Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/9166b8-5e54-458d-9b32-557a7d11e2ae/1/N-eG9C8wcHYT2onRwZoc8XuteG0.roa
File:                     N-eG9C8wcHYT2onRwZoc8XuteG0.roa (raw, json)
Hash identifier:          KkuQxwOVb2N1d7VsWAs4uQv9rLWAv6f1BqFFiAr24ks=
Subject key identifier:   37:E7:86:F4:2F:30:70:76:13:DA:89:D1:C1:9A:1C:F1:7B:AD:78:6D
Certificate issuer:       /CN=338d42fbb3f43f56ddb8782e65490a23d85b72e1
Certificate serial:       018EE9336F3171957CF3C3B6D0693D37F620
Authority key identifier: 33:8D:42:FB:B3:F4:3F:56:DD:B8:78:2E:65:49:0A:23:D8:5B:72:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M41C-7P0P1bduHguZUkKI9hbcuE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/9166b8-5e54-458d-9b32-557a7d11e2ae/1/N-eG9C8wcHYT2onRwZoc8XuteG0.roa
Signing time:             Tue 16 Apr 2024 23:17:25 +0000
ROA not before:           Tue 16 Apr 2024 23:17:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19198
IP address blocks:        45.95.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/9166b8-5e54-458d-9b32-557a7d11e2ae/1/M41C-7P0P1bduHguZUkKI9hbcuE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/9166b8-5e54-458d-9b32-557a7d11e2ae/1/M41C-7P0P1bduHguZUkKI9hbcuE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M41C-7P0P1bduHguZUkKI9hbcuE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e9:33:6f:31:71:95:7c:f3:c3:b6:d0:69:3d:37:f6:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=338d42fbb3f43f56ddb8782e65490a23d85b72e1
        Validity
            Not Before: Apr 16 23:17:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37e786f42f30707613da89d1c19a1cf17bad786d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:e9:7a:a9:41:b9:9d:17:7c:91:2c:e5:aa:15:
                    1b:3e:de:a6:32:65:11:82:cd:c6:8f:be:fa:45:4d:
                    47:d4:e8:66:d3:1d:d7:9c:a2:75:ae:54:aa:6e:4b:
                    d4:e9:9e:82:de:f0:9c:a6:46:43:fe:7e:f1:8c:00:
                    68:04:6c:08:24:a0:a4:7b:de:5d:c7:3b:2a:a1:a2:
                    18:0e:a1:f5:a0:bd:b7:0b:b9:01:28:5d:f1:11:54:
                    ad:8e:0d:20:36:f0:95:95:86:11:5b:0e:85:ac:a8:
                    e9:f2:5e:e5:1c:83:64:e2:44:bc:69:b7:75:fe:9b:
                    28:c0:27:ef:7c:38:8f:8c:bc:92:c7:f7:cb:d3:b6:
                    a3:e8:8c:7b:a1:96:a7:c3:38:9f:e7:2c:3e:10:f8:
                    8c:db:56:7b:b7:e2:3c:28:0d:cf:44:9d:d5:4b:44:
                    f6:17:41:0e:1c:4e:bc:9a:4b:62:30:45:62:c1:c0:
                    bc:93:a5:85:c3:ef:6b:1e:1e:44:67:8f:d8:87:89:
                    17:65:73:ac:3c:6a:9e:18:97:58:b8:16:28:38:83:
                    ed:86:ec:ac:f8:b7:57:0c:4b:60:25:cc:f8:b4:46:
                    08:0c:16:14:6d:9c:05:01:ee:00:32:7d:a8:27:96:
                    59:de:e5:05:87:15:93:ef:6a:e2:1a:bc:4e:d0:a3:
                    4a:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:E7:86:F4:2F:30:70:76:13:DA:89:D1:C1:9A:1C:F1:7B:AD:78:6D
            X509v3 Authority Key Identifier:
                keyid:33:8D:42:FB:B3:F4:3F:56:DD:B8:78:2E:65:49:0A:23:D8:5B:72:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M41C-7P0P1bduHguZUkKI9hbcuE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/9166b8-5e54-458d-9b32-557a7d11e2ae/1/N-eG9C8wcHYT2onRwZoc8XuteG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/9166b8-5e54-458d-9b32-557a7d11e2ae/1/M41C-7P0P1bduHguZUkKI9hbcuE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:39:4d:e0:d7:18:93:cf:4a:52:45:dd:0a:fc:35:99:51:14:
         80:9c:73:0d:75:27:15:ac:33:cc:fe:d8:3f:9d:15:5e:20:02:
         d3:d9:30:4d:7d:96:dc:b2:04:be:6a:98:8f:7a:78:59:e2:14:
         ea:2f:0e:b5:47:42:40:22:38:7a:59:9d:4e:5b:02:d5:fa:b8:
         c2:c3:cf:23:b7:3e:72:52:ce:98:e8:29:3d:14:de:15:91:32:
         1b:6f:ca:10:84:86:01:78:88:86:dd:ba:57:50:32:ba:67:9a:
         13:3d:09:27:a8:60:6b:07:48:ca:11:c7:28:de:c8:76:56:55:
         69:e7:37:a2:56:0f:c4:ad:ef:c5:d5:57:f8:58:a6:c6:29:a6:
         a4:16:98:a4:74:a1:fb:39:3f:c5:7a:99:a0:84:a5:6d:91:6f:
         b2:6c:b6:0c:c8:af:6e:75:9a:9b:e2:cb:e4:a8:56:cf:33:b7:
         8a:4f:5b:f0:11:59:14:64:6d:d1:90:a4:9b:fe:19:53:99:ed:
         70:67:20:7e:e1:7f:93:ca:1b:5c:1b:eb:43:7d:85:1c:c2:3a:
         5b:d3:e6:96:1b:b1:ab:5b:0c:58:74:64:af:89:19:e1:50:67:
         32:49:67:51:af:bc:e6:ef:83:72:57:64:49:69:43:b5:84:8f:
         28:3e:06:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7pM28xcZV888O20Gk9N/YgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzOGQ0MmZiYjNmNDNmNTZkZGI4NzgyZTY1NDkwYTIzZDg1
YjcyZTEwHhcNMjQwNDE2MjMxNzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2U3ODZmNDJmMzA3MDc2MTNkYTg5ZDFjMTlhMWNmMTdiYWQ3ODZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApel6qUG5nRd8kSzlqhUbPt6mMmUR
gs3Gj776RU1H1Ohm0x3XnKJ1rlSqbkvU6Z6C3vCcpkZD/n7xjABoBGwIJKCke95d
xzsqoaIYDqH1oL23C7kBKF3xEVStjg0gNvCVlYYRWw6FrKjp8l7lHINk4kS8abd1
/psowCfvfDiPjLySx/fL07aj6Ix7oZanwzif5yw+EPiM21Z7t+I8KA3PRJ3VS0T2
F0EOHE68mktiMEViwcC8k6WFw+9rHh5EZ4/Yh4kXZXOsPGqeGJdYuBYoOIPthuys
+LdXDEtgJcz4tEYIDBYUbZwFAe4AMn2oJ5ZZ3uUFhxWT72riGrxO0KNKnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDfnhvQvMHB2E9qJ0cGaHPF7rXhtMB8GA1UdIwQY
MBaAFDONQvuz9D9W3bh4LmVJCiPYW3LhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTQxQy03UDBQMWJkdUhndVpVa0tJOWhiY3VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85MTY2YjgtNWU1NC00NThkLTliMzIt
NTU3YTdkMTFlMmFlLzEvTi1lRzlDOHdjSFlUMm9uUndab2M4WHV0ZUcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85MTY2YjgtNWU1NC00NThkLTliMzItNTU3YTdkMTFlMmFl
LzEvTTQxQy03UDBQMWJkdUhndVpVa0tJOWhiY3VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV9eMA0G
CSqGSIb3DQEBCwUAA4IBAQBrOU3g1xiTz0pSRd0K/DWZURSAnHMNdScVrDPM/tg/
nRVeIALT2TBNfZbcsgS+apiPenhZ4hTqLw61R0JAIjh6WZ1OWwLV+rjCw88jtz5y
Us6Y6Ck9FN4VkTIbb8oQhIYBeIiG3bpXUDK6Z5oTPQknqGBrB0jKEcco3sh2VlVp
5zeiVg/Ere/F1Vf4WKbGKaakFpikdKH7OT/FepmghKVtkW+ybLYMyK9udZqb4svk
qFbPM7eKT1vwEVkUZG3RkKSb/hlTme1wZyB+4X+TyhtcG+tDfYUcwjpb0+aWG7Gr
WwxYdGSviRnhUGcySWdRr7zm74NyV2RJaUO1hI8oPgaL
-----END CERTIFICATE-----