Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FZUXOPm3gxHlvhivJMXtPNXNS5M.roa
File:                     FZUXOPm3gxHlvhivJMXtPNXNS5M.roa (raw, json)
Hash identifier:          zwvovEtmck3cjKRkk7H60gDDET0xP1mysNF/uwXfIoc=
Subject key identifier:   15:95:17:38:F9:B7:83:11:E5:BE:18:AF:24:C5:ED:3C:D5:CD:4B:93
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0190DBF97F07D232C02428D60A94C04080EC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FZUXOPm3gxHlvhivJMXtPNXNS5M.roa
Signing time:             Mon 22 Jul 2024 19:44:39 +0000
ROA not before:           Mon 22 Jul 2024 19:44:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50385
IP address blocks:        89.213.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:db:f9:7f:07:d2:32:c0:24:28:d6:0a:94:c0:40:80:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 22 19:44:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15951738f9b78311e5be18af24c5ed3cd5cd4b93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:fc:df:6e:93:aa:3c:f8:c4:e0:03:cf:98:88:
                    be:07:3f:55:e4:d9:25:86:ac:45:08:2d:f3:e7:e7:
                    fc:c9:e1:30:e5:31:47:cd:bd:be:59:68:63:32:9e:
                    c9:b7:63:85:c6:c3:b2:54:72:62:27:aa:4a:44:3c:
                    4d:04:d3:5f:a6:e6:d1:3a:b9:bc:c3:95:dc:d9:d2:
                    e3:ef:27:eb:20:0c:7b:59:54:54:5c:85:34:eb:5f:
                    8b:d7:60:35:c0:b8:ba:1e:e7:4f:07:28:80:0a:48:
                    b8:4f:5f:a2:cf:3f:e0:21:ce:0f:2e:7b:88:1f:af:
                    20:65:f0:20:e7:78:5e:7d:a9:b8:06:08:54:c0:4e:
                    51:2b:4b:1c:a7:b3:e3:14:50:11:17:4b:9c:c4:25:
                    cc:39:73:21:db:28:b7:5b:b0:02:45:5f:f8:0b:bb:
                    1d:34:b3:34:be:d2:9f:09:1a:f8:2f:09:30:43:48:
                    82:87:d3:7e:2e:17:1d:71:06:6a:fd:f0:dc:81:a9:
                    d5:6a:13:21:c0:31:8a:a6:32:22:ea:df:7b:7b:0a:
                    2a:98:81:a9:5b:fb:81:96:14:46:3d:e0:14:d5:25:
                    90:c0:74:b1:b9:6a:61:2a:63:e7:4d:91:3c:cf:9d:
                    41:70:3f:9a:57:f6:9b:fb:79:09:6e:3f:61:c7:91:
                    e5:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:95:17:38:F9:B7:83:11:E5:BE:18:AF:24:C5:ED:3C:D5:CD:4B:93
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FZUXOPm3gxHlvhivJMXtPNXNS5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:a2:bd:42:97:0b:d3:c3:88:82:ec:63:e5:27:92:30:7b:c8:
         c9:26:b6:8d:96:ef:c6:59:e0:f0:5e:18:d2:c2:ba:cb:fe:a5:
         ed:75:01:d4:27:06:c2:3c:2a:c6:b0:a9:ea:9b:65:d1:f1:79:
         14:4a:ec:4b:ba:43:bb:6a:f3:6e:db:a8:03:4a:03:9a:5f:cd:
         6d:82:1f:f3:bc:4a:cd:4f:78:72:4b:40:7e:7e:32:c4:4a:45:
         88:4b:39:da:8b:ab:25:e0:28:a9:7c:72:50:00:b5:fb:5c:26:
         5f:fe:aa:55:f2:5e:41:ea:5b:db:79:3b:3b:aa:00:c0:d4:ab:
         6c:13:aa:d1:4d:59:26:ae:78:2b:28:a8:50:05:16:70:a1:6c:
         d6:ab:97:c6:07:2c:8b:1a:72:7a:a3:97:8d:74:ea:2c:dd:8f:
         db:79:27:1d:15:07:6e:5b:14:14:1d:d3:5e:51:6d:f8:09:14:
         8a:21:41:d9:13:3d:42:ee:40:c0:69:21:61:8b:85:b7:97:76:
         bf:94:b5:8d:da:78:12:76:ae:1e:54:50:8b:30:a5:1a:fa:67:
         09:14:97:8a:99:59:c1:b7:79:4a:e1:ad:7f:82:e8:69:b8:db:
         f2:a3:41:ca:da:04:50:dd:a7:24:45:3b:1f:20:73:a6:19:78:
         89:62:9c:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDb+X8H0jLAJCjWCpTAQIDsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNzIyMTk0NDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTk1MTczOGY5Yjc4MzExZTViZTE4YWYyNGM1ZWQzY2Q1Y2Q0YjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPzfbpOqPPjE4APPmIi+Bz9V5Nkl
hqxFCC3z5+f8yeEw5TFHzb2+WWhjMp7Jt2OFxsOyVHJiJ6pKRDxNBNNfpubROrm8
w5Xc2dLj7yfrIAx7WVRUXIU061+L12A1wLi6HudPByiACki4T1+izz/gIc4PLnuI
H68gZfAg53hefam4BghUwE5RK0scp7PjFFARF0ucxCXMOXMh2yi3W7ACRV/4C7sd
NLM0vtKfCRr4LwkwQ0iCh9N+LhcdcQZq/fDcganVahMhwDGKpjIi6t97ewoqmIGp
W/uBlhRGPeAU1SWQwHSxuWphKmPnTZE8z51BcD+aV/ab+3kJbj9hx5Hl9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBWVFzj5t4MR5b4YryTF7TzVzUuTMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRlpVWE9QbTNneEhsdmhpdkpNWHRQTlhOUzVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdXmMA0G
CSqGSIb3DQEBCwUAA4IBAQApor1ClwvTw4iC7GPlJ5Iwe8jJJraNlu/GWeDwXhjS
wrrL/qXtdQHUJwbCPCrGsKnqm2XR8XkUSuxLukO7avNu26gDSgOaX81tgh/zvErN
T3hyS0B+fjLESkWISznai6sl4CipfHJQALX7XCZf/qpV8l5B6lvbeTs7qgDA1Kts
E6rRTVkmrngrKKhQBRZwoWzWq5fGByyLGnJ6o5eNdOos3Y/beScdFQduWxQUHdNe
UW34CRSKIUHZEz1C7kDAaSFhi4W3l3a/lLWN2ngSdq4eVFCLMKUa+mcJFJeKmVnB
t3lK4a1/guhpuNvyo0HK2gRQ3ackRTsfIHOmGXiJYpwo
-----END CERTIFICATE-----