Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/NAxH-ajvZxJBBd9wgIPJqppjg-0.roa
File:                     NAxH-ajvZxJBBd9wgIPJqppjg-0.roa (raw, json)
Hash identifier:          8RmgS5ATQyDpnv8suQnrS/16sqKTwJUg+xkmNRY2qC8=
Subject key identifier:   34:0C:47:F9:A8:EF:67:12:41:05:DF:70:80:83:C9:AA:9A:63:83:ED
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A4B6A47FAD7251CA5B6844A64C56D
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/NAxH-ajvZxJBBd9wgIPJqppjg-0.roa
Signing time:             Tue 02 Jan 2024 12:33:38 +0000
ROA not before:           Tue 02 Jan 2024 12:33:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208941
IP address blocks:        95.46.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:4b:6a:47:fa:d7:25:1c:a5:b6:84:4a:64:c5:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=340c47f9a8ef67124105df708083c9aa9a6383ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:14:95:5a:9f:15:52:b8:c1:e7:45:23:a0:36:
                    c3:0e:81:09:bd:f1:a1:3a:40:99:2c:a8:7a:28:9f:
                    d4:74:d2:f4:4c:53:b1:6f:bd:8e:e0:db:ee:dc:f3:
                    07:ac:5b:3b:a6:b3:4c:b3:42:3b:a3:46:5d:38:f3:
                    bb:0a:e4:7c:1d:2d:3c:e2:fb:81:7c:b2:fd:af:a8:
                    35:87:b3:dc:9d:09:48:ab:43:41:5e:ab:94:5f:06:
                    ea:2a:35:72:0d:f4:a8:1c:f8:a1:3a:66:cc:eb:b1:
                    c3:6c:62:65:7f:08:db:62:8a:6e:b8:42:95:f8:f7:
                    58:88:8e:89:a6:bf:77:35:6d:75:4d:97:6d:3f:b3:
                    f5:d2:e9:b9:67:34:a8:47:b7:ee:bc:5f:4e:89:bb:
                    d7:50:b0:cb:f4:77:a5:25:93:f1:4c:5f:7f:a6:be:
                    14:96:90:70:82:e2:dd:dd:0f:64:d9:f8:0c:b6:81:
                    69:ac:46:e1:8e:39:1a:eb:44:3f:98:24:2b:7b:16:
                    72:87:ef:93:55:06:2b:9e:f9:ea:cb:1f:d9:c2:ac:
                    d2:1d:d1:ff:82:3d:6c:fd:63:58:a2:af:f8:01:5e:
                    8b:70:22:65:9d:f2:74:6a:c0:57:af:77:d9:0c:4b:
                    63:fd:0f:9c:35:43:70:11:23:d4:c2:51:43:79:81:
                    23:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:0C:47:F9:A8:EF:67:12:41:05:DF:70:80:83:C9:AA:9A:63:83:ED
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/NAxH-ajvZxJBBd9wgIPJqppjg-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.46.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:20:64:a7:37:5d:72:a6:b0:a2:62:9b:b5:83:c6:02:7b:c0:
         f8:bf:64:a3:55:b1:a9:d2:9d:80:b1:26:16:21:cc:0f:93:1d:
         e4:3a:9e:57:f5:a5:87:2b:ec:a1:72:f2:e1:33:2e:e2:96:b6:
         51:3c:2e:f7:45:7e:0d:49:c5:36:86:5b:c0:1b:09:0d:36:8a:
         03:b1:35:82:8d:d5:89:23:c2:f3:8d:2f:eb:ba:de:28:46:2c:
         fa:3c:03:cb:8f:68:b7:5a:59:0b:fe:5c:43:ee:1a:04:c0:35:
         14:c2:0c:62:03:6e:2f:d7:b9:ae:38:a4:41:f1:63:64:ed:28:
         90:45:37:04:7f:e7:b7:e8:34:85:4d:70:a8:cc:5b:41:7c:d1:
         f0:3f:02:06:4b:18:f4:c1:dc:7b:6e:a9:5f:c1:78:e7:d4:d3:
         95:7e:61:1c:b3:d3:f1:4f:92:cb:ac:74:a4:8c:09:c2:77:ea:
         02:c5:1f:78:5b:44:b2:29:6c:53:b9:ee:43:05:82:11:ed:67:
         7c:5f:68:58:41:96:10:da:bf:f8:d4:66:54:ac:21:c8:7f:41:
         58:5d:ff:e9:a6:af:ba:59:fa:07:73:d6:8d:29:8f:ba:b9:2e:
         05:a7:37:d0:5b:23:82:50:95:e2:4e:ff:ea:d4:6c:99:4b:f9:
         3e:4a:de:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKktqR/rXJRyltoRKZMVtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDBjNDdmOWE4ZWY2NzEyNDEwNWRmNzA4MDgzYzlhYTlhNjM4M2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBSVWp8VUrjB50UjoDbDDoEJvfGh
OkCZLKh6KJ/UdNL0TFOxb72O4Nvu3PMHrFs7prNMs0I7o0ZdOPO7CuR8HS084vuB
fLL9r6g1h7PcnQlIq0NBXquUXwbqKjVyDfSoHPihOmbM67HDbGJlfwjbYopuuEKV
+PdYiI6Jpr93NW11TZdtP7P10um5ZzSoR7fuvF9OibvXULDL9HelJZPxTF9/pr4U
lpBwguLd3Q9k2fgMtoFprEbhjjka60Q/mCQrexZyh++TVQYrnvnqyx/ZwqzSHdH/
gj1s/WNYoq/4AV6LcCJlnfJ0asBXr3fZDEtj/Q+cNUNwESPUwlFDeYEjbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQMR/mo72cSQQXfcICDyaqaY4PtMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvTkF4SC1hanZaeEpCQmQ5d2dJUEpxcHBqZy0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXy5JMA0G
CSqGSIb3DQEBCwUAA4IBAQALIGSnN11yprCiYpu1g8YCe8D4v2SjVbGp0p2AsSYW
IcwPkx3kOp5X9aWHK+yhcvLhMy7ilrZRPC73RX4NScU2hlvAGwkNNooDsTWCjdWJ
I8LzjS/rut4oRiz6PAPLj2i3WlkL/lxD7hoEwDUUwgxiA24v17muOKRB8WNk7SiQ
RTcEf+e36DSFTXCozFtBfNHwPwIGSxj0wdx7bqlfwXjn1NOVfmEcs9PxT5LLrHSk
jAnCd+oCxR94W0SyKWxTue5DBYIR7Wd8X2hYQZYQ2r/41GZUrCHIf0FYXf/ppq+6
WfoHc9aNKY+6uS4FpzfQWyOCUJXiTv/q1GyZS/k+St6k
-----END CERTIFICATE-----