Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/b331cc-6b6d-4693-9267-b422779160bb/1/EDCkX_sx1CmjhvIZr3yyBblQdc0.roa
File:                     EDCkX_sx1CmjhvIZr3yyBblQdc0.roa (raw, json)
Hash identifier:          AAWyObOWZwPq0eZxJ5F6v6n1qmCCAM0cKRUVqqIbvYY=
Subject key identifier:   10:30:A4:5F:FB:31:D4:29:A3:86:F2:19:AF:7C:B2:05:B9:50:75:CD
Certificate issuer:       /CN=f8b18285f42ed67c11d8f83df488b10fc87f17bf
Certificate serial:       018CC9BC3C23680721AAD7851C7D1FBEB4B1
Authority key identifier: F8:B1:82:85:F4:2E:D6:7C:11:D8:F8:3D:F4:88:B1:0F:C8:7F:17:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-LGChfQu1nwR2Pg99IixD8h_F78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/b331cc-6b6d-4693-9267-b422779160bb/1/EDCkX_sx1CmjhvIZr3yyBblQdc0.roa
Signing time:             Tue 02 Jan 2024 10:33:25 +0000
ROA not before:           Tue 02 Jan 2024 10:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210238
IP address blocks:        185.132.228.0/22 maxlen: 22
                          81.22.224.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/b331cc-6b6d-4693-9267-b422779160bb/1/1-LGChfQu1nwR2Pg99IixD8h_F78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/b331cc-6b6d-4693-9267-b422779160bb/1/1-LGChfQu1nwR2Pg99IixD8h_F78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-LGChfQu1nwR2Pg99IixD8h_F78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:3c:23:68:07:21:aa:d7:85:1c:7d:1f:be:b4:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8b18285f42ed67c11d8f83df488b10fc87f17bf
        Validity
            Not Before: Jan  2 10:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1030a45ffb31d429a386f219af7cb205b95075cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:fa:f8:f6:8e:40:92:14:b6:63:26:48:9d:6e:
                    bb:18:d5:34:d7:ea:d5:0b:89:f5:a6:52:91:d1:a4:
                    9a:86:d7:a4:86:8e:ab:db:74:17:62:be:61:b7:1b:
                    87:6a:9b:e5:08:e6:3a:cc:83:7d:57:c4:6a:69:0f:
                    9c:fd:fc:47:8f:a9:10:90:b4:b7:d3:42:5c:2a:be:
                    24:4e:77:0b:15:90:db:11:65:cf:4a:42:14:1b:73:
                    d2:8a:cb:b7:d7:8c:da:57:8a:fe:c3:d7:49:2c:2f:
                    87:ae:21:5e:8c:11:78:1a:db:f4:1e:53:26:a1:ce:
                    2c:46:01:3e:3f:50:70:a1:bb:c6:a8:c5:f7:51:a0:
                    93:16:bc:a0:96:39:6a:f5:cf:65:86:39:c6:2a:59:
                    1e:d8:1a:fd:df:02:1e:f4:ac:28:be:d5:0d:d7:57:
                    d7:96:df:3b:f8:df:0d:10:bc:73:2b:79:6b:ea:13:
                    75:f3:19:2f:5f:2f:55:3b:86:bd:4f:bd:cb:58:76:
                    f6:d2:51:5f:0b:5c:f7:f7:74:d8:56:d6:c9:76:12:
                    13:93:1d:e5:85:27:c6:b1:9b:3f:43:00:f6:0f:a1:
                    b5:6c:34:50:2e:ee:09:07:28:18:04:35:09:33:22:
                    3d:d5:31:24:b6:94:44:da:c5:c0:af:3c:2e:0a:c4:
                    24:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:30:A4:5F:FB:31:D4:29:A3:86:F2:19:AF:7C:B2:05:B9:50:75:CD
            X509v3 Authority Key Identifier:
                keyid:F8:B1:82:85:F4:2E:D6:7C:11:D8:F8:3D:F4:88:B1:0F:C8:7F:17:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-LGChfQu1nwR2Pg99IixD8h_F78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b331cc-6b6d-4693-9267-b422779160bb/1/EDCkX_sx1CmjhvIZr3yyBblQdc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b331cc-6b6d-4693-9267-b422779160bb/1/1-LGChfQu1nwR2Pg99IixD8h_F78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.224.0/22
                  185.132.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:4e:c3:77:33:96:28:bc:60:b9:2a:df:ea:71:49:a7:0a:89:
         72:82:ba:af:91:eb:da:6f:bb:32:c7:4b:06:f7:84:2c:0d:15:
         5f:17:36:09:0d:0f:42:76:a9:4c:b0:86:86:df:c0:0d:5c:33:
         a5:fe:8e:13:56:f7:ce:4f:52:7a:09:ae:55:13:5b:a4:ff:2b:
         31:08:71:4d:09:5c:64:c2:95:16:f1:b5:3b:df:0b:30:aa:20:
         40:ec:a7:d7:67:28:b6:93:94:6e:f2:09:65:c5:ae:37:b7:9d:
         64:77:03:9e:e2:86:01:1a:47:d5:16:87:22:a6:77:06:af:98:
         90:e9:7c:eb:88:a2:87:c2:b3:76:a9:96:97:18:5b:df:ff:d4:
         2d:42:8f:8d:10:c8:4f:ad:31:0b:95:bf:83:82:7f:14:9b:02:
         d4:a7:f9:23:05:ee:23:bc:7f:f2:9f:2d:47:b3:bd:2b:a2:cd:
         48:35:37:1f:11:26:47:bf:aa:85:81:6e:a1:7f:4c:cd:51:06:
         59:37:3b:ca:6e:31:4e:6f:37:eb:60:15:a0:fe:d3:b2:ae:9d:
         af:50:26:c6:39:ab:a9:6c:bd:ab:43:93:aa:10:29:7c:b3:c0:
         9d:6a:8d:ac:df:66:c6:cf:c6:d1:38:97:dc:f3:55:b6:1d:f1:
         47:47:e4:c5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJvDwjaAchqteFHH0fvrSxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YjE4Mjg1ZjQyZWQ2N2MxMWQ4ZjgzZGY0ODhiMTBmYzg3
ZjE3YmYwHhcNMjQwMTAyMTAzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDMwYTQ1ZmZiMzFkNDI5YTM4NmYyMTlhZjdjYjIwNWI5NTA3NWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/r49o5AkhS2YyZInW67GNU01+rV
C4n1plKR0aSahtekho6r23QXYr5htxuHapvlCOY6zIN9V8RqaQ+c/fxHj6kQkLS3
00JcKr4kTncLFZDbEWXPSkIUG3PSisu314zaV4r+w9dJLC+HriFejBF4Gtv0HlMm
oc4sRgE+P1BwobvGqMX3UaCTFrygljlq9c9lhjnGKlke2Br93wIe9KwovtUN11fX
lt87+N8NELxzK3lr6hN18xkvXy9VO4a9T73LWHb20lFfC1z393TYVtbJdhITkx3l
hSfGsZs/QwD2D6G1bDRQLu4JBygYBDUJMyI91TEktpRE2sXArzwuCsQk6wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBAwpF/7MdQpo4byGa98sgW5UHXNMB8GA1UdIwQY
MBaAFPixgoX0LtZ8Edj4PfSIsQ/Ifxe/MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1MR0NoZlF1MW53UjJQZzk5SWl4RDhoX0Y3OC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTIvYjMzMWNjLTZiNmQtNDY5My05MjY3
LWI0MjI3NzkxNjBiYi8xL0VEQ2tYX3N4MUNtamh2SVpyM3l5QmJsUWRjMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTIvYjMzMWNjLTZiNmQtNDY5My05MjY3LWI0MjI3NzkxNjBi
Yi8xLzEtTEdDaGZRdTFud1IyUGc5OUlpeEQ4aF9GNzguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAJRFuAD
BAK5hOQwDQYJKoZIhvcNAQELBQADggEBAFVOw3czlii8YLkq3+pxSacKiXKCuq+R
69pvuzLHSwb3hCwNFV8XNgkND0J2qUywhobfwA1cM6X+jhNW985PUnoJrlUTW6T/
KzEIcU0JXGTClRbxtTvfCzCqIEDsp9dnKLaTlG7yCWXFrje3nWR3A57ihgEaR9UW
hyKmdwavmJDpfOuIoofCs3aplpcYW9//1C1Cj40QyE+tMQuVv4OCfxSbAtSn+SMF
7iO8f/KfLUezvSuizUg1Nx8RJke/qoWBbqF/TM1RBlk3O8puMU5vN+tgFaD+07Ku
na9QJsY5q6lsvatDk6oQKXyzwJ1qjazfZsbPxtE4l9zzVbYd8UdH5MU=
-----END CERTIFICATE-----