Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/a19d51-07e5-4db5-9d0e-66d3198bf1a2/1/_F6TNT3UUhlaSwJzhLdsN1a7spg.roa
File:                     _F6TNT3UUhlaSwJzhLdsN1a7spg.roa (raw, json)
Hash identifier:          uqTIEPPhxt4e2fZ+ImCv3FZ0kxLwOFuJ0lRsm9SQU3Q=
Subject key identifier:   FC:5E:93:35:3D:D4:52:19:5A:4B:02:73:84:B7:6C:37:56:BB:B2:98
Certificate issuer:       /CN=3d4276373b040fa9ac77e566c5b6cdf35b53b937
Certificate serial:       0190E02C58D2A5C506F9084A515FA4100D0D
Authority key identifier: 3D:42:76:37:3B:04:0F:A9:AC:77:E5:66:C5:B6:CD:F3:5B:53:B9:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PUJ2NzsED6msd-VmxbbN81tTuTc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/a19d51-07e5-4db5-9d0e-66d3198bf1a2/1/_F6TNT3UUhlaSwJzhLdsN1a7spg.roa
Signing time:             Tue 23 Jul 2024 15:18:40 +0000
ROA not before:           Tue 23 Jul 2024 15:18:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        193.238.232.0/24 maxlen: 24
                          193.238.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/a19d51-07e5-4db5-9d0e-66d3198bf1a2/1/PUJ2NzsED6msd-VmxbbN81tTuTc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/a19d51-07e5-4db5-9d0e-66d3198bf1a2/1/PUJ2NzsED6msd-VmxbbN81tTuTc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PUJ2NzsED6msd-VmxbbN81tTuTc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e0:2c:58:d2:a5:c5:06:f9:08:4a:51:5f:a4:10:0d:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d4276373b040fa9ac77e566c5b6cdf35b53b937
        Validity
            Not Before: Jul 23 15:18:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc5e93353dd452195a4b027384b76c3756bbb298
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:63:eb:24:19:d2:38:d0:b3:37:e6:3c:db:85:
                    11:db:6f:3d:62:dd:6e:3b:79:14:cb:a2:5b:97:96:
                    02:bc:d5:1f:43:3f:82:e5:ca:7f:d6:0c:ac:68:e7:
                    ad:10:23:d8:95:97:93:9d:2c:58:e5:f7:53:11:0a:
                    03:bb:aa:03:42:e4:6c:5a:61:d9:e2:f2:58:2a:42:
                    90:95:3a:1d:a7:7b:02:ea:21:be:6c:95:f1:9d:98:
                    15:72:0b:4d:f9:f7:80:70:57:66:b8:58:29:5e:89:
                    1b:69:9c:1f:7f:57:e0:c4:90:f2:95:3f:59:8a:27:
                    ee:b8:92:62:1c:02:ac:80:7f:f6:ed:2e:20:c5:bd:
                    b4:7e:7f:9f:2d:29:19:a3:89:e1:50:31:ed:4d:f6:
                    87:91:f9:25:de:84:36:79:9b:79:e3:60:ec:7f:69:
                    55:a1:a6:f7:28:bc:b4:0e:b8:17:27:1b:f1:c7:c3:
                    ef:3d:42:d2:79:6d:53:32:ff:82:1b:e0:c3:e7:83:
                    84:c2:d6:de:b8:62:fc:01:48:84:80:3d:22:1f:d3:
                    35:e7:bd:95:86:af:78:3d:1c:c0:31:81:5c:16:3b:
                    a0:e9:43:76:e8:c3:50:93:87:35:1a:d4:78:52:51:
                    4f:db:b6:9d:21:49:dc:d4:36:92:ec:78:80:d3:14:
                    92:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:5E:93:35:3D:D4:52:19:5A:4B:02:73:84:B7:6C:37:56:BB:B2:98
            X509v3 Authority Key Identifier:
                keyid:3D:42:76:37:3B:04:0F:A9:AC:77:E5:66:C5:B6:CD:F3:5B:53:B9:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PUJ2NzsED6msd-VmxbbN81tTuTc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/a19d51-07e5-4db5-9d0e-66d3198bf1a2/1/_F6TNT3UUhlaSwJzhLdsN1a7spg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/a19d51-07e5-4db5-9d0e-66d3198bf1a2/1/PUJ2NzsED6msd-VmxbbN81tTuTc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.238.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a4:75:4d:4f:12:10:62:32:95:e0:e3:d5:d4:fc:c6:43:cf:04:
         8b:2c:c7:fb:ad:eb:ca:e4:ee:0b:0f:20:cb:8e:64:38:27:ed:
         53:28:95:6f:6a:86:41:73:4b:4e:a9:5f:9e:b7:cc:90:34:49:
         1e:cd:18:22:d6:03:4f:42:69:88:3e:fa:fc:10:70:43:24:c8:
         3f:9b:8f:24:a9:0f:80:b6:af:98:4b:8e:a7:dd:9d:46:e5:26:
         86:c0:6a:5d:8c:bb:4e:c1:3b:b0:5a:e1:24:6c:bd:75:34:35:
         af:63:b9:f2:bc:9c:4c:4b:8a:c1:5a:3a:d7:1e:af:7f:ca:67:
         f3:79:06:ae:68:29:9a:fe:db:59:41:ed:97:1c:a1:a3:a0:e1:
         a9:73:e1:45:e8:51:09:b4:35:35:6d:90:67:e4:5d:2b:c5:95:
         21:3d:d1:67:03:c6:9c:79:da:1a:71:05:2f:40:5d:cc:05:c6:
         72:d4:ec:18:15:63:e1:50:03:90:2a:45:6f:7d:7e:ec:5b:bf:
         98:88:d7:91:32:47:d1:f8:4d:2b:3b:72:51:ca:fc:9f:bb:83:
         ac:ea:99:ff:4a:18:5d:5d:50:f1:87:02:0d:23:06:50:ff:d4:
         f1:bb:33:bd:1e:e9:12:04:4c:86:f0:5e:2f:e5:0a:5b:24:bd:
         e6:44:89:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDgLFjSpcUG+QhKUV+kEA0NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkNDI3NjM3M2IwNDBmYTlhYzc3ZTU2NmM1YjZjZGYzNWI1
M2I5MzcwHhcNMjQwNzIzMTUxODQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzVlOTMzNTNkZDQ1MjE5NWE0YjAyNzM4NGI3NmMzNzU2YmJiMjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmPrJBnSONCzN+Y824UR2289Yt1u
O3kUy6Jbl5YCvNUfQz+C5cp/1gysaOetECPYlZeTnSxY5fdTEQoDu6oDQuRsWmHZ
4vJYKkKQlTodp3sC6iG+bJXxnZgVcgtN+feAcFdmuFgpXokbaZwff1fgxJDylT9Z
iifuuJJiHAKsgH/27S4gxb20fn+fLSkZo4nhUDHtTfaHkfkl3oQ2eZt542Dsf2lV
oab3KLy0DrgXJxvxx8PvPULSeW1TMv+CG+DD54OEwtbeuGL8AUiEgD0iH9M1572V
hq94PRzAMYFcFjug6UN26MNQk4c1GtR4UlFP27adIUnc1DaS7HiA0xSS6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPxekzU91FIZWksCc4S3bDdWu7KYMB8GA1UdIwQY
MBaAFD1Cdjc7BA+prHflZsW2zfNbU7k3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFVKMk56c0VENm1zZC1WbXhiYk44MXRUdVRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9hMTlkNTEtMDdlNS00ZGI1LTlkMGUt
NjZkMzE5OGJmMWEyLzEvX0Y2VE5UM1VVaGxhU3dKemhMZHNOMWE3c3BnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9hMTlkNTEtMDdlNS00ZGI1LTlkMGUtNjZkMzE5OGJmMWEy
LzEvUFVKMk56c0VENm1zZC1WbXhiYk44MXRUdVRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwe7oMA0G
CSqGSIb3DQEBCwUAA4IBAQCkdU1PEhBiMpXg49XU/MZDzwSLLMf7revK5O4LDyDL
jmQ4J+1TKJVvaoZBc0tOqV+et8yQNEkezRgi1gNPQmmIPvr8EHBDJMg/m48kqQ+A
tq+YS46n3Z1G5SaGwGpdjLtOwTuwWuEkbL11NDWvY7nyvJxMS4rBWjrXHq9/ymfz
eQauaCma/ttZQe2XHKGjoOGpc+FF6FEJtDU1bZBn5F0rxZUhPdFnA8acedoacQUv
QF3MBcZy1OwYFWPhUAOQKkVvfX7sW7+YiNeRMkfR+E0rO3JRyvyfu4Os6pn/Shhd
XVDxhwINIwZQ/9TxuzO9HukSBEyG8F4v5QpbJL3mRIlv
-----END CERTIFICATE-----