Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/ELq1vd5UXElum5a7M8vdDcMmocE.roa
File:                     ELq1vd5UXElum5a7M8vdDcMmocE.roa (raw, json)
Hash identifier:          QLaQk0l7Nzhms+RyYZsUAQGtLSnwLE37oNVw4MPeeLc=
Subject key identifier:   10:BA:B5:BD:DE:54:5C:49:6E:9B:96:BB:33:CB:DD:0D:C3:26:A1:C1
Certificate issuer:       /CN=9a48c1d8008cdc059db0b27aa9514799c06d5443
Certificate serial:       018CC4252226AD181A5DF72E8856A5674DFE
Authority key identifier: 9A:48:C1:D8:00:8C:DC:05:9D:B0:B2:7A:A9:51:47:99:C0:6D:54:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/ELq1vd5UXElum5a7M8vdDcMmocE.roa
Signing time:             Mon 01 Jan 2024 08:30:16 +0000
ROA not before:           Mon 01 Jan 2024 08:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42474
IP address blocks:        193.169.228.0/23 maxlen: 24
                          185.239.48.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:22:26:ad:18:1a:5d:f7:2e:88:56:a5:67:4d:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a48c1d8008cdc059db0b27aa9514799c06d5443
        Validity
            Not Before: Jan  1 08:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10bab5bdde545c496e9b96bb33cbdd0dc326a1c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:8f:3e:c8:57:c8:79:45:7d:50:3f:32:b7:94:
                    25:3d:7c:5e:5c:e5:07:22:dd:ec:9f:7d:63:2d:e4:
                    e2:a8:0b:ac:a0:b6:9e:27:b6:0b:0b:5b:18:69:1a:
                    a5:2d:f0:54:27:32:25:f0:cc:96:19:43:7e:e8:2e:
                    59:77:95:7f:85:3b:a7:35:be:d9:bb:ae:51:b5:30:
                    b4:5d:58:6b:c8:37:29:be:c2:01:13:a3:66:01:94:
                    aa:9e:33:63:0b:96:6b:14:0b:74:a6:3a:aa:a1:25:
                    35:93:e6:f4:7b:5b:40:51:c4:8b:f7:2b:c4:31:01:
                    7b:dd:0e:58:b8:5f:5d:d5:c5:46:3d:1d:91:b2:05:
                    16:7a:23:fd:87:9d:e6:9a:4b:64:90:63:08:3a:ac:
                    c8:c9:a3:b1:18:f0:1b:d3:64:1d:0c:ba:e6:95:97:
                    69:0e:13:7e:12:78:28:f4:db:69:7c:c5:d4:94:86:
                    06:b2:c9:5c:d6:5c:13:85:02:91:db:5f:07:11:64:
                    df:4a:ba:36:33:e5:15:77:1e:5e:ce:63:fe:6c:4e:
                    b5:2e:7d:89:b1:c5:5d:f6:92:31:d9:73:6b:98:76:
                    ff:97:0d:bd:cc:4a:74:34:92:3c:0f:cd:23:ed:23:
                    bc:73:6a:fe:55:c2:3f:74:06:c6:50:81:a1:28:2d:
                    42:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:BA:B5:BD:DE:54:5C:49:6E:9B:96:BB:33:CB:DD:0D:C3:26:A1:C1
            X509v3 Authority Key Identifier:
                keyid:9A:48:C1:D8:00:8C:DC:05:9D:B0:B2:7A:A9:51:47:99:C0:6D:54:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/ELq1vd5UXElum5a7M8vdDcMmocE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.48.0/23
                  193.169.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         81:6a:ea:9e:eb:5b:ab:a0:7c:cf:85:52:1e:72:83:c9:19:c2:
         68:c2:9e:e5:1e:96:f7:fe:c6:58:bd:37:bc:cc:1d:09:af:25:
         ce:e2:3d:a3:7d:f1:0d:17:dc:a5:86:a6:c5:03:63:48:26:75:
         79:4b:d4:29:06:6c:6b:01:89:28:d9:26:80:11:89:d2:0a:57:
         54:ff:5e:00:fc:fb:a0:ff:ac:87:a9:9f:71:e5:02:93:09:a3:
         3e:02:fc:cb:e9:40:b4:ac:6b:84:15:69:1b:4c:25:cc:ca:16:
         a9:b6:8b:78:ed:33:5c:c8:ba:36:91:77:23:3c:20:70:44:03:
         ce:bc:b8:70:ac:60:76:00:da:6c:83:97:22:9d:e3:0e:c1:a2:
         8b:e1:6d:f0:62:5b:6c:a9:15:0f:89:a8:06:e0:b1:34:3c:fd:
         1e:59:43:73:48:69:63:48:bf:42:cd:b9:33:4c:f5:c5:ef:49:
         82:9b:84:09:ae:b1:f0:64:fd:03:46:b0:0d:31:5e:b5:37:0f:
         a8:59:16:07:3a:74:37:da:61:fd:c9:83:76:38:c7:70:32:2a:
         cf:c8:aa:f2:15:e9:8a:ea:f4:8d:67:23:59:6d:98:39:ce:86:
         93:35:dd:9a:44:c2:9a:aa:83:e4:9f:e1:62:25:c5:71:20:f5:
         af:c0:4a:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJSImrRgaXfcuiFalZ03+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNDhjMWQ4MDA4Y2RjMDU5ZGIwYjI3YWE5NTE0Nzk5YzA2
ZDU0NDMwHhcNMjQwMTAxMDgzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGJhYjViZGRlNTQ1YzQ5NmU5Yjk2YmIzM2NiZGQwZGMzMjZhMWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjI8+yFfIeUV9UD8yt5QlPXxeXOUH
It3sn31jLeTiqAusoLaeJ7YLC1sYaRqlLfBUJzIl8MyWGUN+6C5Zd5V/hTunNb7Z
u65RtTC0XVhryDcpvsIBE6NmAZSqnjNjC5ZrFAt0pjqqoSU1k+b0e1tAUcSL9yvE
MQF73Q5YuF9d1cVGPR2RsgUWeiP9h53mmktkkGMIOqzIyaOxGPAb02QdDLrmlZdp
DhN+Engo9NtpfMXUlIYGsslc1lwThQKR218HEWTfSro2M+UVdx5ezmP+bE61Ln2J
scVd9pIx2XNrmHb/lw29zEp0NJI8D80j7SO8c2r+VcI/dAbGUIGhKC1CHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBC6tb3eVFxJbpuWuzPL3Q3DJqHBMB8GA1UdIwQY
MBaAFJpIwdgAjNwFnbCyeqlRR5nAbVRDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWtqQjJBQ00zQVdkc0xKNnFWRkhtY0J0VkVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9jYjYxNGMtNDk1ZS00MTBlLTg3MzAt
NWEzNjYzMTVjMTY2LzEvRUxxMXZkNVVYRWx1bTVhN004dmREY01tb2NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9jYjYxNGMtNDk1ZS00MTBlLTg3MzAtNWEzNjYzMTVjMTY2
LzEvbWtqQjJBQ00zQVdkc0xKNnFWRkhtY0J0VkVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBue8wAwQB
wankMA0GCSqGSIb3DQEBCwUAA4IBAQCBauqe61uroHzPhVIecoPJGcJowp7lHpb3
/sZYvTe8zB0JryXO4j2jffENF9ylhqbFA2NIJnV5S9QpBmxrAYko2SaAEYnSCldU
/14A/Pug/6yHqZ9x5QKTCaM+AvzL6UC0rGuEFWkbTCXMyhaptot47TNcyLo2kXcj
PCBwRAPOvLhwrGB2ANpsg5cineMOwaKL4W3wYltsqRUPiagG4LE0PP0eWUNzSGlj
SL9CzbkzTPXF70mCm4QJrrHwZP0DRrANMV61Nw+oWRYHOnQ32mH9yYN2OMdwMirP
yKryFemK6vSNZyNZbZg5zoaTNd2aRMKaqoPkn+FiJcVxIPWvwEqc
-----END CERTIFICATE-----