Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/dQfs2Gn10yr-Tz3T-dDX9Zbh-Pk.roa
File:                     dQfs2Gn10yr-Tz3T-dDX9Zbh-Pk.roa (raw, json)
Hash identifier:          PcAQmI0VcMV8vk6cH3VnkZVx+XU3yjeoW0GvJ/Gwq6g=
Subject key identifier:   75:07:EC:D8:69:F5:D3:2A:FE:4F:3D:D3:F9:D0:D7:F5:96:E1:F8:F9
Certificate issuer:       /CN=dc4e453affe895b6452b84027437c5c00fd37067
Certificate serial:       018CC9BB0A9204621061D4FCFA75FEF2335E
Authority key identifier: DC:4E:45:3A:FF:E8:95:B6:45:2B:84:02:74:37:C5:C0:0F:D3:70:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/dQfs2Gn10yr-Tz3T-dDX9Zbh-Pk.roa
Signing time:             Tue 02 Jan 2024 10:32:07 +0000
ROA not before:           Tue 02 Jan 2024 10:32:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44451
IP address blocks:        93.92.8.0/21 maxlen: 21
                          94.247.48.0/21 maxlen: 21
                          37.46.16.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/3E5FOv_olbZFK4QCdDfFwA_TcGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/3E5FOv_olbZFK4QCdDfFwA_TcGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:0a:92:04:62:10:61:d4:fc:fa:75:fe:f2:33:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc4e453affe895b6452b84027437c5c00fd37067
        Validity
            Not Before: Jan  2 10:32:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7507ecd869f5d32afe4f3dd3f9d0d7f596e1f8f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:1b:bc:5e:83:54:f8:4c:d9:bd:44:6c:3a:2a:
                    51:c0:8d:40:ba:55:18:84:45:a5:4b:b0:4d:ee:77:
                    f0:28:f6:38:e7:28:c6:56:49:da:90:32:b7:b3:0e:
                    98:12:95:2e:d0:00:d6:63:2d:04:05:de:2f:7b:84:
                    46:2a:21:bc:39:77:cd:7e:ae:50:e3:11:06:e9:d8:
                    52:fd:f9:45:86:e4:c5:97:ec:3e:43:86:2b:27:e8:
                    d8:1a:21:68:99:fd:d2:d0:15:6e:e3:6f:3b:03:04:
                    05:ad:47:69:28:ac:cd:1a:03:0a:1d:8b:e5:d4:c1:
                    58:17:51:9c:8c:3b:41:e1:61:27:59:0e:a4:17:42:
                    d7:18:97:b1:83:5a:5e:69:89:e6:25:c6:a2:1c:1e:
                    1b:0b:5f:3f:5c:29:4d:e8:7f:1e:6a:bc:cb:93:b7:
                    93:d0:0b:8f:1d:c9:c9:06:2d:27:4c:02:83:2a:e0:
                    a6:c9:57:57:cd:ad:39:fd:ca:b6:90:c2:ca:ac:53:
                    e9:17:e9:8b:53:38:a6:9c:3e:6b:02:9d:19:f9:3d:
                    b7:4e:ad:0b:08:1e:77:f7:39:1d:49:37:be:19:1e:
                    3d:21:28:85:e3:d5:2f:38:d3:4d:e8:2c:7a:7a:5f:
                    02:4b:c3:40:f1:81:ac:c2:6b:13:15:f4:04:ba:21:
                    59:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:07:EC:D8:69:F5:D3:2A:FE:4F:3D:D3:F9:D0:D7:F5:96:E1:F8:F9
            X509v3 Authority Key Identifier:
                keyid:DC:4E:45:3A:FF:E8:95:B6:45:2B:84:02:74:37:C5:C0:0F:D3:70:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/dQfs2Gn10yr-Tz3T-dDX9Zbh-Pk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/3E5FOv_olbZFK4QCdDfFwA_TcGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.46.16.0/21
                  93.92.8.0/21
                  94.247.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         29:bb:c9:e9:19:4c:49:11:ef:60:9d:80:04:40:65:7e:c2:a1:
         d1:b0:ae:64:76:b6:0a:6f:72:e1:b7:b2:8f:4b:a1:1c:88:c9:
         8c:52:eb:ba:b8:c9:65:42:f8:af:2e:a7:62:7b:d9:22:15:83:
         58:24:99:96:a5:b4:03:83:0e:79:f0:56:2f:4e:9b:d2:6c:aa:
         6e:de:66:90:c1:e3:ca:29:b7:de:4b:d4:a4:71:22:f0:40:73:
         26:61:45:28:31:eb:82:e0:77:bc:a5:9e:8a:c7:a4:1e:73:1a:
         4c:ff:3a:7c:44:ec:bb:ce:d6:65:a2:f9:40:ca:fe:c2:17:19:
         49:3f:71:2e:bd:fe:bd:75:f5:04:f2:17:ec:86:c1:a3:56:77:
         cb:c2:c2:34:e7:a7:cf:23:37:e7:f2:d5:00:aa:af:ab:13:82:
         b2:4f:b2:e1:97:59:7e:57:59:a7:03:cd:74:c8:34:1f:62:26:
         f1:bf:72:cf:24:62:48:02:92:28:4c:e6:19:1b:bf:d2:ff:e8:
         fc:ba:8b:cf:2a:73:e9:11:29:1d:83:92:40:96:16:dc:10:4f:
         66:a0:e0:d9:60:d6:4d:60:6f:89:b5:2e:fd:90:9a:6d:60:30:
         f3:2e:62:57:9e:10:f9:eb:71:d6:0c:70:44:dd:91:e8:ee:d7:
         05:59:32:fd
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJuwqSBGIQYdT8+nX+8jNeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNGU0NTNhZmZlODk1YjY0NTJiODQwMjc0MzdjNWMwMGZk
MzcwNjcwHhcNMjQwMTAyMTAzMjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTA3ZWNkODY5ZjVkMzJhZmU0ZjNkZDNmOWQwZDdmNTk2ZTFmOGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxxu8XoNU+EzZvURsOipRwI1AulUY
hEWlS7BN7nfwKPY45yjGVknakDK3sw6YEpUu0ADWYy0EBd4ve4RGKiG8OXfNfq5Q
4xEG6dhS/flFhuTFl+w+Q4YrJ+jYGiFomf3S0BVu4287AwQFrUdpKKzNGgMKHYvl
1MFYF1GcjDtB4WEnWQ6kF0LXGJexg1peaYnmJcaiHB4bC18/XClN6H8earzLk7eT
0AuPHcnJBi0nTAKDKuCmyVdXza05/cq2kMLKrFPpF+mLUzimnD5rAp0Z+T23Tq0L
CB539zkdSTe+GR49ISiF49UvONNN6Cx6el8CS8NA8YGswmsTFfQEuiFZNQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHUH7Nhp9dMq/k890/nQ1/WW4fj5MB8GA1UdIwQY
MBaAFNxORTr/6JW2RSuEAnQ3xcAP03BnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0U1Rk92X29sYlpGSzRRQ2REZkZ3QV9UY0djLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS81OGU2NTUtZTcxMy00NWQyLTk1OGEt
MTgyMjg2N2UxNTk2LzEvZFFmczJHbjEweXItVHozVC1kRFg5WmJoLVBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS81OGU2NTUtZTcxMy00NWQyLTk1OGEtMTgyMjg2N2UxNTk2
LzEvM0U1Rk92X29sYlpGSzRRQ2REZkZ3QV9UY0djLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDJS4QAwQD
XVwIAwQDXvcwMA0GCSqGSIb3DQEBCwUAA4IBAQApu8npGUxJEe9gnYAEQGV+wqHR
sK5kdrYKb3Lht7KPS6EciMmMUuu6uMllQvivLqdie9kiFYNYJJmWpbQDgw558FYv
TpvSbKpu3maQwePKKbfeS9SkcSLwQHMmYUUoMeuC4He8pZ6Kx6QecxpM/zp8ROy7
ztZlovlAyv7CFxlJP3Euvf69dfUE8hfshsGjVnfLwsI056fPIzfn8tUAqq+rE4Ky
T7Lhl1l+V1mnA810yDQfYibxv3LPJGJIApIoTOYZG7/S/+j8uovPKnPpESkdg5JA
lhbcEE9moODZYNZNYG+JtS79kJptYDDzLmJXnhD563HWDHBE3ZHo7tcFWTL9
-----END CERTIFICATE-----