Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/AN-n2I-PMZY3lJgRzuIkKA7YXE0.roa
File:                     AN-n2I-PMZY3lJgRzuIkKA7YXE0.roa (raw, json)
Hash identifier:          Ao90xohwnoX3nc9PD5xgqDPkCeuZ8H1LJjnJ1rAipOg=
Subject key identifier:   00:DF:A7:D8:8F:8F:31:96:37:94:98:11:CE:E2:24:28:0E:D8:5C:4D
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A2FA6302FE366D79115B5F09EE0EB
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/AN-n2I-PMZY3lJgRzuIkKA7YXE0.roa
Signing time:             Tue 02 Jan 2024 12:33:31 +0000
ROA not before:           Tue 02 Jan 2024 12:33:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62150
IP address blocks:        93.170.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:2f:a6:30:2f:e3:66:d7:91:15:b5:f0:9e:e0:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00dfa7d88f8f319637949811cee224280ed85c4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:4f:97:0f:6d:0b:e7:3f:a3:a7:21:e5:78:76:
                    5c:05:af:8c:c1:10:a6:9b:f0:69:9c:28:7a:32:59:
                    6d:82:b5:56:96:e2:3c:91:27:bd:0d:d7:fd:12:08:
                    bd:de:a7:1b:3b:b8:86:b4:7d:52:55:bc:ce:25:71:
                    98:10:53:b4:95:54:b7:33:75:e8:3c:10:7d:49:05:
                    23:3f:0e:96:69:c2:e1:87:73:ab:00:c8:46:71:13:
                    51:a1:85:78:ea:c8:83:b2:b9:4e:1d:be:8c:fb:d2:
                    b2:ea:14:2d:44:cb:4d:64:b5:3b:1a:93:14:c3:36:
                    07:f2:86:da:50:79:b1:a4:be:a0:7c:a4:3d:61:ac:
                    85:86:77:08:0d:9b:06:00:2f:37:49:ee:9e:c0:db:
                    9f:b0:39:ec:ed:e8:1f:bd:ce:11:6e:a6:86:2f:f8:
                    db:e6:df:ea:86:55:f9:67:18:2f:73:ec:98:11:21:
                    61:4c:bc:62:93:9d:94:22:1c:79:ca:6c:d4:cd:f1:
                    b5:96:20:2f:6f:0c:c6:3a:34:39:e8:f0:5f:dd:62:
                    6a:c3:29:61:38:f3:30:d7:03:a2:07:ce:67:e2:be:
                    ee:5a:23:c1:71:e9:b6:30:25:f8:e1:14:43:25:f1:
                    50:fa:7d:55:51:d4:f0:7b:ae:d9:3f:9b:4c:7d:c2:
                    1d:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:DF:A7:D8:8F:8F:31:96:37:94:98:11:CE:E2:24:28:0E:D8:5C:4D
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/AN-n2I-PMZY3lJgRzuIkKA7YXE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:a2:9c:1e:58:ec:99:d4:6b:97:16:9b:1f:3c:90:ab:e4:80:
         f4:31:25:15:57:17:f2:7f:ca:a7:b8:e0:23:1d:4a:98:95:ae:
         bb:f0:6d:f6:d7:16:cf:62:d5:10:44:bb:15:55:56:a2:21:28:
         fe:b8:ea:e0:5b:7f:e1:85:b0:b9:7e:95:82:d1:a0:91:73:2f:
         81:df:1a:71:5f:c9:db:17:db:9e:a7:02:f6:70:74:4e:1d:f5:
         d8:bd:40:de:ee:e2:f8:b0:ea:94:63:3e:61:b8:b6:c0:5f:e2:
         58:ba:2a:51:e8:a4:f3:20:b4:38:3b:37:76:ec:84:6f:a1:50:
         fb:e9:8d:fe:63:31:8e:06:a3:ff:83:dc:60:72:f4:b3:39:10:
         b8:42:43:bd:87:75:78:cf:c2:f0:49:66:ac:1d:c6:18:ec:52:
         84:46:6a:47:32:7b:9a:f8:93:8d:c0:a1:de:21:e6:bd:b2:88:
         07:29:db:c3:0f:b5:f7:db:ff:ef:0e:86:d7:5c:37:91:67:de:
         b7:25:d2:85:cf:24:ce:8b:42:0a:7c:5b:9a:93:fe:c8:4f:31:
         37:30:ba:36:c9:56:47:86:8c:bb:9d:ca:34:9e:11:bb:00:aa:
         c3:24:05:44:be:17:56:f9:d0:c1:cb:cd:12:14:c8:51:4a:e4:
         f4:5b:0b:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKi+mMC/jZteRFbXwnuDrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGRmYTdkODhmOGYzMTk2Mzc5NDk4MTFjZWUyMjQyODBlZDg1YzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0+XD20L5z+jpyHleHZcBa+MwRCm
m/BpnCh6MlltgrVWluI8kSe9Ddf9Egi93qcbO7iGtH1SVbzOJXGYEFO0lVS3M3Xo
PBB9SQUjPw6WacLhh3OrAMhGcRNRoYV46siDsrlOHb6M+9Ky6hQtRMtNZLU7GpMU
wzYH8obaUHmxpL6gfKQ9YayFhncIDZsGAC83Se6ewNufsDns7egfvc4RbqaGL/jb
5t/qhlX5Zxgvc+yYESFhTLxik52UIhx5ymzUzfG1liAvbwzGOjQ56PBf3WJqwylh
OPMw1wOiB85n4r7uWiPBcem2MCX44RRDJfFQ+n1VUdTwe67ZP5tMfcIdNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFADfp9iPjzGWN5SYEc7iJCgO2FxNMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvQU4tbjJJLVBNWlkzbEpnUnp1SWtLQTdZWEUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXao0MA0G
CSqGSIb3DQEBCwUAA4IBAQBZopweWOyZ1GuXFpsfPJCr5ID0MSUVVxfyf8qnuOAj
HUqYla678G321xbPYtUQRLsVVVaiISj+uOrgW3/hhbC5fpWC0aCRcy+B3xpxX8nb
F9uepwL2cHROHfXYvUDe7uL4sOqUYz5huLbAX+JYuipR6KTzILQ4Ozd27IRvoVD7
6Y3+YzGOBqP/g9xgcvSzORC4QkO9h3V4z8LwSWasHcYY7FKERmpHMnua+JONwKHe
Iea9sogHKdvDD7X32//vDobXXDeRZ963JdKFzyTOi0IKfFuak/7ITzE3MLo2yVZH
hoy7nco0nhG7AKrDJAVEvhdW+dDBy80SFMhRSuT0WwtW
-----END CERTIFICATE-----