Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/ae0a93-f690-4e36-befa-91a349e77478/1/8Ca_MqK66dR-k47dR13U0UTZ9Xw.roa
File:                     8Ca_MqK66dR-k47dR13U0UTZ9Xw.roa (raw, json)
Hash identifier:          nz+ZFxuSr5C02C9ICC4vFIPDA6dYJB5bo/iqxX9gXWE=
Subject key identifier:   F0:26:BF:32:A2:BA:E9:D4:7E:93:8E:DD:47:5D:D4:D1:44:D9:F5:7C
Certificate issuer:       /CN=0d2efe3b63fa9b2a7932c5b5ec854b70c3f18839
Certificate serial:       018FDD81E1FF2C92071B5B363593704A9359
Authority key identifier: 0D:2E:FE:3B:63:FA:9B:2A:79:32:C5:B5:EC:85:4B:70:C3:F1:88:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DS7-O2P6myp5MsW17IVLcMPxiDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/ae0a93-f690-4e36-befa-91a349e77478/1/8Ca_MqK66dR-k47dR13U0UTZ9Xw.roa
Signing time:             Mon 03 Jun 2024 09:50:27 +0000
ROA not before:           Mon 03 Jun 2024 09:50:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215120
IP address blocks:        91.227.33.0/24 maxlen: 24
                          193.178.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/ae0a93-f690-4e36-befa-91a349e77478/1/DS7-O2P6myp5MsW17IVLcMPxiDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/ae0a93-f690-4e36-befa-91a349e77478/1/DS7-O2P6myp5MsW17IVLcMPxiDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DS7-O2P6myp5MsW17IVLcMPxiDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:dd:81:e1:ff:2c:92:07:1b:5b:36:35:93:70:4a:93:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2efe3b63fa9b2a7932c5b5ec854b70c3f18839
        Validity
            Not Before: Jun  3 09:50:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f026bf32a2bae9d47e938edd475dd4d144d9f57c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d8:0a:ec:a2:30:57:07:4c:1d:89:51:89:c8:
                    46:3f:5e:0d:f5:7a:b3:ca:c8:07:85:cb:e3:9b:a1:
                    6b:6a:3b:13:10:c7:d1:6b:7f:5b:04:c7:2b:56:f7:
                    dc:51:5a:56:c7:86:31:7a:2e:e7:b7:20:b1:77:db:
                    bb:ad:2d:19:ab:90:7d:46:45:bf:45:b5:c8:99:3e:
                    c8:75:47:f5:78:ad:d2:bc:4b:69:00:1a:cd:00:53:
                    dc:1f:ba:b6:fc:e8:b1:9d:87:10:8b:f6:e7:44:aa:
                    41:52:50:7f:7b:54:64:9f:3f:49:c7:62:03:11:29:
                    e3:ea:b9:69:e3:1a:5c:59:52:30:e1:d4:3d:1b:47:
                    8f:32:64:83:e7:4f:5a:0d:54:78:81:ab:b7:d6:c9:
                    11:81:4f:47:a8:0a:b7:89:91:77:32:17:76:1b:f3:
                    b9:e1:f5:f3:4b:6e:71:d8:6a:e5:15:6d:5e:4d:d0:
                    a1:1a:5b:9e:a2:a5:1d:55:1b:b1:da:08:40:68:89:
                    da:a5:01:5c:ca:2c:7d:f0:9f:a8:66:d1:43:5b:77:
                    88:db:d5:ae:bb:a4:14:f3:6d:a6:63:4e:da:7a:de:
                    b4:23:bb:85:c1:ea:f2:1b:ec:6f:64:f5:8f:7b:0a:
                    d7:b8:15:f5:a3:26:15:95:68:1c:06:80:5f:88:bc:
                    80:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:26:BF:32:A2:BA:E9:D4:7E:93:8E:DD:47:5D:D4:D1:44:D9:F5:7C
            X509v3 Authority Key Identifier:
                keyid:0D:2E:FE:3B:63:FA:9B:2A:79:32:C5:B5:EC:85:4B:70:C3:F1:88:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DS7-O2P6myp5MsW17IVLcMPxiDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/ae0a93-f690-4e36-befa-91a349e77478/1/8Ca_MqK66dR-k47dR13U0UTZ9Xw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/ae0a93-f690-4e36-befa-91a349e77478/1/DS7-O2P6myp5MsW17IVLcMPxiDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.33.0/24
                  193.178.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:fd:7e:00:f6:01:81:34:2b:10:dc:4e:6f:a9:9a:48:a5:2a:
         ec:9c:6c:dc:26:0c:d8:c4:3a:5a:2a:8d:4e:f3:ca:e7:9e:37:
         57:9d:91:62:b6:3f:26:46:bd:2a:8b:bf:9e:ce:95:36:9e:a1:
         3e:2e:90:fe:27:be:96:0e:28:2c:4c:bc:39:b9:a5:e7:95:68:
         67:b0:6c:08:dc:0a:c7:1d:ca:46:bd:35:9f:b4:23:e4:48:a0:
         b4:e6:45:4a:35:e8:5f:cb:2e:18:06:92:0c:c5:db:94:02:2d:
         a4:00:3b:1d:79:92:51:a1:2c:65:e0:3e:86:c2:56:ef:81:fe:
         40:45:f5:6a:56:bb:19:7d:50:03:4e:ac:4c:56:34:ab:bc:d7:
         66:76:ef:0e:22:df:a8:49:c8:8e:41:e1:79:b5:ad:4f:1e:c1:
         cd:58:c7:74:dc:f9:3d:4b:a2:5a:2c:20:bb:8a:7b:e7:31:ea:
         16:17:07:be:66:a8:cd:c4:9b:e8:65:f9:64:5b:0a:5a:2c:c3:
         3b:e0:11:f0:37:d8:f0:ad:d0:91:09:1f:21:7d:76:45:5b:db:
         50:85:72:37:c3:b8:e1:f6:b5:02:66:b6:62:1c:24:32:f8:9e:
         46:06:1b:ce:ec:13:e5:91:c2:bb:98:d3:54:42:4a:bd:52:b3:
         90:7d:95:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY/dgeH/LJIHG1s2NZNwSpNZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMmVmZTNiNjNmYTliMmE3OTMyYzViNWVjODU0YjcwYzNm
MTg4MzkwHhcNMjQwNjAzMDk1MDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDI2YmYzMmEyYmFlOWQ0N2U5MzhlZGQ0NzVkZDRkMTQ0ZDlmNTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktgK7KIwVwdMHYlRichGP14N9Xqz
ysgHhcvjm6FrajsTEMfRa39bBMcrVvfcUVpWx4Yxei7ntyCxd9u7rS0Zq5B9RkW/
RbXImT7IdUf1eK3SvEtpABrNAFPcH7q2/OixnYcQi/bnRKpBUlB/e1Rknz9Jx2ID
ESnj6rlp4xpcWVIw4dQ9G0ePMmSD509aDVR4gau31skRgU9HqAq3iZF3Mhd2G/O5
4fXzS25x2GrlFW1eTdChGlueoqUdVRux2ghAaInapQFcyix98J+oZtFDW3eI29Wu
u6QU822mY07aet60I7uFweryG+xvZPWPewrXuBX1oyYVlWgcBoBfiLyAowIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPAmvzKiuunUfpOO3Udd1NFE2fV8MB8GA1UdIwQY
MBaAFA0u/jtj+psqeTLFteyFS3DD8Yg5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFM3LU8yUDZteXA1TXNXMTdJVkxjTVB4aURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9hZTBhOTMtZjY5MC00ZTM2LWJlZmEt
OTFhMzQ5ZTc3NDc4LzEvOENhX01xSzY2ZFItazQ3ZFIxM1UwVVRaOVh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9hZTBhOTMtZjY5MC00ZTM2LWJlZmEtOTFhMzQ5ZTc3NDc4
LzEvRFM3LU8yUDZteXA1TXNXMTdJVkxjTVB4aURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+MhAwQA
wbK6MA0GCSqGSIb3DQEBCwUAA4IBAQCc/X4A9gGBNCsQ3E5vqZpIpSrsnGzcJgzY
xDpaKo1O88rnnjdXnZFitj8mRr0qi7+ezpU2nqE+LpD+J76WDigsTLw5uaXnlWhn
sGwI3ArHHcpGvTWftCPkSKC05kVKNehfyy4YBpIMxduUAi2kADsdeZJRoSxl4D6G
wlbvgf5ARfVqVrsZfVADTqxMVjSrvNdmdu8OIt+oSciOQeF5ta1PHsHNWMd03Pk9
S6JaLCC7invnMeoWFwe+ZqjNxJvoZflkWwpaLMM74BHwN9jwrdCRCR8hfXZFW9tQ
hXI3w7jh9rUCZrZiHCQy+J5GBhvO7BPlkcK7mNNUQkq9UrOQfZXB
-----END CERTIFICATE-----