Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/tTn2a4EfOB87DVoiwyGdRQGEb68.roa
File:                     tTn2a4EfOB87DVoiwyGdRQGEb68.roa (raw, json)
Hash identifier:          jSYbgESY4rL5W0g341w3kcz3TE03xi/L2Nbvqw7bC5I=
Subject key identifier:   B5:39:F6:6B:81:1F:38:1F:3B:0D:5A:22:C3:21:9D:45:01:84:6F:AF
Certificate issuer:       /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial:       018CC801C3E22A4F0BF1328DA84EBDBD925F
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/tTn2a4EfOB87DVoiwyGdRQGEb68.roa
Signing time:             Tue 02 Jan 2024 02:30:08 +0000
ROA not before:           Tue 02 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10010
IP address blocks:        94.74.184.0/24 maxlen: 24
                          94.74.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:c3:e2:2a:4f:0b:f1:32:8d:a8:4e:bd:bd:92:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
        Validity
            Not Before: Jan  2 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b539f66b811f381f3b0d5a22c3219d4501846faf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:51:65:a4:36:10:bd:2f:ab:88:f6:c1:cd:8d:
                    22:a3:d2:4c:d3:64:de:21:6a:fd:00:70:fb:fd:e5:
                    c2:d2:04:2f:2a:e8:c2:10:8a:06:d2:08:9e:f5:92:
                    3d:c5:e8:d8:de:43:01:07:9b:4c:d0:a6:cf:fb:00:
                    07:78:5b:b7:70:0a:cb:d4:c5:c2:c3:1c:31:41:a1:
                    72:04:91:ae:27:97:4b:45:44:2c:58:7c:64:35:a0:
                    5a:a2:80:d6:af:5f:3a:3b:4e:5d:03:88:9f:0a:f8:
                    ec:d9:d1:cf:68:84:a4:a3:8d:d2:ae:39:4c:85:0b:
                    15:c1:64:04:c4:d1:33:38:f3:25:08:6d:78:ce:91:
                    23:4f:f6:2d:1c:14:27:35:89:5e:59:00:5b:1e:aa:
                    f1:b8:02:b1:b8:32:88:b0:c0:63:1a:08:ee:f3:98:
                    f2:88:f7:52:f8:d4:eb:22:36:28:ca:66:86:35:8c:
                    ac:43:84:88:c3:d4:0e:3c:8c:4b:0f:96:41:dc:88:
                    88:c6:33:65:03:21:04:67:4e:77:b1:41:f0:4f:2a:
                    ea:19:3d:49:3b:e5:78:94:04:2b:5c:6a:42:74:cc:
                    25:80:81:0b:c8:a4:91:47:60:f0:ab:22:cd:57:32:
                    24:4c:f1:d8:88:35:2b:0b:b3:7d:3e:9b:9e:e1:4a:
                    fe:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:39:F6:6B:81:1F:38:1F:3B:0D:5A:22:C3:21:9D:45:01:84:6F:AF
            X509v3 Authority Key Identifier:
                keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/tTn2a4EfOB87DVoiwyGdRQGEb68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.74.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         98:3d:0b:11:cf:b9:7d:ee:c1:6a:76:10:cc:8d:f6:e4:8f:7a:
         dc:98:4d:ba:7f:89:76:22:ec:6b:ab:93:72:0e:8e:67:be:55:
         b4:bb:0a:ec:ac:69:e1:04:5c:93:33:71:e9:7e:14:b3:bc:da:
         c0:3b:52:35:3f:16:39:f2:91:61:ab:80:14:58:0a:35:42:d2:
         0d:ee:a2:1c:62:29:fe:a7:d7:c1:3c:83:45:1d:41:14:ac:1f:
         2c:db:98:a5:4c:61:16:c4:e1:01:70:64:1f:d0:a3:dd:52:b7:
         68:56:c3:f2:75:ad:92:76:23:f0:6a:6f:ce:c1:b4:c0:74:02:
         67:d6:1e:18:f2:cc:20:73:5a:bb:a5:42:08:58:fc:6b:6a:97:
         63:d9:9b:f6:f9:a9:ce:63:3a:af:3e:39:2a:82:ec:aa:13:5a:
         5f:4d:b2:8a:2a:a1:ef:e1:d8:03:25:36:31:25:63:fb:72:f3:
         4a:84:28:59:7f:4d:8f:30:50:5f:d7:c2:68:3b:52:5e:34:e7:
         b2:a2:07:18:a9:a6:d2:ef:97:49:a8:12:1f:ef:2c:a9:4e:80:
         4f:61:34:c3:ea:55:1f:ea:62:8e:4d:f2:91:25:fe:0a:23:37:
         c7:5f:d0:ea:28:c2:16:8e:81:54:c7:e6:5e:a2:46:25:b5:98:
         a0:ad:df:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAcPiKk8L8TKNqE69vZJfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjQwMTAyMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTM5ZjY2YjgxMWYzODFmM2IwZDVhMjJjMzIxOWQ0NTAxODQ2ZmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVFlpDYQvS+riPbBzY0io9JM02Te
IWr9AHD7/eXC0gQvKujCEIoG0gie9ZI9xejY3kMBB5tM0KbP+wAHeFu3cArL1MXC
wxwxQaFyBJGuJ5dLRUQsWHxkNaBaooDWr186O05dA4ifCvjs2dHPaISko43SrjlM
hQsVwWQExNEzOPMlCG14zpEjT/YtHBQnNYleWQBbHqrxuAKxuDKIsMBjGgju85jy
iPdS+NTrIjYoymaGNYysQ4SIw9QOPIxLD5ZB3IiIxjNlAyEEZ053sUHwTyrqGT1J
O+V4lAQrXGpCdMwlgIELyKSRR2DwqyLNVzIkTPHYiDUrC7N9Ppue4Ur+LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLU59muBHzgfOw1aIsMhnUUBhG+vMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvdFRuMmE0RWZPQjg3RFZvaXd5R2RSUUdFYjY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXkq4MA0G
CSqGSIb3DQEBCwUAA4IBAQCYPQsRz7l97sFqdhDMjfbkj3rcmE26f4l2Iuxrq5Ny
Do5nvlW0uwrsrGnhBFyTM3HpfhSzvNrAO1I1PxY58pFhq4AUWAo1QtIN7qIcYin+
p9fBPINFHUEUrB8s25ilTGEWxOEBcGQf0KPdUrdoVsPyda2SdiPwam/OwbTAdAJn
1h4Y8swgc1q7pUIIWPxrapdj2Zv2+anOYzqvPjkqguyqE1pfTbKKKqHv4dgDJTYx
JWP7cvNKhChZf02PMFBf18JoO1JeNOeyogcYqabS75dJqBIf7yypToBPYTTD6lUf
6mKOTfKRJf4KIzfHX9DqKMIWjoFUx+ZeokYltZigrd+I
-----END CERTIFICATE-----