Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/E9PSxPz-apayMsfal_R122ekgKM.roa
File:                     E9PSxPz-apayMsfal_R122ekgKM.roa (raw, json)
Hash identifier:          MIC6DVG7cAPCOElyP1lQ24QKjpZmp5a+pT7YUlOsbJY=
Subject key identifier:   13:D3:D2:C4:FC:FE:6A:96:B2:32:C7:DA:97:F4:75:DB:67:A4:80:A3
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       01922E4A87D31E885ECB489377D91B32D306
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/E9PSxPz-apayMsfal_R122ekgKM.roa
Signing time:             Thu 26 Sep 2024 12:24:49 +0000
ROA not before:           Thu 26 Sep 2024 12:24:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20688
IP address blocks:        146.120.0.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:12:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:2e:4a:87:d3:1e:88:5e:cb:48:93:77:d9:1b:32:d3:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Sep 26 12:24:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13d3d2c4fcfe6a96b232c7da97f475db67a480a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:c8:19:7c:b1:d4:8a:8e:b3:04:6d:3e:64:4a:
                    83:93:2b:f8:0f:b0:cb:cb:5e:48:fd:44:9e:90:a4:
                    52:3e:ca:17:a9:2c:5f:43:4a:79:59:e7:f1:5d:63:
                    fe:52:b0:d4:2d:fb:51:41:c7:a4:f8:8a:b5:75:80:
                    17:58:8e:38:8e:19:73:43:0a:7c:ad:eb:b3:2f:a0:
                    b6:95:50:51:5e:ec:dc:f1:b4:b4:b2:38:2b:6d:6b:
                    0f:8e:2c:5c:d2:31:b7:ad:a1:d6:81:2d:c6:67:db:
                    bb:47:7e:33:27:4b:f8:86:be:f1:de:96:21:70:5a:
                    4e:d8:de:5a:60:06:a2:e2:5e:d8:50:71:08:83:25:
                    26:51:8c:3b:6d:3f:84:86:20:22:5a:eb:a8:da:36:
                    17:bf:1e:18:db:9d:b8:47:f1:b4:9f:71:43:56:8a:
                    60:64:67:fe:0b:16:24:69:f6:f2:61:4a:98:29:2c:
                    d2:19:67:d5:2c:d8:8c:89:c7:09:2e:57:20:53:6a:
                    12:a9:2a:b1:92:d5:e8:92:ae:9b:d0:f6:ed:1e:f2:
                    3c:01:04:78:b2:a9:09:fc:46:5d:e2:0b:bc:93:ea:
                    4b:19:c5:34:0a:74:5b:3e:17:59:c0:c1:81:4a:b3:
                    c1:03:94:32:9d:d7:e1:73:42:11:12:64:2f:f8:ca:
                    dd:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:D3:D2:C4:FC:FE:6A:96:B2:32:C7:DA:97:F4:75:DB:67:A4:80:A3
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/E9PSxPz-apayMsfal_R122ekgKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.120.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4b:ab:a3:2c:73:a3:55:4d:2d:1d:51:6e:ca:aa:36:0b:43:60:
         7c:79:42:fc:10:dd:6d:01:5e:6e:cc:b4:a0:42:c8:09:e4:59:
         f0:48:15:88:cb:e4:c3:45:2f:8b:c6:15:58:32:72:1c:15:4b:
         a0:5a:2f:a8:aa:28:79:da:fa:47:0a:f4:b3:b8:33:67:92:cf:
         a3:ef:ca:fe:96:37:ac:a4:3d:c5:6e:80:c7:b0:cd:82:23:58:
         08:22:4a:ca:40:e8:26:ea:90:d4:6e:5a:7b:35:af:d8:a2:0a:
         ad:6f:27:b5:f3:5a:48:da:4a:c2:9c:47:b7:94:e9:fa:ed:ab:
         9e:c9:a9:7a:2a:2d:18:30:74:6e:9b:ea:47:ed:33:5e:2c:a3:
         57:dd:7a:92:e0:3a:4e:57:9a:12:bc:71:a4:01:48:ab:e9:3a:
         cd:0c:f8:dc:8f:e2:10:7b:3e:5c:fc:44:e2:de:98:7d:6d:4e:
         54:d2:1b:d5:18:5f:bf:d8:4b:d9:b6:d6:a0:f3:15:53:46:6a:
         e8:37:be:83:2f:60:6f:f3:30:bf:19:e3:63:67:8d:a5:bb:b9:
         60:2e:77:cc:57:09:f0:fc:5b:bc:13:a9:c1:76:02:31:76:06:
         38:ab:6a:25:90:d1:51:54:53:f2:50:1d:30:9f:b1:e9:91:bb:
         12:ae:c9:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIuSofTHohey0iTd9kbMtMGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwOTI2MTIyNDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2QzZDJjNGZjZmU2YTk2YjIzMmM3ZGE5N2Y0NzVkYjY3YTQ4MGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2MgZfLHUio6zBG0+ZEqDkyv4D7DL
y15I/USekKRSPsoXqSxfQ0p5WefxXWP+UrDULftRQcek+Iq1dYAXWI44jhlzQwp8
reuzL6C2lVBRXuzc8bS0sjgrbWsPjixc0jG3raHWgS3GZ9u7R34zJ0v4hr7x3pYh
cFpO2N5aYAai4l7YUHEIgyUmUYw7bT+EhiAiWuuo2jYXvx4Y2524R/G0n3FDVopg
ZGf+CxYkafbyYUqYKSzSGWfVLNiMiccJLlcgU2oSqSqxktXokq6b0PbtHvI8AQR4
sqkJ/EZd4gu8k+pLGcU0CnRbPhdZwMGBSrPBA5Qyndfhc0IREmQv+MrdWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBPT0sT8/mqWsjLH2pf0ddtnpICjMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvRTlQU3hQei1hcGF5TXNmYWxfUjEyMmVrZ0tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDkngAMA0G
CSqGSIb3DQEBCwUAA4IBAQBLq6Msc6NVTS0dUW7KqjYLQ2B8eUL8EN1tAV5uzLSg
QsgJ5FnwSBWIy+TDRS+LxhVYMnIcFUugWi+oqih52vpHCvSzuDNnks+j78r+ljes
pD3FboDHsM2CI1gIIkrKQOgm6pDUblp7Na/Yogqtbye181pI2krCnEe3lOn67aue
yal6Ki0YMHRum+pH7TNeLKNX3XqS4DpOV5oSvHGkAUir6TrNDPjcj+IQez5c/ETi
3ph9bU5U0hvVGF+/2EvZttag8xVTRmroN76DL2Bv8zC/GeNjZ42lu7lgLnfMVwnw
/Fu8E6nBdgIxdgY4q2olkNFRVFPyUB0wn7HpkbsSrsnm
-----END CERTIFICATE-----