Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/23835a-b2cb-4a6e-89fd-2ae35175713c/1/GEpECgwfqAXr4R0DZRTy18D5e-o.roa
File:                     GEpECgwfqAXr4R0DZRTy18D5e-o.roa (raw, json)
Hash identifier:          aNb4ACH8qw8mmONSJCyLQIuGXcWG2EL/il0M8QrOwx8=
Subject key identifier:   18:4A:44:0A:0C:1F:A8:05:EB:E1:1D:03:65:14:F2:D7:C0:F9:7B:EA
Certificate issuer:       /CN=873726b17b01bf0b54426d1810f23dc4f58f6a7b
Certificate serial:       018F9AEEFC71790365A464CDF99FC356F40F
Authority key identifier: 87:37:26:B1:7B:01:BF:0B:54:42:6D:18:10:F2:3D:C4:F5:8F:6A:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hzcmsXsBvwtUQm0YEPI9xPWPans.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/23835a-b2cb-4a6e-89fd-2ae35175713c/1/GEpECgwfqAXr4R0DZRTy18D5e-o.roa
Signing time:             Tue 21 May 2024 11:35:04 +0000
ROA not before:           Tue 21 May 2024 11:35:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210514
IP address blocks:        91.225.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/23835a-b2cb-4a6e-89fd-2ae35175713c/1/hzcmsXsBvwtUQm0YEPI9xPWPans.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/23835a-b2cb-4a6e-89fd-2ae35175713c/1/hzcmsXsBvwtUQm0YEPI9xPWPans.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hzcmsXsBvwtUQm0YEPI9xPWPans.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9a:ee:fc:71:79:03:65:a4:64:cd:f9:9f:c3:56:f4:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=873726b17b01bf0b54426d1810f23dc4f58f6a7b
        Validity
            Not Before: May 21 11:35:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=184a440a0c1fa805ebe11d036514f2d7c0f97bea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:4d:ef:d9:59:7c:0a:ef:77:b0:e0:9e:dd:fa:
                    bb:37:e4:bf:6e:28:43:de:33:aa:45:e1:bc:f2:8c:
                    f0:9a:22:cc:32:0c:45:2e:86:29:b5:2b:c7:76:63:
                    d6:7e:dc:1c:3b:68:4c:3e:29:26:21:15:4e:7d:a9:
                    25:be:f7:79:ac:5e:23:cf:81:3b:b4:95:84:b8:12:
                    88:9a:3a:5f:7b:bf:f2:08:46:2a:15:e5:61:52:38:
                    61:67:73:4f:8e:70:53:b9:d2:5b:f0:a8:80:99:65:
                    bf:69:c4:2c:c3:36:74:48:1f:0a:d3:30:24:c4:ae:
                    12:84:0b:07:26:f8:6a:d8:be:c5:f0:ec:af:73:d4:
                    b2:fc:fb:ff:ea:96:ef:b4:81:5d:8c:72:c4:c6:0d:
                    32:d8:bf:6c:05:82:28:d2:04:30:f1:0e:58:86:84:
                    c5:33:e0:9d:91:a7:53:39:d3:f6:b4:8e:ab:69:fa:
                    17:08:f2:b1:74:2b:53:8c:1c:06:c2:b9:ce:f4:5e:
                    9d:c5:0d:70:08:55:e6:29:c0:b6:6c:07:b7:97:3a:
                    61:14:08:4b:fb:52:98:5c:6e:1f:83:d5:0e:3a:d2:
                    26:6c:97:10:76:d2:cd:20:2d:da:d3:c1:52:37:0e:
                    24:d3:a1:f9:db:67:a2:d0:a1:ec:37:2a:66:17:37:
                    af:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:4A:44:0A:0C:1F:A8:05:EB:E1:1D:03:65:14:F2:D7:C0:F9:7B:EA
            X509v3 Authority Key Identifier:
                keyid:87:37:26:B1:7B:01:BF:0B:54:42:6D:18:10:F2:3D:C4:F5:8F:6A:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hzcmsXsBvwtUQm0YEPI9xPWPans.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/23835a-b2cb-4a6e-89fd-2ae35175713c/1/GEpECgwfqAXr4R0DZRTy18D5e-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/23835a-b2cb-4a6e-89fd-2ae35175713c/1/hzcmsXsBvwtUQm0YEPI9xPWPans.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:b3:66:ce:8f:d1:39:85:21:41:91:47:71:a7:84:c7:77:c6:
         5a:77:86:72:93:5c:0c:b4:ac:cb:03:70:87:05:f7:6e:6d:4b:
         f2:94:75:a0:f9:c7:70:b6:92:1a:db:37:1c:09:ee:df:cd:ce:
         67:71:2c:d1:27:15:3d:c0:8e:c9:95:a4:fc:30:a7:0c:a6:7d:
         8a:c0:63:8a:3a:78:fb:81:78:4d:a8:69:cb:a5:c4:a9:e8:9f:
         7a:1a:56:27:9e:29:f3:f3:1f:1d:ef:29:ec:23:22:f4:1b:f6:
         20:c1:12:0e:cb:a5:42:d2:b5:42:2c:32:15:23:d5:ef:06:d0:
         47:b6:fa:a7:66:e1:9d:f7:de:83:a7:e1:6c:bc:44:28:c4:3b:
         13:9e:4b:fe:38:a9:e7:86:50:51:03:2d:fd:80:4c:e0:fa:34:
         60:eb:98:84:ba:1b:4b:0e:94:cd:d8:3e:3e:89:c5:57:e1:61:
         ef:df:f9:b0:04:6e:82:d8:41:55:93:eb:28:20:72:59:dc:db:
         7e:4f:10:2b:cf:ff:c7:7d:b4:0d:85:94:7b:7a:6f:62:b0:a7:
         b5:e4:53:a6:b6:c3:1c:33:9f:40:09:fd:b4:b2:1f:88:31:f9:
         c7:ac:ec:c9:9e:79:b8:1e:22:e3:d3:85:dc:43:db:2c:9a:67:
         37:6b:9d:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+a7vxxeQNlpGTN+Z/DVvQPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MzcyNmIxN2IwMWJmMGI1NDQyNmQxODEwZjIzZGM0ZjU4
ZjZhN2IwHhcNMjQwNTIxMTEzNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODRhNDQwYTBjMWZhODA1ZWJlMTFkMDM2NTE0ZjJkN2MwZjk3YmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwE3v2Vl8Cu93sOCe3fq7N+S/bihD
3jOqReG88ozwmiLMMgxFLoYptSvHdmPWftwcO2hMPikmIRVOfaklvvd5rF4jz4E7
tJWEuBKImjpfe7/yCEYqFeVhUjhhZ3NPjnBTudJb8KiAmWW/acQswzZ0SB8K0zAk
xK4ShAsHJvhq2L7F8Oyvc9Sy/Pv/6pbvtIFdjHLExg0y2L9sBYIo0gQw8Q5YhoTF
M+CdkadTOdP2tI6rafoXCPKxdCtTjBwGwrnO9F6dxQ1wCFXmKcC2bAe3lzphFAhL
+1KYXG4fg9UOOtImbJcQdtLNIC3a08FSNw4k06H522ei0KHsNypmFzevRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBhKRAoMH6gF6+EdA2UU8tfA+XvqMB8GA1UdIwQY
MBaAFIc3JrF7Ab8LVEJtGBDyPcT1j2p7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHpjbXNYc0J2d3RVUW0wWUVQSTl4UFdQYW5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8yMzgzNWEtYjJjYi00YTZlLTg5ZmQt
MmFlMzUxNzU3MTNjLzEvR0VwRUNnd2ZxQVhyNFIwRFpSVHkxOEQ1ZS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8yMzgzNWEtYjJjYi00YTZlLTg5ZmQtMmFlMzUxNzU3MTNj
LzEvaHpjbXNYc0J2d3RVUW0wWUVQSTl4UFdQYW5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+HLMA0G
CSqGSIb3DQEBCwUAA4IBAQCOs2bOj9E5hSFBkUdxp4THd8Zad4Zyk1wMtKzLA3CH
BfdubUvylHWg+cdwtpIa2zccCe7fzc5ncSzRJxU9wI7JlaT8MKcMpn2KwGOKOnj7
gXhNqGnLpcSp6J96GlYnninz8x8d7ynsIyL0G/YgwRIOy6VC0rVCLDIVI9XvBtBH
tvqnZuGd996Dp+FsvEQoxDsTnkv+OKnnhlBRAy39gEzg+jRg65iEuhtLDpTN2D4+
icVX4WHv3/mwBG6C2EFVk+soIHJZ3Nt+TxArz//HfbQNhZR7em9isKe15FOmtsMc
M59ACf20sh+IMfnHrOzJnnm4HiLj04XcQ9ssmmc3a520
-----END CERTIFICATE-----