Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d4dded-c510-477c-8fad-f616f0094b14/1/_FAcvg_sKZhxTtm21UCsjqmo8jk.roa
File:                     _FAcvg_sKZhxTtm21UCsjqmo8jk.roa (raw, json)
Hash identifier:          bysFRYzX3wKRfAq+CIqTE+9zxAjKo5pF4PPrHVc4Pys=
Subject key identifier:   FC:50:1C:BE:0F:EC:29:98:71:4E:D9:B6:D5:40:AC:8E:A9:A8:F2:39
Certificate issuer:       /CN=ceb5929361e1d0de160b871f29bdd5a4040ca111
Certificate serial:       018CC6B91600DC506387C2D53E314FB6324F
Authority key identifier: CE:B5:92:93:61:E1:D0:DE:16:0B:87:1F:29:BD:D5:A4:04:0C:A1:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zrWSk2Hh0N4WC4cfKb3VpAQMoRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/d4dded-c510-477c-8fad-f616f0094b14/1/_FAcvg_sKZhxTtm21UCsjqmo8jk.roa
Signing time:             Mon 01 Jan 2024 20:31:07 +0000
ROA not before:           Mon 01 Jan 2024 20:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        134.106.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/d4dded-c510-477c-8fad-f616f0094b14/1/zrWSk2Hh0N4WC4cfKb3VpAQMoRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/d4dded-c510-477c-8fad-f616f0094b14/1/zrWSk2Hh0N4WC4cfKb3VpAQMoRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zrWSk2Hh0N4WC4cfKb3VpAQMoRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:16:00:dc:50:63:87:c2:d5:3e:31:4f:b6:32:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ceb5929361e1d0de160b871f29bdd5a4040ca111
        Validity
            Not Before: Jan  1 20:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc501cbe0fec2998714ed9b6d540ac8ea9a8f239
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:08:ef:bd:b6:87:48:da:05:c6:d2:aa:11:48:
                    6a:38:c5:59:86:89:9f:02:19:8a:01:b7:e2:3f:63:
                    86:9a:77:7e:38:c6:dd:41:68:5a:85:7b:bc:e7:69:
                    47:00:6c:ed:83:e6:49:7a:95:18:db:8e:f5:f4:42:
                    72:67:96:b7:b4:e6:52:ab:43:dc:39:b5:27:cd:5e:
                    e3:75:13:ae:77:d5:15:8d:e5:e0:11:6f:f9:75:cd:
                    9c:91:e7:af:3a:90:22:5a:88:c7:82:83:9b:e5:b8:
                    58:f1:72:56:71:5d:92:03:a8:56:ae:0b:07:80:d6:
                    4c:53:a7:ad:7d:77:e5:d8:6d:df:76:ee:aa:65:c4:
                    d2:74:27:5b:37:c0:b0:38:55:ab:d7:1d:1b:65:af:
                    41:a4:72:69:44:03:3d:9c:85:15:0d:35:90:e8:fc:
                    d1:2b:4c:70:8c:58:b0:b5:21:0a:14:55:40:cc:13:
                    10:ce:a2:17:fa:c4:d8:52:64:d5:dd:aa:21:ff:65:
                    0b:46:d4:9f:36:e7:dd:62:c1:37:d4:10:6f:64:83:
                    f0:d7:a0:0a:5e:29:ce:49:b7:0e:0f:bb:d1:b7:1f:
                    1f:ff:af:af:55:ff:75:c7:a3:e4:99:2a:d4:99:84:
                    47:6f:bf:ea:96:c9:2f:59:52:63:85:ee:7f:8a:9a:
                    c8:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:50:1C:BE:0F:EC:29:98:71:4E:D9:B6:D5:40:AC:8E:A9:A8:F2:39
            X509v3 Authority Key Identifier:
                keyid:CE:B5:92:93:61:E1:D0:DE:16:0B:87:1F:29:BD:D5:A4:04:0C:A1:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zrWSk2Hh0N4WC4cfKb3VpAQMoRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d4dded-c510-477c-8fad-f616f0094b14/1/_FAcvg_sKZhxTtm21UCsjqmo8jk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d4dded-c510-477c-8fad-f616f0094b14/1/zrWSk2Hh0N4WC4cfKb3VpAQMoRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.106.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b7:67:98:43:44:76:b2:43:e7:b2:95:f6:92:49:b8:8c:40:96:
         96:bd:c2:61:f0:fe:aa:e0:2d:a1:f7:20:66:87:d6:e9:f2:63:
         19:8e:43:d4:15:5b:42:e8:6e:bb:37:df:5b:27:48:25:ba:d5:
         26:e3:e3:67:b8:73:c9:86:39:f2:7e:d1:7c:52:65:99:ee:88:
         14:52:fd:fd:cd:37:58:df:9b:73:7b:91:87:dd:43:df:5d:be:
         c1:c5:12:dd:de:4d:e0:1b:e1:37:62:f3:04:fa:ec:a2:9a:e0:
         5f:24:99:1b:c9:b2:0c:c8:95:66:f2:91:29:98:01:53:a1:07:
         a5:ef:ca:8c:33:c4:80:6c:c1:05:e9:98:3a:eb:3a:4c:38:0d:
         f9:f5:6d:01:88:64:23:b4:51:c6:9b:32:9a:07:b9:5f:23:4e:
         a9:c1:bb:55:5f:d3:1d:75:bb:e1:8e:bf:70:6b:0e:27:99:ca:
         cb:6d:3f:e9:43:a8:f9:7d:1f:57:48:59:25:45:17:7b:1e:e6:
         ad:bb:c1:a9:dd:8e:8b:17:c2:3d:60:82:93:08:ff:8c:94:39:
         53:86:7c:bf:b3:37:9e:d8:60:bb:07:97:c8:17:2c:32:3f:d9:
         70:66:7e:cb:28:10:b4:2e:e1:5f:47:65:ef:ab:10:3f:60:79:
         52:69:24:26
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzGuRYA3FBjh8LVPjFPtjJPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYjU5MjkzNjFlMWQwZGUxNjBiODcxZjI5YmRkNWE0MDQw
Y2ExMTEwHhcNMjQwMTAxMjAzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzUwMWNiZTBmZWMyOTk4NzE0ZWQ5YjZkNTQwYWM4ZWE5YThmMjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAjvvbaHSNoFxtKqEUhqOMVZhomf
AhmKAbfiP2OGmnd+OMbdQWhahXu852lHAGztg+ZJepUY24719EJyZ5a3tOZSq0Pc
ObUnzV7jdROud9UVjeXgEW/5dc2ckeevOpAiWojHgoOb5bhY8XJWcV2SA6hWrgsH
gNZMU6etfXfl2G3fdu6qZcTSdCdbN8CwOFWr1x0bZa9BpHJpRAM9nIUVDTWQ6PzR
K0xwjFiwtSEKFFVAzBMQzqIX+sTYUmTV3aoh/2ULRtSfNufdYsE31BBvZIPw16AK
XinOSbcOD7vRtx8f/6+vVf91x6PkmSrUmYRHb7/qlskvWVJjhe5/iprIrwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFPxQHL4P7CmYcU7ZttVArI6pqPI5MB8GA1UdIwQY
MBaAFM61kpNh4dDeFguHHym91aQEDKERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenJXU2sySGgwTjRXQzRjZktiM1ZwQVFNb1JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kNGRkZWQtYzUxMC00NzdjLThmYWQt
ZjYxNmYwMDk0YjE0LzEvX0ZBY3ZnX3NLWmh4VHRtMjFVQ3NqcW1vOGprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kNGRkZWQtYzUxMC00NzdjLThmYWQtZjYxNmYwMDk0YjE0
LzEvenJXU2sySGgwTjRXQzRjZktiM1ZwQVFNb1JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhmowDQYJ
KoZIhvcNAQELBQADggEBALdnmENEdrJD57KV9pJJuIxAlpa9wmHw/qrgLaH3IGaH
1unyYxmOQ9QVW0Lobrs331snSCW61Sbj42e4c8mGOfJ+0XxSZZnuiBRS/f3NN1jf
m3N7kYfdQ99dvsHFEt3eTeAb4Tdi8wT67KKa4F8kmRvJsgzIlWbykSmYAVOhB6Xv
yowzxIBswQXpmDrrOkw4Dfn1bQGIZCO0UcabMpoHuV8jTqnBu1Vf0x11u+GOv3Br
DieZysttP+lDqPl9H1dIWSVFF3se5q27wandjosXwj1ggpMI/4yUOVOGfL+zN57Y
YLsHl8gXLDI/2XBmfssoELQu4V9HZe+rED9geVJpJCY=
-----END CERTIFICATE-----