Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/kjB62_Di1Gty-wD5wr57GlIAwBQ.roa
File:                     kjB62_Di1Gty-wD5wr57GlIAwBQ.roa (raw, json)
Hash identifier:          EZ762ZuJJZ1MKi5yN4invBh1VuuMvg9BzV8vc4plABc=
Subject key identifier:   92:30:7A:DB:F0:E2:D4:6B:72:FB:00:F9:C2:BE:7B:1A:52:00:C0:14
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA29FBEC97F295D989D3B0CCE39D3E38
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/kjB62_Di1Gty-wD5wr57GlIAwBQ.roa
Signing time:             Tue 02 Jan 2024 12:33:18 +0000
ROA not before:           Tue 02 Jan 2024 12:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45001
IP address blocks:        95.46.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 21:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:fb:ec:97:f2:95:d9:89:d3:b0:cc:e3:9d:3e:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92307adbf0e2d46b72fb00f9c2be7b1a5200c014
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:49:3b:6c:91:83:9f:5e:aa:d8:d1:01:de:8c:
                    0f:c6:ec:05:78:f0:73:9e:76:99:ca:bd:79:94:06:
                    1e:fb:a8:db:e7:cd:00:65:bb:04:bc:ee:de:fc:a5:
                    9e:12:dc:15:15:5b:32:dd:d8:8e:df:57:74:88:52:
                    1f:ec:46:47:5e:79:bc:0f:c3:86:b3:56:56:8f:41:
                    f2:63:5d:29:35:86:a8:e4:c7:fe:90:76:2a:a2:d4:
                    ae:23:f9:b5:13:e8:8f:b7:e9:f5:d4:e2:5b:cb:37:
                    e9:3d:5d:ac:98:16:54:7a:dd:1f:63:cf:81:0d:87:
                    0c:7b:5c:05:c5:91:0c:a7:8e:92:a4:e5:f4:0c:0f:
                    3f:54:5a:8f:f6:68:12:07:ed:68:15:c1:d7:9f:fd:
                    a6:32:5f:3f:2f:e8:2b:7e:bc:d3:fb:80:bd:cb:5d:
                    57:ea:30:63:b1:0b:41:d6:17:d5:69:25:5c:af:f3:
                    ca:22:ec:c0:de:6b:55:e5:37:56:5c:e7:38:96:23:
                    95:42:3c:a5:0a:99:d8:af:41:c3:26:e7:81:70:6d:
                    35:17:80:86:58:4e:4e:95:94:d3:6d:ba:da:d7:92:
                    89:51:73:c8:72:e0:e2:2b:40:76:0c:4f:ac:9e:0f:
                    dc:ed:76:63:c4:08:20:28:3f:1b:a8:a3:cf:6a:3b:
                    5c:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:30:7A:DB:F0:E2:D4:6B:72:FB:00:F9:C2:BE:7B:1A:52:00:C0:14
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/kjB62_Di1Gty-wD5wr57GlIAwBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.46.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:0b:eb:64:26:54:70:85:d7:cd:de:fd:c2:6d:b7:86:bd:00:
         34:82:9f:8d:c6:26:c0:c1:c1:88:d6:6e:53:31:70:1f:a1:87:
         1a:20:2e:7e:84:15:9b:2d:94:a2:d3:7b:74:68:5c:a0:42:bd:
         3f:88:8a:37:43:2e:4d:c2:3b:46:22:a7:ec:0b:0e:b8:88:5a:
         1a:81:85:72:07:d3:4e:d3:94:99:87:59:90:85:0c:1b:1f:72:
         95:1e:66:5c:7a:94:ba:8b:de:42:a2:65:33:f7:86:a9:d5:f0:
         25:18:4b:e4:c5:13:18:ab:11:20:40:bb:3e:d5:03:0f:4d:bc:
         70:ee:13:30:5c:85:cf:ae:52:ac:3c:5e:49:72:d4:12:f0:d4:
         6c:59:d5:eb:af:0a:85:9b:0b:76:85:27:d4:da:1b:df:cb:bd:
         8a:bc:58:dc:04:0d:63:16:53:63:d6:73:d3:ac:f0:eb:45:1b:
         76:cd:ef:d1:24:19:8d:0a:f9:07:5c:37:2f:63:b0:7d:52:4c:
         44:13:5c:41:31:8e:da:6c:8d:ce:d5:28:7d:3e:93:6c:5d:d4:
         f0:90:61:b5:a4:4f:17:2a:c2:74:41:e2:b7:8b:5a:fd:9b:3f:
         a8:33:81:91:2c:66:3d:cd:2a:7e:8d:79:9c:97:c7:3c:3a:9c:
         c6:f0:aa:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKfvsl/KV2YnTsMzjnT44MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjMwN2FkYmYwZTJkNDZiNzJmYjAwZjljMmJlN2IxYTUyMDBjMDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskk7bJGDn16q2NEB3owPxuwFePBz
nnaZyr15lAYe+6jb580AZbsEvO7e/KWeEtwVFVsy3diO31d0iFIf7EZHXnm8D8OG
s1ZWj0HyY10pNYao5Mf+kHYqotSuI/m1E+iPt+n11OJbyzfpPV2smBZUet0fY8+B
DYcMe1wFxZEMp46SpOX0DA8/VFqP9mgSB+1oFcHXn/2mMl8/L+grfrzT+4C9y11X
6jBjsQtB1hfVaSVcr/PKIuzA3mtV5TdWXOc4liOVQjylCpnYr0HDJueBcG01F4CG
WE5OlZTTbbra15KJUXPIcuDiK0B2DE+sng/c7XZjxAggKD8bqKPPajtc+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJIwetvw4tRrcvsA+cK+expSAMAUMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEva2pCNjJfRGkxR3R5LXdENXdyNTdHbElBd0JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXy6aMA0G
CSqGSIb3DQEBCwUAA4IBAQCdC+tkJlRwhdfN3v3CbbeGvQA0gp+NxibAwcGI1m5T
MXAfoYcaIC5+hBWbLZSi03t0aFygQr0/iIo3Qy5NwjtGIqfsCw64iFoagYVyB9NO
05SZh1mQhQwbH3KVHmZcepS6i95ComUz94ap1fAlGEvkxRMYqxEgQLs+1QMPTbxw
7hMwXIXPrlKsPF5JctQS8NRsWdXrrwqFmwt2hSfU2hvfy72KvFjcBA1jFlNj1nPT
rPDrRRt2ze/RJBmNCvkHXDcvY7B9UkxEE1xBMY7abI3O1Sh9PpNsXdTwkGG1pE8X
KsJ0QeK3i1r9mz+oM4GRLGY9zSp+jXmcl8c8OpzG8KoG
-----END CERTIFICATE-----