Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/FkpT8j07j_bbCIRjp7efX6eM4Ug.roa
File:                     FkpT8j07j_bbCIRjp7efX6eM4Ug.roa (raw, json)
Hash identifier:          kRI38l+tZSr3AQ/wKdnr/ZfYYDw1AFt9jC8VhTqv14s=
Subject key identifier:   16:4A:53:F2:3D:3B:8F:F6:DB:08:84:63:A7:B7:9F:5F:A7:8C:E1:48
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B636F70FE9DFF4CC6D5DA76B02D66
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/FkpT8j07j_bbCIRjp7efX6eM4Ug.roa
Signing time:             Tue 02 Jan 2024 12:34:50 +0000
ROA not before:           Tue 02 Jan 2024 12:34:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208069
IP address blocks:        185.119.254.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:63:6f:70:fe:9d:ff:4c:c6:d5:da:76:b0:2d:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=164a53f23d3b8ff6db088463a7b79f5fa78ce148
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:d1:54:93:5f:07:50:c9:e3:cf:69:36:f3:fe:
                    71:a9:f5:46:dc:fb:ee:e3:18:7f:3d:87:51:a0:1a:
                    14:55:fa:28:6f:b8:18:cb:cc:94:40:e1:16:3d:7f:
                    8b:6c:c1:0a:4d:25:f6:b2:41:81:b1:cc:77:e0:80:
                    35:dc:e1:0e:77:37:20:9b:97:ca:3c:e6:8c:69:28:
                    97:58:6c:62:9c:32:fc:87:f7:e0:04:be:f2:a6:9c:
                    b3:c3:1a:8a:6c:14:b2:c7:31:01:f7:4e:14:b3:2a:
                    b1:24:50:f4:8b:41:a3:49:66:96:cb:63:47:0e:a7:
                    a4:19:a3:52:7b:57:a6:2b:6f:7b:01:23:47:28:d1:
                    a4:83:cb:4e:39:80:28:e8:cd:93:56:e5:e8:ae:2a:
                    c4:70:e4:98:42:18:22:75:10:b6:4c:44:fa:f5:b0:
                    aa:f4:90:26:1f:91:c9:a3:f7:08:ec:4f:c0:7b:ed:
                    fc:cc:d2:c9:a1:67:4a:d6:2c:89:2b:9f:c8:36:41:
                    19:54:8d:c6:d5:87:20:b1:9a:c4:7d:4e:0c:90:8a:
                    ff:99:d6:cf:43:7f:63:df:a9:aa:a6:e4:c3:67:d9:
                    8f:d6:f4:cf:cc:8b:c5:35:4a:26:fc:a9:15:64:57:
                    0b:f4:bd:8d:dd:9b:e0:a9:1b:67:31:8f:3a:f2:55:
                    95:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:4A:53:F2:3D:3B:8F:F6:DB:08:84:63:A7:B7:9F:5F:A7:8C:E1:48
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/FkpT8j07j_bbCIRjp7efX6eM4Ug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:b6:e7:0e:f4:ec:1a:45:fc:c2:20:6e:e9:b7:b6:00:97:b4:
         b9:ce:56:95:6a:23:61:6c:28:8a:85:c6:bc:0d:02:08:6e:98:
         4c:cc:9e:19:51:20:2f:16:0c:2f:72:56:2d:61:c2:03:36:0d:
         f0:58:4f:98:3b:68:30:b2:4c:db:a1:f6:fc:17:e9:b8:57:f2:
         aa:b5:d1:19:c6:5b:b2:db:03:1b:be:58:b0:79:f6:6a:be:5c:
         2f:43:f3:4f:7a:8f:38:a5:7f:6d:a0:2f:05:f8:bf:6f:0f:f7:
         b0:7b:65:0d:fe:e6:db:69:02:8c:76:8f:76:47:3c:51:67:7a:
         12:d2:44:15:14:94:d2:00:07:8c:ba:b3:af:c2:da:66:1e:8b:
         4f:55:3a:e0:51:fc:70:76:9e:53:dd:8f:cd:3e:5a:6e:0c:b1:
         cc:c4:1f:dd:3c:fd:f2:75:5c:27:a6:86:1a:3c:f6:d7:82:c9:
         9e:e3:d3:c1:c5:91:bb:7b:a7:5e:5b:49:38:54:7d:46:10:e3:
         6a:ed:fd:bf:3f:84:30:ea:d2:97:b9:a2:ef:df:21:b1:0c:0d:
         f3:b6:e6:7e:b1:52:43:06:e4:69:fb:05:c9:2d:14:b7:cd:3b:
         77:c0:45:6d:bb:58:cc:e1:3d:1a:6b:c7:0f:65:44:bd:a8:e9:
         5a:8b:5d:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK2NvcP6d/0zG1dp2sC1mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjRhNTNmMjNkM2I4ZmY2ZGIwODg0NjNhN2I3OWY1ZmE3OGNlMTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0dFUk18HUMnjz2k28/5xqfVG3Pvu
4xh/PYdRoBoUVfoob7gYy8yUQOEWPX+LbMEKTSX2skGBscx34IA13OEOdzcgm5fK
POaMaSiXWGxinDL8h/fgBL7yppyzwxqKbBSyxzEB904UsyqxJFD0i0GjSWaWy2NH
DqekGaNSe1emK297ASNHKNGkg8tOOYAo6M2TVuXorirEcOSYQhgidRC2TET69bCq
9JAmH5HJo/cI7E/Ae+38zNLJoWdK1iyJK5/INkEZVI3G1YcgsZrEfU4MkIr/mdbP
Q39j36mqpuTDZ9mP1vTPzIvFNUom/KkVZFcL9L2N3ZvgqRtnMY868lWVlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZKU/I9O4/22wiEY6e3n1+njOFIMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvRmtwVDhqMDdqX2JiQ0lSanA3ZWZYNmVNNFVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXf+MA0G
CSqGSIb3DQEBCwUAA4IBAQCttucO9OwaRfzCIG7pt7YAl7S5zlaVaiNhbCiKhca8
DQIIbphMzJ4ZUSAvFgwvclYtYcIDNg3wWE+YO2gwskzbofb8F+m4V/KqtdEZxluy
2wMbvliwefZqvlwvQ/NPeo84pX9toC8F+L9vD/ewe2UN/ubbaQKMdo92RzxRZ3oS
0kQVFJTSAAeMurOvwtpmHotPVTrgUfxwdp5T3Y/NPlpuDLHMxB/dPP3ydVwnpoYa
PPbXgsme49PBxZG7e6deW0k4VH1GEONq7f2/P4Qw6tKXuaLv3yGxDA3ztuZ+sVJD
BuRp+wXJLRS3zTt3wEVtu1jM4T0aa8cPZUS9qOlai12x
-----END CERTIFICATE-----