Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/5e4f7a-0a1c-4f07-b2da-673de700f112/1/FUhjZPGoL6CtMuucf-Ta_yQE1CI.roa
File:                     FUhjZPGoL6CtMuucf-Ta_yQE1CI.roa (raw, json)
Hash identifier:          dCcjppMdb5Pzpw37G/jwO4MaQjiK1DyLni6Weqi69eE=
Subject key identifier:   15:48:63:64:F1:A8:2F:A0:AD:32:EB:9C:7F:E4:DA:FF:24:04:D4:22
Certificate issuer:       /CN=58ce32a57bd4169e5bddb498aa5507ef834e4772
Certificate serial:       018CC94CD7835924B963A0FBB6046C576ED7
Authority key identifier: 58:CE:32:A5:7B:D4:16:9E:5B:DD:B4:98:AA:55:07:EF:83:4E:47:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WM4ypXvUFp5b3bSYqlUH74NOR3I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/5e4f7a-0a1c-4f07-b2da-673de700f112/1/FUhjZPGoL6CtMuucf-Ta_yQE1CI.roa
Signing time:             Tue 02 Jan 2024 08:31:45 +0000
ROA not before:           Tue 02 Jan 2024 08:31:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22773
IP address blocks:        195.64.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/5e4f7a-0a1c-4f07-b2da-673de700f112/1/WM4ypXvUFp5b3bSYqlUH74NOR3I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/5e4f7a-0a1c-4f07-b2da-673de700f112/1/WM4ypXvUFp5b3bSYqlUH74NOR3I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WM4ypXvUFp5b3bSYqlUH74NOR3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:d7:83:59:24:b9:63:a0:fb:b6:04:6c:57:6e:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ce32a57bd4169e5bddb498aa5507ef834e4772
        Validity
            Not Before: Jan  2 08:31:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15486364f1a82fa0ad32eb9c7fe4daff2404d422
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:06:23:2a:f2:65:5b:87:60:b3:3f:a9:f7:b3:
                    9c:b1:b5:77:7b:99:12:c0:d9:03:1f:3f:9f:ef:b1:
                    30:a1:23:91:71:dc:6a:0e:18:1c:c4:8e:72:2f:35:
                    0b:75:80:51:31:23:89:89:44:f0:a6:73:fa:8a:81:
                    95:40:f9:6a:46:0a:86:65:2c:22:30:a0:da:45:a4:
                    19:2d:a7:05:4c:e6:08:da:c6:ef:13:b9:1b:d4:77:
                    8d:e7:8b:58:45:20:d8:b7:16:ae:3a:8d:18:48:b8:
                    a4:0b:b2:5c:33:60:34:c3:d0:1e:6f:83:03:eb:60:
                    80:27:ea:09:97:e9:45:20:2b:2c:22:13:e4:bc:f8:
                    3e:9b:72:e9:65:ab:c1:44:99:7e:6c:f5:79:30:68:
                    51:bc:67:1e:40:30:9d:b0:76:6c:70:2e:26:da:55:
                    ba:95:bd:94:04:f0:e4:7d:15:f5:24:bd:3e:c4:57:
                    e4:8f:d9:c1:71:bc:99:ee:67:e4:51:2b:9d:49:93:
                    2a:a8:78:d6:88:6e:ff:c8:c4:0f:9e:69:f4:cb:1f:
                    ec:cd:9a:e7:f4:f3:da:8e:f5:72:23:94:c3:c5:65:
                    c6:b0:40:5e:4f:0f:48:90:8a:95:ea:95:83:01:e5:
                    1d:39:c9:eb:aa:8e:c8:33:8d:78:78:98:d6:8b:32:
                    49:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:48:63:64:F1:A8:2F:A0:AD:32:EB:9C:7F:E4:DA:FF:24:04:D4:22
            X509v3 Authority Key Identifier:
                keyid:58:CE:32:A5:7B:D4:16:9E:5B:DD:B4:98:AA:55:07:EF:83:4E:47:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WM4ypXvUFp5b3bSYqlUH74NOR3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/5e4f7a-0a1c-4f07-b2da-673de700f112/1/FUhjZPGoL6CtMuucf-Ta_yQE1CI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/5e4f7a-0a1c-4f07-b2da-673de700f112/1/WM4ypXvUFp5b3bSYqlUH74NOR3I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:08:49:70:1b:88:d8:39:c7:37:99:29:6a:81:eb:27:69:33:
         f8:10:a6:04:cb:d3:ba:34:fb:20:1d:e3:14:05:13:26:1f:8c:
         ce:8a:eb:1c:0f:52:50:96:9f:c7:6b:d0:47:d8:8c:fe:c9:50:
         a9:7a:b5:d6:ad:8a:a8:c3:1b:d2:36:eb:59:95:a0:05:0f:ff:
         33:e9:59:89:6f:22:52:5c:6a:c9:27:ca:8f:03:b6:0a:3c:58:
         59:e6:af:ed:1b:30:9c:f5:30:da:3e:50:57:6b:d2:2a:48:af:
         66:fd:60:92:9f:f7:26:40:40:c7:05:84:39:ca:c7:ce:20:5f:
         77:c6:b4:c3:ab:b4:14:66:f9:77:89:d5:2e:7d:eb:17:1f:14:
         ab:8f:6f:f2:45:c2:a6:4c:08:b4:1f:7e:6d:f7:91:03:9c:35:
         ba:7f:88:f4:2b:c7:f0:c7:71:62:81:a0:bc:dc:ff:d9:bb:78:
         4f:f3:91:7f:30:db:06:16:86:45:89:fa:5e:6b:3f:9b:44:2a:
         2a:4f:96:b1:d2:aa:b2:78:11:28:95:93:80:48:30:bb:9e:d4:
         4c:58:c8:93:72:db:41:47:92:c2:31:5b:1b:09:94:4c:7b:54:
         ec:bc:99:d3:01:04:c3:31:77:86:c7:e2:a8:e6:6f:4d:6d:27:
         6a:bd:23:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTNeDWSS5Y6D7tgRsV27XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4Y2UzMmE1N2JkNDE2OWU1YmRkYjQ5OGFhNTUwN2VmODM0
ZTQ3NzIwHhcNMjQwMTAyMDgzMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTQ4NjM2NGYxYTgyZmEwYWQzMmViOWM3ZmU0ZGFmZjI0MDRkNDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggYjKvJlW4dgsz+p97OcsbV3e5kS
wNkDHz+f77EwoSORcdxqDhgcxI5yLzULdYBRMSOJiUTwpnP6ioGVQPlqRgqGZSwi
MKDaRaQZLacFTOYI2sbvE7kb1HeN54tYRSDYtxauOo0YSLikC7JcM2A0w9Aeb4MD
62CAJ+oJl+lFICssIhPkvPg+m3LpZavBRJl+bPV5MGhRvGceQDCdsHZscC4m2lW6
lb2UBPDkfRX1JL0+xFfkj9nBcbyZ7mfkUSudSZMqqHjWiG7/yMQPnmn0yx/szZrn
9PPajvVyI5TDxWXGsEBeTw9IkIqV6pWDAeUdOcnrqo7IM414eJjWizJJtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBVIY2TxqC+grTLrnH/k2v8kBNQiMB8GA1UdIwQY
MBaAFFjOMqV71BaeW920mKpVB++DTkdyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV000eXBYdlVGcDViM2JTWXFsVUg3NE5PUjNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi81ZTRmN2EtMGExYy00ZjA3LWIyZGEt
NjczZGU3MDBmMTEyLzEvRlVoalpQR29MNkN0TXV1Y2YtVGFfeVFFMUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi81ZTRmN2EtMGExYy00ZjA3LWIyZGEtNjczZGU3MDBmMTEy
LzEvV000eXBYdlVGcDViM2JTWXFsVUg3NE5PUjNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0B3MA0G
CSqGSIb3DQEBCwUAA4IBAQBmCElwG4jYOcc3mSlqgesnaTP4EKYEy9O6NPsgHeMU
BRMmH4zOiuscD1JQlp/Ha9BH2Iz+yVCperXWrYqowxvSNutZlaAFD/8z6VmJbyJS
XGrJJ8qPA7YKPFhZ5q/tGzCc9TDaPlBXa9IqSK9m/WCSn/cmQEDHBYQ5ysfOIF93
xrTDq7QUZvl3idUufesXHxSrj2/yRcKmTAi0H35t95EDnDW6f4j0K8fwx3FigaC8
3P/Zu3hP85F/MNsGFoZFifpeaz+bRCoqT5ax0qqyeBEolZOASDC7ntRMWMiTcttB
R5LCMVsbCZRMe1TsvJnTAQTDMXeGx+Ko5m9NbSdqvSOH
-----END CERTIFICATE-----