Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/FkxnnMJgeL05H-9TBSOsWkmhG98.roa
File:                     FkxnnMJgeL05H-9TBSOsWkmhG98.roa (raw, json)
Hash identifier:          hrzUTKolE/C3mwm71OQVLPpW3GBgF4JFlQ9r0xGnKZ4=
Subject key identifier:   16:4C:67:9C:C2:60:78:BD:39:1F:EF:53:05:23:AC:5A:49:A1:1B:DF
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       018CC5011B6DD758D1B4C46C602B6FD4B2DE
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/FkxnnMJgeL05H-9TBSOsWkmhG98.roa
Signing time:             Mon 01 Jan 2024 12:30:33 +0000
ROA not before:           Mon 01 Jan 2024 12:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201935
IP address blocks:        193.57.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1b:6d:d7:58:d1:b4:c4:6c:60:2b:6f:d4:b2:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jan  1 12:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=164c679cc26078bd391fef530523ac5a49a11bdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:8e:7a:e8:ff:5e:d0:5d:30:b8:6c:a6:2e:32:
                    53:b5:ad:cf:65:88:6e:3d:da:07:16:d8:f2:97:0a:
                    a4:c8:97:32:5f:e7:d1:03:6d:d7:74:94:6f:5a:1b:
                    7d:68:7c:0a:56:22:06:57:bf:ff:33:d2:6d:cc:97:
                    0e:25:6e:50:52:2d:ec:df:bf:33:bb:a2:9c:a7:11:
                    5f:4a:c8:8c:8e:85:f0:54:47:bc:14:59:e6:b1:2e:
                    c6:37:be:4f:9c:08:ea:37:1f:c9:63:27:7c:70:fe:
                    dc:9d:39:f5:96:5b:5c:c4:2d:61:f3:da:1f:4b:66:
                    75:f4:10:60:ee:90:09:8e:05:68:44:d4:f8:d7:c3:
                    1c:ba:87:a5:c5:36:77:d6:3f:46:69:c4:3b:25:7c:
                    b0:8e:e8:b0:7d:03:ab:73:92:5d:ca:e9:f9:52:94:
                    fb:ac:da:23:c4:65:fd:d0:f0:c0:bb:a3:c6:7b:3b:
                    0f:b8:de:35:c6:a5:64:7c:09:6d:5a:de:f0:06:b1:
                    29:fa:92:1f:1e:1e:ff:28:b7:73:ef:8a:6d:19:4d:
                    97:3b:ca:32:69:ac:21:7a:43:4a:3d:f9:f7:17:6f:
                    18:c6:96:45:38:fc:7d:16:fc:e1:45:ed:3f:80:d1:
                    68:1b:7f:90:cf:03:70:3d:ed:8c:f1:7d:d2:40:49:
                    e9:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:4C:67:9C:C2:60:78:BD:39:1F:EF:53:05:23:AC:5A:49:A1:1B:DF
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/FkxnnMJgeL05H-9TBSOsWkmhG98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:90:fb:8d:33:f7:7d:e6:5e:58:ae:d7:b4:63:d9:02:e6:62:
         a3:12:0c:a9:ee:3c:c8:90:b2:bc:e5:1c:6b:6e:28:b7:5c:72:
         2c:ee:e6:f8:f9:5b:3a:89:9a:6f:26:82:d7:40:7a:ce:86:b5:
         7a:db:07:8a:e2:11:34:45:82:ee:02:1b:80:44:4d:d0:2f:82:
         2a:47:91:52:ed:e8:16:87:de:a9:f8:41:51:32:88:45:9b:98:
         1f:96:c1:4b:9a:c3:39:19:e7:ce:db:11:4f:8b:d0:b5:46:03:
         a4:6a:06:82:2c:00:61:ad:96:d8:0c:46:f0:e8:9e:a2:bd:cf:
         86:9e:d1:dd:03:3a:49:47:d1:ec:34:ec:8c:e1:43:6e:80:71:
         f0:70:43:64:61:c0:bc:1d:39:7f:da:4d:da:c2:ef:b0:6b:9a:
         50:f7:54:1c:f3:ea:c6:b8:58:d6:73:0d:3f:11:ee:b9:10:02:
         bd:7b:48:9a:c4:98:bc:d7:4a:12:39:2a:92:46:e9:32:15:35:
         37:2d:a4:64:5e:52:9d:34:e3:2a:73:5d:15:0e:20:74:01:4c:
         a0:f7:3d:52:21:fb:bf:95:f9:e6:31:0d:db:1b:99:a4:8d:81:
         5d:b2:45:61:a4:3b:1c:98:51:e1:c2:04:4e:af:79:58:a1:99:
         53:a4:ba:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFARtt11jRtMRsYCtv1LLeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwMTAxMTIzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjRjNjc5Y2MyNjA3OGJkMzkxZmVmNTMwNTIzYWM1YTQ5YTExYmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmY566P9e0F0wuGymLjJTta3PZYhu
PdoHFtjylwqkyJcyX+fRA23XdJRvWht9aHwKViIGV7//M9JtzJcOJW5QUi3s378z
u6KcpxFfSsiMjoXwVEe8FFnmsS7GN75PnAjqNx/JYyd8cP7cnTn1lltcxC1h89of
S2Z19BBg7pAJjgVoRNT418McuoelxTZ31j9GacQ7JXywjuiwfQOrc5Jdyun5UpT7
rNojxGX90PDAu6PGezsPuN41xqVkfAltWt7wBrEp+pIfHh7/KLdz74ptGU2XO8oy
aawhekNKPfn3F28YxpZFOPx9FvzhRe0/gNFoG3+QzwNwPe2M8X3SQEnppQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZMZ5zCYHi9OR/vUwUjrFpJoRvfMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvRmt4bm5NSmdlTDA1SC05VEJTT3NXa21oRzk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTkJMA0G
CSqGSIb3DQEBCwUAA4IBAQBMkPuNM/d95l5Yrte0Y9kC5mKjEgyp7jzIkLK85Rxr
bii3XHIs7ub4+Vs6iZpvJoLXQHrOhrV62weK4hE0RYLuAhuARE3QL4IqR5FS7egW
h96p+EFRMohFm5gflsFLmsM5GefO2xFPi9C1RgOkagaCLABhrZbYDEbw6J6ivc+G
ntHdAzpJR9HsNOyM4UNugHHwcENkYcC8HTl/2k3awu+wa5pQ91Qc8+rGuFjWcw0/
Ee65EAK9e0iaxJi810oSOSqSRukyFTU3LaRkXlKdNOMqc10VDiB0AUyg9z1SIfu/
lfnmMQ3bG5mkjYFdskVhpDscmFHhwgROr3lYoZlTpLrW
-----END CERTIFICATE-----