Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/a12b0a-d48d-4d3b-bc47-0557bd7217f1/1/FB_5MpA4gHGv9NWT7zNoEDUoG-Q.roa
File:                     FB_5MpA4gHGv9NWT7zNoEDUoG-Q.roa (raw, json)
Hash identifier:          V3EagofFCJAphsuo5QVoHBlHZhsvvMgMoJ4+gWo7UmU=
Subject key identifier:   14:1F:F9:32:90:38:80:71:AF:F4:D5:93:EF:33:68:10:35:28:1B:E4
Certificate issuer:       /CN=91aafcadb6c52984e35589eb7758f050aacefc76
Certificate serial:       018CC649EB038CFBCA3AE1561B249D1CF977
Authority key identifier: 91:AA:FC:AD:B6:C5:29:84:E3:55:89:EB:77:58:F0:50:AA:CE:FC:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kar8rbbFKYTjVYnrd1jwUKrO_HY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/a12b0a-d48d-4d3b-bc47-0557bd7217f1/1/FB_5MpA4gHGv9NWT7zNoEDUoG-Q.roa
Signing time:             Mon 01 Jan 2024 18:29:42 +0000
ROA not before:           Mon 01 Jan 2024 18:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51561
IP address blocks:        46.226.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/a12b0a-d48d-4d3b-bc47-0557bd7217f1/1/kar8rbbFKYTjVYnrd1jwUKrO_HY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/a12b0a-d48d-4d3b-bc47-0557bd7217f1/1/kar8rbbFKYTjVYnrd1jwUKrO_HY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kar8rbbFKYTjVYnrd1jwUKrO_HY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:eb:03:8c:fb:ca:3a:e1:56:1b:24:9d:1c:f9:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91aafcadb6c52984e35589eb7758f050aacefc76
        Validity
            Not Before: Jan  1 18:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=141ff93290388071aff4d593ef33681035281be4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:7f:b4:4c:c2:a3:ba:91:01:3e:c9:83:9d:f1:
                    9c:78:2f:cb:03:90:ea:96:90:5c:1c:00:76:9a:07:
                    6a:f1:78:87:69:89:80:a2:63:63:aa:e4:d0:d3:59:
                    78:79:a0:12:bf:32:ac:ab:e4:93:84:e5:85:84:10:
                    f8:94:33:28:11:fd:45:95:a2:3f:ed:42:5d:68:1c:
                    5a:25:0f:92:53:6c:47:86:0b:07:6a:ad:13:ce:ac:
                    45:63:b0:d7:35:37:1a:e2:69:d0:fc:0b:16:0c:0e:
                    a5:11:11:6e:a9:81:1e:98:eb:e0:ab:38:5c:0f:62:
                    c7:f9:20:bf:95:74:49:18:aa:00:41:d3:7a:06:a6:
                    be:99:66:21:4f:f1:59:9d:6d:ca:e7:8a:e1:74:29:
                    80:35:f3:44:8d:f1:cd:c5:cf:d7:ef:dc:d0:d5:25:
                    7e:74:09:09:db:21:aa:21:a9:b8:9f:9d:d9:52:e7:
                    e1:58:19:c5:73:91:b0:c5:0c:17:0e:22:18:45:83:
                    91:e1:8d:c0:d9:09:0f:34:81:eb:5c:90:bf:4e:70:
                    10:62:1d:41:e4:63:86:14:0d:7b:d0:fc:6f:20:f1:
                    d5:bc:59:03:9a:50:06:92:a6:e4:6a:aa:97:2d:74:
                    3a:a4:5c:fa:33:18:27:29:f3:14:16:b6:9f:58:94:
                    7a:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:1F:F9:32:90:38:80:71:AF:F4:D5:93:EF:33:68:10:35:28:1B:E4
            X509v3 Authority Key Identifier:
                keyid:91:AA:FC:AD:B6:C5:29:84:E3:55:89:EB:77:58:F0:50:AA:CE:FC:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kar8rbbFKYTjVYnrd1jwUKrO_HY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/a12b0a-d48d-4d3b-bc47-0557bd7217f1/1/FB_5MpA4gHGv9NWT7zNoEDUoG-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/a12b0a-d48d-4d3b-bc47-0557bd7217f1/1/kar8rbbFKYTjVYnrd1jwUKrO_HY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.226.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:5b:1c:57:e7:41:29:35:a6:30:27:a4:36:58:f3:62:23:02:
         d9:62:e9:6b:5d:18:34:69:4c:a8:ef:cf:fd:61:4d:3d:15:0f:
         d7:31:33:fc:c0:4e:04:f9:a1:0b:fd:15:56:71:6d:68:ba:8e:
         cc:61:fa:54:9d:7c:7f:21:78:36:6f:17:08:14:c8:39:7d:8b:
         1c:6f:8d:7a:32:39:9d:38:7f:eb:3e:61:1e:fb:a9:d2:b3:c0:
         e7:7b:5b:fb:82:b7:96:90:66:2c:16:74:d5:8d:29:46:70:aa:
         ab:8b:3e:09:bf:ca:5b:e5:b2:81:db:63:c3:ac:9b:fa:9d:d2:
         c5:14:16:30:15:fc:fe:40:90:9d:8b:1c:f8:0c:f2:58:b9:75:
         91:18:ac:3d:d9:b6:64:68:98:7d:bc:9c:43:f0:d7:ce:1f:c3:
         db:d0:1f:5d:55:a8:45:20:8a:ff:cd:e8:55:57:6a:d9:a0:49:
         ac:e9:9a:71:61:1e:e9:a3:80:21:23:7a:24:6b:57:95:fb:99:
         b2:0b:b2:9a:fb:af:20:39:34:7f:e7:f7:de:54:a3:75:1c:5d:
         67:23:9b:b6:55:ed:39:dc:2e:b2:18:97:c4:69:e7:64:1a:ab:
         cc:ad:8d:8e:1b:64:88:03:b0:85:69:b6:9d:fc:24:c9:4e:b7:
         d3:5a:9f:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSesDjPvKOuFWGySdHPl3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxYWFmY2FkYjZjNTI5ODRlMzU1ODllYjc3NThmMDUwYWFj
ZWZjNzYwHhcNMjQwMTAxMTgyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDFmZjkzMjkwMzg4MDcxYWZmNGQ1OTNlZjMzNjgxMDM1MjgxYmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAln+0TMKjupEBPsmDnfGceC/LA5Dq
lpBcHAB2mgdq8XiHaYmAomNjquTQ01l4eaASvzKsq+SThOWFhBD4lDMoEf1FlaI/
7UJdaBxaJQ+SU2xHhgsHaq0TzqxFY7DXNTca4mnQ/AsWDA6lERFuqYEemOvgqzhc
D2LH+SC/lXRJGKoAQdN6Bqa+mWYhT/FZnW3K54rhdCmANfNEjfHNxc/X79zQ1SV+
dAkJ2yGqIam4n53ZUufhWBnFc5GwxQwXDiIYRYOR4Y3A2QkPNIHrXJC/TnAQYh1B
5GOGFA170PxvIPHVvFkDmlAGkqbkaqqXLXQ6pFz6MxgnKfMUFrafWJR6TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBQf+TKQOIBxr/TVk+8zaBA1KBvkMB8GA1UdIwQY
MBaAFJGq/K22xSmE41WJ63dY8FCqzvx2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2FyOHJiYkZLWVRqVllucmQxandVS3JPX0hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9hMTJiMGEtZDQ4ZC00ZDNiLWJjNDct
MDU1N2JkNzIxN2YxLzEvRkJfNU1wQTRnSEd2OU5XVDd6Tm9FRFVvRy1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9hMTJiMGEtZDQ4ZC00ZDNiLWJjNDctMDU1N2JkNzIxN2Yx
LzEva2FyOHJiYkZLWVRqVllucmQxandVS3JPX0hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuJ4MA0G
CSqGSIb3DQEBCwUAA4IBAQBoWxxX50EpNaYwJ6Q2WPNiIwLZYulrXRg0aUyo78/9
YU09FQ/XMTP8wE4E+aEL/RVWcW1ouo7MYfpUnXx/IXg2bxcIFMg5fYscb416Mjmd
OH/rPmEe+6nSs8Dne1v7greWkGYsFnTVjSlGcKqriz4Jv8pb5bKB22PDrJv6ndLF
FBYwFfz+QJCdixz4DPJYuXWRGKw92bZkaJh9vJxD8NfOH8Pb0B9dVahFIIr/zehV
V2rZoEms6ZpxYR7po4AhI3oka1eV+5myC7Ka+68gOTR/5/feVKN1HF1nI5u2Ve05
3C6yGJfEaedkGqvMrY2OG2SIA7CFabad/CTJTrfTWp8d
-----END CERTIFICATE-----