Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/eWifGVvEMm4hu1TWSPgOGryL-OE.roa
File:                     eWifGVvEMm4hu1TWSPgOGryL-OE.roa (raw, json)
Hash identifier:          UL7IUs/8y008BrrtFIH754ixAVYdLuxJVIJWVcZSBqk=
Subject key identifier:   79:68:9F:19:5B:C4:32:6E:21:BB:54:D6:48:F8:0E:1A:BC:8B:F8:E1
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA29E869D71F7819E500B3C7E52FF6C9
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/eWifGVvEMm4hu1TWSPgOGryL-OE.roa
Signing time:             Tue 02 Jan 2024 12:33:13 +0000
ROA not before:           Tue 02 Jan 2024 12:33:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41102
IP address blocks:        93.170.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:12:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:e8:69:d7:1f:78:19:e5:00:b3:c7:e5:2f:f6:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79689f195bc4326e21bb54d648f80e1abc8bf8e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ee:c4:85:ac:2b:7c:be:96:c0:f7:2c:a3:6b:
                    6b:42:6b:63:28:20:90:4e:48:81:83:19:e6:c7:2d:
                    79:9e:31:95:40:9a:0f:7a:30:e5:7d:94:d8:b9:d4:
                    0d:07:8f:c0:31:af:5e:97:ea:d5:58:f5:12:9b:72:
                    14:a7:bd:11:36:94:65:82:a0:eb:72:fa:9e:99:3a:
                    b9:38:ad:72:cc:6e:2f:63:85:a2:ab:ca:3b:6a:a2:
                    9f:89:6e:f7:92:38:44:2c:ec:85:bc:78:f1:8a:a2:
                    01:63:e0:63:2d:51:bd:36:f2:e3:4a:0b:3a:7a:5f:
                    18:28:b2:8e:52:dc:2c:d1:96:aa:71:e3:bd:9d:5f:
                    03:b4:42:38:78:1f:38:79:38:cf:90:2e:23:9a:ed:
                    26:e2:bb:69:ca:24:b5:25:65:66:9e:f0:61:cf:7a:
                    e2:ac:38:33:9d:b6:d7:66:f4:47:72:c1:a4:6d:45:
                    44:07:48:74:0e:d2:9a:fe:cc:77:df:ac:40:c8:91:
                    fa:e2:de:64:55:4f:0c:0d:c1:3a:96:4a:80:f4:8b:
                    95:b8:85:e6:d4:e4:51:ea:00:04:0a:db:ae:5d:7e:
                    33:49:49:f6:32:b1:78:fc:76:7d:0d:e3:9e:4a:eb:
                    29:b2:9b:ef:17:94:fd:87:1f:1e:1f:df:3e:05:59:
                    dc:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:68:9F:19:5B:C4:32:6E:21:BB:54:D6:48:F8:0E:1A:BC:8B:F8:E1
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/eWifGVvEMm4hu1TWSPgOGryL-OE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:97:5b:26:27:6d:06:d1:07:8c:66:44:c3:ff:d5:a7:b7:10:
         13:35:19:1d:ba:b3:f1:46:8c:1f:22:f7:bb:42:42:a3:6a:33:
         c9:a5:7d:ec:ab:49:0f:e3:24:a5:57:6d:a4:2a:28:47:99:13:
         db:5b:fd:af:4b:f5:62:4c:28:40:c5:eb:d2:a4:fb:09:16:e8:
         4e:86:4b:e0:2f:cd:0c:67:b9:d3:65:ef:4a:09:b7:6b:f5:78:
         e5:73:ee:09:88:20:f5:65:d2:20:90:c5:94:f3:4b:7e:d7:d1:
         e6:53:77:14:bb:7f:23:55:d5:33:62:e8:f9:d7:d9:05:76:6e:
         6b:79:33:17:bb:ac:fa:ac:42:eb:b2:b5:12:a8:c5:7b:40:b6:
         e4:48:06:22:d9:5b:b7:c2:c3:88:5f:ea:88:7c:2d:d2:22:6a:
         ce:75:85:aa:bf:ad:b6:9b:0f:2f:20:b7:d4:c1:8d:4d:d4:45:
         57:32:9f:11:8e:12:dc:fc:40:fa:17:04:fd:3f:1c:85:4a:19:
         ad:7f:d2:5a:e6:3a:15:9d:ba:c5:50:91:93:23:9e:93:30:a8:
         7b:b8:11:4e:04:e9:b6:7d:1a:96:27:1d:bb:35:32:f6:0b:93:
         8f:8e:8c:f6:0a:11:9d:ac:43:a3:9d:cc:68:a3:25:1b:db:db:
         c6:fb:ed:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKehp1x94GeUAs8flL/bJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTY4OWYxOTViYzQzMjZlMjFiYjU0ZDY0OGY4MGUxYWJjOGJmOGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+7EhawrfL6WwPcso2trQmtjKCCQ
TkiBgxnmxy15njGVQJoPejDlfZTYudQNB4/AMa9el+rVWPUSm3IUp70RNpRlgqDr
cvqemTq5OK1yzG4vY4Wiq8o7aqKfiW73kjhELOyFvHjxiqIBY+BjLVG9NvLjSgs6
el8YKLKOUtws0ZaqceO9nV8DtEI4eB84eTjPkC4jmu0m4rtpyiS1JWVmnvBhz3ri
rDgznbbXZvRHcsGkbUVEB0h0DtKa/sx336xAyJH64t5kVU8MDcE6lkqA9IuVuIXm
1ORR6gAECtuuXX4zSUn2MrF4/HZ9DeOeSuspspvvF5T9hx8eH98+BVncoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHlonxlbxDJuIbtU1kj4Dhq8i/jhMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvZVdpZkdWdkVNbTRodTFUV1NQZ09HcnlMLU9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXaraMA0G
CSqGSIb3DQEBCwUAA4IBAQBrl1smJ20G0QeMZkTD/9WntxATNRkdurPxRowfIve7
QkKjajPJpX3sq0kP4ySlV22kKihHmRPbW/2vS/ViTChAxevSpPsJFuhOhkvgL80M
Z7nTZe9KCbdr9Xjlc+4JiCD1ZdIgkMWU80t+19HmU3cUu38jVdUzYuj519kFdm5r
eTMXu6z6rELrsrUSqMV7QLbkSAYi2Vu3wsOIX+qIfC3SImrOdYWqv622mw8vILfU
wY1N1EVXMp8RjhLc/ED6FwT9PxyFShmtf9Ja5joVnbrFUJGTI56TMKh7uBFOBOm2
fRqWJx27NTL2C5OPjoz2ChGdrEOjncxooyUb29vG++1g
-----END CERTIFICATE-----