Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/qpLyPwQN7Qkq2d4BdQusV1StRbY.roa
File:                     qpLyPwQN7Qkq2d4BdQusV1StRbY.roa (raw, json)
Hash identifier:          pZPkhTO7fi8TAxUhVG81G33ykoetsULfx6Yc8o5ySWo=
Subject key identifier:   AA:92:F2:3F:04:0D:ED:09:2A:D9:DE:01:75:0B:AC:57:54:AD:45:B6
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A1F73C63ED0DC448F1FD9E5BAFA89
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/qpLyPwQN7Qkq2d4BdQusV1StRbY.roa
Signing time:             Tue 02 Jan 2024 12:33:27 +0000
ROA not before:           Tue 02 Jan 2024 12:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59762
IP address blocks:        93.170.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Jun 2024 06:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:1f:73:c6:3e:d0:dc:44:8f:1f:d9:e5:ba:fa:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa92f23f040ded092ad9de01750bac5754ad45b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:5d:e8:76:f8:6f:2b:e1:19:d4:b1:12:8a:8d:
                    20:44:67:ba:07:3b:4e:e8:bd:f7:37:f3:24:39:17:
                    6d:1f:f5:a9:27:54:99:08:b5:fa:68:c3:84:d4:ce:
                    8b:59:d2:a2:c1:9f:16:5c:11:47:ab:f1:52:cb:3c:
                    56:50:ff:2b:a2:fe:52:27:6c:1b:0c:1c:0c:ae:30:
                    55:6c:69:45:b3:6f:b9:8e:f3:eb:f1:96:a0:8a:bf:
                    6d:7e:19:74:75:17:e0:2c:25:c9:c9:ff:06:22:0c:
                    94:c7:4e:b0:fc:3c:4f:00:ed:93:a9:8f:a9:df:48:
                    91:51:1f:d2:a8:82:a0:54:95:e9:76:75:eb:60:ef:
                    ca:73:4e:2e:0a:72:4b:a0:9a:ec:fb:0a:d8:96:d2:
                    5a:6a:92:3b:85:e1:82:16:36:14:62:67:d7:24:71:
                    f9:cb:01:c0:ab:df:c0:18:4e:2d:ef:9d:9b:12:d2:
                    79:f0:a8:52:68:ce:68:06:aa:c5:09:9a:52:94:48:
                    22:94:d2:80:b3:f7:aa:67:e6:83:dd:6e:61:02:0e:
                    c2:fe:17:a5:06:92:fe:21:bf:e5:76:fa:c2:e5:b5:
                    92:b9:38:b3:8c:02:ba:1c:90:60:58:96:44:78:c3:
                    d5:00:58:0d:bf:d1:40:f4:3d:a8:19:41:26:59:21:
                    2c:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:92:F2:3F:04:0D:ED:09:2A:D9:DE:01:75:0B:AC:57:54:AD:45:B6
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/qpLyPwQN7Qkq2d4BdQusV1StRbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:91:fb:88:a4:9c:0e:54:ea:df:e7:c2:ae:1c:ce:cd:e3:2a:
         26:70:0b:37:ea:4e:9f:95:e1:63:eb:68:46:ad:ce:56:07:63:
         f4:eb:12:38:3b:a3:5d:fe:ce:29:ed:34:6f:97:c2:97:58:41:
         0d:a0:01:b3:82:f5:07:34:bc:3c:6e:47:16:22:3f:62:35:82:
         5f:9e:ac:7c:b2:2c:15:fb:72:a4:ed:af:40:12:8c:c9:7a:21:
         36:94:33:2e:d5:d5:c6:ba:b3:d3:97:f9:e7:aa:99:f3:e5:dd:
         48:e1:40:1f:a3:c8:b0:c3:6d:47:5f:d8:45:a4:dd:3d:7d:25:
         a3:1d:3a:51:2d:e8:02:6c:4c:07:b1:b9:31:39:e0:ad:b9:05:
         61:96:dd:77:bd:16:05:44:3c:9e:90:71:b2:a1:83:23:60:08:
         ed:95:29:aa:6b:d7:e5:25:2c:33:e6:41:89:cd:19:30:ab:ed:
         9e:ab:cf:9c:83:06:43:ff:55:92:0f:80:3e:5f:7a:e2:0e:90:
         f7:0a:3d:43:7f:cd:ad:39:f5:9d:86:de:d9:75:d0:1c:37:e3:
         83:66:8e:24:40:63:a5:15:27:9c:fb:e2:2b:85:69:d7:23:4a:
         42:56:de:79:7c:6f:9c:a6:6b:14:bc:e1:54:a4:6f:b3:9a:9d:
         f7:5a:d6:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKh9zxj7Q3ESPH9nluvqJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTkyZjIzZjA0MGRlZDA5MmFkOWRlMDE3NTBiYWM1NzU0YWQ0NWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlF3odvhvK+EZ1LESio0gRGe6BztO
6L33N/MkORdtH/WpJ1SZCLX6aMOE1M6LWdKiwZ8WXBFHq/FSyzxWUP8rov5SJ2wb
DBwMrjBVbGlFs2+5jvPr8Zagir9tfhl0dRfgLCXJyf8GIgyUx06w/DxPAO2TqY+p
30iRUR/SqIKgVJXpdnXrYO/Kc04uCnJLoJrs+wrYltJaapI7heGCFjYUYmfXJHH5
ywHAq9/AGE4t752bEtJ58KhSaM5oBqrFCZpSlEgilNKAs/eqZ+aD3W5hAg7C/hel
BpL+Ib/ldvrC5bWSuTizjAK6HJBgWJZEeMPVAFgNv9FA9D2oGUEmWSEsswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKqS8j8EDe0JKtneAXULrFdUrUW2MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvcXBMeVB3UU43UWtxMmQ0QmRRdXNWMVN0UmJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXaphMA0G
CSqGSIb3DQEBCwUAA4IBAQBykfuIpJwOVOrf58KuHM7N4yomcAs36k6fleFj62hG
rc5WB2P06xI4O6Nd/s4p7TRvl8KXWEENoAGzgvUHNLw8bkcWIj9iNYJfnqx8siwV
+3Kk7a9AEozJeiE2lDMu1dXGurPTl/nnqpnz5d1I4UAfo8iww21HX9hFpN09fSWj
HTpRLegCbEwHsbkxOeCtuQVhlt13vRYFRDyekHGyoYMjYAjtlSmqa9flJSwz5kGJ
zRkwq+2eq8+cgwZD/1WSD4A+X3riDpD3Cj1Df82tOfWdht7ZddAcN+ODZo4kQGOl
FSec++IrhWnXI0pCVt55fG+cpmsUvOFUpG+zmp33WtaI
-----END CERTIFICATE-----