Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/ElzTNMvuHLuwKh7_6ACoCPUbsd4.roa
File:                     ElzTNMvuHLuwKh7_6ACoCPUbsd4.roa (raw, json)
Hash identifier:          f1+i9gr2hfeCLjNxy8K76Ur5Y5NtWUBv1YjnV7841r0=
Subject key identifier:   12:5C:D3:34:CB:EE:1C:BB:B0:2A:1E:FF:E8:00:A8:08:F5:1B:B1:DE
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       018CC8DF9093B7FDF646322C3294321947ED
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/ElzTNMvuHLuwKh7_6ACoCPUbsd4.roa
Signing time:             Tue 02 Jan 2024 06:32:23 +0000
ROA not before:           Tue 02 Jan 2024 06:32:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24768
IP address blocks:        77.246.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:90:93:b7:fd:f6:46:32:2c:32:94:32:19:47:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Jan  2 06:32:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=125cd334cbee1cbbb02a1effe800a808f51bb1de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c4:cb:6a:5c:42:ad:69:f4:e0:e9:15:44:e2:
                    9f:d6:93:68:58:81:9c:a7:ee:8d:f7:1a:36:93:5b:
                    9c:97:d2:67:b1:05:bc:22:a7:ea:10:29:54:19:c7:
                    ea:8b:48:51:ed:c6:74:71:40:3d:79:56:6b:a3:d1:
                    dd:18:90:62:19:84:01:d4:73:22:15:8e:ac:54:0e:
                    46:35:82:8b:af:e7:31:74:72:a0:ca:db:aa:10:d5:
                    2f:f7:ed:52:2e:a0:b1:d7:7b:4a:cd:05:b3:09:80:
                    de:81:83:85:a9:94:9f:4e:d2:67:af:62:ba:34:89:
                    14:f3:d9:5e:4e:b1:fc:54:7e:08:bd:13:52:fe:23:
                    c9:18:c7:de:3c:72:92:bf:0e:ce:94:4e:97:db:66:
                    8b:7c:88:39:8f:8a:61:dd:e2:ed:9b:36:2a:a0:30:
                    d9:91:c5:78:a8:78:f0:56:80:9a:6e:52:69:18:23:
                    5b:2b:5d:e6:18:df:71:f6:bd:f2:3b:3e:21:36:bf:
                    b8:db:c6:c7:be:fc:2e:03:53:e9:c7:96:56:b2:bb:
                    04:da:93:39:1f:5b:4b:20:e0:81:2a:29:4f:a1:6d:
                    cd:fa:7b:b4:d5:44:db:77:c5:a9:3f:56:61:36:c5:
                    13:15:5d:15:7b:0c:00:b7:ba:65:42:4b:af:4a:43:
                    e5:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:5C:D3:34:CB:EE:1C:BB:B0:2A:1E:FF:E8:00:A8:08:F5:1B:B1:DE
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/ElzTNMvuHLuwKh7_6ACoCPUbsd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:80:3f:b0:89:c4:20:26:dd:b5:27:a8:cd:4d:68:cb:84:fc:
         a4:0a:af:07:18:62:a7:48:58:10:6e:92:04:3d:8a:d5:1c:7f:
         81:8e:f5:1a:1d:5e:1b:cd:df:b2:ef:ef:be:03:6a:c4:cd:78:
         4c:b8:5a:25:e1:c3:71:a0:b9:9d:9c:55:d0:86:40:3a:07:7a:
         d8:f8:36:4d:41:b7:64:dc:e5:51:4d:37:09:c8:43:ad:11:5c:
         ea:56:d6:ad:99:f4:e5:de:6f:12:f5:f6:b7:67:10:a5:9a:3d:
         7d:a0:63:c1:59:d5:ed:ab:2d:01:0e:2c:82:62:1e:eb:f4:e8:
         b0:05:5e:07:8f:51:86:f9:29:06:71:18:83:62:ea:da:72:e7:
         91:d5:87:49:e0:3c:7b:55:20:c9:0e:3e:78:2e:50:2a:14:b9:
         a6:ba:66:e9:0a:1a:0b:e6:51:54:a1:55:94:a2:d5:b1:ce:4c:
         62:3e:41:1e:bd:ce:1f:67:9f:a2:ed:af:59:e4:46:40:23:5a:
         9e:62:88:3d:29:c3:d7:34:f8:3c:1e:b9:71:2e:ce:48:28:bf:
         cf:cc:8c:22:2c:4e:de:67:0b:f2:69:d3:15:a2:b9:e6:a6:86:
         8f:fd:81:99:61:2c:03:75:16:24:72:ea:0a:00:5a:80:58:8b:
         8c:16:ed:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI35CTt/32RjIsMpQyGUftMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjQwMTAyMDYzMjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjVjZDMzNGNiZWUxY2JiYjAyYTFlZmZlODAwYTgwOGY1MWJiMWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMTLalxCrWn04OkVROKf1pNoWIGc
p+6N9xo2k1ucl9JnsQW8IqfqEClUGcfqi0hR7cZ0cUA9eVZro9HdGJBiGYQB1HMi
FY6sVA5GNYKLr+cxdHKgytuqENUv9+1SLqCx13tKzQWzCYDegYOFqZSfTtJnr2K6
NIkU89leTrH8VH4IvRNS/iPJGMfePHKSvw7OlE6X22aLfIg5j4ph3eLtmzYqoDDZ
kcV4qHjwVoCablJpGCNbK13mGN9x9r3yOz4hNr+428bHvvwuA1Ppx5ZWsrsE2pM5
H1tLIOCBKilPoW3N+nu01UTbd8WpP1ZhNsUTFV0VewwAt7plQkuvSkPlpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBJc0zTL7hy7sCoe/+gAqAj1G7HeMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvRWx6VE5NdnVITHV3S2g3XzZBQ29DUFVic2Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfbfMA0G
CSqGSIb3DQEBCwUAA4IBAQALgD+wicQgJt21J6jNTWjLhPykCq8HGGKnSFgQbpIE
PYrVHH+BjvUaHV4bzd+y7+++A2rEzXhMuFol4cNxoLmdnFXQhkA6B3rY+DZNQbdk
3OVRTTcJyEOtEVzqVtatmfTl3m8S9fa3ZxClmj19oGPBWdXtqy0BDiyCYh7r9Oiw
BV4Hj1GG+SkGcRiDYuracueR1YdJ4Dx7VSDJDj54LlAqFLmmumbpChoL5lFUoVWU
otWxzkxiPkEevc4fZ5+i7a9Z5EZAI1qeYog9KcPXNPg8HrlxLs5IKL/PzIwiLE7e
ZwvyadMVornmpoaP/YGZYSwDdRYkcuoKAFqAWIuMFu2k
-----END CERTIFICATE-----