Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/DD2ukq8P9giyCxPTlch3oQklank.roa
File:                     DD2ukq8P9giyCxPTlch3oQklank.roa (raw, json)
Hash identifier:          t3M1CBL4NwnGpmRUcvePp5izJPkJm6Rbbh4WGVZ/7TQ=
Subject key identifier:   0C:3D:AE:92:AF:0F:F6:08:B2:0B:13:D3:95:C8:77:A1:09:25:6A:79
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A0D8A769C2DB4862436B8469C2D57
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/DD2ukq8P9giyCxPTlch3oQklank.roa
Signing time:             Tue 02 Jan 2024 12:33:22 +0000
ROA not before:           Tue 02 Jan 2024 12:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50916
IP address blocks:        93.170.124.0/22 maxlen: 24
                          2a02:128:8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:12:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:0d:8a:76:9c:2d:b4:86:24:36:b8:46:9c:2d:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c3dae92af0ff608b20b13d395c877a109256a79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ff:db:c9:93:12:70:ca:af:df:4a:0f:fa:12:
                    12:c5:5e:47:77:8a:3a:80:91:64:c1:e5:45:c2:6d:
                    7a:6b:5d:5a:bb:aa:9c:b3:c1:c9:bb:8f:e8:aa:3a:
                    78:af:4c:51:4f:a7:9a:0d:81:54:e9:bb:30:02:a2:
                    c9:21:15:f1:0e:11:9c:87:4a:67:2d:d9:5e:87:5c:
                    00:ec:44:6a:38:45:79:a7:c0:25:75:12:49:10:8e:
                    a3:72:ee:80:d4:a2:c3:8f:70:46:da:7b:41:e8:91:
                    26:8b:78:97:eb:27:f0:69:33:f0:7d:04:4c:58:e6:
                    1b:b6:31:44:1c:13:35:09:d0:54:b0:41:1e:db:57:
                    73:2c:73:ac:8b:25:33:3d:48:cb:73:4a:f2:5d:bb:
                    82:8d:ce:6b:f0:73:ea:bf:6d:d4:32:f1:ec:c7:db:
                    d9:a7:12:9a:0d:cc:a7:b9:be:01:04:64:2f:74:57:
                    86:49:17:09:08:e4:d6:d1:bd:1e:cf:d3:4a:70:24:
                    89:e2:77:f1:a2:9f:6f:4d:ae:23:65:c5:27:4f:e5:
                    50:6d:f8:d6:f5:96:cd:af:d0:6a:4c:cb:85:07:e0:
                    a3:60:8f:ea:e1:13:b6:9a:7f:c7:3a:39:5e:43:20:
                    d0:1b:d1:65:63:7c:19:f3:60:69:da:86:db:c8:5a:
                    42:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:3D:AE:92:AF:0F:F6:08:B2:0B:13:D3:95:C8:77:A1:09:25:6A:79
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/DD2ukq8P9giyCxPTlch3oQklank.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.124.0/22
                IPv6:
                  2a02:128:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:ca:8b:18:99:1f:82:d1:79:d9:17:7d:9b:00:20:92:1d:e0:
         ad:c7:75:74:73:8e:0b:1d:8b:44:00:a6:09:2d:ac:be:59:1f:
         62:79:19:2d:d2:6f:e5:30:95:c8:5d:bc:a0:26:05:58:4b:5e:
         26:db:21:bf:d0:ba:a6:08:31:97:54:11:3d:5d:e9:ee:f7:d1:
         f7:0d:ae:0c:b1:52:c1:89:bf:6d:24:ec:40:3b:74:41:c2:b8:
         39:17:e3:4f:4b:56:8d:cd:05:d7:99:3d:54:0c:ed:40:0f:08:
         0b:1b:0c:de:b3:05:85:26:62:30:77:8b:6b:84:34:53:a5:34:
         72:b3:51:13:52:f6:34:ca:00:98:70:47:01:5a:30:5a:8b:01:
         93:5e:5c:6a:4f:54:93:7f:76:0d:32:60:bd:c7:bd:bf:6e:fb:
         86:b7:6a:51:b4:b6:18:45:6a:5d:03:27:3a:f3:5d:6d:9a:a5:
         f3:1d:32:74:67:05:53:0d:3a:e8:77:49:6a:64:ec:8c:9f:17:
         58:e9:25:49:64:f9:9d:64:93:27:6b:34:91:e7:3a:54:b5:b7:
         b5:d8:15:a3:b6:4a:03:ed:7b:e6:0f:dc:2f:21:b0:f0:95:c1:
         82:89:dd:d5:f3:89:1a:dd:64:35:dd:ad:cb:da:c5:85:75:e3:
         40:f8:25:07
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKKg2KdpwttIYkNrhGnC1XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzNkYWU5MmFmMGZmNjA4YjIwYjEzZDM5NWM4NzdhMTA5MjU2YTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAif/byZMScMqv30oP+hISxV5Hd4o6
gJFkweVFwm16a11au6qcs8HJu4/oqjp4r0xRT6eaDYFU6bswAqLJIRXxDhGch0pn
Ldleh1wA7ERqOEV5p8AldRJJEI6jcu6A1KLDj3BG2ntB6JEmi3iX6yfwaTPwfQRM
WOYbtjFEHBM1CdBUsEEe21dzLHOsiyUzPUjLc0ryXbuCjc5r8HPqv23UMvHsx9vZ
pxKaDcynub4BBGQvdFeGSRcJCOTW0b0ez9NKcCSJ4nfxop9vTa4jZcUnT+VQbfjW
9ZbNr9BqTMuFB+CjYI/q4RO2mn/HOjleQyDQG9FlY3wZ82Bp2obbyFpCfQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAw9rpKvD/YIsgsT05XId6EJJWp5MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvREQydWtxOFA5Z2l5Q3hQVGxjaDNvUWtsYW5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCXap8MA8E
AgACMAkDBwAqAgEoAAgwDQYJKoZIhvcNAQELBQADggEBACrKixiZH4LRedkXfZsA
IJId4K3HdXRzjgsdi0QApgktrL5ZH2J5GS3Sb+UwlchdvKAmBVhLXibbIb/QuqYI
MZdUET1d6e730fcNrgyxUsGJv20k7EA7dEHCuDkX409LVo3NBdeZPVQM7UAPCAsb
DN6zBYUmYjB3i2uENFOlNHKzURNS9jTKAJhwRwFaMFqLAZNeXGpPVJN/dg0yYL3H
vb9u+4a3alG0thhFal0DJzrzXW2apfMdMnRnBVMNOuh3SWpk7IyfF1jpJUlk+Z1k
kydrNJHnOlS1t7XYFaO2SgPte+YP3C8hsPCVwYKJ3dXziRrdZDXdrcvaxYV140D4
JQc=
-----END CERTIFICATE-----