Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/7sG18vZ-wHQBf34FeppZi-nSzXU.roa
File:                     7sG18vZ-wHQBf34FeppZi-nSzXU.roa (raw, json)
Hash identifier:          mmXGYU34bY21JULwBd/Ylh28Al6LAbCA7rr39KpQ/TU=
Subject key identifier:   EE:C1:B5:F2:F6:7E:C0:74:01:7F:7E:05:7A:9A:59:8B:E9:D2:CD:75
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A10B79CAF88EE136FE4DE63D76DBB
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/7sG18vZ-wHQBf34FeppZi-nSzXU.roa
Signing time:             Tue 02 Jan 2024 12:33:23 +0000
ROA not before:           Tue 02 Jan 2024 12:33:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51803
IP address blocks:        95.46.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:10:b7:9c:af:88:ee:13:6f:e4:de:63:d7:6d:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eec1b5f2f67ec074017f7e057a9a598be9d2cd75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:0e:97:b0:32:cb:e9:49:cc:10:d7:36:e9:86:
                    83:2b:2c:7f:84:77:08:24:37:65:0a:e2:7e:9e:eb:
                    0c:21:81:96:5d:c0:e2:41:c9:92:be:70:03:79:37:
                    f8:41:90:f5:f0:28:b4:51:73:aa:14:b2:5b:87:8c:
                    2c:b5:04:13:8e:75:24:28:d1:de:73:88:e8:c5:8c:
                    06:ea:86:72:42:6c:f8:d1:26:62:20:94:b4:7b:0a:
                    65:b4:74:f8:87:ad:46:7a:a8:11:4f:b7:1a:d3:ca:
                    ac:f5:ea:ca:f8:1c:5b:63:7f:57:e2:0a:4b:22:5d:
                    19:20:00:24:18:bf:a0:49:9e:21:5e:79:0f:81:92:
                    24:85:2c:69:38:4f:0f:f3:3a:e9:d1:71:07:8e:79:
                    8a:a5:1f:4f:52:d8:87:17:c0:90:bd:0c:2a:56:58:
                    f5:01:be:85:1c:0c:9c:7a:d4:83:a2:c7:7f:bf:9d:
                    ee:ed:ca:75:46:fb:19:81:0f:63:56:b7:10:c7:75:
                    61:1e:f9:ae:b3:f7:ce:fb:d5:07:ca:73:64:8c:99:
                    d1:eb:cd:50:75:3f:0c:fd:63:80:f8:e9:9b:be:e7:
                    d5:93:61:fc:77:e0:be:bc:a0:bf:b3:27:d0:58:4f:
                    25:77:d6:eb:bb:d5:a8:4f:c6:da:3b:e7:c7:e6:b9:
                    2b:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:C1:B5:F2:F6:7E:C0:74:01:7F:7E:05:7A:9A:59:8B:E9:D2:CD:75
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/7sG18vZ-wHQBf34FeppZi-nSzXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.46.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:12:78:f1:a5:7f:69:c5:33:ae:6b:02:b1:1e:dd:eb:87:cc:
         96:02:32:ea:ec:8c:0d:dc:96:33:8e:a6:ff:21:9a:81:7e:57:
         40:52:15:58:a4:02:39:86:c1:1f:76:f7:b8:a6:22:10:58:12:
         47:f1:e2:8f:65:4e:f1:e1:1e:96:e9:7c:c8:74:2c:ed:06:67:
         e0:53:7f:c9:fd:20:7d:92:b9:cb:4c:ba:2f:30:79:d0:b2:20:
         ba:49:00:4a:cf:0a:e8:87:31:53:81:be:7d:09:a3:c6:33:90:
         d5:28:07:f3:91:b7:d5:92:cc:ed:09:88:f4:20:da:e6:7d:a0:
         c4:bb:b3:b6:91:a0:e8:56:23:76:90:1a:45:4f:cf:02:cc:ad:
         db:34:67:58:fe:3f:41:92:6b:7b:33:88:29:55:16:7d:24:31:
         7e:87:2b:dd:bb:1a:66:7a:f0:c1:d9:07:fe:e1:3f:54:2f:cf:
         30:4c:e4:b9:7c:1c:9b:46:cf:15:7c:ea:a8:ed:f7:ea:fa:77:
         26:b9:75:52:1a:33:ab:dd:5e:58:93:7e:5a:6a:61:9d:0c:f3:
         bd:a9:19:e9:bc:6d:b1:f1:7a:c5:fa:e5:ea:85:d2:a0:a0:a8:
         91:1b:f0:00:55:c2:37:6e:43:d4:0e:44:f5:bc:72:d2:d7:b6:
         f8:8c:64:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKhC3nK+I7hNv5N5j1227MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWMxYjVmMmY2N2VjMDc0MDE3ZjdlMDU3YTlhNTk4YmU5ZDJjZDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5A6XsDLL6UnMENc26YaDKyx/hHcI
JDdlCuJ+nusMIYGWXcDiQcmSvnADeTf4QZD18Ci0UXOqFLJbh4wstQQTjnUkKNHe
c4joxYwG6oZyQmz40SZiIJS0ewpltHT4h61GeqgRT7ca08qs9erK+BxbY39X4gpL
Il0ZIAAkGL+gSZ4hXnkPgZIkhSxpOE8P8zrp0XEHjnmKpR9PUtiHF8CQvQwqVlj1
Ab6FHAycetSDosd/v53u7cp1RvsZgQ9jVrcQx3VhHvmus/fO+9UHynNkjJnR681Q
dT8M/WOA+OmbvufVk2H8d+C+vKC/syfQWE8ld9bru9WoT8baO+fH5rkrTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO7BtfL2fsB0AX9+BXqaWYvp0s11MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvN3NHMTh2Wi13SFFCZjM0RmVwcFppLW5TelhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXy4gMA0G
CSqGSIb3DQEBCwUAA4IBAQA5EnjxpX9pxTOuawKxHt3rh8yWAjLq7IwN3JYzjqb/
IZqBfldAUhVYpAI5hsEfdve4piIQWBJH8eKPZU7x4R6W6XzIdCztBmfgU3/J/SB9
krnLTLovMHnQsiC6SQBKzwrohzFTgb59CaPGM5DVKAfzkbfVksztCYj0INrmfaDE
u7O2kaDoViN2kBpFT88CzK3bNGdY/j9Bkmt7M4gpVRZ9JDF+hyvduxpmevDB2Qf+
4T9UL88wTOS5fBybRs8VfOqo7ffq+ncmuXVSGjOr3V5Yk35aamGdDPO9qRnpvG2x
8XrF+uXqhdKgoKiRG/AAVcI3bkPUDkT1vHLS17b4jGSt
-----END CERTIFICATE-----