Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/eea9d1-239b-4349-8b45-b5bacdd0779d/1/szI0o-GpLvat3IbyBNzTVKRFPkc.roa
File:                     szI0o-GpLvat3IbyBNzTVKRFPkc.roa (raw, json)
Hash identifier:          iyit58pr3a3sNu9VA+DWGCi9xW3Cv7oPOCfLHJMYOEg=
Subject key identifier:   B3:32:34:A3:E1:A9:2E:F6:AD:DC:86:F2:04:DC:D3:54:A4:45:3E:47
Certificate issuer:       /CN=f2246346ddb3e6ba6e890005b88148d2d6ce9971
Certificate serial:       018CC2DAC0B5933DB30A8099FDFD5CE92908
Authority key identifier: F2:24:63:46:DD:B3:E6:BA:6E:89:00:05:B8:81:48:D2:D6:CE:99:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8iRjRt2z5rpuiQAFuIFI0tbOmXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/eea9d1-239b-4349-8b45-b5bacdd0779d/1/szI0o-GpLvat3IbyBNzTVKRFPkc.roa
Signing time:             Mon 01 Jan 2024 02:29:25 +0000
ROA not before:           Mon 01 Jan 2024 02:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205718
IP address blocks:        185.208.220.0/22 maxlen: 22
                          2a09:8ac0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/eea9d1-239b-4349-8b45-b5bacdd0779d/1/8iRjRt2z5rpuiQAFuIFI0tbOmXE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/eea9d1-239b-4349-8b45-b5bacdd0779d/1/8iRjRt2z5rpuiQAFuIFI0tbOmXE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8iRjRt2z5rpuiQAFuIFI0tbOmXE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 23:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c0:b5:93:3d:b3:0a:80:99:fd:fd:5c:e9:29:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2246346ddb3e6ba6e890005b88148d2d6ce9971
        Validity
            Not Before: Jan  1 02:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b33234a3e1a92ef6addc86f204dcd354a4453e47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:3d:21:14:b4:d3:94:c7:10:3d:5c:a4:ad:db:
                    a0:bd:6f:ba:0d:bf:eb:c6:ac:f6:9a:10:0c:01:0e:
                    b1:6c:4f:83:56:45:01:c2:9f:4a:aa:13:90:80:a6:
                    ea:6a:b4:a8:cc:d2:7c:a0:14:30:f8:2d:dc:a0:fc:
                    35:a2:b8:76:3b:ea:e2:0d:a7:ff:0a:9a:5e:5a:80:
                    79:b0:38:eb:60:49:f6:f2:43:c8:aa:75:92:b3:11:
                    89:c3:d0:69:56:95:da:44:0a:a2:d7:b6:6c:58:24:
                    a0:16:e9:a4:5a:96:16:ce:fe:fb:3a:2c:de:11:50:
                    3e:fa:23:89:8c:45:c5:31:ca:43:9e:e1:48:55:78:
                    cc:90:1a:3c:b0:cd:fe:84:bd:64:cc:a1:0b:b3:d2:
                    06:9a:be:25:51:89:a9:bf:1d:55:19:cf:fd:0a:53:
                    4d:a0:07:50:bf:45:76:0a:13:7f:0a:88:01:cb:36:
                    15:42:74:c8:26:79:e0:44:53:18:1c:ed:32:dd:6d:
                    97:e9:b3:2f:3e:ca:c5:c5:55:51:41:a7:1d:4d:47:
                    41:42:d6:28:9d:1c:21:a4:68:ce:c9:a1:84:93:b0:
                    76:a2:b0:5c:96:1e:4b:65:f9:23:17:e9:64:2e:16:
                    24:a0:44:c9:11:ee:c7:00:5f:52:99:c3:a2:79:4c:
                    d2:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:32:34:A3:E1:A9:2E:F6:AD:DC:86:F2:04:DC:D3:54:A4:45:3E:47
            X509v3 Authority Key Identifier:
                keyid:F2:24:63:46:DD:B3:E6:BA:6E:89:00:05:B8:81:48:D2:D6:CE:99:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8iRjRt2z5rpuiQAFuIFI0tbOmXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/eea9d1-239b-4349-8b45-b5bacdd0779d/1/szI0o-GpLvat3IbyBNzTVKRFPkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/eea9d1-239b-4349-8b45-b5bacdd0779d/1/8iRjRt2z5rpuiQAFuIFI0tbOmXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.220.0/22
                IPv6:
                  2a09:8ac0::/32

    Signature Algorithm: sha256WithRSAEncryption
         18:ce:f8:48:f5:f4:42:81:23:ed:ac:e4:d5:16:dc:ba:8c:b9:
         1d:94:39:9e:05:4a:85:a8:31:f2:8d:94:40:3b:80:02:04:4c:
         54:d9:38:41:12:0e:9e:89:fa:9c:4e:45:f7:11:c0:c3:c2:52:
         9b:5f:c7:b6:12:d5:e1:17:b7:67:0c:aa:ed:2e:81:fd:80:c0:
         cf:b9:38:88:70:b1:91:9f:d1:b5:41:b7:09:30:e5:d4:ab:e9:
         51:d8:24:ba:e2:a6:b5:78:d2:34:68:35:73:be:b4:aa:1b:98:
         ba:e2:76:94:95:09:af:12:65:87:10:c8:77:f4:6c:af:70:04:
         ca:4b:a7:e6:58:06:69:26:22:34:0e:63:2a:da:8d:14:ca:cb:
         aa:a7:66:71:f7:bb:a8:24:0b:57:b5:28:a5:f6:82:4c:d5:a0:
         b5:37:12:f2:71:d1:20:80:23:6e:ef:54:13:27:fd:50:d8:03:
         64:63:6c:8c:19:7e:66:20:ba:9b:2e:51:ec:58:ba:65:b9:a7:
         9d:31:a5:7c:78:41:33:70:66:0b:ce:cf:50:cd:8c:17:81:11:
         bb:33:bc:f9:8c:46:58:ff:8f:89:af:8b:9b:a2:4e:98:1d:8d:
         a6:d8:e4:53:47:4c:46:e1:4c:ca:49:d0:f3:45:cd:d2:72:b1:
         1e:0b:ec:52
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2sC1kz2zCoCZ/f1c6SkIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMjQ2MzQ2ZGRiM2U2YmE2ZTg5MDAwNWI4ODE0OGQyZDZj
ZTk5NzEwHhcNMjQwMTAxMDIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzMyMzRhM2UxYTkyZWY2YWRkYzg2ZjIwNGRjZDM1NGE0NDUzZTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlD0hFLTTlMcQPVykrdugvW+6Db/r
xqz2mhAMAQ6xbE+DVkUBwp9KqhOQgKbqarSozNJ8oBQw+C3coPw1orh2O+riDaf/
CppeWoB5sDjrYEn28kPIqnWSsxGJw9BpVpXaRAqi17ZsWCSgFumkWpYWzv77Oize
EVA++iOJjEXFMcpDnuFIVXjMkBo8sM3+hL1kzKELs9IGmr4lUYmpvx1VGc/9ClNN
oAdQv0V2ChN/CogByzYVQnTIJnngRFMYHO0y3W2X6bMvPsrFxVVRQacdTUdBQtYo
nRwhpGjOyaGEk7B2orBclh5LZfkjF+lkLhYkoETJEe7HAF9SmcOieUzSgwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLMyNKPhqS72rdyG8gTc01SkRT5HMB8GA1UdIwQY
MBaAFPIkY0bds+a6bokABbiBSNLWzplxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGlSalJ0Mno1cnB1aVFBRnVJRkkwdGJPbVhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9lZWE5ZDEtMjM5Yi00MzQ5LThiNDUt
YjViYWNkZDA3NzlkLzEvc3pJMG8tR3BMdmF0M0lieUJOelRWS1JGUGtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9lZWE5ZDEtMjM5Yi00MzQ5LThiNDUtYjViYWNkZDA3Nzlk
LzEvOGlSalJ0Mno1cnB1aVFBRnVJRkkwdGJPbVhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudDcMA0E
AgACMAcDBQAqCYrAMA0GCSqGSIb3DQEBCwUAA4IBAQAYzvhI9fRCgSPtrOTVFty6
jLkdlDmeBUqFqDHyjZRAO4ACBExU2ThBEg6eifqcTkX3EcDDwlKbX8e2EtXhF7dn
DKrtLoH9gMDPuTiIcLGRn9G1QbcJMOXUq+lR2CS64qa1eNI0aDVzvrSqG5i64naU
lQmvEmWHEMh39GyvcATKS6fmWAZpJiI0DmMq2o0Uysuqp2Zx97uoJAtXtSil9oJM
1aC1NxLycdEggCNu71QTJ/1Q2ANkY2yMGX5mILqbLlHsWLpluaedMaV8eEEzcGYL
zs9QzYwXgRG7M7z5jEZY/4+Jr4ubok6YHY2m2ORTR0xG4UzKSdDzRc3ScrEeC+xS
-----END CERTIFICATE-----