Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/dr0994WG1A-VOK45fQh3-WqqIE4.roa
File:                     dr0994WG1A-VOK45fQh3-WqqIE4.roa (raw, json)
Hash identifier:          nwGIs+jyRMval2QRTzfIurB3rkVbnWQ7vPtEQnRiIFA=
Subject key identifier:   76:BD:3D:F7:85:86:D4:0F:95:38:AE:39:7D:08:77:F9:6A:AA:20:4E
Certificate issuer:       /CN=7c3c39d1899e699bf5177418ee381489edff4380
Certificate serial:       018CC86F68E7F581767203D4AD2BAD8E21E9
Authority key identifier: 7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/dr0994WG1A-VOK45fQh3-WqqIE4.roa
Signing time:             Tue 02 Jan 2024 04:29:53 +0000
ROA not before:           Tue 02 Jan 2024 04:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205570
IP address blocks:        185.18.120.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:68:e7:f5:81:76:72:03:d4:ad:2b:ad:8e:21:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3c39d1899e699bf5177418ee381489edff4380
        Validity
            Not Before: Jan  2 04:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76bd3df78586d40f9538ae397d0877f96aaa204e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:5f:3e:0b:23:fb:3a:33:ec:a5:27:9d:c5:a1:
                    58:7f:79:01:fe:10:04:33:2d:a1:c6:88:80:b1:07:
                    da:96:44:15:6e:73:d2:30:82:c5:8d:6e:d0:64:04:
                    78:d6:24:6b:34:64:77:dd:a0:32:39:48:12:24:28:
                    02:6c:2a:ab:cc:21:62:83:78:0c:7e:67:be:30:45:
                    85:48:c9:97:bf:9f:dd:44:e7:eb:5a:ec:1e:23:43:
                    22:f4:d8:c1:b9:8f:fa:56:97:ec:e7:d4:f0:a4:8e:
                    27:af:d3:59:41:ec:0d:b2:92:2a:f9:46:be:5d:90:
                    2e:df:10:3a:87:72:b4:fe:71:91:a5:dd:1a:e6:08:
                    28:d9:9c:40:6f:41:1a:49:32:e5:84:dc:0a:f3:6b:
                    01:7c:5e:61:c9:df:36:14:af:d6:a2:e3:bd:f5:69:
                    2f:b4:dd:e3:4c:c6:28:97:0f:bb:ea:95:7e:74:4f:
                    b5:46:e3:c6:85:18:74:5e:6e:ce:a2:32:00:28:6c:
                    bb:db:2d:08:62:b3:bc:9b:2c:a2:c8:31:17:5e:95:
                    7a:0c:99:df:41:21:5e:98:76:41:7e:ec:fc:1e:be:
                    e3:b0:b5:7e:44:cd:9e:93:11:1f:41:91:c9:ed:f8:
                    fd:76:ea:0e:8a:8d:41:4f:3a:15:1e:ff:f7:6c:05:
                    58:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:BD:3D:F7:85:86:D4:0F:95:38:AE:39:7D:08:77:F9:6A:AA:20:4E
            X509v3 Authority Key Identifier:
                keyid:7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/dr0994WG1A-VOK45fQh3-WqqIE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         64:ca:30:09:ed:60:b5:14:3b:5d:37:7f:ac:1d:25:3b:e3:86:
         09:f5:84:f5:13:eb:31:43:44:a7:e1:59:32:ef:1d:c6:a7:5b:
         01:7b:66:a0:9e:dd:60:28:ee:62:bc:92:6f:98:88:54:ce:36:
         31:2a:c1:bc:c6:ec:a3:56:93:e2:0a:d5:c1:d1:3e:8f:c0:67:
         f0:62:e1:8e:ba:ca:65:d9:34:ee:29:de:5d:f3:6f:44:21:24:
         81:f3:ab:91:ec:c1:f5:ab:52:76:d7:e2:8e:ed:bb:fe:78:e8:
         ad:9d:8f:51:f6:c1:ab:69:9b:45:ef:de:c6:c2:25:67:c2:af:
         80:4a:07:2d:b7:46:0b:e5:f4:a8:cd:3e:91:7c:9a:b2:9a:3b:
         81:c2:f3:ee:be:07:8a:57:2a:4a:25:b3:4c:11:a0:ff:25:a5:
         ed:f4:7b:0c:ac:0d:09:4e:c0:e0:ca:63:0e:ba:93:20:5c:1f:
         85:5c:b6:7e:9e:72:d9:fb:05:04:0d:a8:57:c6:10:0f:bc:70:
         09:00:e6:90:42:3d:e4:8b:4b:5b:f0:61:b8:ce:f4:38:42:cf:
         30:a0:46:a8:ce:bf:9f:73:f0:ca:9e:56:e2:0d:77:a9:ef:22:
         38:ee:2c:f8:df:ec:94:c6:3e:c3:80:1f:db:f6:fb:98:01:31:
         0d:16:ef:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb2jn9YF2cgPUrSutjiHpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2MzOWQxODk5ZTY5OWJmNTE3NzQxOGVlMzgxNDg5ZWRm
ZjQzODAwHhcNMjQwMTAyMDQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmJkM2RmNzg1ODZkNDBmOTUzOGFlMzk3ZDA4NzdmOTZhYWEyMDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6V8+CyP7OjPspSedxaFYf3kB/hAE
My2hxoiAsQfalkQVbnPSMILFjW7QZAR41iRrNGR33aAyOUgSJCgCbCqrzCFig3gM
fme+MEWFSMmXv5/dROfrWuweI0Mi9NjBuY/6Vpfs59TwpI4nr9NZQewNspIq+Ua+
XZAu3xA6h3K0/nGRpd0a5ggo2ZxAb0EaSTLlhNwK82sBfF5hyd82FK/WouO99Wkv
tN3jTMYolw+76pV+dE+1RuPGhRh0Xm7OojIAKGy72y0IYrO8myyiyDEXXpV6DJnf
QSFemHZBfuz8Hr7jsLV+RM2ekxEfQZHJ7fj9duoOio1BTzoVHv/3bAVYyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHa9PfeFhtQPlTiuOX0Id/lqqiBOMB8GA1UdIwQY
MBaAFHw8OdGJnmmb9Rd0GO44FInt/0OAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAt
MDYzZmNkZDNhMDU3LzEvZHIwOTk0V0cxQS1WT0s0NWZRaDMtV3FxSUU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAtMDYzZmNkZDNhMDU3
LzEvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuRJ4MA0G
CSqGSIb3DQEBCwUAA4IBAQBkyjAJ7WC1FDtdN3+sHSU744YJ9YT1E+sxQ0Sn4Vky
7x3Gp1sBe2agnt1gKO5ivJJvmIhUzjYxKsG8xuyjVpPiCtXB0T6PwGfwYuGOuspl
2TTuKd5d829EISSB86uR7MH1q1J21+KO7bv+eOitnY9R9sGraZtF797GwiVnwq+A
Sgctt0YL5fSozT6RfJqymjuBwvPuvgeKVypKJbNMEaD/JaXt9HsMrA0JTsDgymMO
upMgXB+FXLZ+nnLZ+wUEDahXxhAPvHAJAOaQQj3ki0tb8GG4zvQ4Qs8woEaozr+f
c/DKnlbiDXep7yI47iz43+yUxj7DgB/b9vuYATENFu9h
-----END CERTIFICATE-----