Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/25602f-5fd8-47e8-8b50-427116c8588d/1/FsbyRZ_usL2ewynpXMPjwoJNTCQ.roa
File:                     FsbyRZ_usL2ewynpXMPjwoJNTCQ.roa (raw, json)
Hash identifier:          BytzhVoQQFno61aV8oa4az/qq6RH/xa/L37Nr8UaRjw=
Subject key identifier:   16:C6:F2:45:9F:EE:B0:BD:9E:C3:29:E9:5C:C3:E3:C2:82:4D:4C:24
Certificate issuer:       /CN=83cb09141daebb3202d879a56031ee2fc30cd312
Certificate serial:       018CC9BBEE6829883CF1F598DBC4D850C944
Authority key identifier: 83:CB:09:14:1D:AE:BB:32:02:D8:79:A5:60:31:EE:2F:C3:0C:D3:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g8sJFB2uuzIC2HmlYDHuL8MM0xI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/25602f-5fd8-47e8-8b50-427116c8588d/1/FsbyRZ_usL2ewynpXMPjwoJNTCQ.roa
Signing time:             Tue 02 Jan 2024 10:33:05 +0000
ROA not before:           Tue 02 Jan 2024 10:33:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208122
IP address blocks:        2001:67c:2d4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/25602f-5fd8-47e8-8b50-427116c8588d/1/g8sJFB2uuzIC2HmlYDHuL8MM0xI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/25602f-5fd8-47e8-8b50-427116c8588d/1/g8sJFB2uuzIC2HmlYDHuL8MM0xI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g8sJFB2uuzIC2HmlYDHuL8MM0xI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:ee:68:29:88:3c:f1:f5:98:db:c4:d8:50:c9:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83cb09141daebb3202d879a56031ee2fc30cd312
        Validity
            Not Before: Jan  2 10:33:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16c6f2459feeb0bd9ec329e95cc3e3c2824d4c24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:40:2c:df:6d:fc:21:5d:12:0f:b1:25:21:0c:
                    58:bf:b6:bd:f6:ec:c9:ad:06:82:79:14:ae:16:7a:
                    18:12:8d:1a:fa:1b:46:45:b9:8f:b1:cc:08:f3:68:
                    03:4d:98:81:58:5b:fa:ee:cb:6a:84:82:4a:f1:a0:
                    12:2f:98:68:57:07:64:4c:32:78:aa:2e:56:c2:37:
                    16:77:85:7a:c8:e4:06:fb:57:cd:00:26:d7:de:a1:
                    65:3c:33:83:18:da:31:a8:52:fd:66:35:f8:d8:0b:
                    76:fb:26:82:78:fb:08:4c:3e:6e:96:1c:85:17:ca:
                    76:a7:78:72:50:53:49:57:b1:66:4d:07:b3:6a:df:
                    1b:d0:01:aa:1a:fd:04:da:ae:19:ce:c2:19:c5:ff:
                    fb:f3:c3:e9:b2:a6:28:68:e0:0c:d1:36:c4:db:d9:
                    ac:25:31:c2:be:34:b8:19:3b:5f:26:1c:97:bd:41:
                    1c:3d:5c:49:eb:29:01:de:60:d3:47:8b:14:ae:d9:
                    8e:d6:73:31:8c:cd:56:51:ad:ea:ac:ec:7e:93:16:
                    c3:68:d5:38:e2:0b:c2:e6:ec:c9:ed:3f:07:36:e9:
                    7b:fe:65:40:8f:24:20:de:d8:d9:e1:06:8b:c0:61:
                    ef:d1:98:cb:b8:04:c0:1f:c1:19:8f:52:b9:7b:00:
                    b6:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:C6:F2:45:9F:EE:B0:BD:9E:C3:29:E9:5C:C3:E3:C2:82:4D:4C:24
            X509v3 Authority Key Identifier:
                keyid:83:CB:09:14:1D:AE:BB:32:02:D8:79:A5:60:31:EE:2F:C3:0C:D3:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g8sJFB2uuzIC2HmlYDHuL8MM0xI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/25602f-5fd8-47e8-8b50-427116c8588d/1/FsbyRZ_usL2ewynpXMPjwoJNTCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/25602f-5fd8-47e8-8b50-427116c8588d/1/g8sJFB2uuzIC2HmlYDHuL8MM0xI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2d4::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:8e:9f:b1:be:c6:3a:ad:70:f5:2d:a4:45:77:90:33:dd:1f:
         c5:7a:fa:42:c1:a0:68:07:35:27:e7:b0:d6:e2:f5:5f:08:8d:
         86:40:ad:95:27:5f:1b:79:6a:54:77:48:b1:1d:f8:71:a9:2b:
         5c:a5:05:68:72:ba:1e:53:b3:d6:f9:be:2d:3b:27:00:bf:7f:
         5a:69:6d:dd:37:af:a6:76:49:3c:50:57:67:f2:22:97:f4:80:
         c4:3d:bd:03:0b:37:3c:73:87:4c:99:a9:67:99:f5:ec:07:39:
         7b:4c:91:ef:44:a8:c6:ba:ea:db:50:04:c7:cf:a8:8e:cc:bb:
         02:d0:cd:5e:1e:10:b4:14:ea:d3:5a:21:3a:62:59:28:ea:0a:
         18:20:c5:ea:dd:32:ac:db:3a:90:61:ad:d9:ea:d9:33:b3:48:
         3c:8a:7d:35:dd:c8:b3:e1:23:33:58:60:30:5b:cf:d9:4e:ef:
         46:e2:a2:5b:69:b2:4e:a1:ac:9d:fa:74:e3:18:a6:64:f3:63:
         37:44:45:d2:28:59:c7:08:8c:0e:26:23:29:c3:40:12:2c:f5:
         af:3e:1a:2a:c1:05:f5:13:8d:ca:11:b7:a2:f8:eb:86:dd:ee:
         bc:e0:92:12:49:6a:76:c8:08:2c:a7:d6:3f:c5:b8:4c:a8:5d:
         14:20:67:20
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJu+5oKYg88fWY28TYUMlEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzY2IwOTE0MWRhZWJiMzIwMmQ4NzlhNTYwMzFlZTJmYzMw
Y2QzMTIwHhcNMjQwMTAyMTAzMzA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmM2ZjI0NTlmZWViMGJkOWVjMzI5ZTk1Y2MzZTNjMjgyNGQ0YzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0As3238IV0SD7ElIQxYv7a99uzJ
rQaCeRSuFnoYEo0a+htGRbmPscwI82gDTZiBWFv67stqhIJK8aASL5hoVwdkTDJ4
qi5WwjcWd4V6yOQG+1fNACbX3qFlPDODGNoxqFL9ZjX42At2+yaCePsITD5ulhyF
F8p2p3hyUFNJV7FmTQezat8b0AGqGv0E2q4ZzsIZxf/788PpsqYoaOAM0TbE29ms
JTHCvjS4GTtfJhyXvUEcPVxJ6ykB3mDTR4sUrtmO1nMxjM1WUa3qrOx+kxbDaNU4
4gvC5uzJ7T8HNul7/mVAjyQg3tjZ4QaLwGHv0ZjLuATAH8EZj1K5ewC2PQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBbG8kWf7rC9nsMp6VzD48KCTUwkMB8GA1UdIwQY
MBaAFIPLCRQdrrsyAth5pWAx7i/DDNMSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzhzSkZCMnV1eklDMkhtbFlESHVMOE1NMHhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS8yNTYwMmYtNWZkOC00N2U4LThiNTAt
NDI3MTE2Yzg1ODhkLzEvRnNieVJaX3VzTDJld3lucFhNUGp3b0pOVENRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS8yNTYwMmYtNWZkOC00N2U4LThiNTAtNDI3MTE2Yzg1ODhk
LzEvZzhzSkZCMnV1eklDMkhtbFlESHVMOE1NMHhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfALU
MA0GCSqGSIb3DQEBCwUAA4IBAQAJjp+xvsY6rXD1LaRFd5Az3R/FevpCwaBoBzUn
57DW4vVfCI2GQK2VJ18beWpUd0ixHfhxqStcpQVocroeU7PW+b4tOycAv39aaW3d
N6+mdkk8UFdn8iKX9IDEPb0DCzc8c4dMmalnmfXsBzl7TJHvRKjGuurbUATHz6iO
zLsC0M1eHhC0FOrTWiE6Ylko6goYIMXq3TKs2zqQYa3Z6tkzs0g8in013ciz4SMz
WGAwW8/ZTu9G4qJbabJOoayd+nTjGKZk82M3REXSKFnHCIwOJiMpw0ASLPWvPhoq
wQX1E43KEbei+OuG3e684JISSWp2yAgsp9Y/xbhMqF0UIGcg
-----END CERTIFICATE-----