Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/FGsL__Hdnu2FdQDFH9ATeFhif0Q.roa
File:                     FGsL__Hdnu2FdQDFH9ATeFhif0Q.roa (raw, json)
Hash identifier:          JVqOty6HQJMARdCy4KWAXukarIp01bubF/91RyWCFPo=
Subject key identifier:   14:6B:0B:FF:F1:DD:9E:ED:85:75:00:C5:1F:D0:13:78:58:62:7F:44
Certificate issuer:       /CN=297ae7592ca52491dc166a30fe1477d712bd465d
Certificate serial:       0191FEED473BCA57C5E7674F98F6306D09FA
Authority key identifier: 29:7A:E7:59:2C:A5:24:91:DC:16:6A:30:FE:14:77:D7:12:BD:46:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXrnWSylJJHcFmow_hR31xK9Rl0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/FGsL__Hdnu2FdQDFH9ATeFhif0Q.roa
Signing time:             Tue 17 Sep 2024 07:40:48 +0000
ROA not before:           Tue 17 Sep 2024 07:40:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216234
IP address blocks:        94.159.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/KXrnWSylJJHcFmow_hR31xK9Rl0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/KXrnWSylJJHcFmow_hR31xK9Rl0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXrnWSylJJHcFmow_hR31xK9Rl0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:fe:ed:47:3b:ca:57:c5:e7:67:4f:98:f6:30:6d:09:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297ae7592ca52491dc166a30fe1477d712bd465d
        Validity
            Not Before: Sep 17 07:40:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=146b0bfff1dd9eed857500c51fd0137858627f44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:1a:8f:df:a2:27:df:9f:7f:e7:57:9c:61:06:
                    be:f0:d4:eb:79:9a:ba:11:cc:98:7f:fc:f5:9e:98:
                    37:47:e0:cf:a3:a5:57:41:e5:db:26:a2:4b:7c:75:
                    c8:29:69:c0:87:ab:03:ab:01:7e:b0:6d:e2:00:79:
                    4f:f9:01:31:59:7b:30:d5:39:b6:c1:f0:ac:d2:d7:
                    32:1c:83:69:05:88:66:e0:a0:68:4d:21:40:5f:34:
                    7a:3a:5f:6b:03:08:45:3f:dc:b1:08:3e:a4:eb:83:
                    1f:2d:5a:f4:a1:c7:4a:21:0b:bc:d3:03:88:89:e1:
                    dd:3f:13:0b:96:b9:27:9b:dd:d0:76:9d:1c:64:f4:
                    7e:32:f1:4b:bb:87:ae:c3:66:2c:01:9a:48:90:52:
                    2d:b1:df:2d:3c:77:77:f2:5e:5a:64:af:9f:3c:04:
                    01:c6:a8:43:aa:15:1a:49:9c:98:16:b1:b0:fb:68:
                    9f:a2:93:d1:76:80:2b:b3:d6:2f:5f:f0:f2:30:bf:
                    8f:38:0e:79:4b:78:18:cd:b7:28:6d:2b:02:fc:80:
                    1c:9c:9a:ce:22:40:a9:03:ee:7c:d9:a7:09:75:d1:
                    d1:59:d4:3b:7e:83:f8:d0:59:1b:74:e1:9a:27:db:
                    d3:8a:47:aa:f1:81:e5:96:e0:2d:16:55:ed:13:a4:
                    e2:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:6B:0B:FF:F1:DD:9E:ED:85:75:00:C5:1F:D0:13:78:58:62:7F:44
            X509v3 Authority Key Identifier:
                keyid:29:7A:E7:59:2C:A5:24:91:DC:16:6A:30:FE:14:77:D7:12:BD:46:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXrnWSylJJHcFmow_hR31xK9Rl0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/FGsL__Hdnu2FdQDFH9ATeFhif0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/KXrnWSylJJHcFmow_hR31xK9Rl0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.159.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:e2:3c:18:74:46:34:08:f9:fb:3c:5d:1b:0c:ee:d4:73:6f:
         ba:89:ae:46:f7:08:0c:40:8a:99:ce:10:14:cb:01:f1:58:2f:
         ef:1d:8f:57:2f:44:f8:3e:18:9d:08:77:b8:4b:11:18:92:05:
         a5:12:36:d8:fa:f5:96:5e:e2:cf:e0:3e:73:8f:c8:ea:d4:64:
         b3:3d:fb:2b:9c:93:77:8d:bf:55:9e:ae:5c:f0:09:7d:e0:f6:
         74:6f:4a:97:26:cf:b5:b3:b8:e6:62:a7:8d:02:7e:35:27:78:
         02:99:54:89:dd:83:8e:2d:8b:40:d6:1f:2f:19:11:c2:1c:37:
         88:73:38:e5:fe:1f:6f:7f:fa:35:93:68:12:73:1c:6c:72:f8:
         eb:92:0b:38:ee:68:ea:3e:70:0f:e7:3f:79:bd:45:19:5a:97:
         ba:0f:1f:e5:2c:dc:10:72:c3:a9:5d:a7:f8:97:58:ff:52:3b:
         bd:56:3b:a2:02:59:9e:0f:28:94:f6:32:81:da:27:3a:de:cb:
         2c:7a:b2:84:42:56:62:d1:15:9c:a3:ae:91:f4:86:0e:8d:c9:
         58:2c:42:cf:9b:85:de:96:f4:02:b8:37:2a:d6:24:68:75:22:
         39:51:c2:87:84:3c:c7:9f:0a:18:c2:2b:82:0c:8e:1a:c6:94:
         23:ac:9a:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZH+7Uc7ylfF52dPmPYwbQn6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2FlNzU5MmNhNTI0OTFkYzE2NmEzMGZlMTQ3N2Q3MTJi
ZDQ2NWQwHhcNMjQwOTE3MDc0MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDZiMGJmZmYxZGQ5ZWVkODU3NTAwYzUxZmQwMTM3ODU4NjI3ZjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyBqP36In359/51ecYQa+8NTreZq6
EcyYf/z1npg3R+DPo6VXQeXbJqJLfHXIKWnAh6sDqwF+sG3iAHlP+QExWXsw1Tm2
wfCs0tcyHINpBYhm4KBoTSFAXzR6Ol9rAwhFP9yxCD6k64MfLVr0ocdKIQu80wOI
ieHdPxMLlrknm93Qdp0cZPR+MvFLu4euw2YsAZpIkFItsd8tPHd38l5aZK+fPAQB
xqhDqhUaSZyYFrGw+2ifopPRdoArs9YvX/DyML+POA55S3gYzbcobSsC/IAcnJrO
IkCpA+582acJddHRWdQ7foP40FkbdOGaJ9vTikeq8YHlluAtFlXtE6TikwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRrC//x3Z7thXUAxR/QE3hYYn9EMB8GA1UdIwQY
MBaAFCl651kspSSR3BZqMP4Ud9cSvUZdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1hybldTeWxKSkhjRm1vd19oUjMxeEs5UmwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS80OGUxZTgtMzI4ZC00ZjgyLTkzOTgt
MzkxMGE1OWExMTIxLzEvRkdzTF9fSGRudTJGZFFERkg5QVRlRmhpZjBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS80OGUxZTgtMzI4ZC00ZjgyLTkzOTgtMzkxMGE1OWExMTIx
LzEvS1hybldTeWxKSkhjRm1vd19oUjMxeEs5UmwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXp9xMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ4jwYdEY0CPn7PF0bDO7Uc2+6ia5G9wgMQIqZzhAU
ywHxWC/vHY9XL0T4PhidCHe4SxEYkgWlEjbY+vWWXuLP4D5zj8jq1GSzPfsrnJN3
jb9Vnq5c8Al94PZ0b0qXJs+1s7jmYqeNAn41J3gCmVSJ3YOOLYtA1h8vGRHCHDeI
czjl/h9vf/o1k2gScxxscvjrkgs47mjqPnAP5z95vUUZWpe6Dx/lLNwQcsOpXaf4
l1j/Uju9VjuiAlmeDyiU9jKB2ic63ssserKEQlZi0RWco66R9IYOjclYLELPm4Xe
lvQCuDcq1iRodSI5UcKHhDzHnwoYwiuCDI4axpQjrJo7
-----END CERTIFICATE-----