Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/8c9zyK_e_Yeg0nrw5GnFL7LLG3U.roa
File:                     8c9zyK_e_Yeg0nrw5GnFL7LLG3U.roa (raw, json)
Hash identifier:          0Ee7Pbxiu/FWSc9yGk/eUOsiE2ByNpN1Zn+qUOeZ/AU=
Subject key identifier:   F1:CF:73:C8:AF:DE:FD:87:A0:D2:7A:F0:E4:69:C5:2F:B2:CB:1B:75
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       018CC3B68A7A294289F07EAAF3BD91CA2D14
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/8c9zyK_e_Yeg0nrw5GnFL7LLG3U.roa
Signing time:             Mon 01 Jan 2024 06:29:29 +0000
ROA not before:           Mon 01 Jan 2024 06:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200687
IP address blocks:        93.179.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:8a:7a:29:42:89:f0:7e:aa:f3:bd:91:ca:2d:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 06:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1cf73c8afdefd87a0d27af0e469c52fb2cb1b75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d2:3b:e3:82:09:83:94:33:1e:ac:78:7b:a3:
                    cd:73:d0:27:a6:23:23:d7:80:85:3c:dd:e5:85:65:
                    a5:eb:15:ca:fd:02:4c:c8:34:46:38:ad:db:d0:d4:
                    32:b7:ac:38:53:f4:8f:21:94:8f:ff:c0:7b:03:b5:
                    8b:c8:e5:24:99:f0:5a:e5:db:23:59:c2:84:55:fc:
                    49:16:5f:19:d1:ea:cc:8b:9a:9a:1f:d0:f1:7c:55:
                    20:46:92:49:6e:b7:a6:9f:55:4d:cc:99:30:f9:89:
                    3f:24:06:19:d3:6a:7b:4c:e2:28:93:f9:94:dc:4d:
                    25:1b:0e:b7:80:e6:51:a0:5c:63:15:69:5f:ad:52:
                    52:1e:ea:6e:2d:f3:aa:83:11:b9:20:b5:36:82:cc:
                    0b:ae:1b:f3:5a:a8:b3:49:90:df:63:4a:96:ee:eb:
                    3f:b9:37:29:ac:9e:46:52:76:d0:fc:c9:9d:d1:82:
                    d5:2e:d7:7e:7e:93:a7:88:e1:34:43:39:8f:c5:4e:
                    15:ac:eb:af:5e:ee:0a:a5:23:ec:d7:f2:1a:0d:86:
                    61:85:d5:c9:7d:bb:4e:b6:7f:a9:c7:9e:e8:ab:e2:
                    27:cb:81:ba:16:e5:e5:b4:15:c0:22:36:ae:ab:20:
                    29:4f:98:e9:01:fc:6d:d7:f2:05:4e:94:95:f7:61:
                    44:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:CF:73:C8:AF:DE:FD:87:A0:D2:7A:F0:E4:69:C5:2F:B2:CB:1B:75
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/8c9zyK_e_Yeg0nrw5GnFL7LLG3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.179.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:c8:73:7e:8c:42:4e:44:c7:0c:48:70:37:15:20:c3:1b:85:
         6c:7b:ff:d6:06:09:88:35:8b:c2:e6:c5:a1:db:a3:7c:1f:d2:
         0a:6b:86:eb:d5:1c:79:0d:fa:8b:b2:f3:54:ff:fd:53:5d:e0:
         9a:fd:13:18:ed:93:3e:2d:4b:9c:6f:3e:2c:d6:12:47:95:e6:
         cf:19:d4:9b:bf:f5:5f:d9:08:6b:b2:31:bd:25:31:99:b2:98:
         cc:07:15:c4:88:03:5b:61:56:ce:1b:e4:f9:9a:7d:52:a8:78:
         3a:0c:98:64:89:73:e0:94:67:23:61:b3:fc:3d:9f:10:98:1c:
         7b:b3:c1:15:7b:56:a0:bf:eb:3e:6e:06:68:5a:44:1d:ed:53:
         fd:5e:b3:45:2a:9c:5c:ce:93:a7:89:18:27:66:8f:94:a8:82:
         a0:9f:a6:65:52:81:5d:5f:f7:8d:50:47:cc:d6:1a:a2:20:d8:
         b0:99:f0:2f:f4:65:03:b1:52:c8:04:5c:d6:1e:68:22:4a:4d:
         f1:47:e9:4e:2d:26:de:7a:7c:e6:36:15:f1:f6:66:f7:c5:ce:
         f1:fd:ae:bc:bd:3b:58:be:b7:81:0c:78:97:39:c1:da:f4:5b:
         a2:33:fb:fc:6c:51:8f:ab:b1:5f:0e:35:1f:37:45:e5:2e:42:
         55:95:06:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtop6KUKJ8H6q872Ryi0UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjQwMTAxMDYyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWNmNzNjOGFmZGVmZDg3YTBkMjdhZjBlNDY5YzUyZmIyY2IxYjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9I744IJg5QzHqx4e6PNc9AnpiMj
14CFPN3lhWWl6xXK/QJMyDRGOK3b0NQyt6w4U/SPIZSP/8B7A7WLyOUkmfBa5dsj
WcKEVfxJFl8Z0erMi5qaH9DxfFUgRpJJbremn1VNzJkw+Yk/JAYZ02p7TOIok/mU
3E0lGw63gOZRoFxjFWlfrVJSHupuLfOqgxG5ILU2gswLrhvzWqizSZDfY0qW7us/
uTcprJ5GUnbQ/Mmd0YLVLtd+fpOniOE0QzmPxU4VrOuvXu4KpSPs1/IaDYZhhdXJ
fbtOtn+px57oq+Iny4G6FuXltBXAIjauqyApT5jpAfxt1/IFTpSV92FEUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPHPc8iv3v2HoNJ68ORpxS+yyxt1MB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvOGM5enlLX2VfWWVnMG5ydzVHbkZMN0xMRzNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbNcMA0G
CSqGSIb3DQEBCwUAA4IBAQAzyHN+jEJORMcMSHA3FSDDG4Vse//WBgmINYvC5sWh
26N8H9IKa4br1Rx5DfqLsvNU//1TXeCa/RMY7ZM+LUucbz4s1hJHlebPGdSbv/Vf
2QhrsjG9JTGZspjMBxXEiANbYVbOG+T5mn1SqHg6DJhkiXPglGcjYbP8PZ8QmBx7
s8EVe1agv+s+bgZoWkQd7VP9XrNFKpxczpOniRgnZo+UqIKgn6ZlUoFdX/eNUEfM
1hqiINiwmfAv9GUDsVLIBFzWHmgiSk3xR+lOLSbeenzmNhXx9mb3xc7x/a68vTtY
vreBDHiXOcHa9FuiM/v8bFGPq7FfDjUfN0XlLkJVlQZ1
-----END CERTIFICATE-----