Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/219be2-396f-427f-942c-1f8e522408a5/1/FvgUttrzdpktKgHBKbvgoJ6ePdc.roa
File:                     FvgUttrzdpktKgHBKbvgoJ6ePdc.roa (raw, json)
Hash identifier:          4nfHuQwiAPU2/ad2RBYhItAfEv1o71zh1+lsmVUJktg=
Subject key identifier:   16:F8:14:B6:DA:F3:76:99:2D:2A:01:C1:29:BB:E0:A0:9E:9E:3D:D7
Certificate issuer:       /CN=29a03997b28f59b08031c898407dd5e5137dddb1
Certificate serial:       018CC870396C0CAB4ECFB16F99F6F66133E5
Authority key identifier: 29:A0:39:97:B2:8F:59:B0:80:31:C8:98:40:7D:D5:E5:13:7D:DD:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KaA5l7KPWbCAMciYQH3V5RN93bE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/219be2-396f-427f-942c-1f8e522408a5/1/FvgUttrzdpktKgHBKbvgoJ6ePdc.roa
Signing time:             Tue 02 Jan 2024 04:30:47 +0000
ROA not before:           Tue 02 Jan 2024 04:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60458
IP address blocks:        193.84.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/219be2-396f-427f-942c-1f8e522408a5/1/KaA5l7KPWbCAMciYQH3V5RN93bE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/219be2-396f-427f-942c-1f8e522408a5/1/KaA5l7KPWbCAMciYQH3V5RN93bE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KaA5l7KPWbCAMciYQH3V5RN93bE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:04:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:39:6c:0c:ab:4e:cf:b1:6f:99:f6:f6:61:33:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29a03997b28f59b08031c898407dd5e5137dddb1
        Validity
            Not Before: Jan  2 04:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16f814b6daf376992d2a01c129bbe0a09e9e3dd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:87:32:b3:cb:65:d8:8a:db:fa:37:a5:c0:30:
                    be:64:8f:b2:b7:35:e2:24:df:db:84:b1:8e:e8:db:
                    c3:c2:70:1e:81:cc:d1:0a:90:c2:16:c3:b3:0f:c9:
                    b1:d2:4a:01:ed:92:95:26:6b:2d:2a:35:52:e3:87:
                    b9:06:1f:e4:31:ed:4e:4d:e5:93:97:a5:e1:b0:b1:
                    cb:25:50:0c:2b:9b:11:33:32:5a:bb:4b:a6:75:7b:
                    b8:13:ce:7e:8b:fd:92:c0:f6:3e:5f:b6:55:3b:0e:
                    51:ec:dd:35:17:13:1b:d2:25:b3:ef:84:bd:81:6f:
                    98:e3:33:eb:cd:d2:30:2f:73:e0:31:68:b1:99:b7:
                    00:bd:2b:3f:bd:83:12:b6:fe:67:7f:eb:ed:0c:13:
                    ff:ae:20:03:17:a5:1d:f0:4a:5f:f2:ad:ba:21:32:
                    f0:88:60:8a:91:2a:de:9c:2c:ce:18:73:e5:ee:c9:
                    1a:ba:f3:df:7b:2a:8c:cf:10:0d:4d:f7:67:83:45:
                    e2:98:a7:bc:be:2d:7a:8d:61:aa:f3:71:34:ab:b1:
                    2b:f4:bf:c8:12:84:5d:bf:7c:12:12:66:25:81:09:
                    3e:73:10:91:9b:21:8c:76:3d:49:1e:4e:d0:ab:7b:
                    15:05:db:d1:88:16:ff:1e:69:10:f4:b3:50:92:17:
                    a4:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:F8:14:B6:DA:F3:76:99:2D:2A:01:C1:29:BB:E0:A0:9E:9E:3D:D7
            X509v3 Authority Key Identifier:
                keyid:29:A0:39:97:B2:8F:59:B0:80:31:C8:98:40:7D:D5:E5:13:7D:DD:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KaA5l7KPWbCAMciYQH3V5RN93bE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/219be2-396f-427f-942c-1f8e522408a5/1/FvgUttrzdpktKgHBKbvgoJ6ePdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/219be2-396f-427f-942c-1f8e522408a5/1/KaA5l7KPWbCAMciYQH3V5RN93bE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:d8:28:76:cb:c5:33:c1:6b:8d:6d:fd:70:03:62:31:6d:5c:
         1c:6b:7a:69:2f:30:48:ad:4e:34:6f:93:5e:73:6b:02:95:e2:
         c8:2b:37:9b:f4:0c:eb:cc:6a:3d:0f:22:5b:71:0c:4d:18:80:
         d3:1f:bf:fd:b3:b7:5e:75:27:81:99:bb:bd:9a:37:08:e0:d6:
         2d:45:fb:31:c5:8f:18:70:c1:07:23:19:a9:cf:8e:70:fc:9c:
         19:36:cb:92:44:0b:a6:10:d6:43:90:7c:98:cc:1b:f6:39:17:
         33:3c:46:b5:86:31:28:b0:11:75:38:83:ff:cc:50:0e:e4:4d:
         00:1d:e4:71:2b:f9:25:80:f7:c3:e4:e8:ee:a7:ea:c8:c7:b0:
         0a:b9:a0:86:73:27:7d:4c:8d:bd:b5:47:ad:ba:55:7f:a4:22:
         24:f5:1d:96:d4:ad:dd:80:64:96:ad:7c:85:50:d7:45:41:63:
         ed:c1:c9:5d:16:9b:b2:9e:5d:69:b7:1d:88:8d:62:69:74:1d:
         f8:33:74:26:49:23:b6:ff:0e:b7:19:60:e3:74:aa:53:75:76:
         a3:08:a4:bb:bb:e6:6d:58:c6:60:24:5a:73:86:8c:17:8e:9b:
         3d:1b:f1:ad:90:d8:8b:55:ba:9b:f9:e1:79:28:e5:52:49:0c:
         7b:71:0d:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcDlsDKtOz7Fvmfb2YTPlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YTAzOTk3YjI4ZjU5YjA4MDMxYzg5ODQwN2RkNWU1MTM3
ZGRkYjEwHhcNMjQwMTAyMDQzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmY4MTRiNmRhZjM3Njk5MmQyYTAxYzEyOWJiZTBhMDllOWUzZGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Icys8tl2Irb+jelwDC+ZI+ytzXi
JN/bhLGO6NvDwnAegczRCpDCFsOzD8mx0koB7ZKVJmstKjVS44e5Bh/kMe1OTeWT
l6XhsLHLJVAMK5sRMzJau0umdXu4E85+i/2SwPY+X7ZVOw5R7N01FxMb0iWz74S9
gW+Y4zPrzdIwL3PgMWixmbcAvSs/vYMStv5nf+vtDBP/riADF6Ud8Epf8q26ITLw
iGCKkSrenCzOGHPl7skauvPfeyqMzxANTfdng0XimKe8vi16jWGq83E0q7Er9L/I
EoRdv3wSEmYlgQk+cxCRmyGMdj1JHk7Qq3sVBdvRiBb/HmkQ9LNQkhek5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBb4FLba83aZLSoBwSm74KCenj3XMB8GA1UdIwQY
MBaAFCmgOZeyj1mwgDHImEB91eUTfd2xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2FBNWw3S1BXYkNBTWNpWVFIM1Y1Uk45M2JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8yMTliZTItMzk2Zi00MjdmLTk0MmMt
MWY4ZTUyMjQwOGE1LzEvRnZnVXR0cnpkcGt0S2dIQktidmdvSjZlUGRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8yMTliZTItMzk2Zi00MjdmLTk0MmMtMWY4ZTUyMjQwOGE1
LzEvS2FBNWw3S1BXYkNBTWNpWVFIM1Y1Uk45M2JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwVSxMA0G
CSqGSIb3DQEBCwUAA4IBAQAw2Ch2y8UzwWuNbf1wA2IxbVwca3ppLzBIrU40b5Ne
c2sCleLIKzeb9AzrzGo9DyJbcQxNGIDTH7/9s7dedSeBmbu9mjcI4NYtRfsxxY8Y
cMEHIxmpz45w/JwZNsuSRAumENZDkHyYzBv2ORczPEa1hjEosBF1OIP/zFAO5E0A
HeRxK/klgPfD5Ojup+rIx7AKuaCGcyd9TI29tUetulV/pCIk9R2W1K3dgGSWrXyF
UNdFQWPtwcldFpuynl1ptx2IjWJpdB34M3QmSSO2/w63GWDjdKpTdXajCKS7u+Zt
WMZgJFpzhowXjps9G/GtkNiLVbqb+eF5KOVSSQx7cQ01
-----END CERTIFICATE-----