Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/ejXBv3HQQPqILjgc4rN6PwYd8xo.roa
File:                     ejXBv3HQQPqILjgc4rN6PwYd8xo.roa (raw, json)
Hash identifier:          F/nJfGAdXC5XqIGIGlOgkrvToToRWI5Pyj24LlEK+uk=
Subject key identifier:   7A:35:C1:BF:71:D0:40:FA:88:2E:38:1C:E2:B3:7A:3F:06:1D:F3:1A
Certificate issuer:       /CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
Certificate serial:       018FBDE6AF5969E6140E7C35F5434F73D76F
Authority key identifier: 3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/ejXBv3HQQPqILjgc4rN6PwYd8xo.roa
Signing time:             Tue 28 May 2024 06:32:42 +0000
ROA not before:           Tue 28 May 2024 06:32:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8203
IP address blocks:        192.115.8.0/22 maxlen: 22
                          192.115.8.0/24 maxlen: 24
                          192.116.24.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 12:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:bd:e6:af:59:69:e6:14:0e:7c:35:f5:43:4f:73:d7:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
        Validity
            Not Before: May 28 06:32:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a35c1bf71d040fa882e381ce2b37a3f061df31a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ea:6e:b0:d1:b7:8c:12:ac:ff:bb:52:44:1c:
                    6f:ab:13:32:56:9d:40:b6:51:8a:c8:65:64:9a:fc:
                    b7:f0:92:af:c0:1c:6c:75:0d:f8:ae:57:21:d2:fb:
                    ac:a7:fd:aa:c7:ad:46:cc:0b:05:77:d0:8e:48:5a:
                    90:6b:b8:3c:43:c9:30:1a:b1:88:c6:e1:e6:4b:39:
                    4d:de:aa:c4:43:c2:ef:da:d0:a8:2d:25:5b:81:28:
                    d5:6b:48:ad:3e:bd:5a:81:a5:66:31:57:08:5f:e0:
                    30:6a:58:bc:3e:3e:f5:b5:44:5f:4a:1d:69:1d:19:
                    03:bc:b6:27:ba:f5:1a:1b:3e:75:be:cc:bd:cc:08:
                    a5:f1:7c:41:c3:31:16:ab:8c:19:84:bf:be:19:f2:
                    32:5d:c6:11:be:e3:4a:1b:ca:a7:81:46:2c:9a:76:
                    c6:14:ef:b3:7a:25:e5:b3:da:4e:0c:cf:05:98:6e:
                    1a:1c:eb:47:a9:63:d1:03:36:7e:16:43:98:09:d3:
                    7f:9b:80:36:cb:81:eb:c4:14:f4:0a:2b:f4:f2:fd:
                    2c:62:2d:22:86:f5:64:53:a5:94:14:e5:23:45:5e:
                    37:e9:6d:a2:55:85:a0:a7:f8:30:f3:f7:84:7d:89:
                    1d:40:6a:85:e2:50:95:68:ba:f8:f1:42:70:18:5b:
                    a3:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:35:C1:BF:71:D0:40:FA:88:2E:38:1C:E2:B3:7A:3F:06:1D:F3:1A
            X509v3 Authority Key Identifier:
                keyid:3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/ejXBv3HQQPqILjgc4rN6PwYd8xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.115.8.0/22
                  192.116.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         64:b4:43:ef:43:1b:b9:17:4d:6c:9c:a1:03:54:94:e4:e7:67:
         21:bd:32:97:87:86:d2:fc:9a:30:66:2e:83:05:28:0d:4f:cd:
         a4:8d:a1:7b:75:ff:f4:84:92:ad:80:56:a1:ca:5b:28:33:7d:
         08:a7:9d:80:f8:ae:18:08:70:f8:57:0f:67:b2:ed:7f:45:73:
         fd:10:78:46:fc:fc:e3:dd:36:90:0d:68:8d:a2:79:c9:6f:b5:
         e9:34:96:9f:c7:83:81:c4:0a:5b:b3:30:ec:93:6e:b2:05:5a:
         89:d1:1f:b2:5f:d4:85:aa:63:db:9e:8a:a4:a1:9a:3e:a3:23:
         b8:a1:51:e9:16:cd:dd:8f:e0:38:20:d1:3c:1c:bf:3e:7a:73:
         08:0b:3b:9e:ac:95:d2:d3:71:be:a0:60:43:40:84:38:38:ac:
         4e:55:e1:5a:40:f5:e6:08:0b:b7:01:50:ef:01:ca:ed:e6:85:
         af:8c:27:24:b7:f2:16:78:b6:e6:f7:2f:4b:86:bf:9e:12:f7:
         9b:c6:24:13:a4:26:ea:1e:0d:9c:ff:3a:42:aa:2c:5b:43:27:
         41:15:88:05:fc:9e:e1:35:c2:bf:40:48:d7:26:8c:4d:cd:4f:
         25:cb:dd:c8:b4:66:a5:c2:85:de:8f:e2:37:da:db:b6:03:21:
         a3:60:89:50
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+95q9ZaeYUDnw19UNPc9dvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZWRkODVjMWVjY2I1ZmY0YmE5MzAxMTdhNzMyOTA5OWMw
ZmYyZWIwHhcNMjQwNTI4MDYzMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTM1YzFiZjcxZDA0MGZhODgyZTM4MWNlMmIzN2EzZjA2MWRmMzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+pusNG3jBKs/7tSRBxvqxMyVp1A
tlGKyGVkmvy38JKvwBxsdQ34rlch0vusp/2qx61GzAsFd9COSFqQa7g8Q8kwGrGI
xuHmSzlN3qrEQ8Lv2tCoLSVbgSjVa0itPr1agaVmMVcIX+Awali8Pj71tURfSh1p
HRkDvLYnuvUaGz51vsy9zAil8XxBwzEWq4wZhL++GfIyXcYRvuNKG8qngUYsmnbG
FO+zeiXls9pODM8FmG4aHOtHqWPRAzZ+FkOYCdN/m4A2y4HrxBT0Civ08v0sYi0i
hvVkU6WUFOUjRV436W2iVYWgp/gw8/eEfYkdQGqF4lCVaLr48UJwGFujYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHo1wb9x0ED6iC44HOKzej8GHfMaMB8GA1UdIwQY
MBaAFD/t2FwezLX/S6kwEXpzKQmcD/LrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQt
ZTJiNTI3NzI4ZTk2LzEvZWpYQnYzSFFRUHFJTGpnYzRyTjZQd1lkOHhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQtZTJiNTI3NzI4ZTk2
LzEvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwHMIAwQD
wHQYMA0GCSqGSIb3DQEBCwUAA4IBAQBktEPvQxu5F01snKEDVJTk52chvTKXh4bS
/JowZi6DBSgNT82kjaF7df/0hJKtgFahylsoM30Ip52A+K4YCHD4Vw9nsu1/RXP9
EHhG/Pzj3TaQDWiNonnJb7XpNJafx4OBxApbszDsk26yBVqJ0R+yX9SFqmPbnoqk
oZo+oyO4oVHpFs3dj+A4INE8HL8+enMICzuerJXS03G+oGBDQIQ4OKxOVeFaQPXm
CAu3AVDvAcrt5oWvjCckt/IWeLbm9y9Lhr+eEvebxiQTpCbqHg2c/zpCqixbQydB
FYgF/J7hNcK/QEjXJoxNzU8ly93ItGalwoXej+I32tu2AyGjYIlQ
-----END CERTIFICATE-----