Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/r8u-aaVmEKQr9PTzumVDvTSsyfs.roa
File:                     r8u-aaVmEKQr9PTzumVDvTSsyfs.roa (raw, json)
Hash identifier:          9v+z7S4R3+ufRm8o3NEaPiBwvoev87IQlKdho/yHlZk=
Subject key identifier:   AF:CB:BE:69:A5:66:10:A4:2B:F4:F4:F3:BA:65:43:BD:34:AC:C9:FB
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D59F63E3AD5DE2C39C8B3CF28BFA3
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/r8u-aaVmEKQr9PTzumVDvTSsyfs.roa
Signing time:             Mon 01 Jan 2024 00:29:55 +0000
ROA not before:           Mon 01 Jan 2024 00:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47771
IP address blocks:        213.91.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:59:f6:3e:3a:d5:de:2c:39:c8:b3:cf:28:bf:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afcbbe69a56610a42bf4f4f3ba6543bd34acc9fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:11:32:24:7c:04:d3:ea:fa:6f:e9:96:a6:b8:
                    3f:45:d8:60:79:97:c0:8a:45:03:3b:7d:0b:41:8a:
                    60:fd:fc:b4:6c:ed:4c:d3:b6:74:28:87:78:23:f0:
                    dc:ac:e7:77:ef:dc:d3:a2:b6:90:77:de:79:67:15:
                    67:9e:e0:eb:72:e1:c9:56:5b:02:aa:d5:de:82:d4:
                    fa:0f:94:1c:2c:3f:9d:e0:1b:34:bb:d2:3d:ff:36:
                    e1:02:8b:c7:24:77:f3:4e:44:cd:9f:57:f4:72:3e:
                    a4:34:09:1a:88:ff:06:49:14:fa:44:cb:20:79:92:
                    05:b5:6f:90:9f:35:cd:d4:41:99:da:ef:3d:8c:4f:
                    5b:c2:a9:a9:43:5a:1d:4f:08:89:25:32:5f:70:6c:
                    9a:bc:d1:be:f5:2a:bf:7c:62:76:94:25:4b:41:f4:
                    cf:ea:c6:09:55:bf:ff:73:fe:38:0a:fe:0d:73:71:
                    fd:52:31:34:ad:60:d2:62:ea:0c:30:c9:ab:84:77:
                    00:db:f9:e5:a5:e5:b7:c9:6d:cd:4b:a7:d2:ca:67:
                    5f:ea:03:ee:1c:e2:eb:c3:3b:93:f5:87:ae:6f:af:
                    2a:1a:b4:94:4b:4b:c4:01:b9:0d:e1:fc:72:ad:45:
                    f8:2d:d6:92:e8:07:58:f0:1f:e8:b7:01:ea:52:76:
                    30:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:CB:BE:69:A5:66:10:A4:2B:F4:F4:F3:BA:65:43:BD:34:AC:C9:FB
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/r8u-aaVmEKQr9PTzumVDvTSsyfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.91.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:00:47:2f:12:e0:4f:e5:67:14:68:11:53:bc:18:cf:d9:d0:
         df:e2:9c:a6:be:68:b7:c1:e1:82:72:f0:d6:2b:8f:0f:d2:a4:
         69:59:ad:31:a0:17:69:11:9f:b4:2d:e1:ef:e3:00:97:cd:06:
         c1:f5:7a:5a:f0:69:4b:aa:a3:d5:dd:10:f1:81:6d:a1:0d:a5:
         66:b3:c1:05:77:76:53:a8:4f:e6:99:3a:3f:32:db:93:c0:5f:
         ea:23:24:b7:12:a0:8f:ff:30:f6:aa:c4:3e:20:c1:4e:34:0a:
         0d:14:7d:c3:41:62:60:43:d9:86:04:82:60:9b:79:9b:a8:58:
         16:08:58:94:12:97:66:08:36:51:bf:05:ec:c2:80:55:cf:a9:
         96:93:e7:e5:1d:95:65:62:19:4a:16:1c:83:dc:cb:d5:df:eb:
         eb:16:00:c7:2d:66:37:8c:eb:f4:e6:cb:98:cb:b5:af:0d:ca:
         20:c9:cc:73:e8:99:8c:8a:a3:82:2d:59:20:5b:0b:1e:14:94:
         f2:ce:8e:96:b6:aa:66:8e:1e:97:40:bc:37:c2:dc:03:ee:cc:
         cd:49:24:00:a1:23:f5:5c:b6:ec:0d:e1:34:e6:12:6e:77:dd:
         a3:8e:78:ad:b6:2d:4f:d6:01:d4:c6:c0:67:95:6a:fd:51:bd:
         ad:65:00:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVn2PjrV3iw5yLPPKL+jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmNiYmU2OWE1NjYxMGE0MmJmNGY0ZjNiYTY1NDNiZDM0YWNjOWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxEyJHwE0+r6b+mWprg/RdhgeZfA
ikUDO30LQYpg/fy0bO1M07Z0KId4I/DcrOd379zToraQd955ZxVnnuDrcuHJVlsC
qtXegtT6D5QcLD+d4Bs0u9I9/zbhAovHJHfzTkTNn1f0cj6kNAkaiP8GSRT6RMsg
eZIFtW+QnzXN1EGZ2u89jE9bwqmpQ1odTwiJJTJfcGyavNG+9Sq/fGJ2lCVLQfTP
6sYJVb//c/44Cv4Nc3H9UjE0rWDSYuoMMMmrhHcA2/nlpeW3yW3NS6fSymdf6gPu
HOLrwzuT9Yeub68qGrSUS0vEAbkN4fxyrUX4LdaS6AdY8B/otwHqUnYwmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK/LvmmlZhCkK/T087plQ700rMn7MB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvcjh1LWFhVm1FS1FyOVBUenVtVkR2VFNzeWZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1VvXMA0G
CSqGSIb3DQEBCwUAA4IBAQBNAEcvEuBP5WcUaBFTvBjP2dDf4pymvmi3weGCcvDW
K48P0qRpWa0xoBdpEZ+0LeHv4wCXzQbB9Xpa8GlLqqPV3RDxgW2hDaVms8EFd3ZT
qE/mmTo/MtuTwF/qIyS3EqCP/zD2qsQ+IMFONAoNFH3DQWJgQ9mGBIJgm3mbqFgW
CFiUEpdmCDZRvwXswoBVz6mWk+flHZVlYhlKFhyD3MvV3+vrFgDHLWY3jOv05suY
y7WvDcogycxz6JmMiqOCLVkgWwseFJTyzo6Wtqpmjh6XQLw3wtwD7szNSSQAoSP1
XLbsDeE05hJud92jjnitti1P1gHUxsBnlWr9Ub2tZQBM
-----END CERTIFICATE-----