Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/FnipWAxgDIxSuQm5P5hzNP12-mY.roa
File:                     FnipWAxgDIxSuQm5P5hzNP12-mY.roa (raw, json)
Hash identifier:          t+OMJob96KlL3YU+qEwXFkP9QT72mU9XudVxOtFiKfM=
Subject key identifier:   16:78:A9:58:0C:60:0C:8C:52:B9:09:B9:3F:98:73:34:FD:76:FA:66
Certificate issuer:       /CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Certificate serial:       018CC725A3C264C73F4BB58A04D9537C5136
Authority key identifier: 89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/FnipWAxgDIxSuQm5P5hzNP12-mY.roa
Signing time:             Mon 01 Jan 2024 22:29:41 +0000
ROA not before:           Mon 01 Jan 2024 22:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216314
IP address blocks:        94.137.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:a3:c2:64:c7:3f:4b:b5:8a:04:d9:53:7c:51:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
        Validity
            Not Before: Jan  1 22:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1678a9580c600c8c52b909b93f987334fd76fa66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:e4:22:78:9b:db:eb:15:47:c5:68:03:5e:fe:
                    dc:18:60:60:03:69:ef:e8:e2:41:db:e3:36:81:dd:
                    fa:44:ce:6c:75:34:32:ef:40:8c:7d:21:8b:3d:5f:
                    74:48:67:97:0e:27:bd:99:13:2a:f3:a8:18:99:6a:
                    3a:15:f1:2b:09:08:a7:c7:6f:57:e6:e8:e8:5a:f2:
                    2f:ee:ee:53:19:16:51:42:16:b2:aa:02:13:48:62:
                    24:22:30:42:3a:59:52:4f:54:eb:77:f3:1a:83:9f:
                    c5:66:ee:ee:22:e6:53:5e:3b:d9:d3:92:2d:c0:58:
                    cd:14:67:cd:29:bc:21:fc:08:09:bf:b1:e1:e2:15:
                    97:a0:b4:c9:6c:37:70:20:95:c3:85:40:84:1b:4a:
                    af:d6:13:8e:9d:12:9d:76:04:75:40:a8:5c:22:53:
                    03:7c:dc:b3:c4:69:4e:56:1f:b8:94:84:f9:29:68:
                    22:1a:29:cb:cb:74:14:5d:9c:6c:8e:48:37:9f:84:
                    29:9f:b9:bb:ab:d6:20:ca:d7:b7:4a:6c:65:7f:0b:
                    22:56:76:89:f8:f1:38:ad:e4:c9:a1:f9:db:e8:85:
                    63:63:f3:7a:e8:ed:cf:4e:9c:22:59:47:ce:38:3f:
                    14:ac:a7:3a:3c:29:46:8e:ef:9e:57:db:67:a0:65:
                    2d:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:78:A9:58:0C:60:0C:8C:52:B9:09:B9:3F:98:73:34:FD:76:FA:66
            X509v3 Authority Key Identifier:
                keyid:89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/FnipWAxgDIxSuQm5P5hzNP12-mY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.137.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:7c:65:7c:16:47:13:c2:41:0a:a3:f6:04:44:8c:9f:f7:9f:
         a7:fd:1b:f3:7e:e1:fb:80:fe:21:50:be:31:6e:64:fd:8a:96:
         30:4e:24:3a:93:ea:bd:54:e0:50:4f:dd:ba:b3:d3:1f:e3:12:
         4c:24:15:09:f9:17:f2:b6:c9:2b:22:84:1f:1e:cd:5c:a9:9a:
         6e:37:a6:54:ad:73:4a:4f:62:05:ad:22:03:c3:2b:4b:e5:25:
         5c:23:1a:fc:07:2a:98:73:12:00:4f:df:0b:c6:77:7e:f7:6f:
         cd:ba:1d:48:23:f3:2c:12:7e:c6:95:23:8f:ed:be:8c:68:eb:
         48:f1:ca:e9:aa:3b:01:7f:bc:ab:aa:f0:95:69:20:79:69:2f:
         65:3a:03:6b:97:aa:d3:42:05:44:2f:bf:ce:02:5f:af:2a:bf:
         c4:b5:67:1c:d3:a2:ac:53:94:d8:1c:4b:e6:38:5a:1f:ae:6a:
         ce:a9:0d:98:4e:60:b3:87:b3:8a:71:53:d4:4d:50:74:e4:4a:
         bd:26:6d:d1:88:8b:24:cf:cf:fd:63:7f:14:f8:05:10:94:13:
         8e:d0:b7:c5:0c:ac:a3:0a:2a:cd:8c:58:4c:aa:d8:73:1c:e8:
         ef:d1:49:84:d1:38:37:a2:57:99:f0:8b:9d:a8:63:72:24:96:
         0c:25:ca:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJaPCZMc/S7WKBNlTfFE2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWMwYWNiZmRiN2EyNzRlZjM2YzE2ZjU4NjBhZGEyYTI0
NzA2OTcwHhcNMjQwMTAxMjIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjc4YTk1ODBjNjAwYzhjNTJiOTA5YjkzZjk4NzMzNGZkNzZmYTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6OQieJvb6xVHxWgDXv7cGGBgA2nv
6OJB2+M2gd36RM5sdTQy70CMfSGLPV90SGeXDie9mRMq86gYmWo6FfErCQinx29X
5ujoWvIv7u5TGRZRQhayqgITSGIkIjBCOllST1Trd/Mag5/FZu7uIuZTXjvZ05It
wFjNFGfNKbwh/AgJv7Hh4hWXoLTJbDdwIJXDhUCEG0qv1hOOnRKddgR1QKhcIlMD
fNyzxGlOVh+4lIT5KWgiGinLy3QUXZxsjkg3n4Qpn7m7q9Ygyte3SmxlfwsiVnaJ
+PE4reTJofnb6IVjY/N66O3PTpwiWUfOOD8UrKc6PClGju+eV9tnoGUteQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZ4qVgMYAyMUrkJuT+YczT9dvpmMB8GA1UdIwQY
MBaAFImsCsv9t6J07zbBb1hgraKiRwaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMt
ZDRkYmY3MDY2ZmQzLzEvRm5pcFdBeGdESXhTdVFtNVA1aHpOUDEyLW1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMtZDRkYmY3MDY2ZmQz
LzEvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXoldMA0G
CSqGSIb3DQEBCwUAA4IBAQA0fGV8FkcTwkEKo/YERIyf95+n/RvzfuH7gP4hUL4x
bmT9ipYwTiQ6k+q9VOBQT926s9Mf4xJMJBUJ+RfytskrIoQfHs1cqZpuN6ZUrXNK
T2IFrSIDwytL5SVcIxr8ByqYcxIAT98Lxnd+92/Nuh1II/MsEn7GlSOP7b6MaOtI
8crpqjsBf7yrqvCVaSB5aS9lOgNrl6rTQgVEL7/OAl+vKr/EtWcc06KsU5TYHEvm
OFofrmrOqQ2YTmCzh7OKcVPUTVB05Eq9Jm3RiIskz8/9Y38U+AUQlBOO0LfFDKyj
CirNjFhMqthzHOjv0UmE0Tg3oleZ8IudqGNyJJYMJcqG
-----END CERTIFICATE-----