Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/2c7b2e-242a-4336-b0fb-fcf0f1594d2f/1/ELlxwxnivhlKzmhjPfFYR3NLU8Y.roa
File:                     ELlxwxnivhlKzmhjPfFYR3NLU8Y.roa (raw, json)
Hash identifier:          f0zUZxBoz+HkHe4LxnyJPo+gqRtO7zjKiQgfOLEVns0=
Subject key identifier:   10:B9:71:C3:19:E2:BE:19:4A:CE:68:63:3D:F1:58:47:73:4B:53:C6
Certificate issuer:       /CN=83124d0411a20fd2bb546970ea80116ef276dbab
Certificate serial:       018CCA2A57DEAD058A56DD647DC90166CA0D
Authority key identifier: 83:12:4D:04:11:A2:0F:D2:BB:54:69:70:EA:80:11:6E:F2:76:DB:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gxJNBBGiD9K7VGlw6oARbvJ226s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/2c7b2e-242a-4336-b0fb-fcf0f1594d2f/1/ELlxwxnivhlKzmhjPfFYR3NLU8Y.roa
Signing time:             Tue 02 Jan 2024 12:33:41 +0000
ROA not before:           Tue 02 Jan 2024 12:33:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8839
IP address blocks:        213.225.160.0/19 maxlen: 19
                          212.95.64.0/19 maxlen: 19
                          2001:810::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/2c7b2e-242a-4336-b0fb-fcf0f1594d2f/1/gxJNBBGiD9K7VGlw6oARbvJ226s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/2c7b2e-242a-4336-b0fb-fcf0f1594d2f/1/gxJNBBGiD9K7VGlw6oARbvJ226s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gxJNBBGiD9K7VGlw6oARbvJ226s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:57:de:ad:05:8a:56:dd:64:7d:c9:01:66:ca:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83124d0411a20fd2bb546970ea80116ef276dbab
        Validity
            Not Before: Jan  2 12:33:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10b971c319e2be194ace68633df15847734b53c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:6a:1f:02:fc:1d:df:fd:fc:23:64:7b:92:62:
                    14:7f:be:e4:af:8b:8a:72:11:84:8d:8e:2e:87:30:
                    80:fe:4d:10:55:ad:4f:84:78:40:ac:ab:ff:f9:0d:
                    12:5e:f2:96:bc:fb:fc:0e:27:3c:b6:c7:45:fc:71:
                    6c:05:e9:ca:ea:d8:00:a6:9e:f2:dc:9d:b3:f7:4e:
                    38:e4:6a:0a:a4:45:15:db:c8:86:43:4e:48:92:92:
                    74:6c:fe:27:ea:c2:76:f5:b3:8d:9a:c6:cb:3f:1d:
                    1b:ea:9b:58:2b:98:81:d1:d3:d4:97:6f:2e:8b:d2:
                    42:7a:6e:d9:fc:96:c4:c9:0a:6c:a7:5d:56:04:d4:
                    0d:c4:59:6a:b3:5a:b9:52:a6:56:9d:e2:d4:33:87:
                    d1:09:c6:6d:a8:6f:10:1a:01:94:e1:00:26:c5:a6:
                    d2:69:8c:03:9d:3e:fc:86:97:56:d8:7f:1b:bf:f0:
                    a0:7e:d2:a6:8d:0f:8b:29:cd:93:87:44:c8:4c:07:
                    82:c8:13:ad:d4:06:4b:81:4d:70:2a:54:69:6a:48:
                    81:7d:03:93:3c:9a:da:20:0f:5d:47:c9:86:f5:7b:
                    06:fa:9e:0e:fc:c9:f4:56:57:fe:84:36:11:df:04:
                    61:ce:2a:f0:60:cd:56:b9:52:be:17:c9:25:47:19:
                    31:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:B9:71:C3:19:E2:BE:19:4A:CE:68:63:3D:F1:58:47:73:4B:53:C6
            X509v3 Authority Key Identifier:
                keyid:83:12:4D:04:11:A2:0F:D2:BB:54:69:70:EA:80:11:6E:F2:76:DB:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gxJNBBGiD9K7VGlw6oARbvJ226s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/2c7b2e-242a-4336-b0fb-fcf0f1594d2f/1/ELlxwxnivhlKzmhjPfFYR3NLU8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/2c7b2e-242a-4336-b0fb-fcf0f1594d2f/1/gxJNBBGiD9K7VGlw6oARbvJ226s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.95.64.0/19
                  213.225.160.0/19
                IPv6:
                  2001:810::/32

    Signature Algorithm: sha256WithRSAEncryption
         94:b5:e7:d6:7d:3c:cf:df:b7:b1:83:69:60:5a:fb:81:d6:b6:
         0a:e2:a4:6a:66:44:60:70:9a:3a:2a:b9:7b:a6:22:ad:1c:39:
         25:8d:f7:37:62:73:56:0e:03:e6:fe:67:6c:e3:b8:c1:8f:cf:
         a8:92:21:8e:ba:a0:8c:5b:48:fe:52:64:b9:72:a1:be:48:56:
         cc:cd:ed:5e:85:32:d8:93:63:20:b2:b6:0a:1c:b3:82:0e:6b:
         36:ac:68:bc:9e:1e:ef:a5:05:93:ea:ba:e8:0d:15:cd:55:96:
         99:2a:96:1a:73:9b:a0:3a:0b:80:82:b2:f3:89:00:0e:33:45:
         7a:f0:a5:fa:2b:a3:42:9b:0a:c0:29:9c:64:cb:34:b3:e1:08:
         a9:de:27:b9:68:16:b9:08:fa:6b:76:99:33:79:23:14:80:8d:
         ff:fc:ab:66:b8:01:68:74:33:5b:46:68:1c:c9:3e:83:11:4c:
         39:2a:0f:a3:eb:8f:19:84:01:0f:f8:10:b1:07:f9:25:f6:fa:
         24:d8:10:05:ff:27:52:00:f2:7a:c6:61:3c:1a:09:49:a9:f3:
         0c:f6:35:b0:0f:c5:07:14:3a:61:99:8e:0f:62:fd:11:41:c4:
         35:03:24:18:d9:42:34:d5:05:1f:c0:b8:c9:14:39:5d:c7:b3:
         c5:96:5e:28
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzKKlferQWKVt1kfckBZsoNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMTI0ZDA0MTFhMjBmZDJiYjU0Njk3MGVhODAxMTZlZjI3
NmRiYWIwHhcNMjQwMTAyMTIzMzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGI5NzFjMzE5ZTJiZTE5NGFjZTY4NjMzZGYxNTg0NzczNGI1M2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGofAvwd3/38I2R7kmIUf77kr4uK
chGEjY4uhzCA/k0QVa1PhHhArKv/+Q0SXvKWvPv8Dic8tsdF/HFsBenK6tgApp7y
3J2z90445GoKpEUV28iGQ05IkpJ0bP4n6sJ29bONmsbLPx0b6ptYK5iB0dPUl28u
i9JCem7Z/JbEyQpsp11WBNQNxFlqs1q5UqZWneLUM4fRCcZtqG8QGgGU4QAmxabS
aYwDnT78hpdW2H8bv/CgftKmjQ+LKc2Th0TITAeCyBOt1AZLgU1wKlRpakiBfQOT
PJraIA9dR8mG9XsG+p4O/Mn0Vlf+hDYR3wRhzirwYM1WuVK+F8klRxkxKQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBC5ccMZ4r4ZSs5oYz3xWEdzS1PGMB8GA1UdIwQY
MBaAFIMSTQQRog/Su1RpcOqAEW7ydturMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3hKTkJCR2lEOUs3VkdsdzZvQVJidkoyMjZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yYzdiMmUtMjQyYS00MzM2LWIwZmIt
ZmNmMGYxNTk0ZDJmLzEvRUxseHd4bml2aGxLem1oalBmRllSM05MVThZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yYzdiMmUtMjQyYS00MzM2LWIwZmItZmNmMGYxNTk0ZDJm
LzEvZ3hKTkJCR2lEOUs3VkdsdzZvQVJidkoyMjZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQF1F9AAwQF
1eGgMA0EAgACMAcDBQAgAQgQMA0GCSqGSIb3DQEBCwUAA4IBAQCUtefWfTzP37ex
g2lgWvuB1rYK4qRqZkRgcJo6Krl7piKtHDkljfc3YnNWDgPm/mds47jBj8+okiGO
uqCMW0j+UmS5cqG+SFbMze1ehTLYk2MgsrYKHLOCDms2rGi8nh7vpQWT6rroDRXN
VZaZKpYac5ugOguAgrLziQAOM0V68KX6K6NCmwrAKZxkyzSz4Qip3ie5aBa5CPpr
dpkzeSMUgI3//KtmuAFodDNbRmgcyT6DEUw5Kg+j648ZhAEP+BCxB/kl9vok2BAF
/ydSAPJ6xmE8GglJqfMM9jWwD8UHFDphmY4PYv0RQcQ1AyQY2UI01QUfwLjJFDld
x7PFll4o
-----END CERTIFICATE-----