Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/FzHDHLpWDrZuV1L9yXbU5UilpEA.roa
File:                     FzHDHLpWDrZuV1L9yXbU5UilpEA.roa (raw, json)
Hash identifier:          FIQgYfebDYpw8q6CWfIgSdeFedvMIDzmFKMoEYZH2Uc=
Subject key identifier:   17:31:C3:1C:BA:56:0E:B6:6E:57:52:FD:C9:76:D4:E5:48:A5:A4:40
Certificate issuer:       /CN=8bdac18a7ad501ba7ea13567909f17e4f7327413
Certificate serial:       018CC86FCC5B9273D72174ED53DA432FEBC7
Authority key identifier: 8B:DA:C1:8A:7A:D5:01:BA:7E:A1:35:67:90:9F:17:E4:F7:32:74:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i9rBinrVAbp-oTVnkJ8X5PcydBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/FzHDHLpWDrZuV1L9yXbU5UilpEA.roa
Signing time:             Tue 02 Jan 2024 04:30:19 +0000
ROA not before:           Tue 02 Jan 2024 04:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28859
IP address blocks:        212.94.32.0/20 maxlen: 20
                          212.94.56.0/21 maxlen: 21
                          2a02:368::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/i9rBinrVAbp-oTVnkJ8X5PcydBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/i9rBinrVAbp-oTVnkJ8X5PcydBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i9rBinrVAbp-oTVnkJ8X5PcydBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:cc:5b:92:73:d7:21:74:ed:53:da:43:2f:eb:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdac18a7ad501ba7ea13567909f17e4f7327413
        Validity
            Not Before: Jan  2 04:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1731c31cba560eb66e5752fdc976d4e548a5a440
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:0c:65:df:45:a4:62:bb:27:21:15:cc:ec:5b:
                    25:48:16:21:10:4c:70:8a:32:80:1e:d6:de:4c:f1:
                    9f:1b:ba:00:fa:64:e3:be:ee:89:fa:39:4c:2b:e2:
                    ea:ee:11:33:61:ba:a6:bc:10:fe:fc:ad:04:4b:d6:
                    01:c4:fb:2f:d2:c6:f4:8d:1d:32:b5:1a:d6:bd:8c:
                    37:fc:36:d6:a9:bb:fd:5e:30:52:71:5c:6d:39:a1:
                    95:b2:ba:68:ad:58:67:02:3e:88:f5:41:00:c1:03:
                    1b:db:82:a1:0b:f9:5b:fa:64:0d:bc:9f:e9:77:e7:
                    04:83:b7:48:ea:2e:b7:58:44:34:1b:df:98:ec:cc:
                    fe:b3:32:56:41:85:88:a6:c8:98:23:ce:93:c2:64:
                    3b:d8:58:ea:51:36:d4:c4:6c:21:33:62:4d:5d:e9:
                    80:55:27:50:f6:50:d4:58:38:19:08:3f:ae:73:6e:
                    e3:62:c1:f0:f7:df:1f:99:4a:63:47:80:6e:da:99:
                    dd:a0:29:88:a7:39:da:bf:36:2b:d5:44:36:57:ed:
                    96:dc:50:18:42:be:11:81:c9:40:34:7c:10:64:71:
                    e1:24:7a:e4:52:b4:d9:63:92:82:61:b6:5a:62:32:
                    2b:3d:03:df:e7:12:2c:25:2e:7c:d9:de:8e:0d:32:
                    ab:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:31:C3:1C:BA:56:0E:B6:6E:57:52:FD:C9:76:D4:E5:48:A5:A4:40
            X509v3 Authority Key Identifier:
                keyid:8B:DA:C1:8A:7A:D5:01:BA:7E:A1:35:67:90:9F:17:E4:F7:32:74:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i9rBinrVAbp-oTVnkJ8X5PcydBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/FzHDHLpWDrZuV1L9yXbU5UilpEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/i9rBinrVAbp-oTVnkJ8X5PcydBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.94.32.0/20
                  212.94.56.0/21
                IPv6:
                  2a02:368::/32

    Signature Algorithm: sha256WithRSAEncryption
         79:ae:2f:9a:65:32:50:b1:5b:22:37:24:7c:7c:e1:cd:0c:68:
         2d:dd:a3:61:d9:98:01:0c:2a:5c:e7:53:9c:f1:cd:fe:50:c2:
         88:57:65:fd:de:ef:7d:51:bd:5c:27:1a:d4:27:73:53:c4:a9:
         a9:ac:06:aa:d4:55:69:62:7f:1f:01:8d:0f:39:a6:b8:87:97:
         90:bc:d0:75:ef:20:14:30:5f:a2:93:39:df:e8:bd:ec:a1:2e:
         1d:75:d1:d3:2f:90:96:79:7e:34:cf:e8:3a:94:c0:e8:8c:8e:
         cc:eb:6a:6a:01:36:97:e0:14:8c:93:7f:60:38:e6:52:bb:bf:
         fc:3e:bb:a8:e7:dd:60:65:b6:24:eb:6e:2d:a0:73:9c:52:8a:
         46:ac:70:eb:8c:f2:d4:c4:70:07:fb:f0:fb:61:97:87:80:15:
         50:5d:75:fb:41:c0:3d:6d:b4:55:68:97:05:4f:01:c0:83:aa:
         56:13:1a:fc:7a:d9:8e:b0:b6:60:c1:ae:7a:5b:b9:24:b1:35:
         cb:ff:ee:00:65:2c:f5:72:09:25:a7:d1:46:18:01:e4:41:12:
         f9:3f:a1:f9:cc:53:1a:f7:49:44:66:4c:7c:ee:a4:8a:55:a5:
         8b:96:b2:7c:0f:45:2a:f4:81:f4:ea:68:74:0b:a2:68:06:2a:
         f3:b6:a3:51
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIb8xbknPXIXTtU9pDL+vHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGFjMThhN2FkNTAxYmE3ZWExMzU2NzkwOWYxN2U0Zjcz
Mjc0MTMwHhcNMjQwMTAyMDQzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzMxYzMxY2JhNTYwZWI2NmU1NzUyZmRjOTc2ZDRlNTQ4YTVhNDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQxl30WkYrsnIRXM7FslSBYhEExw
ijKAHtbeTPGfG7oA+mTjvu6J+jlMK+Lq7hEzYbqmvBD+/K0ES9YBxPsv0sb0jR0y
tRrWvYw3/DbWqbv9XjBScVxtOaGVsrporVhnAj6I9UEAwQMb24KhC/lb+mQNvJ/p
d+cEg7dI6i63WEQ0G9+Y7Mz+szJWQYWIpsiYI86TwmQ72FjqUTbUxGwhM2JNXemA
VSdQ9lDUWDgZCD+uc27jYsHw998fmUpjR4Bu2pndoCmIpznavzYr1UQ2V+2W3FAY
Qr4RgclANHwQZHHhJHrkUrTZY5KCYbZaYjIrPQPf5xIsJS582d6ODTKrfwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBcxwxy6Vg62bldS/cl21OVIpaRAMB8GA1UdIwQY
MBaAFIvawYp61QG6fqE1Z5CfF+T3MnQTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTlyQmluclZBYnAtb1RWbmtKOFg1UGN5ZEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS8zNzRmZDEtMDJjMi00NjcxLWJkYzkt
YzNjYzVkZTFlY2U5LzEvRnpIREhMcFdEclp1VjFMOXlYYlU1VWlscEVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS8zNzRmZDEtMDJjMi00NjcxLWJkYzktYzNjYzVkZTFlY2U5
LzEvaTlyQmluclZBYnAtb1RWbmtKOFg1UGN5ZEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQE1F4gAwQD
1F44MA0EAgACMAcDBQAqAgNoMA0GCSqGSIb3DQEBCwUAA4IBAQB5ri+aZTJQsVsi
NyR8fOHNDGgt3aNh2ZgBDCpc51Oc8c3+UMKIV2X93u99Ub1cJxrUJ3NTxKmprAaq
1FVpYn8fAY0POaa4h5eQvNB17yAUMF+ikznf6L3soS4dddHTL5CWeX40z+g6lMDo
jI7M62pqATaX4BSMk39gOOZSu7/8Pruo591gZbYk624toHOcUopGrHDrjPLUxHAH
+/D7YZeHgBVQXXX7QcA9bbRVaJcFTwHAg6pWExr8etmOsLZgwa56W7kksTXL/+4A
ZSz1cgklp9FGGAHkQRL5P6H5zFMa90lEZkx87qSKVaWLlrJ8D0Uq9IH06mh0C6Jo
BirztqNR
-----END CERTIFICATE-----