU2Dhpye/4
UmO1Cgv2/9rq77pkaJjBn+QH0+OuPcGlgrW8nYWQ86tP5cZ8unvlGUeNHAAMe0dN
JP2OcfeFtPyDuiTlmLBchMjZ4sYd6AQ+E/WCqrm6Pwt8Q1n97b5OKB8S8FhJmk9w
Tjdu29f8XnGpO8fDL1OxRDGKcMHcIrg0bUEPz0EqmwhJ+5jMkdPLDtUEpSzryFo8
jo+0z0Qik0ZME4FA2g6puxMV7wqSa3jrMQrKbf0Dy9BPLTXB2HtX2Mh4NkG4TluB
tA==
-----END CERTIFICATE-----