Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/FmMgP7ha8iX2FfDMIFk9KP0qkts.roa
File:                     FmMgP7ha8iX2FfDMIFk9KP0qkts.roa (raw, json)
Hash identifier:          Ro1xRk0724SJQafKJQzEcvMjFfbM36IbDNwvGX/5JdQ=
Subject key identifier:   16:63:20:3F:B8:5A:F2:25:F6:15:F0:CC:20:59:3D:28:FD:2A:92:DB
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       0197070E6B98EE610DD3ECAB549460034D1C
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/FmMgP7ha8iX2FfDMIFk9KP0qkts.roa
Signing time:             Sun 25 May 2025 10:47:54 +0000
ROA not before:           Sun 25 May 2025 10:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63023
IP address blocks:        193.108.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:07:0e:6b:98:ee:61:0d:d3:ec:ab:54:94:60:03:4d:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: May 25 10:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1663203fb85af225f615f0cc20593d28fd2a92db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:03:e8:2b:1b:c4:dc:c6:32:85:be:1d:ca:ca:
                    ea:d5:93:11:3f:4c:46:23:30:18:45:b7:7e:2c:e2:
                    c6:ff:44:2d:db:3d:5a:0f:11:a2:83:82:85:7c:85:
                    2c:32:68:78:70:b8:d9:20:8b:81:b4:c3:82:1e:d5:
                    be:b5:93:c6:87:98:3f:61:a1:83:c8:84:9a:4f:cb:
                    ab:05:e3:0c:0d:c8:86:2b:00:1d:61:11:c3:89:ce:
                    d7:f1:bf:7e:e7:c8:29:93:9f:d0:9f:a7:ac:47:1f:
                    96:44:cd:de:6e:43:d0:81:df:8e:35:d8:d9:74:5e:
                    af:26:0d:d1:1c:49:73:93:3b:d0:32:13:df:f6:40:
                    62:99:33:c1:98:7a:93:a6:a5:7a:16:b6:b8:32:12:
                    eb:fd:4e:af:e7:88:94:02:e9:73:0f:b6:90:95:d4:
                    99:1a:ec:c3:8f:42:64:cc:74:75:a0:d5:f3:14:d3:
                    57:fd:72:1c:e2:10:14:bc:c0:46:85:a0:51:88:91:
                    05:70:b1:6e:e3:a0:bf:27:1e:4a:47:05:73:0c:37:
                    eb:e3:8e:b3:b7:39:88:b6:ba:49:9b:50:06:b0:75:
                    58:a2:e5:ba:8e:91:7b:91:33:ba:22:c8:74:8d:54:
                    dc:c5:0d:66:c3:a6:4e:43:47:31:ee:7e:35:5f:5b:
                    62:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:63:20:3F:B8:5A:F2:25:F6:15:F0:CC:20:59:3D:28:FD:2A:92:DB
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/FmMgP7ha8iX2FfDMIFk9KP0qkts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:0f:29:19:dd:3c:a8:81:03:e2:01:0d:6a:2d:91:5a:4c:b4:
         69:8c:77:3e:05:67:69:03:29:c7:88:21:16:9a:64:0b:e2:99:
         23:10:26:ea:1e:f3:e2:f3:a3:e4:4e:2a:72:ad:a0:01:4b:19:
         4d:10:27:e9:80:d4:58:16:85:35:fb:47:52:99:72:b4:78:92:
         6b:ae:05:79:c3:2c:ce:3a:7a:28:95:ed:e0:2c:5a:c0:98:43:
         20:0d:11:dd:79:82:db:95:d5:e2:46:a3:84:c5:02:16:00:d7:
         88:1f:b2:bd:ee:23:31:88:f0:fc:52:79:b1:63:82:eb:38:44:
         d3:d6:67:a3:17:9a:98:ee:fa:3e:5f:ad:0f:2a:83:04:eb:f5:
         56:96:52:22:a7:4b:97:34:75:7c:15:0f:06:bd:20:b1:70:53:
         bc:74:03:b4:18:cf:c7:25:57:21:2c:a4:fc:85:ff:e4:8a:d9:
         37:98:e3:f0:79:3e:88:23:2b:6e:e6:7f:03:b8:54:67:f6:be:
         b1:6c:1e:f6:c4:fa:e2:4e:50:8a:b7:08:bb:9c:82:1f:e0:e7:
         31:a4:62:75:94:92:f7:1b:59:98:1d:df:9a:d8:37:be:fc:4b:
         e5:d2:c9:e9:7f:9d:1f:8a:7d:fb:0f:f6:99:d6:7b:f1:02:e7:
         e7:95:36:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcHDmuY7mEN0+yrVJRgA00cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUwNTI1MTA0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjYzMjAzZmI4NWFmMjI1ZjYxNWYwY2MyMDU5M2QyOGZkMmE5MmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQPoKxvE3MYyhb4dysrq1ZMRP0xG
IzAYRbd+LOLG/0Qt2z1aDxGig4KFfIUsMmh4cLjZIIuBtMOCHtW+tZPGh5g/YaGD
yISaT8urBeMMDciGKwAdYRHDic7X8b9+58gpk5/Qn6esRx+WRM3ebkPQgd+ONdjZ
dF6vJg3RHElzkzvQMhPf9kBimTPBmHqTpqV6Fra4MhLr/U6v54iUAulzD7aQldSZ
GuzDj0JkzHR1oNXzFNNX/XIc4hAUvMBGhaBRiJEFcLFu46C/Jx5KRwVzDDfr446z
tzmItrpJm1AGsHVYouW6jpF7kTO6Ish0jVTcxQ1mw6ZOQ0cx7n41X1tiBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZjID+4WvIl9hXwzCBZPSj9KpLbMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvRm1NZ1A3aGE4aVgyRmZETUlGazlLUDBxa3RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWxnMA0G
CSqGSIb3DQEBCwUAA4IBAQBgDykZ3TyogQPiAQ1qLZFaTLRpjHc+BWdpAynHiCEW
mmQL4pkjECbqHvPi86PkTipyraABSxlNECfpgNRYFoU1+0dSmXK0eJJrrgV5wyzO
Onoole3gLFrAmEMgDRHdeYLbldXiRqOExQIWANeIH7K97iMxiPD8UnmxY4LrOETT
1mejF5qY7vo+X60PKoME6/VWllIip0uXNHV8FQ8GvSCxcFO8dAO0GM/HJVchLKT8
hf/kitk3mOPweT6IIytu5n8DuFRn9r6xbB72xPriTlCKtwi7nIIf4OcxpGJ1lJL3
G1mYHd+a2De+/Evl0snpf50fin37D/aZ1nvxAufnlTaP
-----END CERTIFICATE-----