Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/596506-5ac6-49b3-bd70-75dae5ddfed3/1/ElLLBGrpzfsviucrBXB-8_Vaa_w.roa
File:                     ElLLBGrpzfsviucrBXB-8_Vaa_w.roa (raw, json)
Hash identifier:          z9k4yqCF3XE50n6S0zuuIUZ55zDOpxmCuBzsw/uitDA=
Subject key identifier:   12:52:CB:04:6A:E9:CD:FB:2F:8A:E7:2B:05:70:7E:F3:F5:5A:6B:FC
Certificate issuer:       /CN=25c52687a5ff161d2edabc9f8e3a4876c4ad8da2
Certificate serial:       0190E79B2CEFC010BB653A6FD22C343B500E
Authority key identifier: 25:C5:26:87:A5:FF:16:1D:2E:DA:BC:9F:8E:3A:48:76:C4:AD:8D:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JcUmh6X_Fh0u2ryfjjpIdsStjaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/596506-5ac6-49b3-bd70-75dae5ddfed3/1/ElLLBGrpzfsviucrBXB-8_Vaa_w.roa
Signing time:             Thu 25 Jul 2024 01:57:04 +0000
ROA not before:           Thu 25 Jul 2024 01:57:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60809
IP address blocks:        91.205.20.0/22 maxlen: 22
                          91.206.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/596506-5ac6-49b3-bd70-75dae5ddfed3/1/JcUmh6X_Fh0u2ryfjjpIdsStjaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/596506-5ac6-49b3-bd70-75dae5ddfed3/1/JcUmh6X_Fh0u2ryfjjpIdsStjaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JcUmh6X_Fh0u2ryfjjpIdsStjaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e7:9b:2c:ef:c0:10:bb:65:3a:6f:d2:2c:34:3b:50:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25c52687a5ff161d2edabc9f8e3a4876c4ad8da2
        Validity
            Not Before: Jul 25 01:57:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1252cb046ae9cdfb2f8ae72b05707ef3f55a6bfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:3c:5a:b9:e8:2d:ed:16:dc:1f:af:8c:38:d3:
                    d9:39:bd:45:b7:89:61:ff:cc:0b:1f:49:17:34:ae:
                    6c:4c:c9:1e:24:88:88:e6:21:df:41:b1:73:a7:35:
                    91:22:8d:b9:98:cc:ed:18:76:c3:c2:60:63:5d:b2:
                    c8:03:02:29:64:86:19:37:66:85:b3:72:b1:0f:3a:
                    2f:28:e5:69:87:67:d3:41:e1:8b:28:5a:84:f9:24:
                    63:96:9d:c4:18:55:45:73:5e:14:73:5f:2c:35:84:
                    74:e2:57:61:70:69:5c:28:2b:aa:af:13:02:0f:84:
                    50:1d:2c:f7:ce:90:2d:58:3c:b2:eb:c2:5b:ed:76:
                    5c:f5:d9:1c:b7:39:17:cc:bc:2c:7e:6e:64:18:fa:
                    a8:c6:20:ae:a8:9d:9d:be:ec:f1:18:e0:a7:2c:53:
                    cc:89:36:7a:00:1e:39:19:60:54:46:ca:d8:99:6c:
                    b1:60:61:fa:74:62:c7:1e:7f:7e:ca:ea:63:d1:d2:
                    4a:95:4b:d0:14:c2:55:42:13:69:40:4f:f1:5a:b5:
                    e3:20:90:ef:df:24:98:39:20:c4:32:f3:17:93:72:
                    e7:fc:4e:70:0c:d5:8e:00:8d:28:38:1e:f0:73:86:
                    47:1c:e2:bb:33:c4:8a:7e:b3:47:23:e0:56:41:20:
                    ad:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:52:CB:04:6A:E9:CD:FB:2F:8A:E7:2B:05:70:7E:F3:F5:5A:6B:FC
            X509v3 Authority Key Identifier:
                keyid:25:C5:26:87:A5:FF:16:1D:2E:DA:BC:9F:8E:3A:48:76:C4:AD:8D:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JcUmh6X_Fh0u2ryfjjpIdsStjaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/596506-5ac6-49b3-bd70-75dae5ddfed3/1/ElLLBGrpzfsviucrBXB-8_Vaa_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/596506-5ac6-49b3-bd70-75dae5ddfed3/1/JcUmh6X_Fh0u2ryfjjpIdsStjaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.20.0/22
                  91.206.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:f6:b4:fe:ad:94:0d:c5:1e:c1:fd:07:04:4c:df:d7:b0:3b:
         c1:ff:0b:e3:28:11:f0:3a:12:24:ab:de:58:b3:2f:c7:61:fe:
         6a:42:e6:51:55:8c:ac:69:34:45:07:5a:28:cf:e7:90:43:5f:
         80:59:66:99:85:95:d9:66:b1:be:7f:75:11:78:6c:8e:ce:1c:
         58:dc:87:0b:0d:8e:44:6c:6f:0b:32:8e:a7:c6:79:60:46:5c:
         3a:f2:00:74:67:a8:a3:7d:d5:4d:34:02:9f:71:c6:ac:14:b9:
         48:4b:ec:28:86:93:ca:53:56:42:e6:51:6a:86:89:7f:6e:9c:
         9b:40:f2:3e:be:85:ef:7b:38:05:8a:7d:6b:fa:51:cc:61:fa:
         82:82:ee:4d:3a:01:69:02:f6:cf:9b:b6:0c:d8:28:a6:67:3f:
         f0:1a:df:7f:ce:26:71:80:f1:1d:50:17:b7:41:6f:39:58:82:
         71:3b:c0:50:67:ec:86:de:a3:a6:63:c1:78:b0:36:b2:87:58:
         39:1d:e3:c3:85:f9:ee:b6:eb:79:e7:63:46:b4:ce:de:b6:8b:
         90:43:4e:1c:92:64:b7:9d:49:5c:78:71:bd:2d:87:64:3b:f9:
         9f:66:a4:ab:3d:cc:92:3f:59:e2:d5:5d:2a:53:59:3f:04:e7:
         fb:8d:77:ae
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZDnmyzvwBC7ZTpv0iw0O1AOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YzUyNjg3YTVmZjE2MWQyZWRhYmM5ZjhlM2E0ODc2YzRh
ZDhkYTIwHhcNMjQwNzI1MDE1NzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjUyY2IwNDZhZTljZGZiMmY4YWU3MmIwNTcwN2VmM2Y1NWE2YmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTxauegt7RbcH6+MONPZOb1Ft4lh
/8wLH0kXNK5sTMkeJIiI5iHfQbFzpzWRIo25mMztGHbDwmBjXbLIAwIpZIYZN2aF
s3KxDzovKOVph2fTQeGLKFqE+SRjlp3EGFVFc14Uc18sNYR04ldhcGlcKCuqrxMC
D4RQHSz3zpAtWDyy68Jb7XZc9dkctzkXzLwsfm5kGPqoxiCuqJ2dvuzxGOCnLFPM
iTZ6AB45GWBURsrYmWyxYGH6dGLHHn9+yupj0dJKlUvQFMJVQhNpQE/xWrXjIJDv
3ySYOSDEMvMXk3Ln/E5wDNWOAI0oOB7wc4ZHHOK7M8SKfrNHI+BWQSCt+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBJSywRq6c37L4rnKwVwfvP1Wmv8MB8GA1UdIwQY
MBaAFCXFJoel/xYdLtq8n446SHbErY2iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmNVbWg2WF9GaDB1MnJ5ZmpqcElkc1N0amFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy81OTY1MDYtNWFjNi00OWIzLWJkNzAt
NzVkYWU1ZGRmZWQzLzEvRWxMTEJHcnB6ZnN2aXVjckJYQi04X1ZhYV93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy81OTY1MDYtNWFjNi00OWIzLWJkNzAtNzVkYWU1ZGRmZWQz
LzEvSmNVbWg2WF9GaDB1MnJ5ZmpqcElkc1N0amFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW80UAwQA
W861MA0GCSqGSIb3DQEBCwUAA4IBAQB29rT+rZQNxR7B/QcETN/XsDvB/wvjKBHw
OhIkq95Ysy/HYf5qQuZRVYysaTRFB1ooz+eQQ1+AWWaZhZXZZrG+f3UReGyOzhxY
3IcLDY5EbG8LMo6nxnlgRlw68gB0Z6ijfdVNNAKfccasFLlIS+wohpPKU1ZC5lFq
hol/bpybQPI+voXvezgFin1r+lHMYfqCgu5NOgFpAvbPm7YM2CimZz/wGt9/ziZx
gPEdUBe3QW85WIJxO8BQZ+yG3qOmY8F4sDayh1g5HePDhfnutut552NGtM7etouQ
Q04ckmS3nUlceHG9LYdkO/mfZqSrPcySP1ni1V0qU1k/BOf7jXeu
-----END CERTIFICATE-----