Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/e1doSkcZ1koZ_0dzrf54tA4ZKOY.roa
File:                     e1doSkcZ1koZ_0dzrf54tA4ZKOY.roa (raw, json)
Hash identifier:          +o5M5FVLJXrlesYy+fuh9lLXMMVDfaTBsymROBFP1TU=
Subject key identifier:   7B:57:68:4A:47:19:D6:4A:19:FF:47:73:AD:FE:78:B4:0E:19:28:E6
Certificate issuer:       /CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
Certificate serial:       0191B1CF5CCA559B0F54CC33F4665B6F89FE
Authority key identifier: 97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/e1doSkcZ1koZ_0dzrf54tA4ZKOY.roa
Signing time:             Mon 02 Sep 2024 08:17:22 +0000
ROA not before:           Mon 02 Sep 2024 08:17:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        82.206.32.0/21 maxlen: 24
                          82.206.40.0/21 maxlen: 24
                          82.206.48.0/21 maxlen: 24
                          82.206.56.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b1:cf:5c:ca:55:9b:0f:54:cc:33:f4:66:5b:6f:89:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
        Validity
            Not Before: Sep  2 08:17:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b57684a4719d64a19ff4773adfe78b40e1928e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:ef:e6:77:c6:72:16:e5:9d:cb:82:45:44:b7:
                    9c:64:36:39:63:ea:83:e3:66:64:89:57:ef:ac:c4:
                    01:3e:b5:1d:e0:85:11:8c:ea:68:87:fd:27:ad:8f:
                    45:18:b2:e5:b8:0b:0b:a7:a4:21:b3:b5:b5:da:c4:
                    ed:fe:29:e2:27:00:e9:74:75:08:b7:6d:6f:b1:94:
                    fc:ee:d3:3d:49:e5:a1:18:33:ab:35:4c:ad:fe:ef:
                    0b:0d:6b:ea:5e:5f:54:31:a7:28:bb:ff:f7:df:22:
                    63:6e:f1:0b:e6:88:72:22:29:3d:68:97:2e:92:37:
                    9f:26:72:68:e8:ad:4c:6f:4f:12:bb:6b:8f:1f:40:
                    7f:63:e5:91:f5:2c:cf:35:97:76:23:ec:d3:a7:c4:
                    63:d0:76:84:bc:75:a6:00:7a:3a:40:a8:97:1e:33:
                    2e:62:00:47:4f:64:3e:11:d4:bc:4f:70:d5:a1:97:
                    71:a4:81:5b:97:4d:23:8c:09:89:11:b1:e4:89:a4:
                    de:cc:c8:d9:c7:cc:fb:19:06:25:e8:8b:79:72:d1:
                    9b:19:b1:43:44:cd:cd:55:2b:51:7d:27:8f:a5:81:
                    7c:39:da:e7:30:4d:6f:04:d3:2b:52:eb:5f:a2:6f:
                    b0:23:90:91:7d:0d:ae:dd:e3:36:4a:90:e6:1e:14:
                    e7:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:57:68:4A:47:19:D6:4A:19:FF:47:73:AD:FE:78:B4:0E:19:28:E6
            X509v3 Authority Key Identifier:
                keyid:97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/e1doSkcZ1koZ_0dzrf54tA4ZKOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.206.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         90:0f:54:17:26:f0:6b:c6:c1:1e:46:8a:f1:48:7e:83:b9:6e:
         fc:0f:c4:1e:eb:90:1c:4f:42:5b:72:62:c4:2e:e9:29:98:ba:
         d4:55:aa:2b:d6:66:0d:21:e1:97:a5:fd:91:d7:b1:77:de:62:
         4d:ac:c6:2c:1b:ae:f0:90:96:ce:0a:ce:cf:b6:88:5a:26:75:
         cb:54:e8:d0:9a:c6:ac:d6:1e:81:26:3f:75:46:d2:fb:3a:8a:
         ea:d8:ac:43:63:b7:bb:0e:55:10:c7:f1:ec:97:0c:e5:04:28:
         84:ac:20:e9:09:a3:06:b3:97:cf:fd:99:20:0d:f4:df:5f:e2:
         fd:92:c6:4a:dc:ac:cd:de:2a:e4:0e:ab:cd:62:98:b2:ac:d6:
         93:8d:9a:b7:d6:c8:cd:91:88:a2:d9:03:87:0a:f2:72:94:38:
         92:26:16:32:14:fd:50:46:6d:69:09:03:b6:42:cf:a9:43:5b:
         75:8f:b2:e5:1a:50:72:c9:dc:aa:4b:f0:03:94:a3:8b:5b:4d:
         7c:ea:91:5a:3d:2d:9f:2d:ce:9b:de:dd:f6:3a:d9:17:ea:15:
         91:86:52:12:16:de:19:e5:3d:c4:21:31:ee:19:4e:eb:0e:80:
         4f:d8:a4:92:c1:97:67:43:fa:cd:68:08:d6:89:eb:07:36:2b:
         88:cf:9b:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGxz1zKVZsPVMwz9GZbb4n+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OTkxNDBiNDJkYjZjYjZiZjhjNmRkNDEzNzQ3ZmNmNGE2
ZmQ5YjUwHhcNMjQwOTAyMDgxNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjU3Njg0YTQ3MTlkNjRhMTlmZjQ3NzNhZGZlNzhiNDBlMTkyOGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzu/md8ZyFuWdy4JFRLecZDY5Y+qD
42ZkiVfvrMQBPrUd4IURjOpoh/0nrY9FGLLluAsLp6Qhs7W12sTt/iniJwDpdHUI
t21vsZT87tM9SeWhGDOrNUyt/u8LDWvqXl9UMacou//33yJjbvEL5ohyIik9aJcu
kjefJnJo6K1Mb08Su2uPH0B/Y+WR9SzPNZd2I+zTp8Rj0HaEvHWmAHo6QKiXHjMu
YgBHT2Q+EdS8T3DVoZdxpIFbl00jjAmJEbHkiaTezMjZx8z7GQYl6It5ctGbGbFD
RM3NVStRfSePpYF8OdrnME1vBNMrUutfom+wI5CRfQ2u3eM2SpDmHhTnvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHtXaEpHGdZKGf9Hc63+eLQOGSjmMB8GA1UdIwQY
MBaAFJeZFAtC22y2v4xt1BN0f89Kb9m1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2Qt
NTk1OTE5YmUwZjUyLzEvZTFkb1NrY1oxa29aXzBkenJmNTR0QTRaS09ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2QtNTk1OTE5YmUwZjUy
LzEvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFUs4gMA0G
CSqGSIb3DQEBCwUAA4IBAQCQD1QXJvBrxsEeRorxSH6DuW78D8Qe65AcT0JbcmLE
LukpmLrUVaor1mYNIeGXpf2R17F33mJNrMYsG67wkJbOCs7PtohaJnXLVOjQmsas
1h6BJj91RtL7Oorq2KxDY7e7DlUQx/HslwzlBCiErCDpCaMGs5fP/ZkgDfTfX+L9
ksZK3KzN3irkDqvNYpiyrNaTjZq31sjNkYii2QOHCvJylDiSJhYyFP1QRm1pCQO2
Qs+pQ1t1j7LlGlByydyqS/ADlKOLW0186pFaPS2fLc6b3t32OtkX6hWRhlISFt4Z
5T3EITHuGU7rDoBP2KSSwZdnQ/rNaAjWiesHNiuIz5v5
-----END CERTIFICATE-----