Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ojeCVBVJVd6Q2MtM6Ij5G234s6k.roa
File:                     ojeCVBVJVd6Q2MtM6Ij5G234s6k.roa (raw, json)
Hash identifier:          owWZDf7n+5sev4J5SFJWog1u4nRbU+46B5DdxCH755g=
Subject key identifier:   A2:37:82:54:15:49:55:DE:90:D8:CB:4C:E8:88:F9:1B:6D:F8:B3:A9
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A15E90E720FA92E5D8F1205259E06
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ojeCVBVJVd6Q2MtM6Ij5G234s6k.roa
Signing time:             Tue 02 Jan 2024 12:33:24 +0000
ROA not before:           Tue 02 Jan 2024 12:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56965
IP address blocks:        31.148.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 21:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:15:e9:0e:72:0f:a9:2e:5d:8f:12:05:25:9e:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2378254154955de90d8cb4ce888f91b6df8b3a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:61:ef:da:cd:c9:11:8a:14:95:ed:48:eb:f9:
                    4d:71:d5:c6:cc:59:ed:8f:91:b7:08:b8:86:1e:75:
                    ae:d6:69:15:65:a6:36:ea:3f:71:ea:e2:88:1b:21:
                    61:0f:07:db:a3:77:0a:b2:ac:e5:ac:2a:85:08:67:
                    66:55:48:87:b9:df:bb:a8:f7:1f:af:3a:2e:8b:7f:
                    f6:b5:d0:3b:f6:af:7c:3a:1e:7d:ff:24:64:52:5c:
                    44:f7:35:c7:3f:17:f2:ce:61:ae:05:56:0b:eb:b3:
                    ea:f8:31:b5:8e:58:7e:7b:d5:a9:9b:4d:48:00:1e:
                    92:a2:41:d0:50:09:6b:bc:3e:44:41:8c:11:cb:13:
                    63:7f:e8:c8:7e:f4:14:30:79:c8:f3:a6:98:29:25:
                    79:92:b3:d8:46:c4:bf:58:a2:a0:03:c7:bc:e1:8a:
                    e8:5f:22:cb:78:25:43:9b:be:59:a0:cb:19:bb:91:
                    ff:28:84:95:a6:89:0f:f7:9d:fc:04:3b:3d:f7:e3:
                    70:04:ac:d4:66:18:59:35:c0:c7:bb:cb:45:09:20:
                    ea:4e:b2:35:f3:7b:84:5b:37:cd:2b:37:5e:22:fe:
                    d4:e4:7c:b4:f8:d5:eb:16:00:53:d5:85:99:2d:1f:
                    f6:9f:68:bf:93:c6:0c:ac:6b:98:4e:b1:36:1b:38:
                    d1:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:37:82:54:15:49:55:DE:90:D8:CB:4C:E8:88:F9:1B:6D:F8:B3:A9
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ojeCVBVJVd6Q2MtM6Ij5G234s6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:7f:ed:32:9e:ec:d8:ae:20:c3:8c:ff:f4:98:d5:73:2f:ab:
         e3:d1:f0:65:23:ef:30:c9:ca:89:64:14:60:56:9d:f2:90:fe:
         19:9e:6f:74:b4:04:13:ff:3a:bd:9e:3c:2a:0d:c2:f2:8d:f5:
         e4:66:e2:0a:3e:83:dd:7d:97:bc:fb:41:96:07:d4:ae:69:99:
         13:a4:43:24:15:b3:81:1d:f6:c3:69:e4:7a:66:bd:de:20:de:
         be:78:9a:eb:49:9f:22:82:f2:66:b6:b3:19:f8:15:3e:c5:75:
         a1:14:79:0a:79:03:c3:03:ad:8a:8d:06:04:fd:37:01:bc:c7:
         b8:c4:b3:44:a8:ee:2e:bd:9e:ce:4f:c7:8f:8a:ab:52:e1:8f:
         f3:71:c7:16:3c:1d:a8:01:98:4c:27:7a:18:f2:01:d1:e2:ea:
         83:fc:4e:71:d1:3b:53:2d:1d:e7:30:ac:e2:b8:a7:77:5f:b1:
         32:8e:50:11:18:c5:97:99:99:a9:31:8a:a3:80:b7:65:8a:c3:
         ce:83:ee:13:ff:c1:00:a5:84:43:67:5b:bc:0a:cb:b9:1f:03:
         88:b6:02:9a:4f:7b:88:b0:6e:83:cf:34:3b:2f:ed:22:54:3f:
         0a:68:39:97:6e:e1:95:9b:80:08:55:9b:09:9d:53:92:bb:67:
         74:e5:4b:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKhXpDnIPqS5djxIFJZ4GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjM3ODI1NDE1NDk1NWRlOTBkOGNiNGNlODg4ZjkxYjZkZjhiM2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWHv2s3JEYoUle1I6/lNcdXGzFnt
j5G3CLiGHnWu1mkVZaY26j9x6uKIGyFhDwfbo3cKsqzlrCqFCGdmVUiHud+7qPcf
rzoui3/2tdA79q98Oh59/yRkUlxE9zXHPxfyzmGuBVYL67Pq+DG1jlh+e9Wpm01I
AB6SokHQUAlrvD5EQYwRyxNjf+jIfvQUMHnI86aYKSV5krPYRsS/WKKgA8e84Yro
XyLLeCVDm75ZoMsZu5H/KISVpokP9538BDs99+NwBKzUZhhZNcDHu8tFCSDqTrI1
83uEWzfNKzdeIv7U5Hy0+NXrFgBT1YWZLR/2n2i/k8YMrGuYTrE2GzjRVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKI3glQVSVXekNjLTOiI+Rtt+LOpMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvb2plQ1ZCVkpWZDZRMk10TTZJajVHMjM0czZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH5TIMA0G
CSqGSIb3DQEBCwUAA4IBAQAbf+0ynuzYriDDjP/0mNVzL6vj0fBlI+8wycqJZBRg
Vp3ykP4Znm90tAQT/zq9njwqDcLyjfXkZuIKPoPdfZe8+0GWB9SuaZkTpEMkFbOB
HfbDaeR6Zr3eIN6+eJrrSZ8igvJmtrMZ+BU+xXWhFHkKeQPDA62KjQYE/TcBvMe4
xLNEqO4uvZ7OT8ePiqtS4Y/zcccWPB2oAZhMJ3oY8gHR4uqD/E5x0TtTLR3nMKzi
uKd3X7EyjlARGMWXmZmpMYqjgLdlisPOg+4T/8EApYRDZ1u8Csu5HwOItgKaT3uI
sG6DzzQ7L+0iVD8KaDmXbuGVm4AIVZsJnVOSu2d05UsR
-----END CERTIFICATE-----