Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/977d70-6c87-409d-8ef8-027a743ba462/1/FU2NFId5926TBO5H7YTmk_evhBg.roa
File:                     FU2NFId5926TBO5H7YTmk_evhBg.roa (raw, json)
Hash identifier:          gjqZCYI75zreJNQUzK+aCt5W+uEggoX98u4yJ4x1hO0=
Subject key identifier:   15:4D:8D:14:87:79:F7:6E:93:04:EE:47:ED:84:E6:93:F7:AF:84:18
Certificate issuer:       /CN=f15cb9afc8a8670e1f116cbd21499c9f71215bc0
Certificate serial:       018F94A926B251D781DF32FBFBE6C6B1DAC0
Authority key identifier: F1:5C:B9:AF:C8:A8:67:0E:1F:11:6C:BD:21:49:9C:9F:71:21:5B:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8Vy5r8ioZw4fEWy9IUmcn3EhW8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/977d70-6c87-409d-8ef8-027a743ba462/1/FU2NFId5926TBO5H7YTmk_evhBg.roa
Signing time:             Mon 20 May 2024 06:21:04 +0000
ROA not before:           Mon 20 May 2024 06:21:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215540
IP address blocks:        2a00:b703:fff1::/48 maxlen: 48
                          2a00:b703:fff2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/977d70-6c87-409d-8ef8-027a743ba462/1/8Vy5r8ioZw4fEWy9IUmcn3EhW8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/977d70-6c87-409d-8ef8-027a743ba462/1/8Vy5r8ioZw4fEWy9IUmcn3EhW8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8Vy5r8ioZw4fEWy9IUmcn3EhW8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:94:a9:26:b2:51:d7:81:df:32:fb:fb:e6:c6:b1:da:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f15cb9afc8a8670e1f116cbd21499c9f71215bc0
        Validity
            Not Before: May 20 06:21:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=154d8d148779f76e9304ee47ed84e693f7af8418
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:23:d1:6f:80:e9:84:83:ce:6b:b9:27:75:c7:
                    00:84:3f:95:6a:ba:94:07:74:62:b3:ff:92:8f:09:
                    27:5f:81:a8:a0:d2:7f:2a:1d:31:b2:9f:b8:4e:7b:
                    b5:25:69:cd:9e:de:60:c7:2c:27:e7:f4:c4:10:4d:
                    e4:b9:f0:95:8e:a0:8a:4d:5e:53:b9:ff:5a:a9:99:
                    63:be:ba:81:de:21:fa:9b:c7:28:db:4c:13:8a:f2:
                    7f:05:a8:a6:77:2e:b2:c0:d8:73:e2:85:78:16:fd:
                    ed:96:5f:9c:19:b4:5e:55:3c:9c:17:46:ed:68:9c:
                    ed:de:10:ca:56:04:fc:80:4d:90:00:05:82:36:38:
                    85:75:bf:c3:03:db:b6:f7:1e:cb:fe:ff:29:56:d7:
                    e2:fc:08:e3:66:97:5e:46:23:77:83:ca:f9:6b:34:
                    1f:b2:7f:1e:c1:50:74:5e:af:53:e6:0c:24:2b:92:
                    ff:67:ae:0e:57:e4:13:bb:22:7c:c9:62:d3:9e:50:
                    05:5c:04:7a:4f:e7:3c:40:28:fd:9c:35:9d:cb:cc:
                    00:33:b9:a6:21:66:02:80:1b:89:64:d1:32:36:8b:
                    9c:5c:43:0d:0b:aa:3c:32:ad:b6:a7:6e:92:d1:0c:
                    55:f2:af:22:82:d4:e0:14:4b:e5:4e:27:fe:c8:e0:
                    a1:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:4D:8D:14:87:79:F7:6E:93:04:EE:47:ED:84:E6:93:F7:AF:84:18
            X509v3 Authority Key Identifier:
                keyid:F1:5C:B9:AF:C8:A8:67:0E:1F:11:6C:BD:21:49:9C:9F:71:21:5B:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Vy5r8ioZw4fEWy9IUmcn3EhW8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/977d70-6c87-409d-8ef8-027a743ba462/1/FU2NFId5926TBO5H7YTmk_evhBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/977d70-6c87-409d-8ef8-027a743ba462/1/8Vy5r8ioZw4fEWy9IUmcn3EhW8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:b703:fff1::-2a00:b703:fff2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         7c:c8:b1:07:da:ed:f8:16:94:d6:ff:46:6c:36:f0:db:5d:fe:
         a0:bb:72:e1:b8:ab:b0:e3:5c:2a:5f:67:31:38:ad:bd:03:1e:
         da:5e:5b:10:b3:ee:cd:3a:39:ec:5e:32:d8:71:f2:42:61:e4:
         78:27:60:0c:68:43:28:bb:5b:55:68:f4:bb:91:9a:9d:36:e3:
         aa:49:7e:db:38:48:05:73:f9:3d:50:ca:a2:ce:d9:56:39:73:
         07:f8:ff:5b:ff:f8:4d:56:57:ae:1a:24:e1:8f:5e:72:97:b3:
         d8:b8:94:b2:39:51:c0:44:c5:70:77:f9:cd:6c:eb:87:02:e8:
         28:d7:85:0a:fa:6e:ce:88:32:87:98:fc:19:31:50:6d:b2:bf:
         6c:c4:60:c8:ec:c0:de:51:74:02:da:bc:e3:f8:2b:f4:e0:4c:
         f3:cf:4f:94:1c:77:0e:45:f1:dc:fb:24:2c:ef:ee:ca:1c:90:
         72:63:e6:51:64:9c:27:ff:8a:cf:da:60:60:9f:92:78:59:bb:
         74:c1:b2:a5:83:68:64:82:ce:e1:af:7c:0b:29:bb:48:55:b3:
         81:b3:b8:c5:01:c1:3c:76:1a:ed:0a:d0:79:4a:05:ed:9f:a8:
         6d:20:03:f0:7f:20:16:02:8a:5a:d8:2e:a0:4d:50:f6:0a:4c:
         0b:9c:7c:30
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY+UqSayUdeB3zL7++bGsdrAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNWNiOWFmYzhhODY3MGUxZjExNmNiZDIxNDk5YzlmNzEy
MTViYzAwHhcNMjQwNTIwMDYyMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTRkOGQxNDg3NzlmNzZlOTMwNGVlNDdlZDg0ZTY5M2Y3YWY4NDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryPRb4DphIPOa7kndccAhD+VarqU
B3Ris/+SjwknX4GooNJ/Kh0xsp+4Tnu1JWnNnt5gxywn5/TEEE3kufCVjqCKTV5T
uf9aqZljvrqB3iH6m8co20wTivJ/Baimdy6ywNhz4oV4Fv3tll+cGbReVTycF0bt
aJzt3hDKVgT8gE2QAAWCNjiFdb/DA9u29x7L/v8pVtfi/AjjZpdeRiN3g8r5azQf
sn8ewVB0Xq9T5gwkK5L/Z64OV+QTuyJ8yWLTnlAFXAR6T+c8QCj9nDWdy8wAM7mm
IWYCgBuJZNEyNoucXEMNC6o8Mq22p26S0QxV8q8igtTgFEvlTif+yOCh3QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFBVNjRSHefdukwTuR+2E5pP3r4QYMB8GA1UdIwQY
MBaAFPFcua/IqGcOHxFsvSFJnJ9xIVvAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFZ5NXI4aW9adzRmRVd5OUlVbWNuM0VoVzhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi85NzdkNzAtNmM4Ny00MDlkLThlZjgt
MDI3YTc0M2JhNDYyLzEvRlUyTkZJZDU5MjZUQk81SDdZVG1rX2V2aEJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi85NzdkNzAtNmM4Ny00MDlkLThlZjgtMDI3YTc0M2JhNDYy
LzEvOFZ5NXI4aW9adzRmRVd5OUlVbWNuM0VoVzhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqALcD
//EDBwAqALcD//IwDQYJKoZIhvcNAQELBQADggEBAHzIsQfa7fgWlNb/Rmw28Ntd
/qC7cuG4q7DjXCpfZzE4rb0DHtpeWxCz7s06OexeMthx8kJh5HgnYAxoQyi7W1Vo
9LuRmp0246pJfts4SAVz+T1QyqLO2VY5cwf4/1v/+E1WV64aJOGPXnKXs9i4lLI5
UcBExXB3+c1s64cC6CjXhQr6bs6IMoeY/BkxUG2yv2zEYMjswN5RdALavOP4K/Tg
TPPPT5Qcdw5F8dz7JCzv7sockHJj5lFknCf/is/aYGCfknhZu3TBsqWDaGSCzuGv
fAspu0hVs4GzuMUBwTx2Gu0K0HlKBe2fqG0gA/B/IBYCilrYLqBNUPYKTAucfDA=
-----END CERTIFICATE-----