Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/72c984-1410-45ec-86c5-8ab86937410a/1/FMOrAvuXC1st0AxiGEbiYaRYpDg.roa
File:                     FMOrAvuXC1st0AxiGEbiYaRYpDg.roa (raw, json)
Hash identifier:          OmIWmIcqWrtJmv8GjH0kjZnCnt6Sjb2fVpbncWqIDDs=
Subject key identifier:   14:C3:AB:02:FB:97:0B:5B:2D:D0:0C:62:18:46:E2:61:A4:58:A4:38
Certificate issuer:       /CN=4662521eb58b45b0c5a2ccbe383315ce79d7eea5
Certificate serial:       019423D7D5D3EE2CE5F6E7E9442481305F20
Authority key identifier: 46:62:52:1E:B5:8B:45:B0:C5:A2:CC:BE:38:33:15:CE:79:D7:EE:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RmJSHrWLRbDFosy-ODMVznnX7qU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/72c984-1410-45ec-86c5-8ab86937410a/1/FMOrAvuXC1st0AxiGEbiYaRYpDg.roa
Signing time:             Wed 01 Jan 2025 21:48:55 +0000
ROA not before:           Wed 01 Jan 2025 21:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214742
IP address blocks:        193.162.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/72c984-1410-45ec-86c5-8ab86937410a/1/RmJSHrWLRbDFosy-ODMVznnX7qU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/72c984-1410-45ec-86c5-8ab86937410a/1/RmJSHrWLRbDFosy-ODMVznnX7qU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RmJSHrWLRbDFosy-ODMVznnX7qU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 18:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:d5:d3:ee:2c:e5:f6:e7:e9:44:24:81:30:5f:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4662521eb58b45b0c5a2ccbe383315ce79d7eea5
        Validity
            Not Before: Jan  1 21:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14c3ab02fb970b5b2dd00c621846e261a458a438
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d6:32:24:af:8d:80:3c:69:34:5b:0a:e2:f5:
                    1a:96:8f:c2:4b:1d:f0:a4:76:09:3e:17:60:dd:88:
                    31:3e:ec:71:83:ea:da:8f:f4:ca:c2:79:9e:71:7b:
                    74:c0:2b:d0:0e:0a:73:05:3f:60:48:78:2d:d4:d2:
                    fa:0a:b1:67:67:f5:81:cf:fd:18:f6:4f:fa:92:a7:
                    24:0b:53:d4:79:90:53:52:5c:07:6d:77:3b:96:06:
                    6c:23:1d:08:c8:15:27:31:f9:2e:15:c2:93:8d:18:
                    70:1f:c4:98:90:d6:cb:8d:fe:39:f7:f4:8b:33:7b:
                    e1:40:84:3e:29:ac:df:7a:d5:89:68:b3:92:a5:ed:
                    1b:be:52:c3:4b:a2:00:e6:1d:36:25:73:f5:48:e8:
                    fb:2c:1b:60:a3:2f:e5:ae:f1:cb:da:1a:6e:17:3d:
                    db:b1:07:4a:69:b4:e1:f6:47:ac:00:66:f6:ac:45:
                    46:12:91:48:5e:17:68:af:db:3e:16:0a:b8:f2:e7:
                    95:f6:b4:4e:ab:1f:46:65:74:fe:f5:8c:11:f7:40:
                    05:b0:8e:b6:70:51:d8:72:47:9c:e1:bd:1f:c7:69:
                    ab:10:2b:dd:99:cc:b0:8c:ae:b2:08:0d:b5:4a:d2:
                    58:19:3a:fd:90:73:4c:ec:1a:b2:2a:55:2b:00:88:
                    ca:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:C3:AB:02:FB:97:0B:5B:2D:D0:0C:62:18:46:E2:61:A4:58:A4:38
            X509v3 Authority Key Identifier:
                keyid:46:62:52:1E:B5:8B:45:B0:C5:A2:CC:BE:38:33:15:CE:79:D7:EE:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RmJSHrWLRbDFosy-ODMVznnX7qU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/72c984-1410-45ec-86c5-8ab86937410a/1/FMOrAvuXC1st0AxiGEbiYaRYpDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/72c984-1410-45ec-86c5-8ab86937410a/1/RmJSHrWLRbDFosy-ODMVznnX7qU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.162.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:33:33:09:a3:ea:a1:44:b6:c4:a0:8c:02:6f:b1:93:f0:55:
         39:6c:6f:66:e9:84:2b:d1:d7:74:75:92:89:c1:b8:81:45:17:
         08:c1:8f:d2:22:07:cb:0b:b6:72:f5:16:8d:6c:e7:e1:1e:97:
         5b:94:3e:27:e6:53:5f:93:23:06:a0:f0:8f:61:fc:31:1b:98:
         17:d0:4e:6e:cf:30:98:18:05:2e:3e:14:ea:11:8c:df:52:bb:
         d5:4b:e0:1d:4b:3d:3d:97:d7:a7:75:f4:3d:fe:9e:87:d3:cf:
         7a:58:e0:a9:c0:aa:77:e6:2d:d5:c1:5f:70:cf:2f:28:36:20:
         2e:92:dd:7e:a4:87:75:58:e2:94:a6:d5:55:72:10:fc:95:da:
         8f:0d:33:ff:fb:25:31:08:a5:69:90:76:e9:10:f2:af:be:49:
         2d:e7:bd:60:88:b3:55:8e:02:02:52:67:7d:8e:ce:92:f2:09:
         83:0b:e7:09:11:c6:fc:21:61:4b:8f:da:36:68:95:99:4d:52:
         4e:28:05:7c:fd:52:13:86:65:e8:74:ec:6a:c9:83:2e:02:bd:
         1e:2a:1a:fd:6d:4f:e8:0e:ec:f9:1a:53:4b:83:8e:46:29:c6:
         67:eb:74:40:f5:bd:ca:da:f7:e3:d6:45:1d:57:b1:fa:7d:6f:
         a5:f4:49:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj19XT7izl9ufpRCSBMF8gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NjI1MjFlYjU4YjQ1YjBjNWEyY2NiZTM4MzMxNWNlNzlk
N2VlYTUwHhcNMjUwMTAxMjE0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGMzYWIwMmZiOTcwYjViMmRkMDBjNjIxODQ2ZTI2MWE0NThhNDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdYyJK+NgDxpNFsK4vUalo/CSx3w
pHYJPhdg3YgxPuxxg+raj/TKwnmecXt0wCvQDgpzBT9gSHgt1NL6CrFnZ/WBz/0Y
9k/6kqckC1PUeZBTUlwHbXc7lgZsIx0IyBUnMfkuFcKTjRhwH8SYkNbLjf459/SL
M3vhQIQ+KazfetWJaLOSpe0bvlLDS6IA5h02JXP1SOj7LBtgoy/lrvHL2hpuFz3b
sQdKabTh9kesAGb2rEVGEpFIXhdor9s+Fgq48ueV9rROqx9GZXT+9YwR90AFsI62
cFHYckec4b0fx2mrECvdmcywjK6yCA21StJYGTr9kHNM7BqyKlUrAIjKwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBTDqwL7lwtbLdAMYhhG4mGkWKQ4MB8GA1UdIwQY
MBaAFEZiUh61i0WwxaLMvjgzFc551+6lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm1KU0hyV0xSYkRGb3N5LU9ETVZ6bm5YN3FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi83MmM5ODQtMTQxMC00NWVjLTg2YzUt
OGFiODY5Mzc0MTBhLzEvRk1PckF2dVhDMXN0MEF4aUdFYmlZYVJZcERnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi83MmM5ODQtMTQxMC00NWVjLTg2YzUtOGFiODY5Mzc0MTBh
LzEvUm1KU0hyV0xSYkRGb3N5LU9ETVZ6bm5YN3FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaIdMA0G
CSqGSIb3DQEBCwUAA4IBAQACMzMJo+qhRLbEoIwCb7GT8FU5bG9m6YQr0dd0dZKJ
wbiBRRcIwY/SIgfLC7Zy9RaNbOfhHpdblD4n5lNfkyMGoPCPYfwxG5gX0E5uzzCY
GAUuPhTqEYzfUrvVS+AdSz09l9endfQ9/p6H0896WOCpwKp35i3VwV9wzy8oNiAu
kt1+pId1WOKUptVVchD8ldqPDTP/+yUxCKVpkHbpEPKvvkkt571giLNVjgICUmd9
js6S8gmDC+cJEcb8IWFLj9o2aJWZTVJOKAV8/VIThmXodOxqyYMuAr0eKhr9bU/o
Duz5GlNLg45GKcZn63RA9b3K2vfj1kUdV7H6fW+l9Ekt
-----END CERTIFICATE-----