Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/81bc95-1444-408a-92f1-392e05a84277/1/FBo3rXSo4tn8EVRM21I5Ufp335o.roa
File:                     FBo3rXSo4tn8EVRM21I5Ufp335o.roa (raw, json)
Hash identifier:          D2os3Gt1IXQLAdh8NwkUbqgtfFwB4PcyhmDSUr8ZtMw=
Subject key identifier:   14:1A:37:AD:74:A8:E2:D9:FC:11:54:4C:DB:52:39:51:FA:77:DF:9A
Certificate issuer:       /CN=1f739d213a438f678b322a8f8f84e2d8c7814aca
Certificate serial:       018CC49316F586846DD3D8AFC310EE1A953C
Authority key identifier: 1F:73:9D:21:3A:43:8F:67:8B:32:2A:8F:8F:84:E2:D8:C7:81:4A:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H3OdITpDj2eLMiqPj4Ti2MeBSso.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/81bc95-1444-408a-92f1-392e05a84277/1/FBo3rXSo4tn8EVRM21I5Ufp335o.roa
Signing time:             Mon 01 Jan 2024 10:30:23 +0000
ROA not before:           Mon 01 Jan 2024 10:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3334
IP address blocks:        194.148.40.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/81bc95-1444-408a-92f1-392e05a84277/1/H3OdITpDj2eLMiqPj4Ti2MeBSso.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/81bc95-1444-408a-92f1-392e05a84277/1/H3OdITpDj2eLMiqPj4Ti2MeBSso.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H3OdITpDj2eLMiqPj4Ti2MeBSso.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:16:f5:86:84:6d:d3:d8:af:c3:10:ee:1a:95:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f739d213a438f678b322a8f8f84e2d8c7814aca
        Validity
            Not Before: Jan  1 10:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=141a37ad74a8e2d9fc11544cdb523951fa77df9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d3:34:5f:ee:cd:2c:fa:0d:b6:f6:b7:ee:1d:
                    c4:a9:c2:ba:33:9a:7c:fa:aa:f1:ae:e4:22:f0:71:
                    f0:0a:08:2e:ba:cf:bc:d0:ca:ed:aa:a2:02:ec:90:
                    7b:1d:0e:27:03:07:9f:b1:ec:ce:bb:cf:cb:49:a3:
                    0c:23:d8:0e:f4:83:ab:24:86:92:5b:9b:3e:96:f9:
                    15:ac:6f:67:f3:83:8d:0a:51:62:f1:b0:aa:b3:50:
                    0e:c2:f1:0f:31:aa:86:3b:d6:d9:37:38:c0:7c:58:
                    0e:b3:8a:07:78:34:c0:bd:e5:dc:9f:f2:c7:d1:94:
                    5a:d3:80:cb:39:3f:49:33:e0:c7:bb:b0:1b:31:94:
                    75:14:c3:5e:b7:40:d0:de:cd:89:a6:4b:93:a4:8a:
                    c5:f7:5e:b4:9c:d2:cc:af:70:5a:47:b4:15:3c:eb:
                    dc:e4:99:4b:28:ad:58:63:d6:19:ac:f5:23:3d:95:
                    f2:e5:1e:76:5c:3c:89:b2:a6:5e:4d:89:13:3b:ff:
                    74:9e:aa:e1:8a:7f:6c:53:1b:a5:2e:6c:a6:e9:12:
                    51:bb:86:86:b4:dd:84:ff:90:6f:11:e9:0e:a2:b8:
                    85:90:a7:50:e6:b0:1b:19:66:ce:9c:cd:df:0b:29:
                    bf:08:d1:bf:9a:4a:42:4a:fb:a5:27:f7:10:cc:2e:
                    ea:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:1A:37:AD:74:A8:E2:D9:FC:11:54:4C:DB:52:39:51:FA:77:DF:9A
            X509v3 Authority Key Identifier:
                keyid:1F:73:9D:21:3A:43:8F:67:8B:32:2A:8F:8F:84:E2:D8:C7:81:4A:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H3OdITpDj2eLMiqPj4Ti2MeBSso.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/81bc95-1444-408a-92f1-392e05a84277/1/FBo3rXSo4tn8EVRM21I5Ufp335o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/81bc95-1444-408a-92f1-392e05a84277/1/H3OdITpDj2eLMiqPj4Ti2MeBSso.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.148.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3b:09:ff:26:80:76:d6:13:09:38:de:c6:5f:cc:3a:f6:8d:cf:
         98:c2:48:fc:c2:a7:56:c1:2e:5f:e7:98:8c:68:d4:a8:6a:3f:
         17:55:11:05:00:ae:6e:52:39:94:97:08:5e:51:f7:f4:c7:ae:
         7a:23:fd:8a:42:91:4a:6b:1c:f4:87:ea:1c:a1:7d:e8:58:02:
         23:a1:ac:7c:c6:b8:a9:be:ba:79:9e:f6:10:e2:47:74:ad:cd:
         3b:cc:8d:6b:2d:2c:f8:ff:ec:52:9a:df:1f:4e:9b:6b:63:a6:
         78:66:0f:73:88:7a:5d:88:cb:50:d9:10:8a:f3:d7:79:bc:97:
         2b:dd:55:79:2c:7d:3a:e4:8f:e3:06:76:e7:27:72:ac:94:ad:
         64:02:bf:a7:48:38:65:67:63:b2:35:da:e6:20:1d:2c:e6:99:
         e6:9f:08:33:7b:50:03:30:7f:fa:54:a1:42:05:dc:e5:f1:86:
         f5:1e:b7:e7:6a:61:7b:f2:5c:b8:14:9f:00:b4:68:5a:ab:f4:
         f8:09:eb:c3:02:07:7a:91:f7:89:32:6c:77:0c:65:70:6d:f7:
         ad:15:9c:cf:29:e0:bf:65:37:00:60:1f:67:28:f4:d8:6c:7c:
         9d:0a:dc:91:02:b6:39:d6:7b:04:a2:4a:ee:b5:dd:b8:63:b3:
         ba:f4:a0:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkxb1hoRt09ivwxDuGpU8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNzM5ZDIxM2E0MzhmNjc4YjMyMmE4ZjhmODRlMmQ4Yzc4
MTRhY2EwHhcNMjQwMTAxMTAzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDFhMzdhZDc0YThlMmQ5ZmMxMTU0NGNkYjUyMzk1MWZhNzdkZjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktM0X+7NLPoNtva37h3EqcK6M5p8
+qrxruQi8HHwCgguus+80MrtqqIC7JB7HQ4nAwefsezOu8/LSaMMI9gO9IOrJIaS
W5s+lvkVrG9n84ONClFi8bCqs1AOwvEPMaqGO9bZNzjAfFgOs4oHeDTAveXcn/LH
0ZRa04DLOT9JM+DHu7AbMZR1FMNet0DQ3s2JpkuTpIrF9160nNLMr3BaR7QVPOvc
5JlLKK1YY9YZrPUjPZXy5R52XDyJsqZeTYkTO/90nqrhin9sUxulLmym6RJRu4aG
tN2E/5BvEekOoriFkKdQ5rAbGWbOnM3fCym/CNG/mkpCSvulJ/cQzC7q7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBQaN610qOLZ/BFUTNtSOVH6d9+aMB8GA1UdIwQY
MBaAFB9znSE6Q49nizIqj4+E4tjHgUrKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDNPZElUcERqMmVMTWlxUGo0VGkyTWVCU3NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84MWJjOTUtMTQ0NC00MDhhLTkyZjEt
MzkyZTA1YTg0Mjc3LzEvRkJvM3JYU280dG44RVZSTTIxSTVVZnAzMzVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84MWJjOTUtMTQ0NC00MDhhLTkyZjEtMzkyZTA1YTg0Mjc3
LzEvSDNPZElUcERqMmVMTWlxUGo0VGkyTWVCU3NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwpQoMA0G
CSqGSIb3DQEBCwUAA4IBAQA7Cf8mgHbWEwk43sZfzDr2jc+Ywkj8wqdWwS5f55iM
aNSoaj8XVREFAK5uUjmUlwheUff0x656I/2KQpFKaxz0h+ocoX3oWAIjoax8xrip
vrp5nvYQ4kd0rc07zI1rLSz4/+xSmt8fTptrY6Z4Zg9ziHpdiMtQ2RCK89d5vJcr
3VV5LH065I/jBnbnJ3KslK1kAr+nSDhlZ2OyNdrmIB0s5pnmnwgze1ADMH/6VKFC
Bdzl8Yb1HrfnamF78ly4FJ8AtGhaq/T4CevDAgd6kfeJMmx3DGVwbfetFZzPKeC/
ZTcAYB9nKPTYbHydCtyRArY51nsEokrutd24Y7O69KBp
-----END CERTIFICATE-----