Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/9kqXW8SLfqs9-LPsFfvLLhAz27U.roa
File:                     9kqXW8SLfqs9-LPsFfvLLhAz27U.roa (raw, json)
Hash identifier:          6wzeXg1PYmYJaAG9Zv7N1iPPLZnGRbI0zdHGu/8IWtA=
Subject key identifier:   F6:4A:97:5B:C4:8B:7E:AB:3D:F8:B3:EC:15:FB:CB:2E:10:33:DB:B5
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A4EA365A295AB32ED8C224A384485
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/9kqXW8SLfqs9-LPsFfvLLhAz27U.roa
Signing time:             Tue 02 Jan 2024 12:33:39 +0000
ROA not before:           Tue 02 Jan 2024 12:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209248
IP address blocks:        92.253.206.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:4e:a3:65:a2:95:ab:32:ed:8c:22:4a:38:44:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f64a975bc48b7eab3df8b3ec15fbcb2e1033dbb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:6d:18:04:ad:d8:c1:9d:12:33:34:24:79:b4:
                    80:3a:dc:a9:94:0b:3a:d6:48:17:2d:5c:11:8c:4f:
                    08:1b:1c:ce:ea:63:cb:6c:1f:bb:35:81:39:2a:b3:
                    89:e5:76:bd:63:60:99:50:bc:6b:7f:ca:89:56:d7:
                    61:74:06:3f:5e:11:60:cc:d8:53:d2:14:47:7a:50:
                    b6:54:e9:8a:e1:b9:13:88:ea:4e:03:31:e8:53:49:
                    85:19:17:89:1b:e8:d7:fd:eb:26:ec:94:d8:13:0f:
                    cc:39:50:2e:77:2d:41:34:60:b6:c3:10:fe:c2:bd:
                    07:cf:f3:ef:ff:2f:25:85:fe:3e:19:98:55:5f:a6:
                    f5:68:ff:5a:95:cc:c6:a6:eb:b1:ab:43:d7:20:46:
                    68:ca:0e:0b:06:67:2f:86:82:0d:b0:29:12:58:5d:
                    bb:d1:1e:9a:b6:bf:85:a3:3e:f4:0b:a8:88:1e:f8:
                    d9:c0:c3:88:35:2a:52:a6:da:a5:5f:7d:33:1b:2b:
                    97:e3:11:c8:54:d1:07:04:66:bf:d8:ad:7e:68:6e:
                    40:d6:04:2b:df:54:fa:41:c2:87:ea:b7:1b:4e:ba:
                    90:7a:1b:0c:e2:21:42:fc:72:99:38:d6:bc:51:f8:
                    a3:14:21:33:35:ca:42:0b:61:13:e5:93:af:b8:9f:
                    24:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:4A:97:5B:C4:8B:7E:AB:3D:F8:B3:EC:15:FB:CB:2E:10:33:DB:B5
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/9kqXW8SLfqs9-LPsFfvLLhAz27U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.253.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:df:4a:9d:f9:bf:6f:f1:8c:dd:28:7a:32:68:a1:1e:dd:2c:
         e9:db:41:da:35:6b:81:dd:39:bf:b1:2b:2f:38:a3:08:3d:41:
         1b:47:40:d1:0d:5a:4a:7e:6d:ce:5b:8f:42:4d:ba:c5:04:e1:
         60:c1:23:6b:ae:0f:75:d1:d8:b3:31:f8:d4:fb:66:ab:f2:07:
         8c:2c:47:58:63:6e:39:93:1c:68:d9:e2:e0:7f:66:fd:2e:1c:
         d3:71:e7:ea:41:e2:5e:86:58:ca:fe:b8:1b:3b:51:26:d3:05:
         dd:fc:2a:7c:c6:8a:06:a3:a6:bb:3b:7a:e6:64:86:7c:99:67:
         3f:67:dc:55:da:a1:6c:95:47:12:9b:61:4b:90:78:64:4c:0f:
         95:38:3e:1f:78:08:7f:a9:7d:35:39:8d:24:e5:e6:c8:9e:19:
         20:da:60:07:81:28:fd:37:c8:1c:e8:8d:0a:2f:1d:00:be:15:
         19:b7:79:e4:d2:6c:96:d4:0f:20:5c:b3:b2:89:c8:ad:ff:db:
         a3:96:5f:12:7b:b8:f7:61:67:33:69:d3:1f:b8:cb:8c:dd:16:
         e0:fc:b4:7e:6c:9a:f3:c2:a6:4c:89:97:79:be:c0:eb:5a:2d:
         8a:84:6c:b5:69:76:0c:25:c0:bf:26:ef:32:e5:6d:f5:57:35:
         bb:99:08:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKk6jZaKVqzLtjCJKOESFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjRhOTc1YmM0OGI3ZWFiM2RmOGIzZWMxNWZiY2IyZTEwMzNkYmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj20YBK3YwZ0SMzQkebSAOtyplAs6
1kgXLVwRjE8IGxzO6mPLbB+7NYE5KrOJ5Xa9Y2CZULxrf8qJVtdhdAY/XhFgzNhT
0hRHelC2VOmK4bkTiOpOAzHoU0mFGReJG+jX/esm7JTYEw/MOVAudy1BNGC2wxD+
wr0Hz/Pv/y8lhf4+GZhVX6b1aP9alczGpuuxq0PXIEZoyg4LBmcvhoINsCkSWF27
0R6atr+Foz70C6iIHvjZwMOINSpSptqlX30zGyuX4xHIVNEHBGa/2K1+aG5A1gQr
31T6QcKH6rcbTrqQehsM4iFC/HKZONa8UfijFCEzNcpCC2ET5ZOvuJ8kYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPZKl1vEi36rPfiz7BX7yy4QM9u1MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvOWtxWFc4U0xmcXM5LUxQc0ZmdkxMaEF6MjdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXP3OMA0G
CSqGSIb3DQEBCwUAA4IBAQB130qd+b9v8YzdKHoyaKEe3Szp20HaNWuB3Tm/sSsv
OKMIPUEbR0DRDVpKfm3OW49CTbrFBOFgwSNrrg910dizMfjU+2ar8geMLEdYY245
kxxo2eLgf2b9LhzTcefqQeJehljK/rgbO1Em0wXd/Cp8xooGo6a7O3rmZIZ8mWc/
Z9xV2qFslUcSm2FLkHhkTA+VOD4feAh/qX01OY0k5ebInhkg2mAHgSj9N8gc6I0K
Lx0AvhUZt3nk0myW1A8gXLOyicit/9ujll8Se7j3YWczadMfuMuM3Rbg/LR+bJrz
wqZMiZd5vsDrWi2KhGy1aXYMJcC/Ju8y5W31VzW7mQj7
-----END CERTIFICATE-----