Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/iPWOSOAyxQnpUjaHWTN8UwKuNAg.roa
File:                     iPWOSOAyxQnpUjaHWTN8UwKuNAg.roa (raw, json)
Hash identifier:          PkBHM93ExfBdaA/W6mzY+eSGR5pRx/EzUI3eVx9F5ls=
Subject key identifier:   88:F5:8E:48:E0:32:C5:09:E9:52:36:87:59:33:7C:53:02:AE:34:08
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A4C334BFD0959CD0725FB3B498BB3
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/iPWOSOAyxQnpUjaHWTN8UwKuNAg.roa
Signing time:             Tue 02 Jan 2024 12:33:38 +0000
ROA not before:           Tue 02 Jan 2024 12:33:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208946
IP address blocks:        93.171.158.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:4c:33:4b:fd:09:59:cd:07:25:fb:3b:49:8b:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88f58e48e032c509e952368759337c5302ae3408
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8d:eb:3f:ff:14:e8:26:5a:5a:8e:bd:6f:c8:
                    47:d7:08:b9:b6:df:db:d8:69:fa:94:7e:e9:4a:4f:
                    82:be:a5:ec:b9:bc:23:6b:73:bf:1a:e7:8f:89:73:
                    25:9d:84:dd:22:4b:a0:e0:c8:47:93:cf:06:cb:96:
                    03:b8:1d:a1:47:19:b8:7e:ab:7b:9a:39:57:2d:0e:
                    f9:13:6b:14:4e:72:a0:7e:1f:90:aa:75:b9:24:cd:
                    ae:96:02:dd:f2:3c:33:34:06:0b:e4:2c:92:74:95:
                    69:54:b9:96:14:c3:44:bf:08:10:da:72:8a:ca:24:
                    2c:8f:a4:15:a7:78:58:69:c2:0f:7b:da:45:6c:e0:
                    29:f2:cd:0a:87:a4:70:26:c8:92:49:a1:d4:68:84:
                    ac:f0:39:42:e2:98:85:6e:86:86:d4:77:89:7e:75:
                    4a:56:80:4f:47:f6:29:2b:24:c5:34:aa:f8:69:cd:
                    b8:2e:ff:70:b9:0e:49:a3:27:f4:03:7a:96:45:9b:
                    2e:0c:d2:23:72:69:57:29:d1:67:4e:ed:c5:36:62:
                    13:7b:1e:00:9f:70:43:f2:f7:0e:fe:cd:e9:c1:90:
                    64:98:35:94:84:02:c9:43:c5:c5:46:e5:ad:32:4d:
                    2c:1d:5f:b0:a5:52:81:f3:a8:e1:ab:ff:d8:63:ce:
                    dc:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:F5:8E:48:E0:32:C5:09:E9:52:36:87:59:33:7C:53:02:AE:34:08
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/iPWOSOAyxQnpUjaHWTN8UwKuNAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         af:95:69:7b:4a:27:70:98:b2:20:45:cd:8d:f4:12:7d:19:58:
         0c:48:71:42:7a:29:2b:5d:39:95:53:2f:d2:f8:25:bd:3d:2d:
         69:65:d1:e2:da:e4:20:01:cf:ae:26:af:62:5e:e1:28:16:61:
         50:6f:b2:5f:52:19:53:1e:d6:7e:15:d9:91:4f:ad:f9:bd:7c:
         90:18:64:0b:02:f7:15:38:0a:be:aa:24:02:32:a7:62:54:91:
         ba:8f:07:06:19:7a:6f:16:37:4e:82:5d:01:d4:79:e3:a4:61:
         13:1e:59:27:3e:48:57:4c:c5:93:7c:1c:91:4f:a6:90:a8:e1:
         54:19:8e:c3:73:a9:6d:35:12:56:c9:25:44:c2:f6:52:25:04:
         38:a2:2c:d9:0f:44:10:19:ac:8b:2b:65:04:85:3a:37:5a:0e:
         dc:19:d9:84:f4:9f:aa:87:32:8a:d8:78:17:84:b1:33:1a:30:
         f4:a4:fd:ae:9b:87:04:f7:18:b6:50:17:74:fe:27:46:f0:8e:
         6c:fe:8a:20:3e:b1:b8:55:9c:6c:81:2b:1f:a7:83:00:75:d9:
         09:90:5c:f2:aa:56:42:4b:11:71:47:d0:d9:d6:51:5b:25:3c:
         95:cc:35:9f:11:a4:5e:27:4d:15:4f:c2:1b:b7:cd:25:24:36:
         3e:7c:2f:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKkwzS/0JWc0HJfs7SYuzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGY1OGU0OGUwMzJjNTA5ZTk1MjM2ODc1OTMzN2M1MzAyYWUzNDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArY3rP/8U6CZaWo69b8hH1wi5tt/b
2Gn6lH7pSk+CvqXsubwja3O/GuePiXMlnYTdIkug4MhHk88Gy5YDuB2hRxm4fqt7
mjlXLQ75E2sUTnKgfh+QqnW5JM2ulgLd8jwzNAYL5CySdJVpVLmWFMNEvwgQ2nKK
yiQsj6QVp3hYacIPe9pFbOAp8s0Kh6RwJsiSSaHUaISs8DlC4piFboaG1HeJfnVK
VoBPR/YpKyTFNKr4ac24Lv9wuQ5Joyf0A3qWRZsuDNIjcmlXKdFnTu3FNmITex4A
n3BD8vcO/s3pwZBkmDWUhALJQ8XFRuWtMk0sHV+wpVKB86jhq//YY87cxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIj1jkjgMsUJ6VI2h1kzfFMCrjQIMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvaVBXT1NPQXl4UW5wVWphSFdUTjhVd0t1TkFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXaueMA0G
CSqGSIb3DQEBCwUAA4IBAQCvlWl7SidwmLIgRc2N9BJ9GVgMSHFCeikrXTmVUy/S
+CW9PS1pZdHi2uQgAc+uJq9iXuEoFmFQb7JfUhlTHtZ+FdmRT635vXyQGGQLAvcV
OAq+qiQCMqdiVJG6jwcGGXpvFjdOgl0B1HnjpGETHlknPkhXTMWTfByRT6aQqOFU
GY7Dc6ltNRJWySVEwvZSJQQ4oizZD0QQGayLK2UEhTo3Wg7cGdmE9J+qhzKK2HgX
hLEzGjD0pP2um4cE9xi2UBd0/idG8I5s/oogPrG4VZxsgSsfp4MAddkJkFzyqlZC
SxFxR9DZ1lFbJTyVzDWfEaReJ00VT8Ibt80lJDY+fC8E
-----END CERTIFICATE-----