Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/1el2VHY2KSBqSFamjkLGUElNqmk.roa
File:                     1el2VHY2KSBqSFamjkLGUElNqmk.roa (raw, json)
Hash identifier:          K0WAZOT5346Voq8jkw8ldw5De1mqnugqxpCsSy3tF84=
Subject key identifier:   D5:E9:76:54:76:36:29:20:6A:48:56:A6:8E:42:C6:50:49:4D:AA:69
Certificate issuer:       /CN=b82e7b8068c4ae9ae4ca4c3a6b2096199a741ff2
Certificate serial:       018CC794584AEBAC35F7FF9E04C3BFA448F8
Authority key identifier: B8:2E:7B:80:68:C4:AE:9A:E4:CA:4C:3A:6B:20:96:19:9A:74:1F:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uC57gGjErprkykw6ayCWGZp0H_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/1el2VHY2KSBqSFamjkLGUElNqmk.roa
Signing time:             Tue 02 Jan 2024 00:30:37 +0000
ROA not before:           Tue 02 Jan 2024 00:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34323
IP address blocks:        91.200.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/uC57gGjErprkykw6ayCWGZp0H_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/uC57gGjErprkykw6ayCWGZp0H_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uC57gGjErprkykw6ayCWGZp0H_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:58:4a:eb:ac:35:f7:ff:9e:04:c3:bf:a4:48:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b82e7b8068c4ae9ae4ca4c3a6b2096199a741ff2
        Validity
            Not Before: Jan  2 00:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5e97654763629206a4856a68e42c650494daa69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:fe:08:d6:5b:4a:c5:75:2d:fe:3b:f3:dc:74:
                    60:8e:e5:d5:b2:b3:e2:95:a6:22:5f:0a:26:14:16:
                    df:96:a8:27:2d:2b:92:97:73:25:f7:d8:94:ee:56:
                    1d:5d:48:18:58:8c:f2:3a:d7:7f:bc:49:b1:ac:d8:
                    1e:3d:0b:a6:f4:c0:24:bd:86:cf:e0:05:37:d3:7c:
                    20:be:47:cb:a2:e7:73:68:eb:81:e6:cf:4c:11:4b:
                    df:d6:f8:cb:24:2f:0a:f5:70:95:9b:cc:1d:6b:a1:
                    25:68:21:10:a9:8b:3b:a7:3b:05:fb:c7:65:59:88:
                    be:a5:11:a0:07:36:70:92:bc:2c:82:86:e4:d2:96:
                    f8:09:8a:ff:95:f6:17:49:38:f0:d4:29:a9:50:de:
                    f1:d7:93:86:9b:d1:fc:9b:db:43:62:01:76:83:4e:
                    b0:c6:6a:96:91:bf:b4:ae:e2:c0:8f:31:37:59:84:
                    eb:14:12:d6:54:ec:b9:58:30:f5:61:d0:ea:c4:e0:
                    2a:3f:b3:bf:73:02:be:2f:12:8b:77:bc:ed:9d:cd:
                    c6:c0:6d:52:2e:e0:fe:2b:fa:92:27:13:29:f5:f8:
                    15:c1:97:a8:31:01:d8:74:38:2b:2b:9c:ad:c1:c0:
                    f6:2c:48:f9:c3:9c:f6:3c:9f:bb:f4:c9:d7:d2:c4:
                    38:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:E9:76:54:76:36:29:20:6A:48:56:A6:8E:42:C6:50:49:4D:AA:69
            X509v3 Authority Key Identifier:
                keyid:B8:2E:7B:80:68:C4:AE:9A:E4:CA:4C:3A:6B:20:96:19:9A:74:1F:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uC57gGjErprkykw6ayCWGZp0H_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/1el2VHY2KSBqSFamjkLGUElNqmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/uC57gGjErprkykw6ayCWGZp0H_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:6d:52:d5:85:6e:cf:f3:ce:e1:76:6f:df:c3:8a:c1:96:49:
         04:9e:53:69:0c:18:b2:aa:7e:e5:06:9b:93:2b:cf:4c:81:75:
         2d:44:d5:c1:08:d5:7a:88:f9:77:54:4a:58:62:6d:dc:5f:c8:
         8b:d0:c8:a2:d9:ba:ee:d6:fb:5a:14:4c:65:01:78:27:cb:c4:
         25:14:8a:ce:9a:67:51:73:52:01:5c:50:13:d0:9b:7c:d5:48:
         9c:26:f6:bc:c7:9c:fa:0a:79:90:62:8d:b2:f5:35:1c:64:40:
         33:a9:2d:43:7d:12:c4:61:b5:8b:72:0c:9b:c1:2b:f7:cf:12:
         b2:ec:cf:b1:ae:95:a5:c0:32:96:0d:10:c0:e1:11:90:bd:79:
         e9:ed:38:0c:28:d8:8d:ae:bc:99:87:73:69:9c:75:c6:c1:6c:
         3e:89:7e:e7:f2:ca:b8:d9:6f:51:9b:41:b2:19:c5:19:35:fb:
         e8:ad:ab:60:d1:83:87:fd:f0:d3:e6:57:d3:49:7b:c8:12:fe:
         74:23:a8:38:87:a4:0b:07:b9:f6:e4:99:f7:5a:69:ac:3a:a7:
         47:67:31:a2:e1:5b:62:40:fe:30:64:ab:ea:1b:45:e4:97:0f:
         a3:d1:5f:f2:c7:58:40:db:70:7d:6b:3f:9e:49:ef:6b:87:41:
         c4:e2:fe:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlFhK66w19/+eBMO/pEj4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MmU3YjgwNjhjNGFlOWFlNGNhNGMzYTZiMjA5NjE5OWE3
NDFmZjIwHhcNMjQwMTAyMDAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWU5NzY1NDc2MzYyOTIwNmE0ODU2YTY4ZTQyYzY1MDQ5NGRhYTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwf4I1ltKxXUt/jvz3HRgjuXVsrPi
laYiXwomFBbflqgnLSuSl3Ml99iU7lYdXUgYWIzyOtd/vEmxrNgePQum9MAkvYbP
4AU303wgvkfLoudzaOuB5s9MEUvf1vjLJC8K9XCVm8wda6ElaCEQqYs7pzsF+8dl
WYi+pRGgBzZwkrwsgobk0pb4CYr/lfYXSTjw1CmpUN7x15OGm9H8m9tDYgF2g06w
xmqWkb+0ruLAjzE3WYTrFBLWVOy5WDD1YdDqxOAqP7O/cwK+LxKLd7ztnc3GwG1S
LuD+K/qSJxMp9fgVwZeoMQHYdDgrK5ytwcD2LEj5w5z2PJ+79MnX0sQ4PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNXpdlR2NikgakhWpo5CxlBJTappMB8GA1UdIwQY
MBaAFLgue4BoxK6a5MpMOmsglhmadB/yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUM1N2dHakVycHJreWt3NmF5Q1dHWnAwSF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny8yOWM5MTUtMmNiYy00NzY4LTg0MGMt
YWFkZmE5YzA2NzQyLzEvMWVsMlZIWTJLU0JxU0ZhbWprTEdVRWxOcW1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny8yOWM5MTUtMmNiYy00NzY4LTg0MGMtYWFkZmE5YzA2NzQy
LzEvdUM1N2dHakVycHJreWt3NmF5Q1dHWnAwSF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8hSMA0G
CSqGSIb3DQEBCwUAA4IBAQAhbVLVhW7P887hdm/fw4rBlkkEnlNpDBiyqn7lBpuT
K89MgXUtRNXBCNV6iPl3VEpYYm3cX8iL0Mii2bru1vtaFExlAXgny8QlFIrOmmdR
c1IBXFAT0Jt81UicJva8x5z6CnmQYo2y9TUcZEAzqS1DfRLEYbWLcgybwSv3zxKy
7M+xrpWlwDKWDRDA4RGQvXnp7TgMKNiNrryZh3NpnHXGwWw+iX7n8sq42W9Rm0Gy
GcUZNfvoratg0YOH/fDT5lfTSXvIEv50I6g4h6QLB7n25Jn3WmmsOqdHZzGi4Vti
QP4wZKvqG0Xklw+j0V/yx1hA23B9az+eSe9rh0HE4v6S
-----END CERTIFICATE-----