Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/b4c74a-e3b2-4e09-867c-f9967c3ad3e4/1/R18NffYwWqRzOtej2ch1H8lZ5LM.roa
File:                     R18NffYwWqRzOtej2ch1H8lZ5LM.roa (raw, json)
Hash identifier:          TaPII4XTEUii23CyMbidQ1VnIAtkRffLpTPrpJeW0vo=
Subject key identifier:   47:5F:0D:7D:F6:30:5A:A4:73:3A:D7:A3:D9:C8:75:1F:C9:59:E4:B3
Certificate issuer:       /CN=5643415c22e141972c0d7e76c24e88b22427b024
Certificate serial:       018D4574B010063EAF9C834234331A3C80C1
Authority key identifier: 56:43:41:5C:22:E1:41:97:2C:0D:7E:76:C2:4E:88:B2:24:27:B0:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VkNBXCLhQZcsDX52wk6IsiQnsCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/b4c74a-e3b2-4e09-867c-f9967c3ad3e4/1/R18NffYwWqRzOtej2ch1H8lZ5LM.roa
Signing time:             Fri 26 Jan 2024 11:08:11 +0000
ROA not before:           Fri 26 Jan 2024 11:08:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        185.28.52.0/22 maxlen: 24
                          195.96.192.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/b4c74a-e3b2-4e09-867c-f9967c3ad3e4/1/VkNBXCLhQZcsDX52wk6IsiQnsCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/b4c74a-e3b2-4e09-867c-f9967c3ad3e4/1/VkNBXCLhQZcsDX52wk6IsiQnsCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VkNBXCLhQZcsDX52wk6IsiQnsCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:45:74:b0:10:06:3e:af:9c:83:42:34:33:1a:3c:80:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5643415c22e141972c0d7e76c24e88b22427b024
        Validity
            Not Before: Jan 26 11:08:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=475f0d7df6305aa4733ad7a3d9c8751fc959e4b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:cb:11:db:74:11:32:34:22:d2:4a:51:e1:e7:
                    ed:58:a2:b9:d9:d7:06:70:31:b8:71:99:d6:a6:b7:
                    3c:0e:2a:a4:d0:4b:26:9c:cd:16:30:33:50:f9:ab:
                    16:f6:30:88:02:0f:64:64:57:51:9f:fd:89:88:61:
                    d0:a6:7f:b8:52:3e:cb:e1:11:7a:f4:a8:5e:84:03:
                    b5:92:ff:d1:fd:d4:e8:10:4e:eb:0d:46:a4:88:4a:
                    31:bc:be:35:98:26:34:8c:c1:c0:aa:c6:33:04:b1:
                    7a:e3:67:7d:c5:cd:d4:6b:42:28:9e:b1:10:19:6f:
                    29:52:bb:ed:6f:e1:9f:74:ec:7b:1b:33:e3:d3:fd:
                    1c:ae:b3:99:f6:68:45:e4:01:73:2e:06:f8:52:56:
                    41:17:03:9f:96:d3:5d:a4:37:17:4d:07:f3:a0:5e:
                    ae:63:c7:fa:d1:76:af:87:ab:ee:bf:02:c4:f9:75:
                    16:72:6b:f5:5a:c8:4d:e2:ab:56:1d:e8:7c:9e:73:
                    21:5c:d6:51:d7:b7:30:fa:45:8f:86:61:a9:57:34:
                    43:fe:32:3a:b3:ab:42:c4:19:32:b5:a9:57:98:68:
                    cb:68:d1:b8:30:d0:a1:e7:42:ee:fe:04:32:66:19:
                    18:65:4d:ff:60:68:23:03:a8:21:1e:17:2b:ce:f6:
                    f4:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:5F:0D:7D:F6:30:5A:A4:73:3A:D7:A3:D9:C8:75:1F:C9:59:E4:B3
            X509v3 Authority Key Identifier:
                keyid:56:43:41:5C:22:E1:41:97:2C:0D:7E:76:C2:4E:88:B2:24:27:B0:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VkNBXCLhQZcsDX52wk6IsiQnsCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/b4c74a-e3b2-4e09-867c-f9967c3ad3e4/1/R18NffYwWqRzOtej2ch1H8lZ5LM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/b4c74a-e3b2-4e09-867c-f9967c3ad3e4/1/VkNBXCLhQZcsDX52wk6IsiQnsCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.28.52.0/22
                  195.96.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2f:46:3a:c0:b4:3a:b4:f4:4b:31:8d:79:c2:04:1c:88:2b:b4:
         e9:fa:23:49:cf:4a:1b:9b:cf:45:2c:c2:d7:43:70:c6:f5:37:
         f6:5e:00:21:b3:ba:09:c8:98:a3:be:df:c2:b9:af:e1:d3:5b:
         17:fe:33:e7:2b:16:c1:fe:eb:a3:d6:5b:ee:cb:f3:80:00:20:
         62:1f:65:d5:fd:49:60:dc:3c:a3:ef:95:92:57:69:f0:bb:a7:
         3a:3a:6b:4c:4e:4e:6f:6e:32:cc:c5:37:9f:ae:7e:16:bc:a3:
         40:27:43:7c:d8:9f:16:7d:09:d1:4d:f2:89:ce:f3:87:2f:03:
         20:cd:01:45:62:83:c9:c0:3f:bb:74:b2:f5:0b:cc:ef:30:74:
         f5:29:66:84:5f:f9:b0:a0:fe:e4:5d:ea:54:c8:67:23:e2:dd:
         9b:d4:05:53:7f:4b:4d:66:39:77:54:fc:f2:31:6c:44:69:c6:
         74:e9:ce:1b:e5:9f:1c:d7:d5:1c:1f:95:7f:c7:49:7e:8e:44:
         f5:2f:39:c7:fa:f9:b1:dd:8c:ee:94:9a:c8:ed:0b:24:15:dd:
         c2:61:88:f6:88:64:5f:f0:b8:c9:b2:3f:e5:09:81:d8:73:2d:
         3a:46:ae:70:5a:ae:1f:7d:57:6c:1f:f2:3c:67:00:fd:be:ee:
         0f:3d:21:97
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1FdLAQBj6vnINCNDMaPIDBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NDM0MTVjMjJlMTQxOTcyYzBkN2U3NmMyNGU4OGIyMjQy
N2IwMjQwHhcNMjQwMTI2MTEwODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzVmMGQ3ZGY2MzA1YWE0NzMzYWQ3YTNkOWM4NzUxZmM5NTllNGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkMsR23QRMjQi0kpR4eftWKK52dcG
cDG4cZnWprc8Diqk0EsmnM0WMDNQ+asW9jCIAg9kZFdRn/2JiGHQpn+4Uj7L4RF6
9KhehAO1kv/R/dToEE7rDUakiEoxvL41mCY0jMHAqsYzBLF642d9xc3Ua0IonrEQ
GW8pUrvtb+GfdOx7GzPj0/0crrOZ9mhF5AFzLgb4UlZBFwOfltNdpDcXTQfzoF6u
Y8f60Xavh6vuvwLE+XUWcmv1WshN4qtWHeh8nnMhXNZR17cw+kWPhmGpVzRD/jI6
s6tCxBkytalXmGjLaNG4MNCh50Lu/gQyZhkYZU3/YGgjA6ghHhcrzvb0fQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEdfDX32MFqkczrXo9nIdR/JWeSzMB8GA1UdIwQY
MBaAFFZDQVwi4UGXLA1+dsJOiLIkJ7AkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmtOQlhDTGhRWmNzRFg1MndrNklzaVFuc0NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9iNGM3NGEtZTNiMi00ZTA5LTg2N2Mt
Zjk5NjdjM2FkM2U0LzEvUjE4TmZmWXdXcVJ6T3RlajJjaDFIOGxaNUxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9iNGM3NGEtZTNiMi00ZTA5LTg2N2MtZjk5NjdjM2FkM2U0
LzEvVmtOQlhDTGhRWmNzRFg1MndrNklzaVFuc0NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuRw0AwQF
w2DAMA0GCSqGSIb3DQEBCwUAA4IBAQAvRjrAtDq09EsxjXnCBByIK7Tp+iNJz0ob
m89FLMLXQ3DG9Tf2XgAhs7oJyJijvt/Cua/h01sX/jPnKxbB/uuj1lvuy/OAACBi
H2XV/Ulg3Dyj75WSV2nwu6c6OmtMTk5vbjLMxTefrn4WvKNAJ0N82J8WfQnRTfKJ
zvOHLwMgzQFFYoPJwD+7dLL1C8zvMHT1KWaEX/mwoP7kXepUyGcj4t2b1AVTf0tN
Zjl3VPzyMWxEacZ06c4b5Z8c19UcH5V/x0l+jkT1LznH+vmx3YzulJrI7QskFd3C
YYj2iGRf8LjJsj/lCYHYcy06Rq5wWq4ffVdsH/I8ZwD9vu4PPSGX
-----END CERTIFICATE-----