Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/FWfzYSwDe-H_jCqv0iDdY0BO6Jc.roa
File:                     FWfzYSwDe-H_jCqv0iDdY0BO6Jc.roa (raw, json)
Hash identifier:          VCuRoRQd56rvla19tVULR09U1+O0l6vUnl2dxx9kLi4=
Subject key identifier:   15:67:F3:61:2C:03:7B:E1:FF:8C:2A:AF:D2:20:DD:63:40:4E:E8:97
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       018CC86FB1DF4C319B9B5E7AEE69C2913B72
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/FWfzYSwDe-H_jCqv0iDdY0BO6Jc.roa
Signing time:             Tue 02 Jan 2024 04:30:12 +0000
ROA not before:           Tue 02 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198690
IP address blocks:        45.14.16.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b1:df:4c:31:9b:9b:5e:7a:ee:69:c2:91:3b:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  2 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1567f3612c037be1ff8c2aafd220dd63404ee897
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:4e:3b:06:62:07:fb:df:87:cb:b2:3f:7b:de:
                    24:b6:c2:28:2f:a8:b5:2d:9a:e1:04:65:bd:2b:35:
                    d7:60:ad:dc:5c:97:9b:6e:09:ec:f4:f4:32:8c:cd:
                    6d:37:c2:d3:b6:13:e6:6d:aa:ff:a0:32:01:74:a8:
                    08:7d:12:3b:aa:ef:8a:e4:46:99:75:f5:d7:5d:71:
                    af:5c:f1:ff:22:89:f3:ee:1f:5e:92:00:65:6d:c7:
                    ab:12:e7:c6:42:20:a1:36:83:e0:a4:a2:4c:2b:10:
                    88:28:95:ee:76:10:0d:63:d1:71:14:8e:52:76:c4:
                    cc:e5:43:13:83:04:18:a8:c8:9b:a8:10:da:89:37:
                    d2:dd:df:b6:e3:57:80:4a:52:fd:a8:ba:67:cc:97:
                    f4:07:ac:ba:ed:b9:84:dc:51:78:a6:55:1b:fe:a2:
                    17:12:d0:9e:83:c8:21:e3:e6:0d:e9:4c:0c:72:df:
                    9d:51:b4:49:4a:c0:2d:2c:8d:ac:65:3b:ac:d3:9e:
                    82:3d:3a:6c:e5:d5:c1:16:f1:4d:e3:16:89:09:b4:
                    6d:5c:6e:19:87:71:48:01:6d:51:da:4c:64:ca:91:
                    38:5e:39:16:40:ed:c8:36:2a:7a:f8:93:81:83:0c:
                    a0:e7:13:4d:1c:15:e4:a9:cd:76:32:2d:f4:c4:0c:
                    27:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:67:F3:61:2C:03:7B:E1:FF:8C:2A:AF:D2:20:DD:63:40:4E:E8:97
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/FWfzYSwDe-H_jCqv0iDdY0BO6Jc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:0c:43:fc:bf:9c:66:07:ea:3a:c1:7c:1a:dc:f1:4a:81:b2:
         82:36:a2:ab:60:16:8f:53:c6:88:66:14:66:1f:d8:10:b9:f2:
         6a:26:88:25:ed:78:34:23:8d:36:4b:e2:c3:63:d2:8b:5e:04:
         70:84:d5:5d:5d:d3:2a:8b:d1:05:2a:ee:ca:d6:aa:0e:61:7f:
         4f:81:e0:41:c0:42:8f:87:91:fd:56:59:a5:7c:56:e6:d0:ff:
         94:b9:bd:4f:30:0b:89:fd:3b:e9:e2:ad:9a:0a:b1:d5:ea:4e:
         69:50:8a:dc:ef:c2:f7:5a:32:11:26:03:9e:8c:e0:b1:1e:bb:
         a1:87:aa:7c:8a:8f:a6:f2:4b:b4:51:89:0a:cc:4e:7c:b6:65:
         43:b8:a3:3a:28:26:0e:91:61:74:b8:fa:a4:14:85:f5:31:0a:
         c1:b8:3b:f2:68:da:91:63:aa:7d:a1:49:77:55:b6:79:a3:a2:
         fe:69:a2:f4:e7:c5:6e:db:20:40:74:bb:c0:18:29:de:c2:76:
         69:7e:7c:bd:81:fa:da:4e:ac:5c:85:ec:b6:c2:19:de:84:a0:
         35:0d:b1:03:b8:01:23:81:8c:f8:34:86:66:bb:35:e2:84:6e:
         4e:49:1d:32:df:42:fb:c8:88:4a:5f:47:31:79:1c:69:6f:01:
         64:de:77:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb7HfTDGbm1567mnCkTtyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjQwMTAyMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTY3ZjM2MTJjMDM3YmUxZmY4YzJhYWZkMjIwZGQ2MzQwNGVlODk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkk47BmIH+9+Hy7I/e94ktsIoL6i1
LZrhBGW9KzXXYK3cXJebbgns9PQyjM1tN8LTthPmbar/oDIBdKgIfRI7qu+K5EaZ
dfXXXXGvXPH/Ionz7h9ekgBlbcerEufGQiChNoPgpKJMKxCIKJXudhANY9FxFI5S
dsTM5UMTgwQYqMibqBDaiTfS3d+241eASlL9qLpnzJf0B6y67bmE3FF4plUb/qIX
EtCeg8gh4+YN6UwMct+dUbRJSsAtLI2sZTus056CPTps5dXBFvFN4xaJCbRtXG4Z
h3FIAW1R2kxkypE4XjkWQO3INip6+JOBgwyg5xNNHBXkqc12Mi30xAwnNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBVn82EsA3vh/4wqr9Ig3WNATuiXMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvRldmellTd0RlLUhfakNxdjBpRGRZMEJPNkpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ4QMA0G
CSqGSIb3DQEBCwUAA4IBAQAKDEP8v5xmB+o6wXwa3PFKgbKCNqKrYBaPU8aIZhRm
H9gQufJqJogl7Xg0I402S+LDY9KLXgRwhNVdXdMqi9EFKu7K1qoOYX9PgeBBwEKP
h5H9VlmlfFbm0P+Uub1PMAuJ/Tvp4q2aCrHV6k5pUIrc78L3WjIRJgOejOCxHruh
h6p8io+m8ku0UYkKzE58tmVDuKM6KCYOkWF0uPqkFIX1MQrBuDvyaNqRY6p9oUl3
VbZ5o6L+aaL058Vu2yBAdLvAGCnewnZpfny9gfraTqxchey2whnehKA1DbEDuAEj
gYz4NIZmuzXihG5OSR0y30L7yIhKX0cxeRxpbwFk3ndo
-----END CERTIFICATE-----