Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/e68770-edf2-4358-b821-914d5dc5197f/1/elawQd6GCERPNU07ZCI-dli47NA.roa
File:                     elawQd6GCERPNU07ZCI-dli47NA.roa (raw, json)
Hash identifier:          0JYGGAHMRXtvzvfYfM6q/NrguHYhOFVdE7wB8JPPhJs=
Subject key identifier:   7A:56:B0:41:DE:86:08:44:4F:35:4D:3B:64:22:3E:76:58:B8:EC:D0
Certificate issuer:       /CN=822b30d89b1bcff699f641f88026942d16a72bcc
Certificate serial:       01942143B89DC7963AB0B043F87282C21FEC
Authority key identifier: 82:2B:30:D8:9B:1B:CF:F6:99:F6:41:F8:80:26:94:2D:16:A7:2B:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gisw2Jsbz_aZ9kH4gCaULRanK8w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/e68770-edf2-4358-b821-914d5dc5197f/1/elawQd6GCERPNU07ZCI-dli47NA.roa
Signing time:             Wed 01 Jan 2025 09:47:53 +0000
ROA not before:           Wed 01 Jan 2025 09:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15525
IP address blocks:        213.13.32.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/e68770-edf2-4358-b821-914d5dc5197f/1/gisw2Jsbz_aZ9kH4gCaULRanK8w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/e68770-edf2-4358-b821-914d5dc5197f/1/gisw2Jsbz_aZ9kH4gCaULRanK8w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gisw2Jsbz_aZ9kH4gCaULRanK8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 15:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:b8:9d:c7:96:3a:b0:b0:43:f8:72:82:c2:1f:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=822b30d89b1bcff699f641f88026942d16a72bcc
        Validity
            Not Before: Jan  1 09:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7a56b041de8608444f354d3b64223e7658b8ecd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:2d:27:e3:a1:78:41:34:69:cb:9e:10:e8:ac:
                    3e:4d:bb:5c:d7:60:72:90:f0:92:a7:b5:d7:ed:92:
                    4a:f3:7a:ef:03:14:b8:cb:8a:77:b7:d9:12:74:70:
                    18:01:fb:e5:fa:1c:74:41:77:d4:c7:e8:fa:84:f3:
                    fc:e7:47:bc:b0:ed:76:aa:f3:c3:26:ad:c7:ed:dd:
                    21:47:e2:02:43:d9:db:68:7a:94:77:f0:ef:42:b8:
                    5a:da:f0:aa:7c:4c:d9:07:7b:fd:3b:75:11:c6:d5:
                    73:79:53:dc:e8:c9:66:6a:e8:d3:bf:fb:46:a7:96:
                    d8:1d:f2:24:f2:89:df:2e:d2:9d:a2:b6:35:8e:91:
                    70:62:4d:b7:c8:13:e2:83:70:9b:82:44:8f:9c:6e:
                    f5:37:a5:a6:ad:47:94:0b:ed:11:5e:a8:09:4d:80:
                    94:d1:90:da:24:f1:41:63:bc:43:1b:a9:c7:da:d6:
                    6a:54:52:bb:06:dd:4a:cb:1c:b4:d4:78:51:82:af:
                    8e:99:1e:ee:9d:b5:cb:fb:6b:25:ad:0d:05:f2:a6:
                    6a:75:35:fa:2f:e0:08:c8:56:b9:a1:ee:bc:15:a7:
                    23:97:78:4d:d4:74:76:16:f8:ef:16:cb:be:30:19:
                    d1:ab:3f:25:4e:06:83:9d:c3:50:7c:7e:3a:1f:df:
                    17:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:56:B0:41:DE:86:08:44:4F:35:4D:3B:64:22:3E:76:58:B8:EC:D0
            X509v3 Authority Key Identifier:
                keyid:82:2B:30:D8:9B:1B:CF:F6:99:F6:41:F8:80:26:94:2D:16:A7:2B:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gisw2Jsbz_aZ9kH4gCaULRanK8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/e68770-edf2-4358-b821-914d5dc5197f/1/elawQd6GCERPNU07ZCI-dli47NA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/e68770-edf2-4358-b821-914d5dc5197f/1/gisw2Jsbz_aZ9kH4gCaULRanK8w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.13.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         38:44:c3:cc:52:03:85:23:db:1b:ea:35:ef:90:87:bf:5d:72:
         d5:af:dc:2f:6b:fe:eb:89:91:0e:ea:a3:22:25:fb:0a:fb:10:
         14:11:1f:4c:67:59:2a:03:ee:7e:6d:b0:91:ed:0e:a0:dc:87:
         ed:38:69:fe:1c:77:f0:9a:c5:12:b6:1b:38:42:54:fd:06:2e:
         df:af:51:57:3f:65:1a:6d:f6:7d:c2:cc:fa:55:5e:9e:c7:73:
         73:a4:12:f6:08:4c:ed:30:15:79:7d:2b:e7:89:bf:2e:bb:f1:
         d7:0d:c9:5f:00:35:47:db:b5:93:0c:9b:77:ac:da:96:c0:52:
         10:d9:d9:1e:26:61:4b:46:14:31:34:c9:ee:11:ea:ac:94:ce:
         21:93:a3:ef:bb:5a:38:5a:e4:2b:49:c4:a7:d3:5e:9e:e2:46:
         bc:1c:82:1e:c1:55:f1:35:a9:a5:a0:73:af:90:6c:4c:ce:48:
         47:7a:cc:40:9e:b3:2a:5a:cf:b5:04:08:b9:54:a7:b3:77:4c:
         6f:91:41:e6:64:fb:a7:2a:c2:e8:11:48:7e:06:0f:19:69:28:
         fd:ff:0c:40:61:22:17:fc:9d:82:49:61:43:b5:89:e2:e1:69:
         f3:04:46:d3:ca:92:ff:34:0c:9e:79:8c:5f:d2:a5:dc:03:c9:
         98:c2:64:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ7idx5Y6sLBD+HKCwh/sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMmIzMGQ4OWIxYmNmZjY5OWY2NDFmODgwMjY5NDJkMTZh
NzJiY2MwHhcNMjUwMTAxMDk0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTU2YjA0MWRlODYwODQ0NGYzNTRkM2I2NDIyM2U3NjU4YjhlY2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhi0n46F4QTRpy54Q6Kw+Tbtc12By
kPCSp7XX7ZJK83rvAxS4y4p3t9kSdHAYAfvl+hx0QXfUx+j6hPP850e8sO12qvPD
Jq3H7d0hR+ICQ9nbaHqUd/DvQrha2vCqfEzZB3v9O3URxtVzeVPc6MlmaujTv/tG
p5bYHfIk8onfLtKdorY1jpFwYk23yBPig3CbgkSPnG71N6WmrUeUC+0RXqgJTYCU
0ZDaJPFBY7xDG6nH2tZqVFK7Bt1Kyxy01HhRgq+OmR7unbXL+2slrQ0F8qZqdTX6
L+AIyFa5oe68Facjl3hN1HR2FvjvFsu+MBnRqz8lTgaDncNQfH46H98XbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHpWsEHehghETzVNO2QiPnZYuOzQMB8GA1UdIwQY
MBaAFIIrMNibG8/2mfZB+IAmlC0WpyvMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2lzdzJKc2J6X2FaOWtINGdDYVVMUmFuSzh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9lNjg3NzAtZWRmMi00MzU4LWI4MjEt
OTE0ZDVkYzUxOTdmLzEvZWxhd1FkNkdDRVJQTlUwN1pDSS1kbGk0N05BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9lNjg3NzAtZWRmMi00MzU4LWI4MjEtOTE0ZDVkYzUxOTdm
LzEvZ2lzdzJKc2J6X2FaOWtINGdDYVVMUmFuSzh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1Q0gMA0G
CSqGSIb3DQEBCwUAA4IBAQA4RMPMUgOFI9sb6jXvkIe/XXLVr9wva/7riZEO6qMi
JfsK+xAUER9MZ1kqA+5+bbCR7Q6g3IftOGn+HHfwmsUSths4QlT9Bi7fr1FXP2Ua
bfZ9wsz6VV6ex3NzpBL2CEztMBV5fSvnib8uu/HXDclfADVH27WTDJt3rNqWwFIQ
2dkeJmFLRhQxNMnuEeqslM4hk6Pvu1o4WuQrScSn016e4ka8HIIewVXxNamloHOv
kGxMzkhHesxAnrMqWs+1BAi5VKezd0xvkUHmZPunKsLoEUh+Bg8ZaSj9/wxAYSIX
/J2CSWFDtYni4WnzBEbTypL/NAyeeYxf0qXcA8mYwmTF
-----END CERTIFICATE-----