Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/582695-61a1-48e7-b6ac-7bc45340dd28/1/FyOJZKS04HQhrprFH7EXN9eOV1E.roa
File:                     FyOJZKS04HQhrprFH7EXN9eOV1E.roa (raw, json)
Hash identifier:          A2S5eY/hjQQ7hlIzwTn7u/dA1+KcDlTpTWggxBSlxQA=
Subject key identifier:   17:23:89:64:A4:B4:E0:74:21:AE:9A:C5:1F:B1:17:37:D7:8E:57:51
Certificate issuer:       /CN=4398b577b223b5a76351219a74fda446704890f7
Certificate serial:       018CC64AABD76F1E8C76165A57D4DDB5BE8B
Authority key identifier: 43:98:B5:77:B2:23:B5:A7:63:51:21:9A:74:FD:A4:46:70:48:90:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q5i1d7IjtadjUSGadP2kRnBIkPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/582695-61a1-48e7-b6ac-7bc45340dd28/1/FyOJZKS04HQhrprFH7EXN9eOV1E.roa
Signing time:             Mon 01 Jan 2024 18:30:31 +0000
ROA not before:           Mon 01 Jan 2024 18:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212323
IP address blocks:        185.209.12.0/24 maxlen: 24
                          2a10:d200::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/582695-61a1-48e7-b6ac-7bc45340dd28/1/Q5i1d7IjtadjUSGadP2kRnBIkPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/582695-61a1-48e7-b6ac-7bc45340dd28/1/Q5i1d7IjtadjUSGadP2kRnBIkPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q5i1d7IjtadjUSGadP2kRnBIkPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:ab:d7:6f:1e:8c:76:16:5a:57:d4:dd:b5:be:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4398b577b223b5a76351219a74fda446704890f7
        Validity
            Not Before: Jan  1 18:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17238964a4b4e07421ae9ac51fb11737d78e5751
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:71:41:66:7e:ba:7a:70:a0:62:4e:8c:3b:b7:
                    4e:56:51:8f:47:2b:3e:41:6e:8b:12:e2:9d:22:78:
                    06:2a:20:ad:2b:3f:a5:db:a4:6e:98:eb:be:29:5e:
                    ef:06:25:4b:dc:a6:27:96:d2:98:3b:ad:6c:3a:55:
                    e5:18:9d:01:7b:51:46:91:12:10:07:c7:46:e4:65:
                    27:91:54:39:54:3a:ca:d1:d4:09:68:3e:06:fe:dc:
                    61:17:c2:2c:ae:82:56:bd:72:fa:81:ed:db:00:f4:
                    80:8b:e4:03:be:03:ef:a5:b5:7b:75:fb:b2:5e:38:
                    fd:25:ce:7d:49:6b:bc:80:33:8f:46:f2:34:30:96:
                    2f:ab:8c:23:42:21:36:bc:22:6d:b3:1a:39:16:a7:
                    03:61:68:45:59:66:a8:68:c9:6d:3c:e1:0d:e8:83:
                    57:41:46:36:dc:49:de:22:88:7d:9c:26:f4:9f:12:
                    30:b5:87:79:c3:90:1b:98:37:dc:e5:4e:43:58:6c:
                    9e:2b:eb:ef:99:66:04:08:54:6c:4e:b7:ef:1c:89:
                    4f:50:e4:13:ae:ec:4b:a0:e9:13:4b:b4:27:ad:1c:
                    17:86:49:fd:f5:b0:6a:d7:44:f2:b1:f0:2b:3a:1a:
                    dc:ff:06:c5:27:e5:c4:f8:4a:8d:33:65:de:2d:3b:
                    25:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:23:89:64:A4:B4:E0:74:21:AE:9A:C5:1F:B1:17:37:D7:8E:57:51
            X509v3 Authority Key Identifier:
                keyid:43:98:B5:77:B2:23:B5:A7:63:51:21:9A:74:FD:A4:46:70:48:90:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q5i1d7IjtadjUSGadP2kRnBIkPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/582695-61a1-48e7-b6ac-7bc45340dd28/1/FyOJZKS04HQhrprFH7EXN9eOV1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/582695-61a1-48e7-b6ac-7bc45340dd28/1/Q5i1d7IjtadjUSGadP2kRnBIkPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.12.0/24
                IPv6:
                  2a10:d200::/29

    Signature Algorithm: sha256WithRSAEncryption
         82:9b:a7:18:75:cf:33:40:40:c9:c4:30:0c:f3:15:62:76:12:
         66:b8:c2:b1:50:a8:dc:ea:3e:1e:93:5e:7b:a2:cf:33:98:8b:
         55:1a:67:50:3b:4e:4b:76:42:9f:3f:11:92:a8:f6:77:b0:ac:
         7b:36:d6:b6:ad:f3:4d:3e:da:18:bb:5a:75:df:96:aa:9b:a5:
         06:5d:81:80:f1:5b:b6:6f:5a:06:14:cd:9b:b0:1f:44:9d:01:
         31:ed:84:9d:01:e7:8c:0b:24:e0:b1:72:94:6f:b3:5a:e7:f7:
         5e:44:3b:4c:e2:80:b3:a8:c5:a5:41:b8:bc:14:d4:52:98:25:
         26:59:93:4b:76:64:e6:6f:aa:42:0e:e7:34:51:c9:4f:0e:ec:
         0b:1a:84:3e:92:28:1f:9f:95:37:29:c8:3a:53:20:16:95:58:
         87:6d:22:e4:75:d8:7c:76:11:4a:41:fa:1f:53:5f:bc:4b:55:
         9d:be:a9:51:fa:5b:e4:95:23:f7:35:90:96:24:bc:5c:a2:9c:
         ce:2a:a6:83:c6:80:5d:25:60:2b:09:76:4a:9a:c2:f2:9b:df:
         de:ac:b0:a6:a4:fc:6b:eb:87:fe:14:b4:f8:90:fc:ef:15:b4:
         ce:9f:5e:93:ec:fb:bd:50:1c:24:7a:b1:3e:29:ae:63:79:83:
         b5:f4:a5:2a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSqvXbx6MdhZaV9Tdtb6LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzOThiNTc3YjIyM2I1YTc2MzUxMjE5YTc0ZmRhNDQ2NzA0
ODkwZjcwHhcNMjQwMTAxMTgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzIzODk2NGE0YjRlMDc0MjFhZTlhYzUxZmIxMTczN2Q3OGU1NzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3FBZn66enCgYk6MO7dOVlGPRys+
QW6LEuKdIngGKiCtKz+l26RumOu+KV7vBiVL3KYnltKYO61sOlXlGJ0Be1FGkRIQ
B8dG5GUnkVQ5VDrK0dQJaD4G/txhF8IsroJWvXL6ge3bAPSAi+QDvgPvpbV7dfuy
Xjj9Jc59SWu8gDOPRvI0MJYvq4wjQiE2vCJtsxo5FqcDYWhFWWaoaMltPOEN6INX
QUY23EneIoh9nCb0nxIwtYd5w5AbmDfc5U5DWGyeK+vvmWYECFRsTrfvHIlPUOQT
ruxLoOkTS7QnrRwXhkn99bBq10TysfArOhrc/wbFJ+XE+EqNM2XeLTslrQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBcjiWSktOB0Ia6axR+xFzfXjldRMB8GA1UdIwQY
MBaAFEOYtXeyI7WnY1EhmnT9pEZwSJD3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTVpMWQ3SWp0YWRqVVNHYWRQMmtSbkJJa1BjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS81ODI2OTUtNjFhMS00OGU3LWI2YWMt
N2JjNDUzNDBkZDI4LzEvRnlPSlpLUzA0SFFocnByRkg3RVhOOWVPVjFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS81ODI2OTUtNjFhMS00OGU3LWI2YWMtN2JjNDUzNDBkZDI4
LzEvUTVpMWQ3SWp0YWRqVVNHYWRQMmtSbkJJa1BjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudEMMA0E
AgACMAcDBQMqENIAMA0GCSqGSIb3DQEBCwUAA4IBAQCCm6cYdc8zQEDJxDAM8xVi
dhJmuMKxUKjc6j4ek157os8zmItVGmdQO05LdkKfPxGSqPZ3sKx7Nta2rfNNPtoY
u1p135aqm6UGXYGA8Vu2b1oGFM2bsB9EnQEx7YSdAeeMCyTgsXKUb7Na5/deRDtM
4oCzqMWlQbi8FNRSmCUmWZNLdmTmb6pCDuc0UclPDuwLGoQ+kigfn5U3Kcg6UyAW
lViHbSLkddh8dhFKQfofU1+8S1WdvqlR+lvklSP3NZCWJLxcopzOKqaDxoBdJWAr
CXZKmsLym9/erLCmpPxr64f+FLT4kPzvFbTOn16T7Pu9UBwkerE+Ka5jeYO19KUq
-----END CERTIFICATE-----