Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/9db4d3-f78d-4430-87c0-6cbd581d317c/1/FG-bEioa4civ6jvoSnaUtHZPEQE.roa
File:                     FG-bEioa4civ6jvoSnaUtHZPEQE.roa (raw, json)
Hash identifier:          w4e7tpxeaBQHMoRYqhi0o1qJLopKx8fwD7s6iGDvqgY=
Subject key identifier:   14:6F:9B:12:2A:1A:E1:C8:AF:EA:3B:E8:4A:76:94:B4:76:4F:11:01
Certificate issuer:       /CN=81bb78be41e48337997c8fe91d8e2f24f7b49eaf
Certificate serial:       0194228D7500EE0C659C23CB04B7E2709BE6
Authority key identifier: 81:BB:78:BE:41:E4:83:37:99:7C:8F:E9:1D:8E:2F:24:F7:B4:9E:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gbt4vkHkgzeZfI_pHY4vJPe0nq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/9db4d3-f78d-4430-87c0-6cbd581d317c/1/FG-bEioa4civ6jvoSnaUtHZPEQE.roa
Signing time:             Wed 01 Jan 2025 15:48:03 +0000
ROA not before:           Wed 01 Jan 2025 15:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209980
IP address blocks:        92.43.224.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/9db4d3-f78d-4430-87c0-6cbd581d317c/1/gbt4vkHkgzeZfI_pHY4vJPe0nq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/9db4d3-f78d-4430-87c0-6cbd581d317c/1/gbt4vkHkgzeZfI_pHY4vJPe0nq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gbt4vkHkgzeZfI_pHY4vJPe0nq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:75:00:ee:0c:65:9c:23:cb:04:b7:e2:70:9b:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81bb78be41e48337997c8fe91d8e2f24f7b49eaf
        Validity
            Not Before: Jan  1 15:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=146f9b122a1ae1c8afea3be84a7694b4764f1101
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:16:fe:8f:5f:33:db:27:99:c8:46:35:06:f9:
                    83:3a:23:9d:b4:76:80:f1:cc:97:88:82:80:72:a0:
                    fc:b9:e9:04:04:e3:a9:a0:70:56:d0:0f:b5:ec:41:
                    a0:14:be:c7:d8:c7:9f:54:bc:92:92:6c:10:5e:2c:
                    f1:6e:74:8e:6e:67:14:19:e4:5f:da:ea:a4:6d:18:
                    42:33:27:c5:ad:fc:b9:97:8d:d5:98:5b:5a:17:25:
                    ff:a0:9e:11:c3:2c:aa:f4:57:eb:66:38:1f:a1:69:
                    c8:b0:63:4c:2a:40:99:3e:1e:ab:d5:91:57:a0:91:
                    7a:57:28:6b:96:ba:f6:2a:6d:ec:6e:50:d0:8a:58:
                    c2:91:3c:6b:c2:6a:77:a9:7b:91:25:06:07:d8:31:
                    8e:1c:d0:14:07:af:32:21:eb:4c:fc:5c:35:4f:8b:
                    23:78:1d:4e:23:e8:b0:96:48:b3:2b:9b:a6:ad:9d:
                    97:0a:0f:bc:0e:59:f2:0c:4f:63:18:54:2c:9e:6f:
                    a2:7a:e6:95:31:1a:ad:99:59:20:3f:8e:f8:36:9f:
                    10:b1:0d:16:e6:29:cc:11:26:d8:78:f7:f2:7f:21:
                    de:eb:6d:e1:1d:e3:93:4e:eb:19:3f:29:0a:60:ed:
                    3d:1f:b0:76:54:8b:2b:32:36:c0:44:c5:00:00:73:
                    ef:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:6F:9B:12:2A:1A:E1:C8:AF:EA:3B:E8:4A:76:94:B4:76:4F:11:01
            X509v3 Authority Key Identifier:
                keyid:81:BB:78:BE:41:E4:83:37:99:7C:8F:E9:1D:8E:2F:24:F7:B4:9E:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gbt4vkHkgzeZfI_pHY4vJPe0nq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/9db4d3-f78d-4430-87c0-6cbd581d317c/1/FG-bEioa4civ6jvoSnaUtHZPEQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/9db4d3-f78d-4430-87c0-6cbd581d317c/1/gbt4vkHkgzeZfI_pHY4vJPe0nq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.43.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         02:1c:9e:7c:c1:cf:fe:09:ca:e6:8b:e0:32:9d:65:76:59:fd:
         2b:57:31:b6:47:f0:8b:62:d1:d7:5a:96:9a:c5:a8:12:1b:fd:
         f0:fa:bd:d6:b4:b1:22:53:45:90:24:0b:5e:a2:60:4f:e3:34:
         97:74:c0:4a:1f:df:94:ce:61:17:3a:d2:5d:9a:95:05:17:fa:
         65:32:b0:e0:81:9c:ed:db:03:12:59:72:fa:1d:a5:20:69:0f:
         3b:1f:48:b1:1b:68:bb:e3:b1:ad:0e:1e:c5:0a:89:a7:3c:e4:
         15:8d:c7:04:72:f8:9e:02:62:b2:7c:15:4f:86:f6:4f:52:f3:
         db:ca:26:3a:e1:63:4a:4c:eb:cf:d7:2e:0f:cb:22:41:42:c6:
         01:22:91:b9:5d:a8:46:2b:b7:ab:f0:54:0e:11:2f:c7:b5:45:
         84:0a:c3:f3:ba:1a:4b:26:4e:0f:3f:6e:77:4a:fe:48:51:43:
         ae:da:40:30:4b:a6:12:9d:76:32:04:14:3e:5f:6f:5d:3b:f9:
         54:be:34:c6:92:40:f5:ae:42:ad:c5:6a:c4:36:07:06:03:29:
         0f:43:e0:97:5a:83:49:c1:20:38:7f:cb:61:24:0e:2d:d6:86:
         26:10:15:b6:71:ca:b6:a5:b5:85:d7:55:ea:13:32:d3:8c:db:
         e4:fa:1d:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijXUA7gxlnCPLBLficJvmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYmI3OGJlNDFlNDgzMzc5OTdjOGZlOTFkOGUyZjI0Zjdi
NDllYWYwHhcNMjUwMTAxMTU0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDZmOWIxMjJhMWFlMWM4YWZlYTNiZTg0YTc2OTRiNDc2NGYxMTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxxb+j18z2yeZyEY1BvmDOiOdtHaA
8cyXiIKAcqD8uekEBOOpoHBW0A+17EGgFL7H2MefVLySkmwQXizxbnSObmcUGeRf
2uqkbRhCMyfFrfy5l43VmFtaFyX/oJ4Rwyyq9FfrZjgfoWnIsGNMKkCZPh6r1ZFX
oJF6Vyhrlrr2Km3sblDQiljCkTxrwmp3qXuRJQYH2DGOHNAUB68yIetM/Fw1T4sj
eB1OI+iwlkizK5umrZ2XCg+8DlnyDE9jGFQsnm+ieuaVMRqtmVkgP474Np8QsQ0W
5inMESbYePfyfyHe623hHeOTTusZPykKYO09H7B2VIsrMjbARMUAAHPvIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRvmxIqGuHIr+o76Ep2lLR2TxEBMB8GA1UdIwQY
MBaAFIG7eL5B5IM3mXyP6R2OLyT3tJ6vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2J0NHZrSGtnemVaZklfcEhZNHZKUGUwbnE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC85ZGI0ZDMtZjc4ZC00NDMwLTg3YzAt
NmNiZDU4MWQzMTdjLzEvRkctYkVpb2E0Y2l2Nmp2b1NuYVV0SFpQRVFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC85ZGI0ZDMtZjc4ZC00NDMwLTg3YzAtNmNiZDU4MWQzMTdj
LzEvZ2J0NHZrSGtnemVaZklfcEhZNHZKUGUwbnE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXCvgMA0G
CSqGSIb3DQEBCwUAA4IBAQACHJ58wc/+Ccrmi+AynWV2Wf0rVzG2R/CLYtHXWpaa
xagSG/3w+r3WtLEiU0WQJAteomBP4zSXdMBKH9+UzmEXOtJdmpUFF/plMrDggZzt
2wMSWXL6HaUgaQ87H0ixG2i747GtDh7FComnPOQVjccEcvieAmKyfBVPhvZPUvPb
yiY64WNKTOvP1y4PyyJBQsYBIpG5XahGK7er8FQOES/HtUWECsPzuhpLJk4PP253
Sv5IUUOu2kAwS6YSnXYyBBQ+X29dO/lUvjTGkkD1rkKtxWrENgcGAykPQ+CXWoNJ
wSA4f8thJA4t1oYmEBW2ccq2pbWF11XqEzLTjNvk+h1r
-----END CERTIFICATE-----