Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/dffbc8-b149-46b4-bbb8-31ea2094b557/1/FyL54UsLck7aP3oPoR_8kM81X2M.roa
File:                     FyL54UsLck7aP3oPoR_8kM81X2M.roa (raw, json)
Hash identifier:          wly35zsKawyZQKKwH8i0I75o/Bh7+vfypu54Eg10S8Y=
Subject key identifier:   17:22:F9:E1:4B:0B:72:4E:DA:3F:7A:0F:A1:1F:FC:90:CF:35:5F:63
Certificate issuer:       /CN=38837e48aaf598bcab54a5fc8ae43b17be254229
Certificate serial:       018CC8DF86D847916D0E3B030C127108482E
Authority key identifier: 38:83:7E:48:AA:F5:98:BC:AB:54:A5:FC:8A:E4:3B:17:BE:25:42:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OIN-SKr1mLyrVKX8iuQ7F74lQik.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/dffbc8-b149-46b4-bbb8-31ea2094b557/1/FyL54UsLck7aP3oPoR_8kM81X2M.roa
Signing time:             Tue 02 Jan 2024 06:32:21 +0000
ROA not before:           Tue 02 Jan 2024 06:32:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212816
IP address blocks:        46.18.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/dffbc8-b149-46b4-bbb8-31ea2094b557/1/OIN-SKr1mLyrVKX8iuQ7F74lQik.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/dffbc8-b149-46b4-bbb8-31ea2094b557/1/OIN-SKr1mLyrVKX8iuQ7F74lQik.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OIN-SKr1mLyrVKX8iuQ7F74lQik.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:86:d8:47:91:6d:0e:3b:03:0c:12:71:08:48:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38837e48aaf598bcab54a5fc8ae43b17be254229
        Validity
            Not Before: Jan  2 06:32:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1722f9e14b0b724eda3f7a0fa11ffc90cf355f63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:90:a4:69:d4:f3:f7:73:92:5c:5a:1a:34:12:
                    58:b9:43:d8:85:f7:99:b3:07:ac:fb:12:2d:d4:67:
                    43:16:65:d9:85:c0:95:42:12:d2:2e:76:01:76:51:
                    47:12:51:62:07:73:34:50:d1:78:6c:aa:e0:04:6f:
                    f2:b0:a3:64:16:81:89:db:5b:af:7e:60:bd:20:91:
                    96:c8:ac:11:28:aa:08:ec:86:6e:d6:c9:8c:29:25:
                    45:1f:03:e1:73:57:eb:a0:df:d5:5c:3e:63:18:58:
                    b1:fa:0d:f3:28:42:3f:9c:7c:f5:54:39:db:35:59:
                    60:5c:09:65:48:40:02:48:10:5b:dc:b3:1f:f4:5b:
                    d1:dc:8d:6e:99:ce:fa:38:86:f1:ea:66:ae:71:33:
                    82:ab:5e:31:40:9b:49:27:03:69:f9:2c:81:3b:a4:
                    26:a9:19:dd:ad:5e:51:fc:a3:b6:09:0d:c8:f4:f9:
                    38:42:4d:c7:6e:93:ae:7a:64:8a:a1:f0:2c:02:fa:
                    97:16:94:2e:2b:32:57:ae:4b:ad:26:d8:05:12:84:
                    1f:1a:cd:5a:82:54:c6:04:33:f5:36:7f:f7:1c:d7:
                    6b:c0:b6:1d:db:24:01:58:20:38:9e:c7:9d:8b:84:
                    c5:ec:65:04:ca:d0:40:db:40:ae:f2:76:0a:20:0d:
                    18:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:22:F9:E1:4B:0B:72:4E:DA:3F:7A:0F:A1:1F:FC:90:CF:35:5F:63
            X509v3 Authority Key Identifier:
                keyid:38:83:7E:48:AA:F5:98:BC:AB:54:A5:FC:8A:E4:3B:17:BE:25:42:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OIN-SKr1mLyrVKX8iuQ7F74lQik.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/dffbc8-b149-46b4-bbb8-31ea2094b557/1/FyL54UsLck7aP3oPoR_8kM81X2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/dffbc8-b149-46b4-bbb8-31ea2094b557/1/OIN-SKr1mLyrVKX8iuQ7F74lQik.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.18.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:46:c7:18:44:59:79:23:af:b1:97:b6:7c:f2:af:ed:5a:c7:
         79:04:fa:72:a0:ae:a5:d2:48:c4:85:d1:99:13:ce:da:d7:c1:
         31:13:12:74:8e:5d:53:3d:ec:f0:58:49:19:c7:cf:c2:d3:cf:
         56:f9:28:df:00:83:ee:00:2a:44:60:5e:5c:50:9f:4b:f2:f2:
         2f:43:2f:49:f8:a2:d0:06:30:2a:ec:52:32:68:97:b0:95:71:
         69:96:e2:96:a2:e1:b4:03:6b:53:2b:a0:9b:f2:74:82:48:5d:
         4f:24:75:41:a3:b3:ff:48:49:26:7d:8d:8b:7a:f1:0e:94:9e:
         fe:6b:b0:22:fb:ac:17:d2:4d:a3:7e:6f:96:8e:d4:f7:4c:ab:
         bb:2c:28:a8:7a:f5:55:ac:fe:49:27:29:cd:36:7f:c9:e7:ab:
         49:38:d0:11:da:9d:82:55:a6:47:26:c7:8a:d1:06:db:1f:8f:
         6e:82:81:58:0b:4f:a4:e7:ca:60:f7:6c:f6:9f:cf:d0:5b:de:
         41:06:71:99:4f:38:7f:c4:1f:8c:a6:7a:08:0d:e8:83:6b:b5:
         6a:71:3a:04:e1:3a:67:3b:ac:7d:e8:71:67:10:33:b6:fc:de:
         f6:19:ac:98:6e:31:f2:5e:9b:af:31:93:0e:ea:d6:f9:2c:ef:
         b5:43:c7:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI34bYR5FtDjsDDBJxCEguMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4ODM3ZTQ4YWFmNTk4YmNhYjU0YTVmYzhhZTQzYjE3YmUy
NTQyMjkwHhcNMjQwMTAyMDYzMjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzIyZjllMTRiMGI3MjRlZGEzZjdhMGZhMTFmZmM5MGNmMzU1ZjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5CkadTz93OSXFoaNBJYuUPYhfeZ
swes+xIt1GdDFmXZhcCVQhLSLnYBdlFHElFiB3M0UNF4bKrgBG/ysKNkFoGJ21uv
fmC9IJGWyKwRKKoI7IZu1smMKSVFHwPhc1froN/VXD5jGFix+g3zKEI/nHz1VDnb
NVlgXAllSEACSBBb3LMf9FvR3I1umc76OIbx6maucTOCq14xQJtJJwNp+SyBO6Qm
qRndrV5R/KO2CQ3I9Pk4Qk3HbpOuemSKofAsAvqXFpQuKzJXrkutJtgFEoQfGs1a
glTGBDP1Nn/3HNdrwLYd2yQBWCA4nsedi4TF7GUEytBA20Cu8nYKIA0YyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBci+eFLC3JO2j96D6Ef/JDPNV9jMB8GA1UdIwQY
MBaAFDiDfkiq9Zi8q1Sl/IrkOxe+JUIpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0lOLVNLcjFtTHlyVktYOGl1UTdGNzRsUWlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9kZmZiYzgtYjE0OS00NmI0LWJiYjgt
MzFlYTIwOTRiNTU3LzEvRnlMNTRVc0xjazdhUDNvUG9SXzhrTTgxWDJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9kZmZiYzgtYjE0OS00NmI0LWJiYjgtMzFlYTIwOTRiNTU3
LzEvT0lOLVNLcjFtTHlyVktYOGl1UTdGNzRsUWlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhJsMA0G
CSqGSIb3DQEBCwUAA4IBAQC8RscYRFl5I6+xl7Z88q/tWsd5BPpyoK6l0kjEhdGZ
E87a18ExExJ0jl1TPezwWEkZx8/C089W+SjfAIPuACpEYF5cUJ9L8vIvQy9J+KLQ
BjAq7FIyaJewlXFpluKWouG0A2tTK6Cb8nSCSF1PJHVBo7P/SEkmfY2LevEOlJ7+
a7Ai+6wX0k2jfm+WjtT3TKu7LCioevVVrP5JJynNNn/J56tJONAR2p2CVaZHJseK
0QbbH49ugoFYC0+k58pg92z2n8/QW95BBnGZTzh/xB+MpnoIDeiDa7VqcToE4Tpn
O6x96HFnEDO2/N72GayYbjHyXpuvMZMO6tb5LO+1Q8dA
-----END CERTIFICATE-----