Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/27fab8-0d25-4dbe-9f8a-426a8cdc8e49/1/fzQz_NsxfxRMpibdpGJmOuOWjuU.roa
File:                     fzQz_NsxfxRMpibdpGJmOuOWjuU.roa (raw, json)
Hash identifier:          IplMKJauZrEuXZ/Q4y2czbvHdIrI62vNLKt7Gc56/VE=
Subject key identifier:   7F:34:33:FC:DB:31:7F:14:4C:A6:26:DD:A4:62:66:3A:E3:96:8E:E5
Certificate issuer:       /CN=fa0804a0eb795b8682c27da29e9fa228f1728306
Certificate serial:       018DC5CDDFA721AABAD37646D988F0AA3CB1
Authority key identifier: FA:08:04:A0:EB:79:5B:86:82:C2:7D:A2:9E:9F:A2:28:F1:72:83:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-ggEoOt5W4aCwn2inp-iKPFygwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/27fab8-0d25-4dbe-9f8a-426a8cdc8e49/1/fzQz_NsxfxRMpibdpGJmOuOWjuU.roa
Signing time:             Tue 20 Feb 2024 09:17:00 +0000
ROA not before:           Tue 20 Feb 2024 09:17:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8447
IP address blocks:        185.202.151.0/24 maxlen: 24
                          2a14:2c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/27fab8-0d25-4dbe-9f8a-426a8cdc8e49/1/1-ggEoOt5W4aCwn2inp-iKPFygwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/27fab8-0d25-4dbe-9f8a-426a8cdc8e49/1/1-ggEoOt5W4aCwn2inp-iKPFygwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-ggEoOt5W4aCwn2inp-iKPFygwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c5:cd:df:a7:21:aa:ba:d3:76:46:d9:88:f0:aa:3c:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa0804a0eb795b8682c27da29e9fa228f1728306
        Validity
            Not Before: Feb 20 09:17:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f3433fcdb317f144ca626dda462663ae3968ee5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:15:cb:11:f6:a3:19:7e:c3:e0:67:3d:9d:9f:
                    91:c1:b3:cf:2c:28:71:4d:a9:e3:72:5e:26:20:0b:
                    3e:50:35:5a:e0:88:e8:8b:46:14:34:a1:a8:83:4c:
                    ba:70:10:c0:40:48:c5:32:f5:d7:bd:8e:d0:af:b9:
                    d9:9d:fe:f2:91:26:95:be:4a:e4:84:70:3f:0c:40:
                    2c:9f:5f:d8:be:20:18:e3:97:42:5f:d4:7d:50:70:
                    5b:76:c9:b0:cf:b1:dc:30:2d:e8:73:63:c7:43:42:
                    af:71:04:43:63:3e:60:ea:1e:16:0d:17:0d:de:68:
                    cf:68:b2:00:9f:32:2e:66:04:e5:1a:2a:9c:9d:e1:
                    f0:28:d5:a2:bc:f4:19:ea:9a:dc:02:79:92:a8:15:
                    24:33:c6:fb:e3:9d:e8:f5:fe:62:60:36:d2:98:ff:
                    3a:6c:a2:e1:73:1b:87:35:d4:d4:d0:4d:d4:26:a6:
                    69:fa:0b:9f:55:ca:05:ed:ac:87:90:4c:c1:d1:93:
                    f1:3c:88:74:95:ab:d9:24:6c:bc:ea:6f:77:ea:7b:
                    72:7f:63:c3:b4:02:03:9f:fa:9c:3b:df:1c:81:10:
                    21:04:5b:f5:00:3a:e3:fa:16:2a:9e:fe:95:d9:81:
                    34:e7:89:1a:b5:5b:4d:4f:b0:7d:d0:c9:80:41:98:
                    c0:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:34:33:FC:DB:31:7F:14:4C:A6:26:DD:A4:62:66:3A:E3:96:8E:E5
            X509v3 Authority Key Identifier:
                keyid:FA:08:04:A0:EB:79:5B:86:82:C2:7D:A2:9E:9F:A2:28:F1:72:83:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-ggEoOt5W4aCwn2inp-iKPFygwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/27fab8-0d25-4dbe-9f8a-426a8cdc8e49/1/fzQz_NsxfxRMpibdpGJmOuOWjuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/27fab8-0d25-4dbe-9f8a-426a8cdc8e49/1/1-ggEoOt5W4aCwn2inp-iKPFygwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.202.151.0/24
                IPv6:
                  2a14:2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6c:fa:48:d9:ed:f1:e2:8e:53:53:74:32:17:59:96:ee:03:fb:
         7e:05:6c:0b:71:30:5c:15:95:3b:6f:dd:6f:17:ce:f9:68:3c:
         dc:46:20:18:44:c5:fc:fd:89:ff:24:a3:8d:0e:14:ad:3c:ea:
         75:85:6d:b3:99:f5:8c:23:aa:3e:21:d0:b9:11:a1:26:a3:24:
         0f:f4:2d:21:77:c9:cc:dd:f9:30:cb:99:8c:41:dd:eb:72:9c:
         76:93:ff:c1:32:86:21:c7:15:5b:5d:6e:b3:1b:65:43:a5:c4:
         e0:d9:f2:4a:a0:97:5d:c1:7e:48:a0:2f:aa:14:44:ca:d3:9c:
         0c:b1:25:79:44:45:20:01:e9:21:5a:26:2b:45:0a:a2:74:20:
         81:2d:5f:c0:76:74:27:65:99:3d:61:72:04:df:53:25:af:44:
         aa:04:fc:c9:1f:6f:4b:59:d4:d1:8f:2f:a2:6e:c0:ff:82:80:
         0d:1f:81:e8:3c:76:33:dc:1d:94:7d:52:21:c8:b7:19:44:4b:
         df:4c:16:42:4f:9a:6e:f1:83:13:0a:35:5f:d2:06:43:e7:07:
         18:84:36:92:41:8f:d1:c8:1d:9c:ac:92:2d:3e:46:b6:2c:5f:
         b2:8a:da:6b:8b:99:14:9a:96:ab:84:4b:a3:58:1b:00:dc:ee:
         61:35:e2:8e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY3Fzd+nIaq603ZG2YjwqjyxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhMDgwNGEwZWI3OTViODY4MmMyN2RhMjllOWZhMjI4ZjE3
MjgzMDYwHhcNMjQwMjIwMDkxNzAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjM0MzNmY2RiMzE3ZjE0NGNhNjI2ZGRhNDYyNjYzYWUzOTY4ZWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBXLEfajGX7D4Gc9nZ+RwbPPLChx
Tanjcl4mIAs+UDVa4Ijoi0YUNKGog0y6cBDAQEjFMvXXvY7Qr7nZnf7ykSaVvkrk
hHA/DEAsn1/YviAY45dCX9R9UHBbdsmwz7HcMC3oc2PHQ0KvcQRDYz5g6h4WDRcN
3mjPaLIAnzIuZgTlGiqcneHwKNWivPQZ6prcAnmSqBUkM8b7453o9f5iYDbSmP86
bKLhcxuHNdTU0E3UJqZp+gufVcoF7ayHkEzB0ZPxPIh0lavZJGy86m936ntyf2PD
tAIDn/qcO98cgRAhBFv1ADrj+hYqnv6V2YE054katVtNT7B90MmAQZjAXQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFH80M/zbMX8UTKYm3aRiZjrjlo7lMB8GA1UdIwQY
MBaAFPoIBKDreVuGgsJ9op6foijxcoMGMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1nZ0VvT3Q1VzRhQ3duMmlucC1pS1BGeWd3WS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGMvMjdmYWI4LTBkMjUtNGRiZS05Zjhh
LTQyNmE4Y2RjOGU0OS8xL2Z6UXpfTnN4ZnhSTXBpYmRwR0ptT3VPV2p1VS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZGMvMjdmYWI4LTBkMjUtNGRiZS05ZjhhLTQyNmE4Y2RjOGU0
OS8xLzEtZ2dFb090NVc0YUN3bjJpbnAtaUtQRnlnd1kuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAC5ypcw
DQQCAAIwBwMFAyoUAsAwDQYJKoZIhvcNAQELBQADggEBAGz6SNnt8eKOU1N0MhdZ
lu4D+34FbAtxMFwVlTtv3W8XzvloPNxGIBhExfz9if8ko40OFK086nWFbbOZ9Ywj
qj4h0LkRoSajJA/0LSF3yczd+TDLmYxB3etynHaT/8EyhiHHFVtdbrMbZUOlxODZ
8kqgl13BfkigL6oURMrTnAyxJXlERSAB6SFaJitFCqJ0IIEtX8B2dCdlmT1hcgTf
UyWvRKoE/Mkfb0tZ1NGPL6JuwP+CgA0fgeg8djPcHZR9UiHItxlES99MFkJPmm7x
gxMKNV/SBkPnBxiENpJBj9HIHZyski0+RrYsX7KK2muLmRSalquES6NYGwDc7mE1
4o4=
-----END CERTIFICATE-----