Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/2e873f-f9d3-4d79-9a67-29b3e111dcec/1/FjvRs3_oysH3EcVaonW5WYcS-Nc.roa
File:                     FjvRs3_oysH3EcVaonW5WYcS-Nc.roa (raw, json)
Hash identifier:          uwkP+iUbHRPDbHrqVrzpJFBUot3hBkHgvQtvZUmQUrs=
Subject key identifier:   16:3B:D1:B3:7F:E8:CA:C1:F7:11:C5:5A:A2:75:B9:59:87:12:F8:D7
Certificate issuer:       /CN=00cb6701ff829394db69ce67c30ad8735f126018
Certificate serial:       0192B8501126C7F9C6F52F3F97E49FF62163
Authority key identifier: 00:CB:67:01:FF:82:93:94:DB:69:CE:67:C3:0A:D8:73:5F:12:60:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AMtnAf-Ck5Tbac5nwwrYc18SYBg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/2e873f-f9d3-4d79-9a67-29b3e111dcec/1/FjvRs3_oysH3EcVaonW5WYcS-Nc.roa
Signing time:             Wed 23 Oct 2024 07:38:27 +0000
ROA not before:           Wed 23 Oct 2024 07:38:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2116
IP address blocks:        193.22.94.0/24 maxlen: 24
                          194.0.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/2e873f-f9d3-4d79-9a67-29b3e111dcec/1/AMtnAf-Ck5Tbac5nwwrYc18SYBg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/2e873f-f9d3-4d79-9a67-29b3e111dcec/1/AMtnAf-Ck5Tbac5nwwrYc18SYBg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AMtnAf-Ck5Tbac5nwwrYc18SYBg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b8:50:11:26:c7:f9:c6:f5:2f:3f:97:e4:9f:f6:21:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00cb6701ff829394db69ce67c30ad8735f126018
        Validity
            Not Before: Oct 23 07:38:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=163bd1b37fe8cac1f711c55aa275b9598712f8d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:df:e9:05:f1:df:59:56:18:22:3a:4f:e0:21:
                    84:34:1e:60:e7:6a:3f:e0:93:ca:bd:2a:fa:ba:63:
                    56:ae:af:c6:0a:28:8a:bd:93:c0:33:8d:e2:d8:6e:
                    7c:f1:1a:a6:bf:0b:1f:ce:0d:37:01:13:0e:e7:d0:
                    f1:62:eb:df:dc:36:6c:12:db:78:d3:6d:2d:af:e3:
                    c2:35:9b:50:ba:e4:91:54:af:e9:52:58:3e:5e:8b:
                    78:60:17:29:25:f1:c2:df:c2:4e:34:cf:b1:a3:6f:
                    7f:3c:1d:bb:cf:21:41:b8:14:b9:e5:7d:73:e3:bd:
                    d5:ed:3b:ab:e0:8d:77:42:d5:98:38:1e:fe:c2:02:
                    04:0b:31:8c:c3:22:3f:29:b3:61:bb:09:a6:f7:50:
                    2b:40:88:a0:6c:46:c3:0d:ec:97:8b:6d:a4:2a:1b:
                    dd:74:38:71:92:f1:64:39:03:01:8c:6c:0a:e6:42:
                    e5:4c:77:f1:3c:63:df:83:ed:7d:ca:c7:db:3a:57:
                    c0:eb:b7:e6:04:0f:a3:4a:e6:fc:ef:a4:14:3b:ad:
                    a5:b6:eb:b4:be:0f:ae:b8:7f:5b:aa:2f:c9:d0:ca:
                    c0:54:d7:60:2b:d5:b1:76:36:7d:09:30:55:a1:9e:
                    37:1a:da:4f:10:fa:03:7d:b5:3f:7f:8b:a2:d6:1b:
                    d0:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:3B:D1:B3:7F:E8:CA:C1:F7:11:C5:5A:A2:75:B9:59:87:12:F8:D7
            X509v3 Authority Key Identifier:
                keyid:00:CB:67:01:FF:82:93:94:DB:69:CE:67:C3:0A:D8:73:5F:12:60:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AMtnAf-Ck5Tbac5nwwrYc18SYBg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/2e873f-f9d3-4d79-9a67-29b3e111dcec/1/FjvRs3_oysH3EcVaonW5WYcS-Nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/2e873f-f9d3-4d79-9a67-29b3e111dcec/1/AMtnAf-Ck5Tbac5nwwrYc18SYBg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.94.0/24
                  194.0.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:29:3f:cf:44:ce:6c:c2:88:b2:3b:62:41:34:90:da:68:c6:
         c3:50:28:65:27:40:a7:66:22:06:9c:30:9f:4a:c1:c7:e9:ee:
         5e:e3:eb:df:f7:be:b2:f8:5e:fb:eb:ef:29:d3:51:2c:75:92:
         f7:83:6d:f1:eb:3d:c0:1f:94:42:9d:4d:06:7d:4c:0c:20:a0:
         55:b9:26:ae:6d:41:6a:52:17:fd:e9:83:a9:83:50:87:be:f0:
         91:6b:01:a1:91:06:3b:19:83:d7:80:d1:f8:84:06:70:05:39:
         3d:39:e3:25:61:68:9c:b9:9f:a6:2b:e0:40:ad:bc:15:6c:85:
         55:67:f4:90:ed:c3:7d:23:78:d2:3e:57:ea:23:bc:12:9d:4b:
         d8:1a:79:50:bf:e0:33:21:df:32:97:6c:9f:5c:13:03:01:15:
         fa:b1:96:61:0b:3c:d2:52:55:aa:09:8f:16:52:cd:3a:c3:65:
         2e:f7:2a:44:b1:0c:01:c9:15:38:fc:bd:c3:5a:51:d4:e6:16:
         48:34:05:6c:f5:99:5b:23:3b:a3:68:ca:f5:d7:2b:c1:cf:8c:
         9f:4c:37:90:a8:c5:a6:da:97:cf:20:0b:f8:2d:6c:16:88:cb:
         cc:dc:12:9d:57:86:40:4b:86:f8:d1:76:28:ba:2c:22:08:ba:
         1e:c6:60:6d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZK4UBEmx/nG9S8/l+Sf9iFjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwY2I2NzAxZmY4MjkzOTRkYjY5Y2U2N2MzMGFkODczNWYx
MjYwMTgwHhcNMjQxMDIzMDczODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjNiZDFiMzdmZThjYWMxZjcxMWM1NWFhMjc1Yjk1OTg3MTJmOGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjN/pBfHfWVYYIjpP4CGENB5g52o/
4JPKvSr6umNWrq/GCiiKvZPAM43i2G588Rqmvwsfzg03ARMO59DxYuvf3DZsEtt4
020tr+PCNZtQuuSRVK/pUlg+Xot4YBcpJfHC38JONM+xo29/PB27zyFBuBS55X1z
473V7Tur4I13QtWYOB7+wgIECzGMwyI/KbNhuwmm91ArQIigbEbDDeyXi22kKhvd
dDhxkvFkOQMBjGwK5kLlTHfxPGPfg+19ysfbOlfA67fmBA+jSub876QUO62ltuu0
vg+uuH9bqi/J0MrAVNdgK9WxdjZ9CTBVoZ43GtpPEPoDfbU/f4ui1hvQmQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBY70bN/6MrB9xHFWqJ1uVmHEvjXMB8GA1UdIwQY
MBaAFADLZwH/gpOU22nOZ8MK2HNfEmAYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQU10bkFmLUNrNVRiYWM1bnd3clljMThTWUJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8yZTg3M2YtZjlkMy00ZDc5LTlhNjct
MjliM2UxMTFkY2VjLzEvRmp2UnMzX295c0gzRWNWYW9uVzVXWWNTLU5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8yZTg3M2YtZjlkMy00ZDc5LTlhNjctMjliM2UxMTFkY2Vj
LzEvQU10bkFmLUNrNVRiYWM1bnd3clljMThTWUJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRZeAwQA
wgDAMA0GCSqGSIb3DQEBCwUAA4IBAQB7KT/PRM5swoiyO2JBNJDaaMbDUChlJ0Cn
ZiIGnDCfSsHH6e5e4+vf976y+F776+8p01EsdZL3g23x6z3AH5RCnU0GfUwMIKBV
uSaubUFqUhf96YOpg1CHvvCRawGhkQY7GYPXgNH4hAZwBTk9OeMlYWicuZ+mK+BA
rbwVbIVVZ/SQ7cN9I3jSPlfqI7wSnUvYGnlQv+AzId8yl2yfXBMDARX6sZZhCzzS
UlWqCY8WUs06w2Uu9ypEsQwByRU4/L3DWlHU5hZINAVs9ZlbIzujaMr11yvBz4yf
TDeQqMWm2pfPIAv4LWwWiMvM3BKdV4ZAS4b40XYouiwiCLoexmBt
-----END CERTIFICATE-----