Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FhscwiW5wZd0Y1hwvRaai4mQAnI.roa
File:                     FhscwiW5wZd0Y1hwvRaai4mQAnI.roa (raw, json)
Hash identifier:          iB0L4x4k2YVVYwdYcDUMXpxla7Ge1OcCnjw2CxWDKnM=
Subject key identifier:   16:1B:1C:C2:25:B9:C1:97:74:63:58:70:BD:16:9A:8B:89:90:02:72
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F583E1D76256711D4A947E882A1F57062
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FhscwiW5wZd0Y1hwvRaai4mQAnI.roa
Signing time:             Wed 08 May 2024 12:46:56 +0000
ROA not before:           Wed 08 May 2024 12:46:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61272
IP address blocks:        109.176.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:58:3e:1d:76:25:67:11:d4:a9:47:e8:82:a1:f5:70:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  8 12:46:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=161b1cc225b9c19774635870bd169a8b89900272
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:cb:5b:67:d3:a9:0e:23:72:c1:8c:0d:88:3b:
                    88:7c:ea:95:66:bd:a3:a9:13:20:fb:30:8a:8c:19:
                    ec:46:d5:79:99:33:8e:eb:cc:3b:f3:11:af:8e:34:
                    01:41:90:8a:af:b6:9f:65:12:fb:5a:a0:0b:d3:42:
                    30:67:9b:bc:66:18:bd:56:05:0a:35:4e:c3:50:fc:
                    5b:24:41:83:81:de:e9:31:57:fd:e0:48:92:11:3b:
                    2a:4f:91:49:27:73:0a:16:6d:03:cc:03:2e:e0:2a:
                    bb:c2:fa:74:5f:82:cc:2c:6a:79:04:9e:ae:7e:d8:
                    24:74:b8:2d:dc:35:fd:de:8c:e7:f5:62:e9:b5:be:
                    9d:77:b7:9e:94:c2:98:eb:c6:e1:8b:bd:33:61:4c:
                    69:d2:9a:11:de:fc:f3:78:96:b7:ea:1e:2f:75:53:
                    df:e3:c0:c4:eb:a2:d6:a8:8a:a1:5a:ec:89:02:24:
                    63:e7:71:4d:4d:d2:7b:b8:c3:4b:95:35:bc:45:34:
                    01:8a:cc:8a:0a:24:93:a3:1f:8e:66:ef:5b:3a:5b:
                    cb:b8:c1:81:a1:8f:97:db:55:88:db:e7:87:00:2d:
                    ad:7c:88:5a:5e:5a:62:b3:51:1b:55:e0:af:11:93:
                    69:7a:85:52:de:cc:2e:44:38:db:a2:8a:ca:48:19:
                    48:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:1B:1C:C2:25:B9:C1:97:74:63:58:70:BD:16:9A:8B:89:90:02:72
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FhscwiW5wZd0Y1hwvRaai4mQAnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:15:ab:ab:94:c6:01:38:f9:d9:12:61:ac:85:05:f1:f8:64:
         fd:5b:a0:cf:c9:96:9e:fe:7c:13:a0:16:5b:75:8d:02:60:18:
         7b:4c:3f:21:57:00:2f:33:76:db:2d:44:28:c3:76:e0:03:4f:
         66:6f:fd:72:da:8a:99:fd:31:1c:53:22:f5:9f:de:30:dd:d1:
         b0:e0:b1:54:5d:6d:3f:98:53:e4:21:e5:26:03:71:2d:c7:a0:
         b2:ee:9c:0d:8f:82:d6:6b:1b:42:60:48:f3:1b:9a:bf:53:09:
         f9:1d:b5:16:d3:68:6c:e6:0d:e9:ef:40:53:b0:e3:e7:29:38:
         59:a8:14:a5:c6:b3:fa:24:bd:3f:7d:a0:05:98:f3:66:6b:54:
         3d:2f:a1:e2:21:b1:9c:82:68:c3:16:3f:11:93:1d:1b:25:86:
         a1:3a:e7:07:a7:7b:9f:b1:6d:6a:d6:c2:c4:60:85:3e:d6:be:
         58:52:a7:6d:c8:78:62:3f:c9:93:97:13:44:7e:cc:af:4d:9e:
         b6:76:38:44:73:99:9d:b1:a7:85:c1:85:04:58:ae:37:2b:5f:
         36:5f:55:62:0a:f8:48:d2:54:5c:ee:8a:38:75:00:45:4d:16:
         5d:09:be:89:1c:14:8e:31:b2:a7:0a:26:0b:56:2d:b5:e3:50:
         96:ca:70:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9YPh12JWcR1KlH6IKh9XBiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTA4MTI0NjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjFiMWNjMjI1YjljMTk3NzQ2MzU4NzBiZDE2OWE4Yjg5OTAwMjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMtbZ9OpDiNywYwNiDuIfOqVZr2j
qRMg+zCKjBnsRtV5mTOO68w78xGvjjQBQZCKr7afZRL7WqAL00IwZ5u8Zhi9VgUK
NU7DUPxbJEGDgd7pMVf94EiSETsqT5FJJ3MKFm0DzAMu4Cq7wvp0X4LMLGp5BJ6u
ftgkdLgt3DX93ozn9WLptb6dd7eelMKY68bhi70zYUxp0poR3vzzeJa36h4vdVPf
48DE66LWqIqhWuyJAiRj53FNTdJ7uMNLlTW8RTQBisyKCiSTox+OZu9bOlvLuMGB
oY+X21WI2+eHAC2tfIhaXlpis1EbVeCvEZNpeoVS3swuRDjboorKSBlIoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBYbHMIlucGXdGNYcL0WmouJkAJyMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRmhzY3dpVzV3WmQwWTFod3ZSYWFpNG1RQW5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbASMA0G
CSqGSIb3DQEBCwUAA4IBAQAfFaurlMYBOPnZEmGshQXx+GT9W6DPyZae/nwToBZb
dY0CYBh7TD8hVwAvM3bbLUQow3bgA09mb/1y2oqZ/TEcUyL1n94w3dGw4LFUXW0/
mFPkIeUmA3Etx6Cy7pwNj4LWaxtCYEjzG5q/Uwn5HbUW02hs5g3p70BTsOPnKThZ
qBSlxrP6JL0/faAFmPNma1Q9L6HiIbGcgmjDFj8Rkx0bJYahOucHp3ufsW1q1sLE
YIU+1r5YUqdtyHhiP8mTlxNEfsyvTZ62djhEc5mdsaeFwYUEWK43K182X1ViCvhI
0lRc7oo4dQBFTRZdCb6JHBSOMbKnCiYLVi2141CWynAK
-----END CERTIFICATE-----