Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/QdZwL8Q9fyeSHI8Y9LOD_cJ_6Zc.roa
File:                     QdZwL8Q9fyeSHI8Y9LOD_cJ_6Zc.roa (raw, json)
Hash identifier:          lbAU3tj76Ol0Fr35nz7STmyVUMXW8MxqRYHlkUii7rk=
Subject key identifier:   41:D6:70:2F:C4:3D:7F:27:92:1C:8F:18:F4:B3:83:FD:C2:7F:E9:97
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA29EE7DD1619240027824A62C72D3CE
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/QdZwL8Q9fyeSHI8Y9LOD_cJ_6Zc.roa
Signing time:             Tue 02 Jan 2024 12:33:14 +0000
ROA not before:           Tue 02 Jan 2024 12:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42447
IP address blocks:        92.38.48.0/23 maxlen: 24
                          93.170.72.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:12:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:ee:7d:d1:61:92:40:02:78:24:a6:2c:72:d3:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41d6702fc43d7f27921c8f18f4b383fdc27fe997
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:8a:83:6d:09:b5:86:22:ce:7b:80:02:10:5d:
                    9d:a0:ac:01:65:89:b0:14:34:3b:4f:84:e1:b6:e0:
                    09:93:ba:8f:e4:7c:6e:f3:53:c4:bc:df:27:a0:e6:
                    50:16:e5:4f:2b:1d:dd:58:38:8a:e3:7b:d5:ed:99:
                    f3:b5:07:28:1c:a0:54:23:12:e2:a2:46:bf:68:6a:
                    65:8b:78:9f:d4:5d:d9:ff:0e:d3:92:97:c5:e4:2d:
                    5c:cd:73:66:03:aa:35:e6:02:a7:df:1a:43:5b:2f:
                    0f:81:58:bb:a5:c2:6d:1a:e6:2a:75:e7:0d:0a:07:
                    cc:44:6c:e5:c9:1c:66:c5:2a:ac:b0:40:a4:6f:94:
                    05:d6:38:9a:4c:42:b0:f8:22:83:b3:56:61:68:5f:
                    28:29:de:26:d4:fe:5c:f1:b3:80:78:17:e1:97:a6:
                    41:19:bd:e7:0c:0a:08:d5:62:c2:fa:4f:4b:ea:90:
                    05:0c:e4:ba:ea:64:b6:46:b9:e7:b8:42:9a:4b:08:
                    0e:c0:64:62:fa:50:1d:fe:4b:cd:d4:16:94:e5:e1:
                    8e:c3:f0:d3:57:a6:2f:38:c5:1b:43:41:8e:4f:a1:
                    00:0e:92:a5:69:1f:f3:1d:89:d5:b1:7f:7a:e4:da:
                    b4:57:54:a0:b5:38:96:a4:fa:3c:0b:3f:83:bf:43:
                    09:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:D6:70:2F:C4:3D:7F:27:92:1C:8F:18:F4:B3:83:FD:C2:7F:E9:97
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/QdZwL8Q9fyeSHI8Y9LOD_cJ_6Zc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.38.48.0/23
                  93.170.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a5:cf:d8:4c:37:be:77:ae:6e:7c:f2:04:e0:03:ce:5b:9f:6d:
         cd:3e:43:66:5c:9e:e1:4c:9d:1a:ce:24:e5:6e:5d:00:ec:6c:
         09:32:08:1c:d5:d3:d8:ed:c4:33:d9:3b:84:08:83:a4:57:df:
         3b:ac:39:0f:d9:53:69:d3:c8:18:c4:8e:a2:d1:f1:b6:ed:17:
         f6:84:92:66:f2:3a:29:29:0c:be:24:6e:30:d6:cd:57:d9:ec:
         a1:ae:1a:92:dc:c6:01:41:75:94:f0:bc:51:2c:f4:27:4c:ee:
         6e:67:a1:b0:da:4a:15:82:22:87:14:2b:45:84:52:95:d3:de:
         9e:04:b8:05:a3:f3:25:77:cc:ed:5d:81:72:6e:89:80:18:50:
         8e:1d:4d:34:6f:87:4c:46:a2:24:8b:f8:03:14:dd:12:b6:7d:
         20:f5:b3:70:02:9b:5b:92:16:2e:5d:23:54:9f:27:61:7a:d9:
         4a:77:ab:e2:1f:50:2e:7d:d0:84:6c:9e:a2:9a:59:fc:a0:4d:
         24:4b:89:bc:6b:fe:96:d7:6d:e8:25:b6:b1:2c:12:ad:1c:04:
         a8:56:6b:a8:e9:37:96:f3:b4:20:ff:21:2d:a1:78:72:c6:ac:
         7f:47:9c:0f:a9:5d:a4:fa:5d:be:40:6f:24:94:d8:10:1b:03:
         8a:99:51:40
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKe590WGSQAJ4JKYsctPOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWQ2NzAyZmM0M2Q3ZjI3OTIxYzhmMThmNGIzODNmZGMyN2ZlOTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1YqDbQm1hiLOe4ACEF2doKwBZYmw
FDQ7T4ThtuAJk7qP5Hxu81PEvN8noOZQFuVPKx3dWDiK43vV7ZnztQcoHKBUIxLi
oka/aGpli3if1F3Z/w7TkpfF5C1czXNmA6o15gKn3xpDWy8PgVi7pcJtGuYqdecN
CgfMRGzlyRxmxSqssECkb5QF1jiaTEKw+CKDs1ZhaF8oKd4m1P5c8bOAeBfhl6ZB
Gb3nDAoI1WLC+k9L6pAFDOS66mS2RrnnuEKaSwgOwGRi+lAd/kvN1BaU5eGOw/DT
V6YvOMUbQ0GOT6EADpKlaR/zHYnVsX965Nq0V1SgtTiWpPo8Cz+Dv0MJZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEHWcC/EPX8nkhyPGPSzg/3Cf+mXMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvUWRad0w4UTlmeWVTSEk4WTlMT0RfY0pfNlpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBXCYwAwQB
XapIMA0GCSqGSIb3DQEBCwUAA4IBAQClz9hMN753rm588gTgA85bn23NPkNmXJ7h
TJ0aziTlbl0A7GwJMggc1dPY7cQz2TuECIOkV987rDkP2VNp08gYxI6i0fG27Rf2
hJJm8jopKQy+JG4w1s1X2eyhrhqS3MYBQXWU8LxRLPQnTO5uZ6Gw2koVgiKHFCtF
hFKV096eBLgFo/Mld8ztXYFybomAGFCOHU00b4dMRqIki/gDFN0Stn0g9bNwAptb
khYuXSNUnydhetlKd6viH1AufdCEbJ6imln8oE0kS4m8a/6W123oJbaxLBKtHASo
Vmuo6TeW87Qg/yEtoXhyxqx/R5wPqV2k+l2+QG8klNgQGwOKmVFA
-----END CERTIFICATE-----