Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/fjs19QoS-uzqhDobw13B7t7ow1I.roa
File:                     fjs19QoS-uzqhDobw13B7t7ow1I.roa (raw, json)
Hash identifier:          QPcGf8j6gG1EDeVjXuFPoP/D6ABra9KnGtNcLuv0Eq8=
Subject key identifier:   7E:3B:35:F5:0A:12:FA:EC:EA:84:3A:1B:C3:5D:C1:EE:DE:E8:C3:52
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       018EA9AF2F02571CBBD7C030D9F947673DBB
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/fjs19QoS-uzqhDobw13B7t7ow1I.roa
Signing time:             Thu 04 Apr 2024 15:16:54 +0000
ROA not before:           Thu 04 Apr 2024 15:16:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1199
IP address blocks:        145.111.0.0/16 maxlen: 16
                          145.152.0.0/13 maxlen: 13
                          2001:610:5ea::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a9:af:2f:02:57:1c:bb:d7:c0:30:d9:f9:47:67:3d:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Apr  4 15:16:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e3b35f50a12faecea843a1bc35dc1eedee8c352
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:50:3c:e5:62:ba:c9:f9:da:f3:4b:0b:07:4c:
                    3c:1f:7e:17:24:cc:cb:19:5b:9a:06:1f:67:d4:a2:
                    28:c9:a4:4d:89:9d:ad:cf:37:84:e2:20:4d:91:2a:
                    2b:7e:be:e5:da:4f:3a:ff:e2:80:80:41:39:2b:ab:
                    96:c1:fc:47:1f:02:23:00:ab:93:cd:fb:a7:ac:9b:
                    df:15:04:5c:54:1f:ca:b5:33:77:74:a1:07:7d:7a:
                    f3:2a:33:41:43:e1:73:6c:eb:77:46:b2:17:36:08:
                    23:6e:09:24:ff:e4:d3:7a:f7:ff:ad:e3:63:7c:62:
                    3f:f5:54:df:b1:df:c6:c7:a4:f4:f6:17:e2:e6:ae:
                    1d:2f:4a:df:44:80:62:70:0b:a9:29:30:be:7e:f0:
                    cc:0b:2d:dd:09:e8:f9:e9:c1:ab:ff:a0:bf:9d:d2:
                    39:8a:ab:06:89:17:99:a5:53:58:d9:30:39:dd:2b:
                    5c:ef:de:b8:a0:04:26:04:88:39:74:da:26:f9:13:
                    7d:35:df:36:c2:f3:a2:9d:f1:cc:6b:f3:84:64:a1:
                    38:5c:8c:33:44:26:0a:cc:8f:56:0c:64:bd:7d:8c:
                    4c:87:7c:76:cc:05:7c:35:4b:8e:69:c2:cd:ea:11:
                    b2:a8:c1:09:44:e5:32:dd:0b:de:24:40:7f:2a:02:
                    00:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:3B:35:F5:0A:12:FA:EC:EA:84:3A:1B:C3:5D:C1:EE:DE:E8:C3:52
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/fjs19QoS-uzqhDobw13B7t7ow1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.111.0.0/16
                  145.152.0.0/13
                IPv6:
                  2001:610:5ea::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:0e:dc:ee:2d:76:9e:8d:a8:c0:1a:cc:27:d1:e2:55:b2:df:
         81:9b:67:68:cc:d1:68:04:62:8e:d1:c2:69:e3:c9:af:1d:94:
         d2:2d:57:62:a0:a0:db:34:e2:b6:ff:1c:71:01:54:ff:91:33:
         2c:83:fe:4a:fb:a9:57:38:de:1a:59:c2:cd:c2:c4:0c:ed:2f:
         62:79:6c:8c:56:bc:6f:ed:1d:72:35:03:16:a7:54:d9:2e:db:
         59:6e:43:26:ad:66:92:3f:b8:99:1e:bb:c8:09:b6:34:a0:ab:
         03:19:3b:25:ab:61:4e:79:b0:ff:5a:7c:99:2b:36:77:ea:20:
         2f:e5:0b:db:c6:05:bf:b9:14:4c:d6:43:05:13:0b:7e:53:f4:
         a4:17:cc:b6:94:a2:ad:c7:43:72:61:9a:e4:eb:c4:d2:64:f8:
         fc:21:44:9e:0b:1f:5a:f8:aa:77:77:0c:d1:0d:07:5e:ff:fd:
         92:be:93:b4:d6:e2:da:d7:f4:0b:84:53:c2:2e:1a:33:e5:f2:
         21:94:ae:82:bb:68:c2:63:0b:c7:8d:e8:f9:fd:70:23:7d:d5:
         5a:70:f4:8a:2a:bd:9f:91:b3:c3:a1:3a:36:1e:56:61:53:64:
         3e:c6:56:21:75:05:66:91:70:d4:d1:cf:29:7f:5c:24:89:33:
         40:34:93:35
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY6pry8CVxy718Aw2flHZz27MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjQwNDA0MTUxNjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTNiMzVmNTBhMTJmYWVjZWE4NDNhMWJjMzVkYzFlZWRlZThjMzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFA85WK6yfna80sLB0w8H34XJMzL
GVuaBh9n1KIoyaRNiZ2tzzeE4iBNkSorfr7l2k86/+KAgEE5K6uWwfxHHwIjAKuT
zfunrJvfFQRcVB/KtTN3dKEHfXrzKjNBQ+FzbOt3RrIXNggjbgkk/+TTevf/reNj
fGI/9VTfsd/Gx6T09hfi5q4dL0rfRIBicAupKTC+fvDMCy3dCej56cGr/6C/ndI5
iqsGiReZpVNY2TA53Stc7964oAQmBIg5dNom+RN9Nd82wvOinfHMa/OEZKE4XIwz
RCYKzI9WDGS9fYxMh3x2zAV8NUuOacLN6hGyqMEJROUy3QveJEB/KgIAoQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFH47NfUKEvrs6oQ6G8Ndwe7e6MNSMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvZmpzMTlRb1MtdXpxaERvYncxM0I3dDdvdzFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAQBAIAATAKAwMAkW8DAwOR
mDAPBAIAAjAJAwcAIAEGEAXqMA0GCSqGSIb3DQEBCwUAA4IBAQBiDtzuLXaejajA
Gswn0eJVst+Bm2dozNFoBGKO0cJp48mvHZTSLVdioKDbNOK2/xxxAVT/kTMsg/5K
+6lXON4aWcLNwsQM7S9ieWyMVrxv7R1yNQMWp1TZLttZbkMmrWaSP7iZHrvICbY0
oKsDGTslq2FOebD/WnyZKzZ36iAv5QvbxgW/uRRM1kMFEwt+U/SkF8y2lKKtx0Ny
YZrk68TSZPj8IUSeCx9a+Kp3dwzRDQde//2SvpO01uLa1/QLhFPCLhoz5fIhlK6C
u2jCYwvHjej5/XAjfdVacPSKKr2fkbPDoTo2HlZhU2Q+xlYhdQVmkXDU0c8pf1wk
iTNANJM1
-----END CERTIFICATE-----