Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/3dUi62NQaIFX4qP0dxiY1Jyst5k.roa
File:                     3dUi62NQaIFX4qP0dxiY1Jyst5k.roa (raw, json)
Hash identifier:          LqUTL5Nx7G3uFd2cvu2DaJzuzzgS1iOp5B4oxA8G4CI=
Subject key identifier:   DD:D5:22:EB:63:50:68:81:57:E2:A3:F4:77:18:98:D4:9C:AC:B7:99
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA29FEF8CCB61207D9133070BB28E146
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/3dUi62NQaIFX4qP0dxiY1Jyst5k.roa
Signing time:             Tue 02 Jan 2024 12:33:18 +0000
ROA not before:           Tue 02 Jan 2024 12:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48277
IP address blocks:        95.46.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:fe:f8:cc:b6:12:07:d9:13:30:70:bb:28:e1:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ddd522eb6350688157e2a3f4771898d49cacb799
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:a8:70:71:e3:d0:08:79:f1:16:47:1b:80:df:
                    2b:76:3f:33:5d:8c:37:1b:ed:62:c3:9e:a0:e4:64:
                    e7:28:33:a5:a4:75:1f:be:e9:f5:06:c5:aa:e7:57:
                    0c:6d:4a:44:de:ad:24:14:08:04:98:cd:ae:00:2f:
                    26:8c:0b:15:ce:8d:28:6f:83:f9:91:e5:7b:34:ca:
                    1f:0b:18:8b:dd:f0:7b:d0:4e:20:2f:b9:6e:55:9e:
                    be:cb:9f:9b:c3:f8:76:23:62:f8:02:5f:ef:bd:81:
                    54:5f:fc:6b:25:1f:94:21:72:a6:f9:4b:c1:89:14:
                    92:5c:fc:1c:bb:60:61:66:93:be:2e:68:f7:a9:3e:
                    bc:d2:87:92:7f:e1:3c:de:10:c4:f3:1a:b1:49:92:
                    a7:ad:f8:88:28:03:9f:6f:0a:2c:e9:e0:00:f6:63:
                    dc:93:9a:11:da:64:c7:c4:a8:4c:53:d8:70:72:e1:
                    29:d5:4c:f7:29:5e:29:09:79:7b:70:03:c5:6d:31:
                    1a:2e:05:93:df:53:95:5b:af:f5:94:8e:05:5a:22:
                    62:46:02:27:97:97:ba:d5:a4:02:0f:b5:19:5f:26:
                    77:ce:c3:ef:96:d8:26:77:b6:9b:5f:43:5d:5b:44:
                    6d:27:48:f2:d5:35:49:33:e5:90:da:dc:16:b1:e2:
                    2f:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:D5:22:EB:63:50:68:81:57:E2:A3:F4:77:18:98:D4:9C:AC:B7:99
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/3dUi62NQaIFX4qP0dxiY1Jyst5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.46.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:73:f6:46:da:86:0d:7e:60:aa:39:3a:1b:fc:eb:f7:1f:0b:
         82:66:bd:e0:d6:b4:e1:5f:c5:21:cb:62:09:3d:a8:7b:6b:68:
         9e:2a:2f:d6:0e:20:20:03:db:ff:25:90:98:aa:68:5a:c7:9c:
         bc:6e:c8:16:8a:44:51:80:ba:1d:1c:25:8f:9d:14:d0:7e:50:
         24:5d:a1:31:5a:5e:c5:2a:6a:24:b6:d5:99:10:5c:d2:b6:9d:
         13:69:9b:ee:79:a4:bf:a7:e5:0b:eb:ca:17:a0:6d:ae:33:f8:
         dd:79:e7:85:fb:67:d8:6b:62:48:f3:63:52:08:e3:1b:67:f0:
         68:6d:53:fb:ad:2a:5f:1f:f4:7a:34:2e:93:16:90:65:22:7a:
         0a:a2:87:ff:f2:7f:e7:b6:01:d6:41:42:48:71:85:85:d1:da:
         6d:7e:74:cc:e9:8d:e9:df:9f:f4:c7:33:d9:0f:6d:a9:7a:3b:
         0b:54:f5:78:9e:ec:05:79:e1:b2:4b:3d:eb:cd:fd:de:e3:70:
         5d:13:4f:50:68:d2:8b:21:8f:ae:6a:a1:3c:c0:63:53:56:1b:
         89:b8:99:cd:c9:5c:fc:47:87:f2:6f:96:ed:e7:0c:e8:9f:4b:
         f1:ac:6a:a1:d3:d1:74:ed:e3:17:eb:e6:36:22:3a:d3:73:95:
         a7:d4:69:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKf74zLYSB9kTMHC7KOFGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGQ1MjJlYjYzNTA2ODgxNTdlMmEzZjQ3NzE4OThkNDljYWNiNzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoahwcePQCHnxFkcbgN8rdj8zXYw3
G+1iw56g5GTnKDOlpHUfvun1BsWq51cMbUpE3q0kFAgEmM2uAC8mjAsVzo0ob4P5
keV7NMofCxiL3fB70E4gL7luVZ6+y5+bw/h2I2L4Al/vvYFUX/xrJR+UIXKm+UvB
iRSSXPwcu2BhZpO+Lmj3qT680oeSf+E83hDE8xqxSZKnrfiIKAOfbwos6eAA9mPc
k5oR2mTHxKhMU9hwcuEp1Uz3KV4pCXl7cAPFbTEaLgWT31OVW6/1lI4FWiJiRgIn
l5e61aQCD7UZXyZ3zsPvltgmd7abX0NdW0RtJ0jy1TVJM+WQ2twWseIvJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN3VIutjUGiBV+Kj9HcYmNScrLeZMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvM2RVaTYyTlFhSUZYNHFQMGR4aVkxSnlzdDVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXy4JMA0G
CSqGSIb3DQEBCwUAA4IBAQCLc/ZG2oYNfmCqOTob/Ov3HwuCZr3g1rThX8Uhy2IJ
Pah7a2ieKi/WDiAgA9v/JZCYqmhax5y8bsgWikRRgLodHCWPnRTQflAkXaExWl7F
KmokttWZEFzStp0TaZvueaS/p+UL68oXoG2uM/jdeeeF+2fYa2JI82NSCOMbZ/Bo
bVP7rSpfH/R6NC6TFpBlInoKoof/8n/ntgHWQUJIcYWF0dptfnTM6Y3p35/0xzPZ
D22pejsLVPV4nuwFeeGySz3rzf3e43BdE09QaNKLIY+uaqE8wGNTVhuJuJnNyVz8
R4fyb5bt5wzon0vxrGqh09F07eMX6+Y2IjrTc5Wn1Gnz
-----END CERTIFICATE-----