Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fdb641-d1a3-4dda-bf91-be7c828c3693/1/elbk19OAExa8Bf5Z3NPRVmT_3iA.roa
File:                     elbk19OAExa8Bf5Z3NPRVmT_3iA.roa (raw, json)
Hash identifier:          KUkK1sYh7tONb5QjJPQj4O1IK6fOfEG9tKjL/4rH1yk=
Subject key identifier:   7A:56:E4:D7:D3:80:13:16:BC:05:FE:59:DC:D3:D1:56:64:FF:DE:20
Certificate issuer:       /CN=c9e0e4c9acbf701f930149b325ce042cf9f92a59
Certificate serial:       018CC50145E8C2EF52B0B8DE0CCE887D7932
Authority key identifier: C9:E0:E4:C9:AC:BF:70:1F:93:01:49:B3:25:CE:04:2C:F9:F9:2A:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yeDkyay_cB-TAUmzJc4ELPn5Klk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fdb641-d1a3-4dda-bf91-be7c828c3693/1/elbk19OAExa8Bf5Z3NPRVmT_3iA.roa
Signing time:             Mon 01 Jan 2024 12:30:44 +0000
ROA not before:           Mon 01 Jan 2024 12:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        91.213.126.0/24 maxlen: 24
                          2a12:7280::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fdb641-d1a3-4dda-bf91-be7c828c3693/1/yeDkyay_cB-TAUmzJc4ELPn5Klk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fdb641-d1a3-4dda-bf91-be7c828c3693/1/yeDkyay_cB-TAUmzJc4ELPn5Klk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yeDkyay_cB-TAUmzJc4ELPn5Klk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:45:e8:c2:ef:52:b0:b8:de:0c:ce:88:7d:79:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9e0e4c9acbf701f930149b325ce042cf9f92a59
        Validity
            Not Before: Jan  1 12:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a56e4d7d3801316bc05fe59dcd3d15664ffde20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:98:47:5c:8f:f9:77:72:c8:08:0e:88:e3:30:
                    27:7a:14:5d:2a:6a:fa:d6:e3:d5:97:ac:d1:b1:61:
                    81:42:7a:17:8b:fa:bb:71:9c:dd:0b:f1:4a:1e:c9:
                    40:51:93:86:74:3f:e0:23:cd:1a:78:2f:92:89:94:
                    cc:a5:32:18:86:18:71:48:7c:bf:c6:da:e6:b9:e8:
                    21:54:9d:c6:4b:4b:90:d9:3c:fd:7f:40:cf:87:f5:
                    d7:b6:dd:27:cb:79:94:4c:53:2d:7f:94:fd:b1:f7:
                    53:a1:f5:ec:d4:98:81:b8:96:30:bc:3f:d5:25:08:
                    7d:72:18:24:10:2e:bd:2c:85:83:ba:64:58:9b:7b:
                    4c:ad:63:25:5d:21:52:f7:0e:09:d4:1b:e4:a2:91:
                    1d:29:fe:36:e7:62:f0:1b:72:7b:61:dd:36:a8:2c:
                    20:45:0d:55:d1:b2:b7:9f:88:d2:e6:4f:cd:91:63:
                    0d:0b:ea:fb:2c:34:94:41:6b:4b:99:27:69:45:63:
                    75:33:5c:64:e7:ac:79:8e:9f:bf:1a:11:10:06:c0:
                    d0:4c:ba:93:f6:c1:96:c1:7f:02:0d:a2:bd:4c:52:
                    ef:34:6b:d3:b8:ac:74:49:b8:c4:6d:c5:6f:af:ff:
                    6c:4d:5e:6b:3d:81:14:64:31:59:94:c6:42:22:d9:
                    d5:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:56:E4:D7:D3:80:13:16:BC:05:FE:59:DC:D3:D1:56:64:FF:DE:20
            X509v3 Authority Key Identifier:
                keyid:C9:E0:E4:C9:AC:BF:70:1F:93:01:49:B3:25:CE:04:2C:F9:F9:2A:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yeDkyay_cB-TAUmzJc4ELPn5Klk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fdb641-d1a3-4dda-bf91-be7c828c3693/1/elbk19OAExa8Bf5Z3NPRVmT_3iA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fdb641-d1a3-4dda-bf91-be7c828c3693/1/yeDkyay_cB-TAUmzJc4ELPn5Klk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.126.0/24
                IPv6:
                  2a12:7280::/29

    Signature Algorithm: sha256WithRSAEncryption
         15:de:da:7a:db:d3:96:09:33:14:43:17:d3:80:35:dd:c2:4a:
         6a:42:27:0a:54:d4:d5:81:c5:ed:f0:da:27:d2:a1:df:d4:d3:
         08:b3:eb:88:68:bd:f4:e6:17:5f:f8:53:0e:18:2d:c8:a4:e8:
         1f:a6:92:22:1c:1c:91:93:01:f8:53:02:08:fa:fa:23:f6:1d:
         04:8c:ec:dd:89:fb:0d:f5:ee:29:21:da:c9:f7:33:eb:3e:20:
         55:b5:c5:da:43:55:0b:5b:52:29:6e:8e:49:d5:6b:72:cc:17:
         25:37:93:d8:e3:a3:ad:3c:45:91:bf:e8:e4:f0:2d:18:80:c3:
         c7:a5:26:42:5f:dc:6b:62:25:d1:b5:81:6a:02:1b:55:b4:f7:
         9f:06:f1:39:13:13:a8:74:eb:fd:fd:3c:80:69:57:a5:93:62:
         41:12:ac:77:ad:a7:f8:20:76:5f:0c:b8:04:db:d3:3a:5b:7a:
         a4:9a:e1:47:0a:91:93:d4:d1:09:35:c5:2a:76:67:4b:b7:de:
         4b:58:74:8a:27:8e:2b:09:a1:92:0b:f5:2d:68:10:01:75:e2:
         aa:cb:e0:47:2c:0b:e3:94:69:d5:73:93:95:d6:9d:f9:a0:42:
         80:67:22:09:b7:83:fd:ec:f0:a1:30:ba:49:2e:71:95:a4:3f:
         42:01:71:cc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAUXowu9SsLjeDM6IfXkyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZTBlNGM5YWNiZjcwMWY5MzAxNDliMzI1Y2UwNDJjZjlm
OTJhNTkwHhcNMjQwMTAxMTIzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTU2ZTRkN2QzODAxMzE2YmMwNWZlNTlkY2QzZDE1NjY0ZmZkZTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5hHXI/5d3LICA6I4zAnehRdKmr6
1uPVl6zRsWGBQnoXi/q7cZzdC/FKHslAUZOGdD/gI80aeC+SiZTMpTIYhhhxSHy/
xtrmueghVJ3GS0uQ2Tz9f0DPh/XXtt0ny3mUTFMtf5T9sfdTofXs1JiBuJYwvD/V
JQh9chgkEC69LIWDumRYm3tMrWMlXSFS9w4J1BvkopEdKf4252LwG3J7Yd02qCwg
RQ1V0bK3n4jS5k/NkWMNC+r7LDSUQWtLmSdpRWN1M1xk56x5jp+/GhEQBsDQTLqT
9sGWwX8CDaK9TFLvNGvTuKx0SbjEbcVvr/9sTV5rPYEUZDFZlMZCItnVfwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHpW5NfTgBMWvAX+WdzT0VZk/94gMB8GA1UdIwQY
MBaAFMng5Mmsv3AfkwFJsyXOBCz5+SpZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWVEa3lheV9jQi1UQVVtekpjNEVMUG41S2xrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGI2NDEtZDFhMy00ZGRhLWJmOTEt
YmU3YzgyOGMzNjkzLzEvZWxiazE5T0FFeGE4QmY1WjNOUFJWbVRfM2lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGI2NDEtZDFhMy00ZGRhLWJmOTEtYmU3YzgyOGMzNjkz
LzEveWVEa3lheV9jQi1UQVVtekpjNEVMUG41S2xrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9V+MA0E
AgACMAcDBQMqEnKAMA0GCSqGSIb3DQEBCwUAA4IBAQAV3tp629OWCTMUQxfTgDXd
wkpqQicKVNTVgcXt8Non0qHf1NMIs+uIaL305hdf+FMOGC3IpOgfppIiHByRkwH4
UwII+voj9h0EjOzdifsN9e4pIdrJ9zPrPiBVtcXaQ1ULW1Ipbo5J1WtyzBclN5PY
46OtPEWRv+jk8C0YgMPHpSZCX9xrYiXRtYFqAhtVtPefBvE5ExOodOv9/TyAaVel
k2JBEqx3raf4IHZfDLgE29M6W3qkmuFHCpGT1NEJNcUqdmdLt95LWHSKJ44rCaGS
C/UtaBABdeKqy+BHLAvjlGnVc5OV1p35oEKAZyIJt4P97PChMLpJLnGVpD9CAXHM
-----END CERTIFICATE-----