Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/51210c-a380-4b59-b2ad-45a21b29023d/1/RP9WmNzdhg2ADe_TOgMWT7NWkbY.roa
File:                     RP9WmNzdhg2ADe_TOgMWT7NWkbY.roa (raw, json)
Hash identifier:          UQaeI7F6bsXqmvB5qF6bfIee/Ern6rSh4tgVO+V8Q34=
Subject key identifier:   44:FF:56:98:DC:DD:86:0D:80:0D:EF:D3:3A:03:16:4F:B3:56:91:B6
Certificate issuer:       /CN=4b2e93ca9f9d46de543ff7c2d0540e897dc14fee
Certificate serial:       018CC795731645BB2D0D293CD5D28C2A4F3A
Authority key identifier: 4B:2E:93:CA:9F:9D:46:DE:54:3F:F7:C2:D0:54:0E:89:7D:C1:4F:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sy6Typ-dRt5UP_fC0FQOiX3BT-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/51210c-a380-4b59-b2ad-45a21b29023d/1/RP9WmNzdhg2ADe_TOgMWT7NWkbY.roa
Signing time:             Tue 02 Jan 2024 00:31:49 +0000
ROA not before:           Tue 02 Jan 2024 00:31:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13101
IP address blocks:        194.180.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/51210c-a380-4b59-b2ad-45a21b29023d/1/Sy6Typ-dRt5UP_fC0FQOiX3BT-4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/51210c-a380-4b59-b2ad-45a21b29023d/1/Sy6Typ-dRt5UP_fC0FQOiX3BT-4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sy6Typ-dRt5UP_fC0FQOiX3BT-4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:73:16:45:bb:2d:0d:29:3c:d5:d2:8c:2a:4f:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b2e93ca9f9d46de543ff7c2d0540e897dc14fee
        Validity
            Not Before: Jan  2 00:31:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44ff5698dcdd860d800defd33a03164fb35691b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:84:46:24:fc:52:fc:69:cb:4e:be:e4:0b:8e:
                    24:2c:5d:88:7c:35:98:36:35:f4:53:bb:b4:7c:b2:
                    4c:8a:d6:37:ad:28:6e:b6:3b:f1:b8:df:70:ac:07:
                    f2:11:e7:06:1f:cc:de:b3:70:8c:01:7a:eb:11:7c:
                    1a:ac:41:38:55:75:54:13:ee:aa:a6:7d:4d:4d:18:
                    28:ed:32:d1:7f:40:f9:f9:7d:fd:d5:ac:cf:09:de:
                    3e:41:5a:68:d0:ba:d8:bb:2e:02:67:41:4b:22:e9:
                    97:e1:2f:9f:6f:f3:65:e0:32:6d:32:8a:a5:b0:a9:
                    8b:9a:97:1c:d6:70:cc:70:60:01:bd:71:42:a6:6d:
                    c3:09:72:67:27:50:2c:de:1a:43:ed:37:21:03:aa:
                    76:b6:b4:e2:45:e9:56:49:87:e8:e8:15:68:2c:68:
                    dd:d2:d6:1c:de:ea:83:c5:23:f3:6d:87:0f:8f:23:
                    d8:87:fa:30:62:21:c9:56:29:ad:df:35:7b:23:02:
                    a6:09:6c:87:e5:bb:e7:00:d0:9b:74:31:c1:9b:28:
                    d1:21:33:c0:bf:95:b3:7a:8d:e6:34:0e:2e:b5:89:
                    0b:a6:7c:01:10:92:0c:c6:58:b8:dc:9f:47:fb:49:
                    e0:7b:73:c5:c3:f8:49:a7:06:71:6d:a0:54:45:4c:
                    ef:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:FF:56:98:DC:DD:86:0D:80:0D:EF:D3:3A:03:16:4F:B3:56:91:B6
            X509v3 Authority Key Identifier:
                keyid:4B:2E:93:CA:9F:9D:46:DE:54:3F:F7:C2:D0:54:0E:89:7D:C1:4F:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sy6Typ-dRt5UP_fC0FQOiX3BT-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/51210c-a380-4b59-b2ad-45a21b29023d/1/RP9WmNzdhg2ADe_TOgMWT7NWkbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/51210c-a380-4b59-b2ad-45a21b29023d/1/Sy6Typ-dRt5UP_fC0FQOiX3BT-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.180.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:0e:8d:59:90:cb:2a:76:bd:97:e8:dc:2a:e2:ef:d9:9b:1f:
         c9:65:37:b5:9d:d2:eb:c1:f7:9c:f8:03:27:e1:21:73:b2:c0:
         c6:43:f2:c6:e7:16:b3:0e:9b:f6:09:82:46:4f:ec:d0:7d:66:
         3e:c6:92:f3:e5:8f:a9:2b:07:f8:3b:95:b0:99:00:5e:ac:c4:
         91:84:d2:a5:af:04:9a:c2:43:e0:b1:60:d6:6f:3c:f6:02:a2:
         b0:39:5e:29:bf:97:1f:0d:0c:44:18:38:23:7d:67:cf:a8:bf:
         a7:1e:76:f3:2b:d7:fd:87:71:bb:62:e7:8c:a3:62:ef:b6:cf:
         24:e6:5d:94:84:5a:c4:2d:1f:11:20:bf:04:fa:70:fa:ac:38:
         91:24:0b:f6:79:01:af:10:78:52:e4:a8:f8:4d:4e:66:99:d3:
         06:38:a7:98:04:8e:eb:0c:cd:a5:e7:c9:2e:9f:0f:ab:f9:3f:
         31:0b:82:26:05:16:95:b8:a4:96:7f:52:a7:e3:2d:12:8e:bf:
         da:98:fb:99:04:6f:73:f6:61:74:33:d4:96:3a:84:03:53:f0:
         6b:c8:22:88:25:f9:22:be:2c:48:ae:30:34:1a:ad:2f:69:f3:
         29:56:19:00:55:16:31:83:c9:3e:2d:c2:3a:e4:46:f2:a7:c8:
         d5:32:26:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlXMWRbstDSk81dKMKk86MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiMmU5M2NhOWY5ZDQ2ZGU1NDNmZjdjMmQwNTQwZTg5N2Rj
MTRmZWUwHhcNMjQwMTAyMDAzMTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGZmNTY5OGRjZGQ4NjBkODAwZGVmZDMzYTAzMTY0ZmIzNTY5MWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkoRGJPxS/GnLTr7kC44kLF2IfDWY
NjX0U7u0fLJMitY3rShutjvxuN9wrAfyEecGH8zes3CMAXrrEXwarEE4VXVUE+6q
pn1NTRgo7TLRf0D5+X391azPCd4+QVpo0LrYuy4CZ0FLIumX4S+fb/Nl4DJtMoql
sKmLmpcc1nDMcGABvXFCpm3DCXJnJ1As3hpD7TchA6p2trTiRelWSYfo6BVoLGjd
0tYc3uqDxSPzbYcPjyPYh/owYiHJVimt3zV7IwKmCWyH5bvnANCbdDHBmyjRITPA
v5Wzeo3mNA4utYkLpnwBEJIMxli43J9H+0nge3PFw/hJpwZxbaBURUzvJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFET/Vpjc3YYNgA3v0zoDFk+zVpG2MB8GA1UdIwQY
MBaAFEsuk8qfnUbeVD/3wtBUDol9wU/uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3k2VHlwLWRSdDVVUF9mQzBGUU9pWDNCVC00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS81MTIxMGMtYTM4MC00YjU5LWIyYWQt
NDVhMjFiMjkwMjNkLzEvUlA5V21OemRoZzJBRGVfVE9nTVdUN05Xa2JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS81MTIxMGMtYTM4MC00YjU5LWIyYWQtNDVhMjFiMjkwMjNk
LzEvU3k2VHlwLWRSdDVVUF9mQzBGUU9pWDNCVC00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrQSMA0G
CSqGSIb3DQEBCwUAA4IBAQAXDo1ZkMsqdr2X6Nwq4u/Zmx/JZTe1ndLrwfec+AMn
4SFzssDGQ/LG5xazDpv2CYJGT+zQfWY+xpLz5Y+pKwf4O5WwmQBerMSRhNKlrwSa
wkPgsWDWbzz2AqKwOV4pv5cfDQxEGDgjfWfPqL+nHnbzK9f9h3G7YueMo2Lvts8k
5l2UhFrELR8RIL8E+nD6rDiRJAv2eQGvEHhS5Kj4TU5mmdMGOKeYBI7rDM2l58ku
nw+r+T8xC4ImBRaVuKSWf1Kn4y0Sjr/amPuZBG9z9mF0M9SWOoQDU/BryCKIJfki
vixIrjA0Gq0vafMpVhkAVRYxg8k+LcI65Ebyp8jVMiZy
-----END CERTIFICATE-----