Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FWqZzaF9Cd0XV47yaZUZcAzOh6A.roa
File:                     FWqZzaF9Cd0XV47yaZUZcAzOh6A.roa (raw, json)
Hash identifier:          n7gSKvdRLtnhdaQcEqTIOTkpiZPRX1Tj8Gcq4RTFU3I=
Subject key identifier:   15:6A:99:CD:A1:7D:09:DD:17:57:8E:F2:69:95:19:70:0C:CE:87:A0
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019421442846B0BF711A0A969C47ABD209A8
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FWqZzaF9Cd0XV47yaZUZcAzOh6A.roa
Signing time:             Wed 01 Jan 2025 09:48:22 +0000
ROA not before:           Wed 01 Jan 2025 09:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214965
IP address blocks:        194.105.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:28:46:b0:bf:71:1a:0a:96:9c:47:ab:d2:09:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=156a99cda17d09dd17578ef2699519700cce87a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:58:81:8d:f1:ce:4b:89:9a:49:af:65:6e:b3:
                    c7:5c:3d:d1:c7:6a:9b:9d:55:66:a0:c5:7c:32:fd:
                    e1:7c:a5:0c:bd:c4:a7:d9:11:d4:46:3f:aa:1c:ab:
                    5c:4c:9c:08:d1:85:a3:57:09:ad:cd:9a:82:0c:7a:
                    04:eb:32:43:21:1c:3d:69:1c:9e:fe:64:10:2f:0b:
                    ff:30:98:d5:67:80:b8:bc:cd:ed:89:25:c8:ab:06:
                    69:16:1c:e6:35:6a:6e:a2:ec:69:8c:21:c0:eb:93:
                    11:4c:35:f6:cb:de:46:e3:0c:aa:2f:cf:41:79:6e:
                    34:86:e5:10:1e:d7:76:b1:d5:6f:fc:25:f7:1d:45:
                    e5:3d:69:ee:90:60:d7:04:80:0c:88:e2:cf:13:0e:
                    73:0c:92:95:ac:cc:9a:79:13:12:cf:f8:9f:94:2d:
                    ec:97:56:fe:f8:cb:f7:27:4e:d1:1a:41:28:fb:c1:
                    6a:39:a8:93:22:25:39:96:e6:82:9e:2a:ad:4a:e0:
                    62:57:86:af:e2:95:d1:22:73:40:31:da:47:c9:94:
                    e6:b4:e0:2d:2a:15:80:fe:df:82:c3:42:84:b5:97:
                    61:9f:7b:f7:50:59:8a:1c:55:52:5b:13:ee:a1:0d:
                    93:5b:d4:79:cf:20:7a:7f:be:eb:63:0e:04:05:be:
                    b9:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:6A:99:CD:A1:7D:09:DD:17:57:8E:F2:69:95:19:70:0C:CE:87:A0
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FWqZzaF9Cd0XV47yaZUZcAzOh6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.105.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:20:93:60:8d:91:ee:91:96:5b:f8:81:64:af:96:0a:25:9e:
         d1:9d:2a:b7:74:cb:9d:59:b0:9d:ac:a3:2f:39:01:a9:dd:cb:
         1b:48:7d:a9:c9:a8:37:80:c6:bd:be:ff:b2:7a:ba:d5:0c:a8:
         c0:31:a0:7b:02:aa:a8:51:55:34:1e:0e:c8:1c:3b:a3:61:0f:
         5b:72:a6:3b:3d:47:3e:cf:18:55:83:9a:06:94:88:c7:3e:4a:
         ff:c5:bb:d7:47:93:7a:32:e5:07:c8:f1:b9:45:04:e3:6b:e5:
         5d:1a:ed:9a:13:44:cf:9f:6c:c2:ab:8b:2f:4d:4f:e6:ea:66:
         5f:56:38:6c:98:94:0c:c2:86:91:b5:56:44:19:37:43:fd:7d:
         0d:96:bc:df:f4:f5:96:79:04:53:98:96:8f:7b:95:14:ce:53:
         94:6b:d9:6a:23:58:ff:ba:9f:11:34:8c:48:f4:f5:1d:22:8f:
         56:89:22:d5:98:de:0a:1a:74:d1:7b:96:f1:ca:ea:e8:71:51:
         f2:c4:8f:c9:9f:39:88:3c:a5:e0:fe:4e:62:b1:13:19:17:e4:
         b7:66:e9:f5:ff:c3:d9:6d:9a:11:aa:4b:a5:5d:b8:ce:40:db:
         40:2b:5a:90:f1:8c:0e:0f:a0:7c:1d:3c:86:fe:33:68:d8:1c:
         f3:4c:08:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRChGsL9xGgqWnEer0gmoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTZhOTljZGExN2QwOWRkMTc1NzhlZjI2OTk1MTk3MDBjY2U4N2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwViBjfHOS4maSa9lbrPHXD3Rx2qb
nVVmoMV8Mv3hfKUMvcSn2RHURj+qHKtcTJwI0YWjVwmtzZqCDHoE6zJDIRw9aRye
/mQQLwv/MJjVZ4C4vM3tiSXIqwZpFhzmNWpuouxpjCHA65MRTDX2y95G4wyqL89B
eW40huUQHtd2sdVv/CX3HUXlPWnukGDXBIAMiOLPEw5zDJKVrMyaeRMSz/iflC3s
l1b++Mv3J07RGkEo+8FqOaiTIiU5luaCniqtSuBiV4av4pXRInNAMdpHyZTmtOAt
KhWA/t+Cw0KEtZdhn3v3UFmKHFVSWxPuoQ2TW9R5zyB6f77rYw4EBb65NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBVqmc2hfQndF1eO8mmVGXAMzoegMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRldxWnphRjlDZDBYVjQ3eWFaVVpjQXpPaDZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmlSMA0G
CSqGSIb3DQEBCwUAA4IBAQB+IJNgjZHukZZb+IFkr5YKJZ7RnSq3dMudWbCdrKMv
OQGp3csbSH2pyag3gMa9vv+yerrVDKjAMaB7AqqoUVU0Hg7IHDujYQ9bcqY7PUc+
zxhVg5oGlIjHPkr/xbvXR5N6MuUHyPG5RQTja+VdGu2aE0TPn2zCq4svTU/m6mZf
VjhsmJQMwoaRtVZEGTdD/X0Nlrzf9PWWeQRTmJaPe5UUzlOUa9lqI1j/up8RNIxI
9PUdIo9WiSLVmN4KGnTRe5bxyurocVHyxI/JnzmIPKXg/k5isRMZF+S3Zun1/8PZ
bZoRqkulXbjOQNtAK1qQ8YwOD6B8HTyG/jNo2BzzTAih
-----END CERTIFICATE-----