Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/FlDUNZ1qnGKREhk89h8YSPAQTus.roa
File:                     FlDUNZ1qnGKREhk89h8YSPAQTus.roa (raw, json)
Hash identifier:          jbtXcErS2rVjeALO73x+Lb0j4KOK58vFvwOBZ/owzwM=
Subject key identifier:   16:50:D4:35:9D:6A:9C:62:91:12:19:3C:F6:1F:18:48:F0:10:4E:EB
Certificate issuer:       /CN=6b84f4a296bce14d6deed25116aa70b60bcce4a4
Certificate serial:       01933ED55B7FD66759E65DEABC1B4E7DBBE9
Authority key identifier: 6B:84:F4:A2:96:BC:E1:4D:6D:EE:D2:51:16:AA:70:B6:0B:CC:E4:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a4T0opa84U1t7tJRFqpwtgvM5KQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/FlDUNZ1qnGKREhk89h8YSPAQTus.roa
Signing time:             Mon 18 Nov 2024 10:33:10 +0000
ROA not before:           Mon 18 Nov 2024 10:33:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50597
IP address blocks:        185.180.60.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/a4T0opa84U1t7tJRFqpwtgvM5KQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/a4T0opa84U1t7tJRFqpwtgvM5KQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a4T0opa84U1t7tJRFqpwtgvM5KQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:3e:d5:5b:7f:d6:67:59:e6:5d:ea:bc:1b:4e:7d:bb:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b84f4a296bce14d6deed25116aa70b60bcce4a4
        Validity
            Not Before: Nov 18 10:33:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1650d4359d6a9c629112193cf61f1848f0104eeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:9a:62:c1:33:45:b6:73:7d:88:5f:41:fb:a9:
                    a3:3e:67:62:61:ee:56:91:cf:63:3e:2f:9d:a2:ab:
                    2c:80:ad:d6:08:58:86:06:41:5d:2b:fa:e4:18:6b:
                    a0:62:dd:c5:e8:d5:08:b2:69:70:44:58:86:43:ba:
                    5e:26:4a:16:f9:17:30:c5:cf:98:b7:59:20:16:a3:
                    2c:ef:3e:ea:61:29:2e:fc:8d:f2:0e:23:5b:76:19:
                    21:7f:8a:ed:82:18:29:52:96:ae:05:24:fb:56:6c:
                    68:9e:a2:ba:bd:27:88:45:9c:a9:51:0e:00:d0:0e:
                    f0:53:48:e1:d1:d3:d2:ec:d5:ec:33:22:04:56:3b:
                    dd:11:48:3f:30:fc:c7:e6:fd:62:a1:a7:74:89:a0:
                    44:c1:1b:a7:dd:b4:df:0d:cf:4e:d6:66:e4:39:21:
                    a2:1b:b6:9a:1b:6c:74:a0:2c:c7:02:2f:5e:29:58:
                    3f:17:4f:fa:c3:6e:76:81:e4:bf:8f:8e:9e:e8:81:
                    76:68:19:25:55:59:ab:0b:28:b8:eb:b9:cc:90:a2:
                    0c:a6:28:44:b9:4d:07:ec:46:e9:ec:81:3f:8d:b9:
                    b5:9f:f0:3f:f7:d6:c6:03:81:3d:75:3f:1e:48:a3:
                    8a:b4:51:9f:7a:69:2d:f6:8b:33:e0:78:5a:c5:ff:
                    86:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:50:D4:35:9D:6A:9C:62:91:12:19:3C:F6:1F:18:48:F0:10:4E:EB
            X509v3 Authority Key Identifier:
                keyid:6B:84:F4:A2:96:BC:E1:4D:6D:EE:D2:51:16:AA:70:B6:0B:CC:E4:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4T0opa84U1t7tJRFqpwtgvM5KQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/FlDUNZ1qnGKREhk89h8YSPAQTus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/a4T0opa84U1t7tJRFqpwtgvM5KQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:16:4d:75:43:ec:61:0b:c3:99:01:14:7c:c9:87:f1:7e:e4:
         7d:0a:0a:92:dd:e0:01:11:2e:63:60:a9:7f:c7:51:58:94:3f:
         26:fa:a9:83:b6:b4:92:ff:f0:94:1e:66:d4:84:68:50:69:9f:
         6a:c8:6e:b5:80:eb:44:ef:55:ed:4f:c7:95:b7:09:bd:49:f0:
         0c:80:1f:29:69:99:32:4c:14:11:e1:79:4b:51:6c:47:38:e0:
         82:24:3d:80:af:39:85:f3:3f:43:02:d1:cf:5a:0b:3c:10:13:
         bb:51:b2:be:f4:6f:7a:80:d7:57:63:c6:d4:03:ba:3f:82:96:
         3d:e5:7f:2b:2f:a9:64:6f:e0:b8:b4:8e:43:e8:c2:eb:de:fd:
         f7:0c:4e:ab:9c:b2:bb:fb:bc:e0:d6:d5:23:bd:59:c9:c7:a3:
         22:1c:7a:19:73:25:83:ed:bf:9f:89:3e:31:3b:90:c3:ae:14:
         29:7f:b0:37:16:20:f9:26:a0:d0:4e:3f:6e:3c:3f:e4:98:f9:
         c2:60:5b:b4:4d:a4:3f:4f:66:85:90:95:cd:2f:00:98:ac:2b:
         cb:7a:9c:56:9a:0b:a1:99:f6:6e:d3:1e:6b:f5:61:cf:07:16:
         e8:50:a7:81:87:d5:d7:24:b0:0c:f1:56:71:90:7d:36:e0:d4:
         6c:ec:69:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZM+1Vt/1mdZ5l3qvBtOfbvpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiODRmNGEyOTZiY2UxNGQ2ZGVlZDI1MTE2YWE3MGI2MGJj
Y2U0YTQwHhcNMjQxMTE4MTAzMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjUwZDQzNTlkNmE5YzYyOTExMjE5M2NmNjFmMTg0OGYwMTA0ZWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJpiwTNFtnN9iF9B+6mjPmdiYe5W
kc9jPi+doqssgK3WCFiGBkFdK/rkGGugYt3F6NUIsmlwRFiGQ7peJkoW+Rcwxc+Y
t1kgFqMs7z7qYSku/I3yDiNbdhkhf4rtghgpUpauBST7VmxonqK6vSeIRZypUQ4A
0A7wU0jh0dPS7NXsMyIEVjvdEUg/MPzH5v1ioad0iaBEwRun3bTfDc9O1mbkOSGi
G7aaG2x0oCzHAi9eKVg/F0/6w252geS/j46e6IF2aBklVVmrCyi467nMkKIMpihE
uU0H7Ebp7IE/jbm1n/A/99bGA4E9dT8eSKOKtFGfemkt9osz4Hhaxf+GOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZQ1DWdapxikRIZPPYfGEjwEE7rMB8GA1UdIwQY
MBaAFGuE9KKWvOFNbe7SURaqcLYLzOSkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTRUMG9wYTg0VTF0N3RKUkZxcHd0Z3ZNNUtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC84NDRmZDktZmVmMS00NGQ5LWE2Yzkt
MTRmYWIwMjQ0OTQ4LzEvRmxEVU5aMXFuR0tSRWhrODloOFlTUEFRVHVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC84NDRmZDktZmVmMS00NGQ5LWE2YzktMTRmYWIwMjQ0OTQ4
LzEvYTRUMG9wYTg0VTF0N3RKUkZxcHd0Z3ZNNUtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubQ8MA0G
CSqGSIb3DQEBCwUAA4IBAQB7Fk11Q+xhC8OZARR8yYfxfuR9CgqS3eABES5jYKl/
x1FYlD8m+qmDtrSS//CUHmbUhGhQaZ9qyG61gOtE71XtT8eVtwm9SfAMgB8paZky
TBQR4XlLUWxHOOCCJD2ArzmF8z9DAtHPWgs8EBO7UbK+9G96gNdXY8bUA7o/gpY9
5X8rL6lkb+C4tI5D6MLr3v33DE6rnLK7+7zg1tUjvVnJx6MiHHoZcyWD7b+fiT4x
O5DDrhQpf7A3FiD5JqDQTj9uPD/kmPnCYFu0TaQ/T2aFkJXNLwCYrCvLepxWmguh
mfZu0x5r9WHPBxboUKeBh9XXJLAM8VZxkH024NRs7GmB
-----END CERTIFICATE-----