Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/a4582e-1a4d-4d4a-a5f4-ab13356e5fec/1/Frj8exoM6nIIZRwaOP2PeA8x6yA.roa
File:                     Frj8exoM6nIIZRwaOP2PeA8x6yA.roa (raw, json)
Hash identifier:          5x4Xtw8NVeQHEJ23fhLfiRw/0jitLatPymxuiNtH/JU=
Subject key identifier:   16:B8:FC:7B:1A:0C:EA:72:08:65:1C:1A:38:FD:8F:78:0F:31:EB:20
Certificate issuer:       /CN=03f3f8259b30ec03722f942035a94e209f882861
Certificate serial:       018CC2DB254013518E059C4F9B2970F2BF9F
Authority key identifier: 03:F3:F8:25:9B:30:EC:03:72:2F:94:20:35:A9:4E:20:9F:88:28:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A_P4JZsw7ANyL5QgNalOIJ-IKGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/a4582e-1a4d-4d4a-a5f4-ab13356e5fec/1/Frj8exoM6nIIZRwaOP2PeA8x6yA.roa
Signing time:             Mon 01 Jan 2024 02:29:50 +0000
ROA not before:           Mon 01 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58206
IP address blocks:        193.46.36.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/a4582e-1a4d-4d4a-a5f4-ab13356e5fec/1/A_P4JZsw7ANyL5QgNalOIJ-IKGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/a4582e-1a4d-4d4a-a5f4-ab13356e5fec/1/A_P4JZsw7ANyL5QgNalOIJ-IKGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A_P4JZsw7ANyL5QgNalOIJ-IKGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 22:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:25:40:13:51:8e:05:9c:4f:9b:29:70:f2:bf:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03f3f8259b30ec03722f942035a94e209f882861
        Validity
            Not Before: Jan  1 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16b8fc7b1a0cea7208651c1a38fd8f780f31eb20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8e:f0:5c:7a:36:f0:c7:83:15:90:c8:a8:9e:
                    35:4a:44:92:ef:e2:05:b9:70:2d:b0:5a:bd:69:f6:
                    a9:a9:a4:79:09:76:9c:ed:0f:cf:18:db:3a:e4:47:
                    e8:7b:35:da:bc:3f:e8:bb:44:c1:45:c9:c9:86:d4:
                    90:ec:a3:76:fd:cd:6e:e1:6b:ff:d1:f4:ad:d0:a3:
                    83:28:fd:e2:3a:87:f2:ec:45:b6:da:2a:0c:2d:6b:
                    c8:b8:02:5e:37:27:95:2a:7c:5e:de:77:9d:b4:f7:
                    9b:06:d2:d7:dd:17:f7:11:db:fe:9c:c5:19:10:c0:
                    64:61:c4:4c:54:db:e5:95:b0:5b:0e:43:76:d8:0f:
                    35:ee:50:99:38:27:ba:21:d0:1c:db:12:f0:4c:7f:
                    3c:7e:a2:7d:69:a3:bb:ee:2f:f6:25:3c:be:c9:b8:
                    18:e8:51:2f:d8:3c:f5:81:7e:eb:56:3a:54:2b:80:
                    25:3c:03:6c:13:09:0e:aa:74:7d:4e:24:24:32:21:
                    ad:bf:dd:5f:e6:db:1e:9c:83:d9:d3:97:da:3b:fa:
                    08:39:4a:4a:db:5f:94:85:d1:57:04:6f:f8:5b:48:
                    b2:31:e7:32:50:c1:99:cb:dd:a9:62:d3:39:92:bf:
                    ad:ab:6a:6d:9d:9d:c3:91:6f:ab:86:ea:5f:e1:99:
                    75:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:B8:FC:7B:1A:0C:EA:72:08:65:1C:1A:38:FD:8F:78:0F:31:EB:20
            X509v3 Authority Key Identifier:
                keyid:03:F3:F8:25:9B:30:EC:03:72:2F:94:20:35:A9:4E:20:9F:88:28:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A_P4JZsw7ANyL5QgNalOIJ-IKGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/a4582e-1a4d-4d4a-a5f4-ab13356e5fec/1/Frj8exoM6nIIZRwaOP2PeA8x6yA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/a4582e-1a4d-4d4a-a5f4-ab13356e5fec/1/A_P4JZsw7ANyL5QgNalOIJ-IKGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:b1:33:a1:9b:73:2a:f5:75:61:44:96:f5:47:9c:2e:cd:26:
         37:1b:54:3d:49:3f:ed:66:6d:0e:66:9b:a4:66:5c:f4:a4:46:
         db:36:b2:c9:e7:01:b6:02:ec:8c:8e:30:4a:cb:25:74:b3:55:
         31:f2:60:b2:8a:a3:1a:85:7e:9e:e3:aa:82:1d:13:39:5c:c8:
         20:e9:f7:93:5c:23:09:47:50:af:d8:0b:8f:08:e5:93:dd:f5:
         fb:1b:e9:e7:43:66:4f:49:d3:1e:f1:99:90:a4:50:81:05:f3:
         32:c5:c1:da:20:ca:ec:55:55:51:a2:d3:c5:6e:f2:08:70:b3:
         b3:95:e0:c0:9e:b5:08:7b:e6:bf:67:27:f0:99:ef:4c:66:4c:
         d7:04:93:b4:86:09:a6:1a:25:e2:a5:51:8b:35:6f:97:cc:08:
         a3:4f:a9:49:a2:d3:a6:dd:d9:db:ed:7d:0a:dc:29:3a:7d:23:
         45:7f:5c:36:18:85:47:7c:0b:64:a6:c1:11:18:63:36:07:ab:
         27:70:3f:72:85:48:8c:6d:5b:93:10:cf:52:a6:f6:82:a9:33:
         81:a6:28:d1:75:96:c8:51:93:ff:ab:f3:49:3a:de:41:52:38:
         4a:a6:71:70:1c:d8:89:10:6d:1c:62:e9:3e:8d:55:48:19:e9:
         a9:d4:2e:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2yVAE1GOBZxPmylw8r+fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzZjNmODI1OWIzMGVjMDM3MjJmOTQyMDM1YTk0ZTIwOWY4
ODI4NjEwHhcNMjQwMTAxMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmI4ZmM3YjFhMGNlYTcyMDg2NTFjMWEzOGZkOGY3ODBmMzFlYjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs47wXHo28MeDFZDIqJ41SkSS7+IF
uXAtsFq9afapqaR5CXac7Q/PGNs65EfoezXavD/ou0TBRcnJhtSQ7KN2/c1u4Wv/
0fSt0KODKP3iOofy7EW22ioMLWvIuAJeNyeVKnxe3nedtPebBtLX3Rf3Edv+nMUZ
EMBkYcRMVNvllbBbDkN22A817lCZOCe6IdAc2xLwTH88fqJ9aaO77i/2JTy+ybgY
6FEv2Dz1gX7rVjpUK4AlPANsEwkOqnR9TiQkMiGtv91f5tsenIPZ05faO/oIOUpK
21+UhdFXBG/4W0iyMecyUMGZy92pYtM5kr+tq2ptnZ3DkW+rhupf4Zl10wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBa4/HsaDOpyCGUcGjj9j3gPMesgMB8GA1UdIwQY
MBaAFAPz+CWbMOwDci+UIDWpTiCfiChhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQV9QNEpac3c3QU55TDVRZ05hbE9JSi1JS0dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9hNDU4MmUtMWE0ZC00ZDRhLWE1ZjQt
YWIxMzM1NmU1ZmVjLzEvRnJqOGV4b002bklJWlJ3YU9QMlBlQTh4NnlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9hNDU4MmUtMWE0ZC00ZDRhLWE1ZjQtYWIxMzM1NmU1ZmVj
LzEvQV9QNEpac3c3QU55TDVRZ05hbE9JSi1JS0dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwS4kMA0G
CSqGSIb3DQEBCwUAA4IBAQCSsTOhm3Mq9XVhRJb1R5wuzSY3G1Q9ST/tZm0OZpuk
Zlz0pEbbNrLJ5wG2AuyMjjBKyyV0s1Ux8mCyiqMahX6e46qCHRM5XMgg6feTXCMJ
R1Cv2AuPCOWT3fX7G+nnQ2ZPSdMe8ZmQpFCBBfMyxcHaIMrsVVVRotPFbvIIcLOz
leDAnrUIe+a/Zyfwme9MZkzXBJO0hgmmGiXipVGLNW+XzAijT6lJotOm3dnb7X0K
3Ck6fSNFf1w2GIVHfAtkpsERGGM2B6sncD9yhUiMbVuTEM9SpvaCqTOBpijRdZbI
UZP/q/NJOt5BUjhKpnFwHNiJEG0cYuk+jVVIGemp1C6I
-----END CERTIFICATE-----