Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/Fod9OP4xek_1sAqGkdtj8-jhZ80.roa
File:                     Fod9OP4xek_1sAqGkdtj8-jhZ80.roa (raw, json)
Hash identifier:          AfCJ4E+Di2gi/TvOc8YctEujtmX4t/DX6FmteyaSAD0=
Subject key identifier:   16:87:7D:38:FE:31:7A:4F:F5:B0:0A:86:91:DB:63:F3:E8:E1:67:CD
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A1399999AED53FF056514DE120EEC
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/Fod9OP4xek_1sAqGkdtj8-jhZ80.roa
Signing time:             Tue 02 Jan 2024 12:33:24 +0000
ROA not before:           Tue 02 Jan 2024 12:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56527
IP address blocks:        93.170.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:13:99:99:9a:ed:53:ff:05:65:14:de:12:0e:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16877d38fe317a4ff5b00a8691db63f3e8e167cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:66:4a:91:54:56:84:09:9b:aa:c9:a2:18:7d:
                    41:3b:2d:38:90:da:77:55:f5:93:18:76:8b:6f:08:
                    03:ad:8d:74:8b:93:ae:ae:10:cc:4f:a5:2d:83:96:
                    62:51:b7:07:7d:ee:93:b0:50:04:50:56:63:aa:b5:
                    f9:80:46:6b:9f:e6:c1:06:b4:ec:c8:51:f3:6f:c6:
                    25:e1:97:80:48:3d:a6:97:c7:bd:c2:91:3b:30:58:
                    f6:2a:7a:74:ad:5e:91:ef:d1:ee:76:b3:bc:aa:1f:
                    c0:71:37:3e:e8:da:49:0b:68:f3:f6:a8:29:27:e9:
                    84:94:7e:3a:75:b2:b6:ca:dd:45:21:2b:12:51:d9:
                    ae:49:11:ed:1b:d8:19:7a:ef:62:5c:b1:7a:b1:c3:
                    69:a4:c4:8a:de:ca:bd:01:af:09:d2:f7:14:06:ff:
                    2c:53:32:5e:5a:5d:c4:e9:d7:33:39:1e:9c:1e:38:
                    b1:da:9a:06:49:25:b1:32:e8:18:41:26:79:e5:d3:
                    89:f7:5f:85:75:bc:89:b7:4c:fe:0c:5d:0a:f7:43:
                    23:68:75:e1:e0:c8:bf:84:22:67:5f:56:7d:ad:d3:
                    eb:b4:8f:ae:2d:88:b8:e0:c8:66:dd:18:3c:6b:e0:
                    80:69:d4:b2:94:b6:e6:9d:11:9b:1d:d4:81:96:1f:
                    29:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:87:7D:38:FE:31:7A:4F:F5:B0:0A:86:91:DB:63:F3:E8:E1:67:CD
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/Fod9OP4xek_1sAqGkdtj8-jhZ80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:e3:31:20:a4:4a:a1:40:7b:2c:ee:62:10:d6:a9:22:42:38:
         a6:27:2e:e0:0e:e2:88:52:2c:9d:69:e3:90:09:6c:84:5a:3f:
         9f:e7:7e:a9:ce:a7:7c:b6:47:37:53:52:3d:f0:c3:74:a6:8e:
         03:f4:10:9f:2b:06:1f:65:55:1e:8e:48:f7:ff:2d:c7:f1:3f:
         59:fc:69:85:48:78:8f:79:34:c0:87:f1:35:5c:8c:cf:18:13:
         f1:ef:55:d1:af:29:48:8e:26:57:8d:d3:7f:d3:4c:2f:36:e1:
         d8:92:ac:8e:69:c1:17:d8:a5:ac:a6:80:42:4d:a0:f4:35:f8:
         63:95:7e:f8:7f:01:40:c1:24:79:aa:08:ce:5b:44:77:be:a8:
         9c:9b:ba:a4:db:cb:6e:0e:45:ef:0c:86:f5:49:25:d0:c9:6b:
         81:41:75:f6:b1:22:e6:4d:51:7b:d6:cc:d6:2f:f3:05:27:d9:
         1c:de:c4:1e:2c:97:5e:12:87:ef:bc:91:dc:9a:d6:02:38:c4:
         40:a4:0c:2b:cb:1c:dd:ec:70:59:a6:e9:b9:05:38:c6:b6:39:
         9e:e7:83:dc:4d:2b:c0:2b:65:3c:15:f8:0a:80:87:c2:f6:66:
         92:18:80:0d:13:2f:54:92:d4:29:61:e9:cc:3d:78:e0:3f:64:
         3a:e6:44:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKhOZmZrtU/8FZRTeEg7sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjg3N2QzOGZlMzE3YTRmZjViMDBhODY5MWRiNjNmM2U4ZTE2N2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg2ZKkVRWhAmbqsmiGH1BOy04kNp3
VfWTGHaLbwgDrY10i5OurhDMT6Utg5ZiUbcHfe6TsFAEUFZjqrX5gEZrn+bBBrTs
yFHzb8Yl4ZeASD2ml8e9wpE7MFj2Knp0rV6R79HudrO8qh/AcTc+6NpJC2jz9qgp
J+mElH46dbK2yt1FISsSUdmuSRHtG9gZeu9iXLF6scNppMSK3sq9Aa8J0vcUBv8s
UzJeWl3E6dczOR6cHjix2poGSSWxMugYQSZ55dOJ91+FdbyJt0z+DF0K90MjaHXh
4Mi/hCJnX1Z9rdPrtI+uLYi44Mhm3Rg8a+CAadSylLbmnRGbHdSBlh8p2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBaHfTj+MXpP9bAKhpHbY/Po4WfNMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvRm9kOU9QNHhla18xc0FxR2tkdGo4LWpoWjgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXapQMA0G
CSqGSIb3DQEBCwUAA4IBAQAg4zEgpEqhQHss7mIQ1qkiQjimJy7gDuKIUiydaeOQ
CWyEWj+f536pzqd8tkc3U1I98MN0po4D9BCfKwYfZVUejkj3/y3H8T9Z/GmFSHiP
eTTAh/E1XIzPGBPx71XRrylIjiZXjdN/00wvNuHYkqyOacEX2KWspoBCTaD0Nfhj
lX74fwFAwSR5qgjOW0R3vqicm7qk28tuDkXvDIb1SSXQyWuBQXX2sSLmTVF71szW
L/MFJ9kc3sQeLJdeEofvvJHcmtYCOMRApAwryxzd7HBZpum5BTjGtjme54PcTSvA
K2U8FfgKgIfC9maSGIANEy9UktQpYenMPXjgP2Q65kQ2
-----END CERTIFICATE-----