Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/1191d6-5423-42cf-8f6b-117886eb7d67/1/FtNIaDzNfy85KBMwPYe2aC9WIUg.roa
File:                     FtNIaDzNfy85KBMwPYe2aC9WIUg.roa (raw, json)
Hash identifier:          Hg0GIWH3uUyZz/M9EJ03RwGtbRc/krc3FmSP5HzjKu4=
Subject key identifier:   16:D3:48:68:3C:CD:7F:2F:39:28:13:30:3D:87:B6:68:2F:56:21:48
Certificate issuer:       /CN=46a4b35c8e0256eaa2fbf751e6c01e5e909c0a1f
Certificate serial:       018CC8010C08DEC9E9509E7BD7D7A4F237BA
Authority key identifier: 46:A4:B3:5C:8E:02:56:EA:A2:FB:F7:51:E6:C0:1E:5E:90:9C:0A:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RqSzXI4CVuqi-_dR5sAeXpCcCh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/1191d6-5423-42cf-8f6b-117886eb7d67/1/FtNIaDzNfy85KBMwPYe2aC9WIUg.roa
Signing time:             Tue 02 Jan 2024 02:29:20 +0000
ROA not before:           Tue 02 Jan 2024 02:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209311
IP address blocks:        193.111.211.0/24 maxlen: 24
                          2a0a:8ac0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/1191d6-5423-42cf-8f6b-117886eb7d67/1/RqSzXI4CVuqi-_dR5sAeXpCcCh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/1191d6-5423-42cf-8f6b-117886eb7d67/1/RqSzXI4CVuqi-_dR5sAeXpCcCh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RqSzXI4CVuqi-_dR5sAeXpCcCh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:0c:08:de:c9:e9:50:9e:7b:d7:d7:a4:f2:37:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46a4b35c8e0256eaa2fbf751e6c01e5e909c0a1f
        Validity
            Not Before: Jan  2 02:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16d348683ccd7f2f392813303d87b6682f562148
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:2e:90:f1:37:be:d2:24:d0:ed:4f:ce:4c:f9:
                    ac:cf:29:51:56:b5:7b:70:d5:de:12:4f:1d:b9:09:
                    44:b7:ee:da:b7:59:8e:26:a9:6d:5e:a3:4d:bd:ba:
                    b5:a5:63:da:9f:d3:53:a5:7b:79:c1:73:3f:fb:54:
                    4b:ca:86:44:98:a7:da:2d:ca:37:34:cd:b8:9f:10:
                    4a:b6:14:6a:db:74:f7:f8:6d:23:7f:cb:eb:09:f9:
                    a4:88:fb:5c:3c:e8:e0:75:c5:d6:14:32:61:31:54:
                    3d:6a:85:3f:77:a3:09:e8:7b:10:5b:28:13:92:50:
                    ee:b5:e8:36:0c:f1:ce:be:41:23:4e:4c:35:cb:70:
                    de:35:65:dd:a7:8c:78:e8:6f:8b:6c:6b:bd:86:a7:
                    d5:9c:3b:06:e3:74:cf:61:b4:17:9d:fb:c0:6a:f9:
                    b2:9d:59:77:59:03:e6:bc:76:d1:bb:89:a6:ff:0d:
                    ee:eb:dd:df:49:8e:90:6e:81:86:31:8f:c7:24:ae:
                    87:9f:8a:98:02:6c:05:48:68:97:c6:1e:79:49:5d:
                    3c:3b:81:f7:b7:dc:f9:60:6c:d8:90:cf:70:c2:6f:
                    b4:ba:bb:e1:b3:c7:fd:17:00:98:d3:29:b2:8a:58:
                    fb:fa:a1:fb:1b:6d:85:16:1e:c8:bb:bb:fd:cc:a6:
                    15:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:D3:48:68:3C:CD:7F:2F:39:28:13:30:3D:87:B6:68:2F:56:21:48
            X509v3 Authority Key Identifier:
                keyid:46:A4:B3:5C:8E:02:56:EA:A2:FB:F7:51:E6:C0:1E:5E:90:9C:0A:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RqSzXI4CVuqi-_dR5sAeXpCcCh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/1191d6-5423-42cf-8f6b-117886eb7d67/1/FtNIaDzNfy85KBMwPYe2aC9WIUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/1191d6-5423-42cf-8f6b-117886eb7d67/1/RqSzXI4CVuqi-_dR5sAeXpCcCh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.211.0/24
                IPv6:
                  2a0a:8ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6c:59:b8:96:f7:cf:2b:37:3a:b6:a1:13:d4:d6:94:8c:f3:c1:
         7f:34:7a:82:70:5e:4c:85:c1:e9:dc:99:a7:ca:34:b8:af:19:
         79:d0:c4:81:a8:d5:f7:40:29:35:88:50:49:11:69:9a:51:97:
         61:f7:b3:7c:6d:d0:17:2a:a5:c2:ee:29:4d:80:30:f0:db:18:
         11:27:e9:6d:5f:55:ff:7a:fc:5f:bd:05:4f:db:70:16:a9:a9:
         57:43:a9:1a:a0:c3:5f:4c:25:a2:61:c3:00:2a:82:9b:f5:1a:
         14:7b:c4:39:1f:e6:99:6b:3e:d5:f2:8c:f8:2c:1e:8a:fa:58:
         4c:08:65:b3:81:2f:6b:38:1b:5b:a4:15:25:8d:e2:96:46:6f:
         f2:31:06:c2:dc:04:ed:cc:8d:03:68:04:8e:69:d6:ba:a3:e0:
         4e:8c:30:08:82:d0:ef:dd:8f:1e:d3:4e:e0:f0:cc:32:90:9b:
         75:8a:59:50:f5:17:db:36:56:bc:bd:1d:bc:f4:22:30:c7:77:
         4d:d1:33:3a:86:52:b4:f1:94:a9:7c:bf:fb:72:6b:32:d4:1e:
         0b:4e:56:dc:54:27:96:66:1a:bf:cc:c9:a3:30:b1:fe:46:8a:
         05:2a:73:c5:cb:ab:e9:09:aa:9e:0f:85:85:ff:8b:b3:83:6a:
         96:86:02:34
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAQwI3snpUJ5719ek8je6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2YTRiMzVjOGUwMjU2ZWFhMmZiZjc1MWU2YzAxZTVlOTA5
YzBhMWYwHhcNMjQwMTAyMDIyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmQzNDg2ODNjY2Q3ZjJmMzkyODEzMzAzZDg3YjY2ODJmNTYyMTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgS6Q8Te+0iTQ7U/OTPmszylRVrV7
cNXeEk8duQlEt+7at1mOJqltXqNNvbq1pWPan9NTpXt5wXM/+1RLyoZEmKfaLco3
NM24nxBKthRq23T3+G0jf8vrCfmkiPtcPOjgdcXWFDJhMVQ9aoU/d6MJ6HsQWygT
klDuteg2DPHOvkEjTkw1y3DeNWXdp4x46G+LbGu9hqfVnDsG43TPYbQXnfvAavmy
nVl3WQPmvHbRu4mm/w3u693fSY6QboGGMY/HJK6Hn4qYAmwFSGiXxh55SV08O4H3
t9z5YGzYkM9wwm+0urvhs8f9FwCY0ymyilj7+qH7G22FFh7Iu7v9zKYV9QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBbTSGg8zX8vOSgTMD2HtmgvViFIMB8GA1UdIwQY
MBaAFEaks1yOAlbqovv3UebAHl6QnAofMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnFTelhJNENWdXFpLV9kUjVzQWVYcENjQ2g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi8xMTkxZDYtNTQyMy00MmNmLThmNmIt
MTE3ODg2ZWI3ZDY3LzEvRnROSWFEek5meTg1S0JNd1BZZTJhQzlXSVVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi8xMTkxZDYtNTQyMy00MmNmLThmNmItMTE3ODg2ZWI3ZDY3
LzEvUnFTelhJNENWdXFpLV9kUjVzQWVYcENjQ2g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwW/TMA0E
AgACMAcDBQMqCorAMA0GCSqGSIb3DQEBCwUAA4IBAQBsWbiW988rNzq2oRPU1pSM
88F/NHqCcF5MhcHp3JmnyjS4rxl50MSBqNX3QCk1iFBJEWmaUZdh97N8bdAXKqXC
7ilNgDDw2xgRJ+ltX1X/evxfvQVP23AWqalXQ6kaoMNfTCWiYcMAKoKb9RoUe8Q5
H+aZaz7V8oz4LB6K+lhMCGWzgS9rOBtbpBUljeKWRm/yMQbC3ATtzI0DaASOada6
o+BOjDAIgtDv3Y8e007g8MwykJt1illQ9RfbNla8vR289CIwx3dN0TM6hlK08ZSp
fL/7cmsy1B4LTlbcVCeWZhq/zMmjMLH+RooFKnPFy6vpCaqeD4WF/4uzg2qWhgI0
-----END CERTIFICATE-----