Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/ew8HE4wfUuBLX1_wXEdaVAnTXeM.roa
File:                     ew8HE4wfUuBLX1_wXEdaVAnTXeM.roa (raw, json)
Hash identifier:          8sUiQO0MJ/eMVWeoycLgv21dWtxZoGDpj/43ZNyuzPw=
Subject key identifier:   7B:0F:07:13:8C:1F:52:E0:4B:5F:5F:F0:5C:47:5A:54:09:D3:5D:E3
Certificate issuer:       /CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
Certificate serial:       018E7B0E6684D890B9C8052947C2B9B48DF4
Authority key identifier: 82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/ew8HE4wfUuBLX1_wXEdaVAnTXeM.roa
Signing time:             Tue 26 Mar 2024 13:58:45 +0000
ROA not before:           Tue 26 Mar 2024 13:58:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28753
IP address blocks:        91.201.140.0/23 maxlen: 23
                          92.119.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7b:0e:66:84:d8:90:b9:c8:05:29:47:c2:b9:b4:8d:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
        Validity
            Not Before: Mar 26 13:58:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b0f07138c1f52e04b5f5ff05c475a5409d35de3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:54:32:a6:62:99:ee:9f:06:c5:47:29:30:cf:
                    94:a5:d2:07:4f:96:e0:ae:68:be:9c:83:42:af:e7:
                    72:31:47:af:d1:88:4d:74:6a:7c:53:a2:3f:82:78:
                    fe:18:b3:bf:5a:b5:a1:e5:0b:aa:f3:c8:0d:4f:10:
                    23:cd:15:2e:c6:81:49:e6:b3:e4:0b:96:51:90:08:
                    14:5c:f3:4b:47:54:49:16:43:6d:51:ff:87:43:76:
                    07:aa:bb:3e:51:d9:18:8e:81:86:13:83:ba:fe:7e:
                    23:47:0a:6d:a2:bb:e8:51:ff:94:00:99:2b:b5:75:
                    95:e2:be:c5:01:ec:70:4f:fb:c0:c2:d6:88:39:09:
                    49:bf:11:6e:a2:1e:9d:1f:b2:0c:80:53:91:f1:97:
                    45:51:67:d5:94:84:d7:2f:1f:b2:17:5c:2e:05:35:
                    22:cb:3d:65:43:91:d9:65:69:fe:1c:9f:27:cf:23:
                    2a:84:3e:c7:33:44:3f:32:e3:f3:f1:bc:9b:ea:87:
                    47:85:44:8a:81:82:f1:7a:95:a1:e0:ca:06:6a:62:
                    60:78:49:a2:bc:b5:bb:5a:62:a8:28:f9:bf:30:85:
                    5d:66:6e:73:4c:85:d8:ee:90:22:a5:f8:3f:c5:b5:
                    66:f3:7c:2b:03:bd:27:dd:6f:d9:1b:07:f7:46:95:
                    7e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:0F:07:13:8C:1F:52:E0:4B:5F:5F:F0:5C:47:5A:54:09:D3:5D:E3
            X509v3 Authority Key Identifier:
                keyid:82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/ew8HE4wfUuBLX1_wXEdaVAnTXeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.140.0/23
                  92.119.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:52:fb:02:5a:c6:db:a8:68:13:06:44:46:5c:02:c4:55:e7:
         98:39:67:c2:94:02:c9:5e:84:eb:bb:d1:4b:06:de:28:d5:ff:
         52:c3:98:f0:af:13:04:28:c4:8a:27:7c:9f:c1:de:49:29:cd:
         74:68:95:c6:a0:68:ee:bf:b0:17:91:9e:0a:1d:b9:13:63:a3:
         59:45:8a:a2:2c:58:57:00:63:9e:f6:33:c5:a1:93:4a:c9:ec:
         a7:12:c6:bb:82:6a:28:f6:72:8e:6c:ce:b2:23:57:0f:81:b4:
         3e:97:3a:65:44:99:30:98:af:31:62:d4:22:44:cf:1f:35:0a:
         dc:91:c3:ab:32:35:55:51:71:0d:00:47:6e:de:3b:71:83:14:
         82:ca:72:f8:d1:c0:e9:e9:e4:21:af:4e:a6:1a:97:9c:7d:ae:
         eb:8e:61:d0:32:e7:bf:d4:1e:99:38:7c:5a:f9:0b:8b:63:c6:
         2a:0a:56:39:81:49:70:59:29:54:52:4c:25:3f:02:fe:4d:ca:
         0f:7b:e7:76:8e:5c:df:f3:9d:cd:4f:1f:9e:bf:bf:f1:33:63:
         93:a1:bc:6c:c5:09:78:cf:1a:da:12:22:09:d5:6e:c9:fd:11:
         6d:5c:0f:ac:4c:84:98:0c:af:6f:5c:9c:eb:11:b8:50:3c:34:
         73:43:be:28
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY57DmaE2JC5yAUpR8K5tI30MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMWEzZjIxZmIwYzI5NGQ2ZDRhNTI5YjJmMWRiZDRiZDEx
MTliZDcwHhcNMjQwMzI2MTM1ODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjBmMDcxMzhjMWY1MmUwNGI1ZjVmZjA1YzQ3NWE1NDA5ZDM1ZGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1QypmKZ7p8GxUcpMM+UpdIHT5bg
rmi+nINCr+dyMUev0YhNdGp8U6I/gnj+GLO/WrWh5Quq88gNTxAjzRUuxoFJ5rPk
C5ZRkAgUXPNLR1RJFkNtUf+HQ3YHqrs+UdkYjoGGE4O6/n4jRwptorvoUf+UAJkr
tXWV4r7FAexwT/vAwtaIOQlJvxFuoh6dH7IMgFOR8ZdFUWfVlITXLx+yF1wuBTUi
yz1lQ5HZZWn+HJ8nzyMqhD7HM0Q/MuPz8byb6odHhUSKgYLxepWh4MoGamJgeEmi
vLW7WmKoKPm/MIVdZm5zTIXY7pAipfg/xbVm83wrA70n3W/ZGwf3RpV+BwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHsPBxOMH1LgS19f8FxHWlQJ013jMB8GA1UdIwQY
MBaAFIIaPyH7DClNbUpSmy8dvUvREZvXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMt
YjZmMmFjODZlZjI3LzEvZXc4SEU0d2ZVdUJMWDFfd1hFZGFWQW5UWGVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMtYjZmMmFjODZlZjI3
LzEvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW8mMAwQA
XHe2MA0GCSqGSIb3DQEBCwUAA4IBAQBSUvsCWsbbqGgTBkRGXALEVeeYOWfClALJ
XoTru9FLBt4o1f9Sw5jwrxMEKMSKJ3yfwd5JKc10aJXGoGjuv7AXkZ4KHbkTY6NZ
RYqiLFhXAGOe9jPFoZNKyeynEsa7gmoo9nKObM6yI1cPgbQ+lzplRJkwmK8xYtQi
RM8fNQrckcOrMjVVUXENAEdu3jtxgxSCynL40cDp6eQhr06mGpecfa7rjmHQMue/
1B6ZOHxa+QuLY8YqClY5gUlwWSlUUkwlPwL+TcoPe+d2jlzf853NTx+ev7/xM2OT
obxsxQl4zxraEiIJ1W7J/RFtXA+sTISYDK9vXJzrEbhQPDRzQ74o
-----END CERTIFICATE-----