Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/Wf2lMOmoSH18QCv8cWzXjBTzU1E.roa
File:                     Wf2lMOmoSH18QCv8cWzXjBTzU1E.roa (raw, json)
Hash identifier:          p46CITPcEQzf6oyv+sivAx8WKRXfshd00Yx5ynexw1c=
Subject key identifier:   59:FD:A5:30:E9:A8:48:7D:7C:40:2B:FC:71:6C:D7:8C:14:F3:53:51
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A19187DB0B19914857456CDCC2FE0
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/Wf2lMOmoSH18QCv8cWzXjBTzU1E.roa
Signing time:             Tue 02 Jan 2024 12:33:25 +0000
ROA not before:           Tue 02 Jan 2024 12:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57888
IP address blocks:        146.120.8.0/22 maxlen: 24
                          93.170.56.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 21:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:19:18:7d:b0:b1:99:14:85:74:56:cd:cc:2f:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59fda530e9a8487d7c402bfc716cd78c14f35351
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:f4:d5:29:98:84:08:a6:2a:46:98:ef:b8:01:
                    98:38:83:f0:04:f2:8a:1c:bc:59:7c:da:43:92:84:
                    28:0e:fd:ec:12:72:4d:d5:04:1c:3e:86:2a:84:c8:
                    68:f0:36:b1:5b:10:98:6f:3d:95:9d:dd:cf:35:81:
                    f5:af:53:d5:f7:97:7e:76:96:c2:ff:13:55:5e:81:
                    92:f2:3b:30:a8:83:4f:ed:a6:6e:35:c1:d5:d0:30:
                    39:6e:de:36:1f:b0:e0:15:a1:47:54:f7:48:db:3e:
                    86:5e:77:88:99:fb:cd:1f:0c:8e:23:8a:5e:83:ea:
                    7c:12:6c:c5:44:25:c7:2f:88:4d:ec:e5:78:39:d2:
                    b9:7f:7d:27:46:0f:b5:22:8c:5e:99:31:53:e3:1c:
                    b1:56:07:fa:a9:d3:f8:a2:d1:cc:12:75:8b:eb:9f:
                    96:58:98:d8:ce:35:80:b9:04:95:7a:b2:a0:8f:d6:
                    8e:c3:a7:fb:b9:c7:5f:15:b8:24:14:42:12:04:3c:
                    e5:2b:40:df:b7:cd:b8:53:38:6e:e8:bc:b4:55:10:
                    54:6c:be:37:b8:ac:8e:1d:c5:e8:9b:13:63:a4:88:
                    66:34:d4:56:17:08:f8:3b:fc:40:c4:44:3b:26:99:
                    c1:0b:10:12:a6:01:c0:04:6f:e0:92:5d:31:96:d8:
                    cc:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:FD:A5:30:E9:A8:48:7D:7C:40:2B:FC:71:6C:D7:8C:14:F3:53:51
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/Wf2lMOmoSH18QCv8cWzXjBTzU1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.56.0/21
                  146.120.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:8d:fb:d1:21:7c:1f:f8:19:1a:18:29:39:f6:cb:3c:8c:7c:
         55:44:d7:7f:99:73:d8:29:d8:8d:a6:7b:cd:cc:b2:72:cc:32:
         a5:a6:a7:e9:c6:06:d3:3c:c0:40:46:44:3f:56:00:56:a1:8b:
         94:a2:30:ca:f9:25:43:9e:27:1c:a6:d2:5c:57:33:61:76:51:
         fb:8f:e5:e3:ef:a3:e7:b4:61:11:7d:eb:4e:c1:38:a4:4e:77:
         8c:0e:ba:bb:ab:62:d1:dc:a5:62:0f:f3:52:e2:76:c6:25:6c:
         0c:3f:1e:de:dd:79:89:28:6c:17:47:e3:bf:42:80:a2:41:3f:
         55:88:1b:55:c0:c7:02:65:01:22:d7:9c:fa:2d:87:24:8d:45:
         6e:44:2a:b8:d3:24:09:d7:56:42:b9:a4:61:54:69:fc:b2:b6:
         f1:cb:86:2e:e0:a3:31:1b:ee:a5:27:24:17:19:e3:cb:e9:8d:
         47:12:80:3a:2a:d3:50:1d:4d:4b:7f:62:82:e3:3a:4d:7e:de:
         7f:1a:b2:f5:c7:13:3e:ad:51:5e:54:ea:de:16:9d:c7:02:a1:
         92:fa:4a:0f:fb:68:42:54:fa:e2:50:d7:32:87:57:07:01:a7:
         33:7b:f7:71:8b:49:03:ee:f1:60:20:1a:bf:e0:78:3f:b2:99:
         95:57:80:8b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKhkYfbCxmRSFdFbNzC/gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWZkYTUzMGU5YTg0ODdkN2M0MDJiZmM3MTZjZDc4YzE0ZjM1MzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifTVKZiECKYqRpjvuAGYOIPwBPKK
HLxZfNpDkoQoDv3sEnJN1QQcPoYqhMho8DaxWxCYbz2Vnd3PNYH1r1PV95d+dpbC
/xNVXoGS8jswqINP7aZuNcHV0DA5bt42H7DgFaFHVPdI2z6GXneImfvNHwyOI4pe
g+p8EmzFRCXHL4hN7OV4OdK5f30nRg+1IoxemTFT4xyxVgf6qdP4otHMEnWL65+W
WJjYzjWAuQSVerKgj9aOw6f7ucdfFbgkFEISBDzlK0Dft824Uzhu6Ly0VRBUbL43
uKyOHcXomxNjpIhmNNRWFwj4O/xAxEQ7JpnBCxASpgHABG/gkl0xltjMSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFn9pTDpqEh9fEAr/HFs14wU81NRMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvV2YybE1PbW9TSDE4UUN2OGNXelhqQlR6VTFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDXao4AwQC
kngIMA0GCSqGSIb3DQEBCwUAA4IBAQAVjfvRIXwf+BkaGCk59ss8jHxVRNd/mXPY
KdiNpnvNzLJyzDKlpqfpxgbTPMBARkQ/VgBWoYuUojDK+SVDniccptJcVzNhdlH7
j+Xj76PntGERfetOwTikTneMDrq7q2LR3KViD/NS4nbGJWwMPx7e3XmJKGwXR+O/
QoCiQT9ViBtVwMcCZQEi15z6LYckjUVuRCq40yQJ11ZCuaRhVGn8srbxy4Yu4KMx
G+6lJyQXGePL6Y1HEoA6KtNQHU1Lf2KC4zpNft5/GrL1xxM+rVFeVOreFp3HAqGS
+koP+2hCVPriUNcyh1cHAacze/dxi0kD7vFgIBq/4Hg/spmVV4CL
-----END CERTIFICATE-----