Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/FcC6p_qeAbtQsZOZCnuCOvaQtfw.roa
File:                     FcC6p_qeAbtQsZOZCnuCOvaQtfw.roa (raw, json)
Hash identifier:          Jb9R1aDX4sFzxS0p1WW5Ea6+8DWY+rsM+UP/OKo1sOU=
Subject key identifier:   15:C0:BA:A7:FA:9E:01:BB:50:B1:93:99:0A:7B:82:3A:F6:90:B5:FC
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       019427B56E9FC2B937EC44FAE7481E9AA6F2
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/FcC6p_qeAbtQsZOZCnuCOvaQtfw.roa
Signing time:             Thu 02 Jan 2025 15:49:49 +0000
ROA not before:           Thu 02 Jan 2025 15:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207804
IP address blocks:        194.28.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:6e:9f:c2:b9:37:ec:44:fa:e7:48:1e:9a:a6:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Jan  2 15:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15c0baa7fa9e01bb50b193990a7b823af690b5fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:74:37:9a:ff:a0:4b:33:bb:23:3a:a2:57:59:
                    44:4b:b2:94:b4:f9:3f:5b:60:bb:f5:6e:e1:e4:a1:
                    19:5a:3c:6c:30:9a:17:9c:2c:b2:0b:37:ea:c7:2c:
                    2e:0f:e2:ad:39:ba:89:84:fc:d5:bc:19:f5:97:6d:
                    2d:20:41:6d:7f:82:de:39:58:36:f7:7e:c4:eb:0e:
                    a6:25:22:5d:b6:4f:0d:7b:b1:18:c5:c7:0f:ec:f4:
                    14:c9:64:a9:f0:05:19:39:fe:54:40:2e:a6:9c:e5:
                    4e:08:25:7b:23:1b:04:7d:31:b5:bc:41:df:44:3e:
                    4f:b4:12:5a:2f:17:88:ea:3e:87:34:3f:2a:01:e3:
                    6d:3c:96:86:16:af:c8:81:b0:93:a5:0e:c9:ef:bb:
                    ee:b1:59:bf:31:f9:dd:9c:8c:e8:f6:56:d1:9c:24:
                    98:27:f9:e2:22:87:65:cf:e4:e0:c2:8a:c1:05:6f:
                    09:91:78:38:fd:c4:4c:66:26:cc:2f:18:51:a8:26:
                    89:65:c9:25:86:a9:0f:dd:63:dc:e0:05:b1:33:14:
                    bf:40:7d:00:40:b5:00:94:da:3f:08:37:f3:e6:da:
                    ad:b1:5d:ec:74:51:fc:a4:04:32:03:69:07:77:ba:
                    de:78:e7:d3:39:bf:5b:91:93:2d:26:5d:21:a4:d2:
                    ac:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:C0:BA:A7:FA:9E:01:BB:50:B1:93:99:0A:7B:82:3A:F6:90:B5:FC
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/FcC6p_qeAbtQsZOZCnuCOvaQtfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.28.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:2c:c1:d9:0f:d3:e8:f2:b9:e4:12:fb:2d:13:d0:85:a3:28:
         4a:b8:10:de:9b:88:e6:95:29:7b:c6:6a:47:c6:2c:c8:f7:51:
         5a:56:55:b7:55:85:9f:80:f5:d7:58:cd:5b:22:d9:3d:3e:dc:
         98:e7:c0:f4:f5:44:6f:d3:84:51:2e:c0:a2:c4:5e:a5:9c:52:
         25:63:9f:6d:d3:27:f0:45:e3:eb:08:c8:26:73:7a:c5:15:b1:
         f5:2a:40:21:39:0a:d8:d4:2c:ff:87:2e:37:9e:0c:ff:b4:ab:
         ff:a5:ac:ff:83:39:4c:00:22:c0:e4:65:11:3b:c5:03:14:25:
         fc:9d:ce:7b:b4:4e:07:15:2c:c4:8e:84:91:eb:86:a1:d3:c4:
         66:ac:40:5d:19:14:e0:9e:9b:23:09:ce:d6:21:43:50:71:c7:
         70:6f:55:92:e0:ae:20:08:62:53:97:8b:36:45:23:4c:03:16:
         65:fb:09:33:b3:b9:e7:e2:15:e9:7d:ce:8a:dc:c2:ba:43:91:
         19:d3:fd:37:7b:b3:e7:16:4f:0e:21:9f:0a:b1:b5:28:57:f0:
         1d:25:14:5b:2d:38:e7:df:4f:83:90:73:48:0e:84:f4:6f:a1:
         7c:8c:fd:88:dc:5d:7c:78:73:5e:d8:15:d3:fe:13:16:4a:d4:
         0d:44:ae:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntW6fwrk37ET650gemqbyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUwMTAyMTU0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWMwYmFhN2ZhOWUwMWJiNTBiMTkzOTkwYTdiODIzYWY2OTBiNWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3Q3mv+gSzO7IzqiV1lES7KUtPk/
W2C79W7h5KEZWjxsMJoXnCyyCzfqxywuD+KtObqJhPzVvBn1l20tIEFtf4LeOVg2
937E6w6mJSJdtk8Ne7EYxccP7PQUyWSp8AUZOf5UQC6mnOVOCCV7IxsEfTG1vEHf
RD5PtBJaLxeI6j6HND8qAeNtPJaGFq/IgbCTpQ7J77vusVm/MfndnIzo9lbRnCSY
J/niIodlz+TgworBBW8JkXg4/cRMZibMLxhRqCaJZcklhqkP3WPc4AWxMxS/QH0A
QLUAlNo/CDfz5tqtsV3sdFH8pAQyA2kHd7reeOfTOb9bkZMtJl0hpNKsWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBXAuqf6ngG7ULGTmQp7gjr2kLX8MB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvRmNDNnBfcWVBYnRRc1pPWkNudUNPdmFRdGZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhzjMA0G
CSqGSIb3DQEBCwUAA4IBAQCaLMHZD9Po8rnkEvstE9CFoyhKuBDem4jmlSl7xmpH
xizI91FaVlW3VYWfgPXXWM1bItk9PtyY58D09URv04RRLsCixF6lnFIlY59t0yfw
RePrCMgmc3rFFbH1KkAhOQrY1Cz/hy43ngz/tKv/paz/gzlMACLA5GURO8UDFCX8
nc57tE4HFSzEjoSR64ah08RmrEBdGRTgnpsjCc7WIUNQccdwb1WS4K4gCGJTl4s2
RSNMAxZl+wkzs7nn4hXpfc6K3MK6Q5EZ0/03e7PnFk8OIZ8KsbUoV/AdJRRbLTjn
30+DkHNIDoT0b6F8jP2I3F18eHNe2BXT/hMWStQNRK4M
-----END CERTIFICATE-----