Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/f1af90-355c-484b-b923-d31d4cb1b129/1/FlDbEKehQsJSjo0s3jft5nTjGgA.roa
File:                     FlDbEKehQsJSjo0s3jft5nTjGgA.roa (raw, json)
Hash identifier:          8omC+UNO6ZgyRaUkiBfOGc7v1TGPR0cK3QR8z3+gqyY=
Subject key identifier:   16:50:DB:10:A7:A1:42:C2:52:8E:8D:2C:DE:37:ED:E6:74:E3:1A:00
Certificate issuer:       /CN=30309941a6d84fa4dbddaf0f4ecd99f9f043cfdc
Certificate serial:       018CC9BCE35799E52DDB3365DDF9D7E60E47
Authority key identifier: 30:30:99:41:A6:D8:4F:A4:DB:DD:AF:0F:4E:CD:99:F9:F0:43:CF:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MDCZQabYT6Tb3a8PTs2Z-fBDz9w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/f1af90-355c-484b-b923-d31d4cb1b129/1/FlDbEKehQsJSjo0s3jft5nTjGgA.roa
Signing time:             Tue 02 Jan 2024 10:34:08 +0000
ROA not before:           Tue 02 Jan 2024 10:34:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206994
IP address blocks:        193.5.147.0/24 maxlen: 24
                          2a0c:8187::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/f1af90-355c-484b-b923-d31d4cb1b129/1/MDCZQabYT6Tb3a8PTs2Z-fBDz9w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/f1af90-355c-484b-b923-d31d4cb1b129/1/MDCZQabYT6Tb3a8PTs2Z-fBDz9w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MDCZQabYT6Tb3a8PTs2Z-fBDz9w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e3:57:99:e5:2d:db:33:65:dd:f9:d7:e6:0e:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30309941a6d84fa4dbddaf0f4ecd99f9f043cfdc
        Validity
            Not Before: Jan  2 10:34:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1650db10a7a142c2528e8d2cde37ede674e31a00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:85:b1:ac:d5:b4:e9:97:ff:4f:bb:00:cd:59:
                    bf:10:17:d6:5a:d4:c3:63:41:1d:48:69:d2:72:e4:
                    4b:d3:44:6f:0d:06:de:b0:87:93:2d:c0:c6:37:80:
                    1f:c9:19:4d:8c:0b:36:de:ba:d4:de:47:a1:3a:44:
                    6a:92:e4:87:00:12:ed:b3:f6:35:76:57:3c:a6:ae:
                    da:13:f3:e1:1e:4b:7d:6f:b0:80:87:89:74:3d:8b:
                    a1:a8:c9:c2:e0:ee:27:67:80:00:54:2e:44:c3:40:
                    b1:98:3e:ca:a3:8d:d5:0d:5c:8c:93:8c:16:95:0d:
                    05:b5:22:1d:ae:f6:a5:36:75:cc:0c:c1:40:21:a0:
                    bd:0b:e4:d5:53:68:3b:17:31:3e:92:ab:c9:96:2a:
                    7c:33:43:e9:6a:fb:f0:e4:5c:e8:4b:d9:48:9e:ef:
                    31:99:4a:d6:7f:d6:73:56:f9:5f:48:69:f2:b8:97:
                    c5:a4:7a:bb:8f:b9:2f:25:97:a3:8d:bb:da:d5:92:
                    f9:09:66:1f:17:f3:fd:ca:0c:21:e0:6c:e7:ee:b8:
                    e0:c2:28:fc:71:96:e6:03:d0:52:79:08:8a:41:b1:
                    8d:47:4a:a4:3c:c2:cf:2a:00:64:9b:bd:87:63:97:
                    b7:6b:f4:52:68:f8:99:94:35:22:54:b4:90:27:81:
                    92:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:50:DB:10:A7:A1:42:C2:52:8E:8D:2C:DE:37:ED:E6:74:E3:1A:00
            X509v3 Authority Key Identifier:
                keyid:30:30:99:41:A6:D8:4F:A4:DB:DD:AF:0F:4E:CD:99:F9:F0:43:CF:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MDCZQabYT6Tb3a8PTs2Z-fBDz9w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/f1af90-355c-484b-b923-d31d4cb1b129/1/FlDbEKehQsJSjo0s3jft5nTjGgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/f1af90-355c-484b-b923-d31d4cb1b129/1/MDCZQabYT6Tb3a8PTs2Z-fBDz9w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.5.147.0/24
                IPv6:
                  2a0c:8187::/32

    Signature Algorithm: sha256WithRSAEncryption
         21:74:1c:12:1a:91:3e:20:7e:c4:67:26:59:72:b9:f7:00:78:
         ef:17:99:8f:21:40:da:93:de:0f:cb:88:09:14:c7:a7:27:56:
         e5:db:12:9d:ad:19:f6:be:36:c3:4e:c5:a6:8f:6f:ff:9e:19:
         20:49:d9:74:f5:c4:5a:1d:d5:53:b1:ab:5b:42:57:69:b9:ef:
         78:c3:02:bf:ec:a8:e8:e8:a0:48:00:33:4c:fa:a1:ea:60:7f:
         fb:b0:7e:a5:7d:bf:be:4e:9c:c9:22:22:7c:c5:76:6e:09:3c:
         aa:01:a6:2c:9c:6a:9b:8c:3c:c8:97:27:98:b0:27:76:c7:b9:
         63:6c:06:ce:93:2c:bd:1e:49:67:71:ce:d0:f3:e4:ed:ed:b6:
         e5:34:d2:72:e0:48:73:88:22:4d:ec:32:58:34:cb:37:3b:36:
         cc:ff:7d:dd:43:ba:dc:82:72:e9:0f:a5:4a:05:42:dd:a1:ba:
         aa:9e:15:61:38:69:95:db:48:ab:4d:de:81:b6:3e:36:bd:2d:
         79:1c:1d:c7:c3:2b:93:01:35:4c:9c:b7:eb:99:48:84:7c:c9:
         33:f9:03:cd:4d:24:19:8a:a4:24:cd:97:9c:f4:38:5a:47:b0:
         db:40:bb:ee:4e:6a:74:71:0e:82:63:77:81:c7:aa:f8:55:e9:
         0a:7f:4f:89
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvONXmeUt2zNl3fnX5g5HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMzA5OTQxYTZkODRmYTRkYmRkYWYwZjRlY2Q5OWY5ZjA0
M2NmZGMwHhcNMjQwMTAyMTAzNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjUwZGIxMGE3YTE0MmMyNTI4ZThkMmNkZTM3ZWRlNjc0ZTMxYTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIWxrNW06Zf/T7sAzVm/EBfWWtTD
Y0EdSGnScuRL00RvDQbesIeTLcDGN4AfyRlNjAs23rrU3kehOkRqkuSHABLts/Y1
dlc8pq7aE/PhHkt9b7CAh4l0PYuhqMnC4O4nZ4AAVC5Ew0CxmD7Ko43VDVyMk4wW
lQ0FtSIdrvalNnXMDMFAIaC9C+TVU2g7FzE+kqvJlip8M0Ppavvw5FzoS9lInu8x
mUrWf9ZzVvlfSGnyuJfFpHq7j7kvJZejjbva1ZL5CWYfF/P9ygwh4Gzn7rjgwij8
cZbmA9BSeQiKQbGNR0qkPMLPKgBkm72HY5e3a/RSaPiZlDUiVLSQJ4GSvQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBZQ2xCnoULCUo6NLN437eZ04xoAMB8GA1UdIwQY
MBaAFDAwmUGm2E+k292vD07NmfnwQ8/cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTURDWlFhYllUNlRiM2E4UFRzMlotZkJEejl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9mMWFmOTAtMzU1Yy00ODRiLWI5MjMt
ZDMxZDRjYjFiMTI5LzEvRmxEYkVLZWhRc0pTam8wczNqZnQ1blRqR2dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9mMWFmOTAtMzU1Yy00ODRiLWI5MjMtZDMxZDRjYjFiMTI5
LzEvTURDWlFhYllUNlRiM2E4UFRzMlotZkJEejl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwQWTMA0E
AgACMAcDBQAqDIGHMA0GCSqGSIb3DQEBCwUAA4IBAQAhdBwSGpE+IH7EZyZZcrn3
AHjvF5mPIUDak94Py4gJFMenJ1bl2xKdrRn2vjbDTsWmj2//nhkgSdl09cRaHdVT
satbQldpue94wwK/7Kjo6KBIADNM+qHqYH/7sH6lfb++TpzJIiJ8xXZuCTyqAaYs
nGqbjDzIlyeYsCd2x7ljbAbOkyy9Hklncc7Q8+Tt7bblNNJy4EhziCJN7DJYNMs3
OzbM/33dQ7rcgnLpD6VKBULdobqqnhVhOGmV20irTd6Btj42vS15HB3HwyuTATVM
nLfrmUiEfMkz+QPNTSQZiqQkzZec9DhaR7DbQLvuTmp0cQ6CY3eBx6r4VekKf0+J
-----END CERTIFICATE-----