Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/CptkpzZbB9Fs0mkJCPFHqjIY8AU.roa
File:                     CptkpzZbB9Fs0mkJCPFHqjIY8AU.roa (raw, json)
Hash identifier:          KQuTWEO4iPnf/7pames9Nm79zCLc2n7Aoo7appxlan4=
Subject key identifier:   0A:9B:64:A7:36:5B:07:D1:6C:D2:69:09:08:F1:47:AA:32:18:F0:05
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018F188EA7DC710BA61F10B05BCE1887424A
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/CptkpzZbB9Fs0mkJCPFHqjIY8AU.roa
Signing time:             Fri 26 Apr 2024 03:59:13 +0000
ROA not before:           Fri 26 Apr 2024 03:59:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215032
IP address blocks:        93.171.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 21:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:18:8e:a7:dc:71:0b:a6:1f:10:b0:5b:ce:18:87:42:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Apr 26 03:59:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a9b64a7365b07d16cd2690908f147aa3218f005
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:e2:9f:e8:1d:c7:53:8e:6a:96:d6:ab:e8:ba:
                    7e:c8:de:10:85:17:bd:8b:14:f0:4d:d4:b7:08:18:
                    16:4c:db:7b:6f:35:1b:33:92:1c:14:e5:df:ee:c8:
                    0c:af:68:7a:de:b4:34:79:28:1b:28:b8:15:ad:5f:
                    70:f7:a1:c1:25:3f:9f:0a:bc:5e:09:fe:b4:de:f3:
                    32:c2:30:c4:29:12:b2:52:0f:60:61:fb:95:95:5a:
                    01:b0:e6:aa:53:ec:ad:44:02:81:20:ee:20:af:56:
                    b0:55:1e:7e:49:8c:0b:83:f5:c5:4e:52:e7:af:56:
                    86:2b:30:61:77:c9:32:64:02:02:89:79:ef:7f:71:
                    4a:2c:a8:23:4e:4c:45:3a:15:08:18:b2:4e:30:94:
                    4c:fe:2a:fd:d8:65:03:85:13:30:fd:5b:09:d5:6b:
                    6c:ad:17:92:8e:b2:d1:f9:1b:6c:0c:15:90:80:6a:
                    17:1b:7b:4c:8c:cd:65:68:c3:9c:d9:ec:22:75:c3:
                    3d:a7:e1:84:46:27:6e:08:58:39:7d:f8:cb:ad:f9:
                    63:39:57:35:3d:af:a1:dd:93:cd:de:a2:1a:70:fb:
                    39:ba:a9:a5:3b:1a:b4:79:f9:af:82:aa:8d:c0:93:
                    63:45:41:88:9b:24:21:9f:47:92:17:18:18:cc:95:
                    4d:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:9B:64:A7:36:5B:07:D1:6C:D2:69:09:08:F1:47:AA:32:18:F0:05
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/CptkpzZbB9Fs0mkJCPFHqjIY8AU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:27:e9:b6:0f:0c:77:61:a0:ba:fa:f5:10:5e:d4:56:c1:81:
         e1:b6:7c:5b:81:c1:6b:9d:35:da:00:d0:d0:68:42:22:2b:29:
         83:58:c9:4b:a8:8d:a0:e4:6a:1e:5d:34:79:78:50:0b:40:a1:
         55:13:70:b0:ec:70:e4:88:15:d7:e9:de:02:35:2b:1c:b8:97:
         04:0e:d7:4d:36:35:99:1d:7f:d8:8d:11:5d:a8:14:c5:9f:5a:
         2e:a7:a8:e2:30:49:e4:5a:66:f2:43:7c:25:fe:ed:c1:c5:d7:
         11:b5:0c:2c:31:22:d7:15:b0:3a:a2:7a:d4:2a:70:cf:43:fa:
         30:85:ac:fc:01:d5:e3:fa:bb:14:bf:a1:fb:d7:bc:0e:8d:9c:
         e2:2a:68:9e:11:d5:59:f9:24:24:8d:20:fc:d8:59:9a:f7:46:
         9d:f1:a7:f6:3b:f5:f1:ea:86:17:25:68:92:b9:e8:54:26:2f:
         54:b4:23:e1:98:18:7d:c5:14:54:ae:57:6f:11:9e:e7:5b:ea:
         c8:ad:8e:5d:17:57:24:ee:0b:39:60:a1:e0:35:fa:16:8f:20:
         e6:9e:b5:d2:5a:58:6c:c8:02:ca:06:b1:99:91:d7:9f:60:b1:
         a0:fc:95:24:9b:af:22:33:66:bc:bf:ba:63:e0:b0:7f:f3:83:
         d0:42:f2:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8YjqfccQumHxCwW84Yh0JKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwNDI2MDM1OTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTliNjRhNzM2NWIwN2QxNmNkMjY5MDkwOGYxNDdhYTMyMThmMDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0uKf6B3HU45qltar6Lp+yN4QhRe9
ixTwTdS3CBgWTNt7bzUbM5IcFOXf7sgMr2h63rQ0eSgbKLgVrV9w96HBJT+fCrxe
Cf603vMywjDEKRKyUg9gYfuVlVoBsOaqU+ytRAKBIO4gr1awVR5+SYwLg/XFTlLn
r1aGKzBhd8kyZAICiXnvf3FKLKgjTkxFOhUIGLJOMJRM/ir92GUDhRMw/VsJ1Wts
rReSjrLR+RtsDBWQgGoXG3tMjM1laMOc2ewidcM9p+GERiduCFg5ffjLrfljOVc1
Pa+h3ZPN3qIacPs5uqmlOxq0efmvgqqNwJNjRUGImyQhn0eSFxgYzJVNewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAqbZKc2WwfRbNJpCQjxR6oyGPAFMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvQ3B0a3B6WmJCOUZzMG1rSkNQRkhxaklZOEFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXau0MA0G
CSqGSIb3DQEBCwUAA4IBAQBTJ+m2Dwx3YaC6+vUQXtRWwYHhtnxbgcFrnTXaANDQ
aEIiKymDWMlLqI2g5GoeXTR5eFALQKFVE3Cw7HDkiBXX6d4CNSscuJcEDtdNNjWZ
HX/YjRFdqBTFn1oup6jiMEnkWmbyQ3wl/u3BxdcRtQwsMSLXFbA6onrUKnDPQ/ow
haz8AdXj+rsUv6H717wOjZziKmieEdVZ+SQkjSD82Fma90ad8af2O/Xx6oYXJWiS
uehUJi9UtCPhmBh9xRRUrldvEZ7nW+rIrY5dF1ck7gs5YKHgNfoWjyDmnrXSWlhs
yALKBrGZkdefYLGg/JUkm68iM2a8v7pj4LB/84PQQvIf
-----END CERTIFICATE-----