Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/9wYzdnxrUhStaC8J5TsI0nIXEwI.roa
File:                     9wYzdnxrUhStaC8J5TsI0nIXEwI.roa (raw, json)
Hash identifier:          J8ZKl4E2nXXwJ/H4R2xzgpQLdQyC8CHhebdJr9L3pwQ=
Subject key identifier:   F7:06:33:76:7C:6B:52:14:AD:68:2F:09:E5:3B:08:D2:72:17:13:02
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       0191115935723D070F329512F594822175F8
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/9wYzdnxrUhStaC8J5TsI0nIXEwI.roa
Signing time:             Fri 02 Aug 2024 04:29:04 +0000
ROA not before:           Fri 02 Aug 2024 04:29:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     272649
IP address blocks:        83.147.26.0/24 maxlen: 24
                          83.147.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:11:59:35:72:3d:07:0f:32:95:12:f5:94:82:21:75:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Aug  2 04:29:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f70633767c6b5214ad682f09e53b08d272171302
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:53:c9:3e:c4:2a:3e:03:69:ca:a7:1d:1d:98:
                    43:e4:19:d0:69:ac:c5:b3:8c:13:d6:f1:ad:a8:88:
                    34:e4:be:8b:39:2a:09:3e:be:e9:22:b1:e8:b9:a7:
                    2d:eb:39:a3:c1:c7:69:07:f9:d5:bf:c1:20:2b:d7:
                    ea:5f:f5:d0:95:42:eb:c2:86:c6:aa:1a:ff:0b:02:
                    42:bc:aa:4e:17:12:cb:bf:b9:03:7c:ac:62:84:a5:
                    57:97:2c:2f:60:e3:15:2d:65:a7:2f:c7:5a:41:bf:
                    9f:14:86:47:58:75:e3:4d:37:0f:9a:49:d2:1a:da:
                    b2:e2:4b:8d:19:e6:0e:8a:cf:69:fe:b7:ce:28:73:
                    2d:bf:2c:7b:2c:e9:9e:2f:80:7a:fa:e3:2d:c6:a6:
                    24:59:a9:3b:56:99:1a:30:c9:2e:79:ba:5e:d3:75:
                    a6:93:b1:74:02:8c:70:11:f2:ce:d2:79:34:17:77:
                    d3:d1:8e:de:d9:0b:2f:aa:a1:7c:b0:1b:ed:73:23:
                    30:56:4a:92:9b:63:13:2e:a0:64:19:8c:ac:d0:a4:
                    97:27:a2:9f:9a:dd:a4:c2:13:7e:70:c4:c4:d1:cb:
                    b2:17:74:de:c3:fa:55:4b:dd:aa:a5:fb:29:7b:85:
                    3e:98:20:27:f1:05:81:29:3e:a2:93:de:38:f5:99:
                    f9:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:06:33:76:7C:6B:52:14:AD:68:2F:09:E5:3B:08:D2:72:17:13:02
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/9wYzdnxrUhStaC8J5TsI0nIXEwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         66:7d:a6:e4:d0:59:a0:11:e9:f1:79:cf:86:77:d7:71:d6:6d:
         1a:97:11:7c:79:ae:04:c6:d8:10:50:e0:f4:02:06:e4:14:89:
         56:4b:56:c1:ca:e1:a1:cd:96:63:ff:cb:c3:08:86:dc:52:4c:
         3e:b7:2d:9c:1c:38:58:3d:2c:cb:ca:e3:47:3c:39:5c:3c:3d:
         33:b7:46:40:dd:cf:5b:ff:eb:75:9e:39:7a:12:42:de:d8:c2:
         0f:2e:ba:53:e5:9e:e5:5c:af:d1:f7:88:7b:b6:0e:e7:f6:9a:
         3a:8d:55:b1:6a:1a:b6:19:d3:60:0e:e3:1c:35:cb:c9:47:ec:
         68:0f:58:97:9d:85:30:e9:69:74:b4:89:fb:96:b7:e5:1b:64:
         fa:ce:57:3f:d1:b5:7e:75:da:2e:e2:16:cc:c3:7f:60:3a:3f:
         05:8d:f7:77:3e:ea:1e:0f:c3:18:4f:49:bc:3b:97:d9:9b:1d:
         30:d1:2b:c8:b1:7d:1a:11:d8:b4:95:77:d5:43:c7:3a:89:45:
         a0:50:10:79:55:d5:a6:fb:7c:7c:94:b7:2e:b0:08:08:d4:3d:
         49:a3:57:8f:a3:cd:e0:ea:2b:6a:49:44:47:3e:01:52:08:ec:
         da:12:d2:77:72:9a:64:69:94:0e:c2:eb:2c:cc:f2:21:b0:04:
         a4:48:12:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZERWTVyPQcPMpUS9ZSCIXX4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjQwODAyMDQyOTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzA2MzM3NjdjNmI1MjE0YWQ2ODJmMDllNTNiMDhkMjcyMTcxMzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlPJPsQqPgNpyqcdHZhD5BnQaazF
s4wT1vGtqIg05L6LOSoJPr7pIrHouact6zmjwcdpB/nVv8EgK9fqX/XQlULrwobG
qhr/CwJCvKpOFxLLv7kDfKxihKVXlywvYOMVLWWnL8daQb+fFIZHWHXjTTcPmknS
Gtqy4kuNGeYOis9p/rfOKHMtvyx7LOmeL4B6+uMtxqYkWak7VpkaMMkuebpe03Wm
k7F0AoxwEfLO0nk0F3fT0Y7e2QsvqqF8sBvtcyMwVkqSm2MTLqBkGYys0KSXJ6Kf
mt2kwhN+cMTE0cuyF3Tew/pVS92qpfspe4U+mCAn8QWBKT6ik9449Zn5VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPcGM3Z8a1IUrWgvCeU7CNJyFxMCMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvOXdZemRueHJVaFN0YUM4SjVUc0kwbklYRXdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU5MaMA0G
CSqGSIb3DQEBCwUAA4IBAQBmfabk0FmgEenxec+Gd9dx1m0alxF8ea4ExtgQUOD0
AgbkFIlWS1bByuGhzZZj/8vDCIbcUkw+ty2cHDhYPSzLyuNHPDlcPD0zt0ZA3c9b
/+t1njl6EkLe2MIPLrpT5Z7lXK/R94h7tg7n9po6jVWxahq2GdNgDuMcNcvJR+xo
D1iXnYUw6Wl0tIn7lrflG2T6zlc/0bV+ddou4hbMw39gOj8Fjfd3PuoeD8MYT0m8
O5fZmx0w0SvIsX0aEdi0lXfVQ8c6iUWgUBB5VdWm+3x8lLcusAgI1D1Jo1ePo83g
6itqSURHPgFSCOzaEtJ3cppkaZQOwusszPIhsASkSBJY
-----END CERTIFICATE-----