Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/MnMVtsw31LXLM-Zhl-aXmQ0sSAk.roa
File:                     MnMVtsw31LXLM-Zhl-aXmQ0sSAk.roa (raw, json)
Hash identifier:          Eo+hhcgTOJJExqzERhkRtAfhQ1it8Wo/ju+87lExepY=
Subject key identifier:   32:73:15:B6:CC:37:D4:B5:CB:33:E6:61:97:E6:97:99:0D:2C:48:09
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA29F4FC5F972396C5BAF844CD2B6C50
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/MnMVtsw31LXLM-Zhl-aXmQ0sSAk.roa
Signing time:             Tue 02 Jan 2024 12:33:16 +0000
ROA not before:           Tue 02 Jan 2024 12:33:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44200
IP address blocks:        93.171.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:f4:fc:5f:97:23:96:c5:ba:f8:44:cd:2b:6c:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=327315b6cc37d4b5cb33e66197e697990d2c4809
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:a4:f9:fe:76:10:47:61:dc:c5:70:be:0d:f1:
                    54:fa:15:77:79:28:82:1c:a2:50:d2:16:a9:bf:5e:
                    81:e8:dc:0a:c0:4a:b4:7c:2d:f8:0c:53:cc:bf:e5:
                    9d:fd:00:55:8c:de:87:4b:dc:23:b4:36:81:47:c1:
                    2e:a4:40:ee:1d:e2:c4:76:7e:d4:07:71:28:3e:bb:
                    24:87:3c:c4:92:f3:3d:18:cc:70:68:13:24:b5:ef:
                    b1:a9:fe:fb:9c:9d:b6:bc:54:b2:b0:69:56:0a:52:
                    04:8f:97:29:48:6b:9b:0e:17:46:e6:54:1a:99:2a:
                    70:e2:dc:06:85:e6:ea:be:bf:2f:c3:6e:40:a3:79:
                    7c:05:70:95:ef:fd:62:43:da:ef:6d:8f:a5:ca:e8:
                    b3:9a:28:83:a3:10:40:79:5d:03:2c:fb:56:95:0c:
                    ce:7d:80:2a:fa:60:5f:df:00:63:3f:1f:29:d4:b4:
                    8f:6d:eb:61:e4:c9:92:fc:74:4e:50:40:e3:3a:fc:
                    40:28:d3:0e:05:c4:97:33:54:f9:b5:cd:31:16:ba:
                    2e:5e:4b:58:cc:98:94:88:0e:cd:af:62:e6:b7:a9:
                    5d:c0:c0:84:ef:99:39:6f:3a:b9:4f:1c:11:32:a8:
                    ff:a5:c2:8f:e6:b5:bd:42:24:18:ce:a1:d4:ec:f0:
                    5c:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:73:15:B6:CC:37:D4:B5:CB:33:E6:61:97:E6:97:99:0D:2C:48:09
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/MnMVtsw31LXLM-Zhl-aXmQ0sSAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:8a:3f:3b:ae:01:33:13:fc:d7:df:6e:c2:fc:f4:c9:28:e1:
         20:2d:73:7a:98:9a:6f:33:41:f2:5b:f3:94:85:5b:f9:53:c6:
         60:d5:7b:d8:1c:63:07:83:b9:04:52:cc:a6:5b:b6:0a:be:ef:
         ce:81:19:cf:41:33:d0:86:cb:d0:d6:33:26:35:a7:77:73:d4:
         f1:db:99:ec:8d:e6:73:09:73:12:6b:91:ed:48:a0:66:e8:4d:
         6c:1f:26:a8:f7:ca:64:57:bc:26:ee:1a:4c:ec:b1:cd:f2:0e:
         fa:7b:21:73:41:83:80:b4:1b:cc:af:d6:1f:a4:4b:13:5a:d1:
         7b:b1:b1:06:71:aa:03:b6:e1:82:01:9b:4f:cb:5f:32:55:a2:
         87:90:79:eb:88:a4:7d:db:98:bf:df:f1:ab:10:55:3b:be:0b:
         86:5d:f6:39:a8:29:6b:83:fd:59:33:8d:83:5a:b8:75:50:ab:
         4f:8f:eb:fd:4c:c7:cf:8c:c3:cd:5c:37:03:bb:3f:f2:b8:a0:
         a8:f0:a5:3b:bc:af:b5:af:ad:61:25:6d:78:57:5b:0e:6a:b6:
         1d:94:9c:30:86:3a:81:29:68:d9:69:65:3c:fe:b6:5f:f5:b0:
         ce:51:1e:e8:42:f6:3d:aa:bf:d7:20:0d:20:48:80:ae:54:04:
         db:8f:53:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKfT8X5cjlsW6+ETNK2xQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjczMTViNmNjMzdkNGI1Y2IzM2U2NjE5N2U2OTc5OTBkMmM0ODA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKT5/nYQR2HcxXC+DfFU+hV3eSiC
HKJQ0hapv16B6NwKwEq0fC34DFPMv+Wd/QBVjN6HS9wjtDaBR8EupEDuHeLEdn7U
B3EoPrskhzzEkvM9GMxwaBMkte+xqf77nJ22vFSysGlWClIEj5cpSGubDhdG5lQa
mSpw4twGhebqvr8vw25Ao3l8BXCV7/1iQ9rvbY+lyuizmiiDoxBAeV0DLPtWlQzO
fYAq+mBf3wBjPx8p1LSPbeth5MmS/HROUEDjOvxAKNMOBcSXM1T5tc0xFrouXktY
zJiUiA7Nr2Lmt6ldwMCE75k5bzq5TxwRMqj/pcKP5rW9QiQYzqHU7PBc1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJzFbbMN9S1yzPmYZfml5kNLEgJMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvTW5NVnRzdzMxTFhMTS1aaGwtYVhtUTBzU0FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXavRMA0G
CSqGSIb3DQEBCwUAA4IBAQCGij87rgEzE/zX327C/PTJKOEgLXN6mJpvM0HyW/OU
hVv5U8Zg1XvYHGMHg7kEUsymW7YKvu/OgRnPQTPQhsvQ1jMmNad3c9Tx25nsjeZz
CXMSa5HtSKBm6E1sHyao98pkV7wm7hpM7LHN8g76eyFzQYOAtBvMr9YfpEsTWtF7
sbEGcaoDtuGCAZtPy18yVaKHkHnriKR925i/3/GrEFU7vguGXfY5qClrg/1ZM42D
Wrh1UKtPj+v9TMfPjMPNXDcDuz/yuKCo8KU7vK+1r61hJW14V1sOarYdlJwwhjqB
KWjZaWU8/rZf9bDOUR7oQvY9qr/XIA0gSICuVATbj1NM
-----END CERTIFICATE-----