Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/8694b9-01d7-48b8-a882-94e700bd55f5/1/s18fnWCh1fUB3t9eKjf2NmyLUSc.roa
File:                     s18fnWCh1fUB3t9eKjf2NmyLUSc.roa (raw, json)
Hash identifier:          zj21FkoJFJrq03zRGLJ05KT4Ub78BnBn3Ji77mYpdtk=
Subject key identifier:   B3:5F:1F:9D:60:A1:D5:F5:01:DE:DF:5E:2A:37:F6:36:6C:8B:51:27
Certificate issuer:       /CN=913380e8b850454db381dddeb9ac2cc8a2f62531
Certificate serial:       018F7B733DBAA0027F47A11B22D774D7BD51
Authority key identifier: 91:33:80:E8:B8:50:45:4D:B3:81:DD:DE:B9:AC:2C:C8:A2:F6:25:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kTOA6LhQRU2zgd3euawsyKL2JTE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/8694b9-01d7-48b8-a882-94e700bd55f5/1/s18fnWCh1fUB3t9eKjf2NmyLUSc.roa
Signing time:             Wed 15 May 2024 08:51:41 +0000
ROA not before:           Wed 15 May 2024 08:51:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201299
IP address blocks:        185.26.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/8694b9-01d7-48b8-a882-94e700bd55f5/1/kTOA6LhQRU2zgd3euawsyKL2JTE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/8694b9-01d7-48b8-a882-94e700bd55f5/1/kTOA6LhQRU2zgd3euawsyKL2JTE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kTOA6LhQRU2zgd3euawsyKL2JTE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7b:73:3d:ba:a0:02:7f:47:a1:1b:22:d7:74:d7:bd:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=913380e8b850454db381dddeb9ac2cc8a2f62531
        Validity
            Not Before: May 15 08:51:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b35f1f9d60a1d5f501dedf5e2a37f6366c8b5127
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:4f:92:c0:9a:ef:ea:cc:e6:1d:76:f8:56:07:
                    df:cb:33:77:7e:77:8e:8c:85:e3:78:94:22:7d:31:
                    d3:c1:71:3b:b6:cb:25:bc:46:ab:0b:23:a5:23:d1:
                    6c:ee:7a:b8:1e:8f:9a:9e:29:e3:8f:6e:21:b1:28:
                    41:4f:08:35:31:28:41:07:e0:f8:3a:72:00:b5:bb:
                    8e:3b:c1:23:e1:c5:0b:9f:8a:09:e7:b4:08:bd:19:
                    33:72:7b:5e:7f:23:ea:1e:32:5c:29:81:85:98:fa:
                    45:47:d7:f6:b0:74:7c:e7:54:72:42:fa:ff:e9:b1:
                    5d:85:52:78:e1:f3:d8:40:fe:1f:93:01:d8:f1:f2:
                    02:ae:e8:ed:89:2a:ab:01:1d:93:fb:65:67:b6:80:
                    60:de:1f:cb:ea:fe:fe:f7:eb:69:ae:69:54:39:79:
                    81:3b:e6:e6:c0:7e:59:28:95:be:08:bc:67:ba:4f:
                    8b:73:db:e0:f3:d8:c3:15:69:d7:43:df:5f:22:a3:
                    9c:a0:a8:2b:ea:24:6d:77:19:b9:be:2e:f1:63:be:
                    fa:b1:97:08:60:f1:e6:29:4a:f2:3d:77:2a:0e:e9:
                    5c:c1:0c:0a:1b:d2:a1:c0:40:06:50:2e:1e:16:1b:
                    7e:bc:11:e4:3e:83:80:e4:48:72:1a:60:b6:bd:4a:
                    b6:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:5F:1F:9D:60:A1:D5:F5:01:DE:DF:5E:2A:37:F6:36:6C:8B:51:27
            X509v3 Authority Key Identifier:
                keyid:91:33:80:E8:B8:50:45:4D:B3:81:DD:DE:B9:AC:2C:C8:A2:F6:25:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kTOA6LhQRU2zgd3euawsyKL2JTE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/8694b9-01d7-48b8-a882-94e700bd55f5/1/s18fnWCh1fUB3t9eKjf2NmyLUSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/8694b9-01d7-48b8-a882-94e700bd55f5/1/kTOA6LhQRU2zgd3euawsyKL2JTE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.26.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:17:3b:a3:43:67:82:96:2f:f1:08:63:10:35:37:93:98:1a:
         98:6d:02:98:91:48:38:3f:ca:4b:a2:85:b3:95:b8:50:cb:ab:
         5a:cc:4a:4f:b1:54:fe:f4:29:b2:eb:20:c4:eb:d7:09:49:28:
         cb:fb:d4:2a:72:1b:aa:e9:12:8f:8b:03:58:90:19:c7:aa:09:
         91:94:24:c7:a9:18:d4:0c:bb:81:94:c1:7c:0c:1b:81:32:ce:
         64:a6:cf:20:4e:81:c0:74:52:46:24:2b:c7:a9:41:a0:21:44:
         39:de:dc:93:8c:5c:8c:8e:5a:45:75:7c:11:00:6b:ed:d1:c7:
         5d:8c:09:6d:cf:cd:2b:9a:6a:cd:7d:38:ea:38:b1:1f:45:cb:
         b7:b0:c2:84:1a:37:ac:34:39:69:fc:17:38:e4:2b:80:38:6c:
         80:15:b9:07:55:37:95:f3:13:6f:fe:4a:a1:0c:b8:8e:72:bf:
         f8:0f:78:90:38:2f:8f:00:45:f2:82:99:e6:8d:61:4c:18:5f:
         51:75:49:aa:1f:e4:2b:67:4a:cb:8d:b1:98:7d:55:ae:1d:d3:
         14:80:31:0a:3f:25:9f:28:27:dc:f3:82:08:8b:26:f1:cb:b9:
         47:b3:65:4c:07:2b:00:be:0f:fc:e6:f7:16:92:a0:40:7c:3b:
         35:c0:e4:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY97cz26oAJ/R6EbItd0171RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxMzM4MGU4Yjg1MDQ1NGRiMzgxZGRkZWI5YWMyY2M4YTJm
NjI1MzEwHhcNMjQwNTE1MDg1MTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzVmMWY5ZDYwYTFkNWY1MDFkZWRmNWUyYTM3ZjYzNjZjOGI1MTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzk+SwJrv6szmHXb4VgffyzN3fneO
jIXjeJQifTHTwXE7tsslvEarCyOlI9Fs7nq4Ho+aninjj24hsShBTwg1MShBB+D4
OnIAtbuOO8Ej4cULn4oJ57QIvRkzcntefyPqHjJcKYGFmPpFR9f2sHR851RyQvr/
6bFdhVJ44fPYQP4fkwHY8fICrujtiSqrAR2T+2VntoBg3h/L6v7+9+tprmlUOXmB
O+bmwH5ZKJW+CLxnuk+Lc9vg89jDFWnXQ99fIqOcoKgr6iRtdxm5vi7xY776sZcI
YPHmKUryPXcqDulcwQwKG9KhwEAGUC4eFht+vBHkPoOA5EhyGmC2vUq2fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLNfH51godX1Ad7fXio39jZsi1EnMB8GA1UdIwQY
MBaAFJEzgOi4UEVNs4Hd3rmsLMii9iUxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1RPQTZMaFFSVTJ6Z2QzZXVhd3N5S0wySlRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi84Njk0YjktMDFkNy00OGI4LWE4ODIt
OTRlNzAwYmQ1NWY1LzEvczE4Zm5XQ2gxZlVCM3Q5ZUtqZjJObXlMVVNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi84Njk0YjktMDFkNy00OGI4LWE4ODItOTRlNzAwYmQ1NWY1
LzEva1RPQTZMaFFSVTJ6Z2QzZXVhd3N5S0wySlRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRpXMA0G
CSqGSIb3DQEBCwUAA4IBAQAcFzujQ2eCli/xCGMQNTeTmBqYbQKYkUg4P8pLooWz
lbhQy6tazEpPsVT+9Cmy6yDE69cJSSjL+9Qqchuq6RKPiwNYkBnHqgmRlCTHqRjU
DLuBlMF8DBuBMs5kps8gToHAdFJGJCvHqUGgIUQ53tyTjFyMjlpFdXwRAGvt0cdd
jAltz80rmmrNfTjqOLEfRcu3sMKEGjesNDlp/Bc45CuAOGyAFbkHVTeV8xNv/kqh
DLiOcr/4D3iQOC+PAEXygpnmjWFMGF9RdUmqH+QrZ0rLjbGYfVWuHdMUgDEKPyWf
KCfc84IIiybxy7lHs2VMBysAvg/85vcWkqBAfDs1wOQY
-----END CERTIFICATE-----