Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/ddda7e-a037-4d38-9555-0a110c49749c/1/FrBzCGScdiR6PZVbB3gLa8WVQ3U.roa
File:                     FrBzCGScdiR6PZVbB3gLa8WVQ3U.roa (raw, json)
Hash identifier:          ILPLPqvvJX20vjG0fweZmD3lrCfWDpSOyn1qyR0Svo4=
Subject key identifier:   16:B0:73:08:64:9C:76:24:7A:3D:95:5B:07:78:0B:6B:C5:95:43:75
Certificate issuer:       /CN=fad1863cbdec1b596daceeb901a0853d6c87e756
Certificate serial:       018CCF30C1AF17C625873A56B45A90A74010
Authority key identifier: FA:D1:86:3C:BD:EC:1B:59:6D:AC:EE:B9:01:A0:85:3D:6C:87:E7:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-tGGPL3sG1ltrO65AaCFPWyH51Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/ddda7e-a037-4d38-9555-0a110c49749c/1/FrBzCGScdiR6PZVbB3gLa8WVQ3U.roa
Signing time:             Wed 03 Jan 2024 11:58:48 +0000
ROA not before:           Wed 03 Jan 2024 11:58:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202652
IP address blocks:        185.157.108.0/22 maxlen: 22
                          185.195.20.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/ddda7e-a037-4d38-9555-0a110c49749c/1/1-tGGPL3sG1ltrO65AaCFPWyH51Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/ddda7e-a037-4d38-9555-0a110c49749c/1/1-tGGPL3sG1ltrO65AaCFPWyH51Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-tGGPL3sG1ltrO65AaCFPWyH51Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 20:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:cf:30:c1:af:17:c6:25:87:3a:56:b4:5a:90:a7:40:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fad1863cbdec1b596daceeb901a0853d6c87e756
        Validity
            Not Before: Jan  3 11:58:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16b07308649c76247a3d955b07780b6bc5954375
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:0e:a3:e5:88:70:36:ac:81:21:93:4b:97:93:
                    af:4d:3c:ca:72:5b:45:eb:a6:dc:fe:15:54:d5:7f:
                    80:6d:17:8e:a9:9f:92:bd:7a:76:5c:e9:56:72:84:
                    5f:3b:59:88:ad:65:dd:84:fb:e9:eb:3c:2a:4b:6d:
                    b0:a9:42:c5:eb:3e:a8:0c:ac:fc:d1:dd:da:c2:ae:
                    52:42:37:22:a1:a5:0f:98:90:96:12:12:26:7c:29:
                    4e:ba:27:f5:60:30:fc:99:66:5a:2c:e2:d8:a2:07:
                    a4:91:3d:a1:3f:14:13:ba:b4:62:68:b0:fa:42:e6:
                    12:7e:18:14:ea:44:44:85:e1:67:08:87:3a:f3:b0:
                    59:15:8f:5f:97:59:92:98:21:6b:15:38:90:7e:60:
                    dc:f6:7a:b6:1c:19:0f:5e:c5:fb:1b:c1:28:26:47:
                    cb:f1:1b:76:ef:96:02:06:ca:4a:f9:49:a1:82:b3:
                    b5:12:e8:06:33:60:d1:88:7f:ff:58:01:e6:48:4c:
                    db:4c:49:ae:d9:25:f6:27:b5:f8:cd:11:f0:2c:5e:
                    c5:39:7b:85:b8:bd:16:98:28:aa:1e:93:ed:a4:14:
                    83:04:85:6b:fa:eb:fe:91:5e:13:58:17:b2:97:6d:
                    d1:8f:a3:eb:4b:4d:a9:d1:2e:e9:49:6f:66:9a:be:
                    b1:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:B0:73:08:64:9C:76:24:7A:3D:95:5B:07:78:0B:6B:C5:95:43:75
            X509v3 Authority Key Identifier:
                keyid:FA:D1:86:3C:BD:EC:1B:59:6D:AC:EE:B9:01:A0:85:3D:6C:87:E7:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tGGPL3sG1ltrO65AaCFPWyH51Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/ddda7e-a037-4d38-9555-0a110c49749c/1/FrBzCGScdiR6PZVbB3gLa8WVQ3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/ddda7e-a037-4d38-9555-0a110c49749c/1/1-tGGPL3sG1ltrO65AaCFPWyH51Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.108.0/22
                  185.195.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:d9:25:d1:38:37:d0:ce:a0:01:7e:3f:c9:72:98:63:2f:0c:
         8d:d0:84:d1:11:7a:55:86:c2:71:35:0f:4e:d2:23:eb:02:6a:
         65:84:f9:10:3a:78:c3:88:73:3d:da:ec:a3:4d:88:9f:f7:04:
         9a:f1:16:83:59:4b:a0:6c:a1:58:e0:f8:1c:cf:05:03:f0:d5:
         ad:3c:50:81:a5:88:62:18:4f:ce:b2:94:c0:74:f5:f6:92:07:
         c5:43:a0:9b:29:c5:d9:6f:41:6e:6b:97:c7:97:17:64:c3:73:
         22:76:41:ac:1a:38:5d:f8:96:2b:8e:1f:2c:80:cc:5b:e9:c5:
         ee:99:71:63:6e:f7:b3:b0:aa:e7:d5:3d:ee:ba:ae:e9:63:1e:
         84:06:7d:b0:40:5b:b1:6f:3c:42:0e:10:7f:91:25:e3:4b:f4:
         e3:35:98:4d:ef:25:30:3b:17:78:c9:9f:fa:07:80:b7:4a:40:
         87:fa:be:81:96:68:84:39:8c:57:61:df:54:75:77:ba:d1:23:
         01:78:71:9a:16:26:d9:96:4b:3e:90:00:80:2a:4d:0a:c4:a6:
         52:10:ef:1e:88:d6:98:3f:4b:30:cd:61:aa:f9:e4:4e:64:9a:
         4e:2d:d9:45:f8:f1:9c:9a:3b:8b:b4:5e:87:f6:fc:88:0a:1b:
         94:fb:7a:cd
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzPMMGvF8YlhzpWtFqQp0AQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZDE4NjNjYmRlYzFiNTk2ZGFjZWViOTAxYTA4NTNkNmM4
N2U3NTYwHhcNMjQwMTAzMTE1ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmIwNzMwODY0OWM3NjI0N2EzZDk1NWIwNzc4MGI2YmM1OTU0Mzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxg6j5YhwNqyBIZNLl5OvTTzKcltF
66bc/hVU1X+AbReOqZ+SvXp2XOlWcoRfO1mIrWXdhPvp6zwqS22wqULF6z6oDKz8
0d3awq5SQjcioaUPmJCWEhImfClOuif1YDD8mWZaLOLYogekkT2hPxQTurRiaLD6
QuYSfhgU6kREheFnCIc687BZFY9fl1mSmCFrFTiQfmDc9nq2HBkPXsX7G8EoJkfL
8Rt275YCBspK+UmhgrO1EugGM2DRiH//WAHmSEzbTEmu2SX2J7X4zRHwLF7FOXuF
uL0WmCiqHpPtpBSDBIVr+uv+kV4TWBeyl23Rj6PrS02p0S7pSW9mmr6xSwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBawcwhknHYkej2VWwd4C2vFlUN1MB8GA1UdIwQY
MBaAFPrRhjy97BtZbazuuQGghT1sh+dWMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS10R0dQTDNzRzFsdHJPNjVBYUNGUFd5SDUxWS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGYvZGRkYTdlLWEwMzctNGQzOC05NTU1
LTBhMTEwYzQ5NzQ5Yy8xL0ZyQnpDR1NjZGlSNlBaVmJCM2dMYThXVlEzVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZGYvZGRkYTdlLWEwMzctNGQzOC05NTU1LTBhMTEwYzQ5NzQ5
Yy8xLzEtdEdHUEwzc0cxbHRyTzY1QWFDRlBXeUg1MVkuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAK5nWwD
BAK5wxQwDQYJKoZIhvcNAQELBQADggEBAF3ZJdE4N9DOoAF+P8lymGMvDI3QhNER
elWGwnE1D07SI+sCamWE+RA6eMOIcz3a7KNNiJ/3BJrxFoNZS6BsoVjg+BzPBQPw
1a08UIGliGIYT86ylMB09faSB8VDoJspxdlvQW5rl8eXF2TDcyJ2QawaOF34liuO
HyyAzFvpxe6ZcWNu97OwqufVPe66ruljHoQGfbBAW7FvPEIOEH+RJeNL9OM1mE3v
JTA7F3jJn/oHgLdKQIf6voGWaIQ5jFdh31R1d7rRIwF4cZoWJtmWSz6QAIAqTQrE
plIQ7x6I1pg/SzDNYar55E5kmk4t2UX48ZyaO4u0Xof2/IgKG5T7es0=
-----END CERTIFICATE-----