Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/FAqGdeQ9V3N5w1G1W9y5ZM_uvrE.roa
File:                     FAqGdeQ9V3N5w1G1W9y5ZM_uvrE.roa (raw, json)
Hash identifier:          rBVGmjTgjE+fdnP23ACtqHdYcKEYV6SYbkpE6bHh8hk=
Subject key identifier:   14:0A:86:75:E4:3D:57:73:79:C3:51:B5:5B:DC:B9:64:CF:EE:BE:B1
Certificate issuer:       /CN=8050504f4b1776e80b8ad9f8b356e613b585b35a
Certificate serial:       018CC5000E5CA1163B20E3C5FACA19F35FA1
Authority key identifier: 80:50:50:4F:4B:17:76:E8:0B:8A:D9:F8:B3:56:E6:13:B5:85:B3:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gFBQT0sXdugLitn4s1bmE7WFs1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/FAqGdeQ9V3N5w1G1W9y5ZM_uvrE.roa
Signing time:             Mon 01 Jan 2024 12:29:24 +0000
ROA not before:           Mon 01 Jan 2024 12:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9044
IP address blocks:        193.135.57.0/24 maxlen: 24
                          2001:678:e48::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/gFBQT0sXdugLitn4s1bmE7WFs1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/gFBQT0sXdugLitn4s1bmE7WFs1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gFBQT0sXdugLitn4s1bmE7WFs1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:0e:5c:a1:16:3b:20:e3:c5:fa:ca:19:f3:5f:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8050504f4b1776e80b8ad9f8b356e613b585b35a
        Validity
            Not Before: Jan  1 12:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=140a8675e43d577379c351b55bdcb964cfeebeb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:25:b6:1f:33:29:b8:ec:52:b4:80:4e:74:54:
                    b9:fd:bf:f0:cb:b2:b3:21:21:8d:28:9b:11:f8:6d:
                    72:df:09:68:bc:a1:4c:e2:c4:2a:31:1d:89:93:11:
                    18:8b:f8:33:dd:74:f2:a1:e7:07:dd:83:ca:8e:1b:
                    4f:14:9c:76:1e:f4:3f:9d:ab:49:8b:cc:e0:f8:02:
                    63:f1:18:2f:ea:8d:cf:63:a5:f0:68:a7:47:71:d4:
                    a2:a0:30:94:1b:48:cb:ae:52:e3:ff:73:b4:fc:ca:
                    61:51:bf:6c:23:a5:dc:b2:c8:4a:16:a5:c1:a2:4c:
                    24:e4:90:60:58:0c:6d:24:47:6d:0c:13:b4:20:54:
                    e8:49:f1:20:73:a6:1e:8a:41:c1:ae:43:e9:ff:42:
                    3b:82:44:e8:a8:fc:ad:68:fb:3f:50:62:da:cc:91:
                    67:a5:84:38:df:a8:dd:29:c8:45:34:f8:18:5f:19:
                    17:5b:09:57:b4:f8:71:ec:8b:d5:b8:a7:c1:91:01:
                    3c:75:79:ff:c2:14:8d:8a:c8:87:6a:93:19:23:45:
                    c8:04:3a:a7:5a:28:14:ab:15:c6:3f:4d:99:b2:ba:
                    ec:d1:a7:72:66:80:0c:19:40:a3:fb:2b:7e:bf:3e:
                    c9:0a:7b:13:eb:34:08:8d:e4:66:58:4c:d4:b4:94:
                    3a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:0A:86:75:E4:3D:57:73:79:C3:51:B5:5B:DC:B9:64:CF:EE:BE:B1
            X509v3 Authority Key Identifier:
                keyid:80:50:50:4F:4B:17:76:E8:0B:8A:D9:F8:B3:56:E6:13:B5:85:B3:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gFBQT0sXdugLitn4s1bmE7WFs1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/FAqGdeQ9V3N5w1G1W9y5ZM_uvrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/gFBQT0sXdugLitn4s1bmE7WFs1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.57.0/24
                IPv6:
                  2001:678:e48::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:b7:8a:6b:f0:64:9d:6a:99:b4:3b:27:49:f4:c8:f4:3c:75:
         72:1c:ee:15:7b:be:ad:46:f6:93:8e:46:27:08:b2:ad:7f:83:
         e1:0f:97:d4:83:90:00:87:17:97:c0:e1:59:c6:8e:69:eb:24:
         8a:e0:ac:fc:89:12:18:ef:ae:54:95:83:72:12:70:51:1d:ae:
         1c:29:6e:81:ca:4c:8f:f0:35:a3:69:22:66:99:b9:56:77:ea:
         70:59:5d:57:de:7c:85:d9:33:d6:f4:af:01:32:8d:c9:74:bb:
         ec:ec:6b:4b:7d:d7:c2:cb:49:7b:04:09:2a:c6:6e:06:70:e1:
         ab:ac:d0:e9:52:a2:2e:b5:3e:30:ba:9e:75:04:8e:03:de:6c:
         69:da:7f:30:43:a9:65:17:68:92:52:0e:f4:3e:8a:5f:5c:2e:
         8f:e4:ce:5b:06:8f:0e:e6:01:2f:77:71:95:d7:6b:95:b3:58:
         6c:ff:d9:62:64:99:97:46:30:13:74:6a:de:4c:cc:ad:ca:49:
         24:05:86:df:06:52:fb:81:01:cc:fa:d1:6e:1b:6b:5a:bd:88:
         26:e6:99:d8:8d:be:81:fc:88:43:36:12:76:88:e2:4b:99:10:
         65:f2:b1:97:e1:ef:c9:35:2a:f3:69:8e:d7:81:35:50:af:b1:
         2d:f5:aa:ff
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFAA5coRY7IOPF+soZ81+hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNTA1MDRmNGIxNzc2ZTgwYjhhZDlmOGIzNTZlNjEzYjU4
NWIzNWEwHhcNMjQwMTAxMTIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDBhODY3NWU0M2Q1NzczNzljMzUxYjU1YmRjYjk2NGNmZWViZWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiW2HzMpuOxStIBOdFS5/b/wy7Kz
ISGNKJsR+G1y3wlovKFM4sQqMR2JkxEYi/gz3XTyoecH3YPKjhtPFJx2HvQ/natJ
i8zg+AJj8Rgv6o3PY6XwaKdHcdSioDCUG0jLrlLj/3O0/MphUb9sI6XcsshKFqXB
okwk5JBgWAxtJEdtDBO0IFToSfEgc6YeikHBrkPp/0I7gkToqPytaPs/UGLazJFn
pYQ436jdKchFNPgYXxkXWwlXtPhx7IvVuKfBkQE8dXn/whSNisiHapMZI0XIBDqn
WigUqxXGP02Zsrrs0adyZoAMGUCj+yt+vz7JCnsT6zQIjeRmWEzUtJQ6yQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBQKhnXkPVdzecNRtVvcuWTP7r6xMB8GA1UdIwQY
MBaAFIBQUE9LF3boC4rZ+LNW5hO1hbNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0ZCUVQwc1hkdWdMaXRuNHMxYm1FN1dGczFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9iNTk3MTUtYjA1YS00YjRhLWE5MjIt
MDE0NGEzMjgyYTJlLzEvRkFxR2RlUTlWM041dzFHMVc5eTVaTV91dnJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9iNTk3MTUtYjA1YS00YjRhLWE5MjItMDE0NGEzMjgyYTJl
LzEvZ0ZCUVQwc1hkdWdMaXRuNHMxYm1FN1dGczFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwYc5MA8E
AgACMAkDBwAgAQZ4DkgwDQYJKoZIhvcNAQELBQADggEBAI23imvwZJ1qmbQ7J0n0
yPQ8dXIc7hV7vq1G9pOORicIsq1/g+EPl9SDkACHF5fA4VnGjmnrJIrgrPyJEhjv
rlSVg3IScFEdrhwpboHKTI/wNaNpImaZuVZ36nBZXVfefIXZM9b0rwEyjcl0u+zs
a0t918LLSXsECSrGbgZw4aus0OlSoi61PjC6nnUEjgPebGnafzBDqWUXaJJSDvQ+
il9cLo/kzlsGjw7mAS93cZXXa5WzWGz/2WJkmZdGMBN0at5MzK3KSSQFht8GUvuB
Acz60W4ba1q9iCbmmdiNvoH8iEM2EnaI4kuZEGXysZfh78k1KvNpjteBNVCvsS31
qv8=
-----END CERTIFICATE-----