Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/3pv4v0EivgJCPPwiUT87dq6XFRg.roa
File:                     3pv4v0EivgJCPPwiUT87dq6XFRg.roa (raw, json)
Hash identifier:          D35pDE53Ob/gQu9zE84eAGS1n7605IGgIJM3PoKqOzA=
Subject key identifier:   DE:9B:F8:BF:41:22:BE:02:42:3C:FC:22:51:3F:3B:76:AE:97:15:18
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       018CC3B67E8BED9719506268E9C21863E2CF
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/3pv4v0EivgJCPPwiUT87dq6XFRg.roa
Signing time:             Mon 01 Jan 2024 06:29:26 +0000
ROA not before:           Mon 01 Jan 2024 06:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213360
IP address blocks:        193.38.251.0/24 maxlen: 24
                          45.86.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 05:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:7e:8b:ed:97:19:50:62:68:e9:c2:18:63:e2:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: Jan  1 06:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de9bf8bf4122be02423cfc22513f3b76ae971518
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d8:c7:e3:54:fd:ae:5c:eb:97:57:c5:fb:e4:
                    1e:5c:21:15:02:0e:e0:47:d8:e4:a9:53:e8:ee:ad:
                    d1:80:01:c8:7d:18:c7:4b:99:6c:81:fe:10:1e:6c:
                    45:41:a8:9f:ed:7e:be:ea:10:03:fb:2d:04:3a:01:
                    d0:88:27:5f:03:f7:d4:76:f3:87:2a:e3:92:43:e4:
                    fa:bd:32:3c:f5:33:81:c3:7d:32:52:9f:ab:0a:3f:
                    95:eb:31:79:3a:12:48:b2:63:67:5b:f9:a3:79:da:
                    de:cd:61:f5:ff:c5:f3:f7:0a:f5:56:1e:c6:0e:a9:
                    49:92:24:c4:e9:86:24:97:4b:2f:4f:89:6d:24:d3:
                    b2:fa:00:e1:fe:27:86:31:7a:1a:0a:5b:69:08:04:
                    5a:14:3b:49:89:8f:60:e0:93:9b:c5:b4:10:c4:09:
                    87:42:ff:13:ef:7c:6b:08:45:27:d1:d9:4e:42:3b:
                    6b:93:ab:7c:4f:cd:2d:50:76:83:e4:e5:2f:c3:18:
                    e5:15:00:fc:e4:7a:26:c4:7c:75:42:aa:b0:fa:c6:
                    53:92:19:b2:ab:4e:18:8a:f3:a0:d2:ab:b5:9e:5d:
                    5c:f3:82:70:f8:0a:49:d4:08:2e:a1:07:06:3b:a7:
                    34:e2:f8:e2:b1:bc:bd:2a:12:e8:10:71:0e:d1:0e:
                    43:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:9B:F8:BF:41:22:BE:02:42:3C:FC:22:51:3F:3B:76:AE:97:15:18
            X509v3 Authority Key Identifier:
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/3pv4v0EivgJCPPwiUT87dq6XFRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.157.0/24
                  193.38.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:64:71:3f:0a:6d:1e:f0:9a:d9:96:7d:ec:f2:7e:d5:d8:53:
         8c:1d:86:f2:7c:24:a7:80:11:25:2d:1d:ba:6f:4a:e6:da:7f:
         1f:83:bb:ad:a7:13:67:25:45:8e:f3:bf:8e:b3:ac:8a:eb:41:
         ac:d5:b2:8c:6c:76:24:0a:a9:05:08:cb:9c:30:18:3d:e1:78:
         e0:c0:6a:3e:2f:fd:97:3e:6d:86:5c:6b:3d:5e:62:6b:3c:28:
         75:e6:c7:12:d4:f5:0a:f9:a8:f6:7f:8e:1e:1c:ea:5d:6e:a4:
         c3:3c:bc:e6:12:53:d7:ea:81:58:16:db:78:46:e9:f2:2f:57:
         17:39:ed:8c:e7:3d:f5:a0:b6:1f:8c:8e:f7:6f:41:02:c6:0b:
         9a:08:89:c9:5d:8f:91:2f:22:1b:f0:5a:43:c9:c7:9f:94:02:
         ed:50:6a:73:9b:62:4c:65:47:2a:cc:71:f3:36:a8:54:2a:41:
         2e:38:dc:fd:85:58:65:1f:f0:ae:a9:90:8b:5a:5e:72:84:5e:
         d6:11:23:26:18:75:c3:e3:bb:77:24:d7:ed:60:95:ea:ba:a5:
         bf:77:57:54:01:b0:d0:a6:5b:35:3f:e6:65:ed:c6:8e:e2:0d:
         ad:15:99:60:1b:8b:a3:25:a3:93:0a:a8:f8:01:6f:81:3b:d2:
         68:59:1e:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtn6L7ZcZUGJo6cIYY+LPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjQwMTAxMDYyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTliZjhiZjQxMjJiZTAyNDIzY2ZjMjI1MTNmM2I3NmFlOTcxNTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9jH41T9rlzrl1fF++QeXCEVAg7g
R9jkqVPo7q3RgAHIfRjHS5lsgf4QHmxFQaif7X6+6hAD+y0EOgHQiCdfA/fUdvOH
KuOSQ+T6vTI89TOBw30yUp+rCj+V6zF5OhJIsmNnW/mjedrezWH1/8Xz9wr1Vh7G
DqlJkiTE6YYkl0svT4ltJNOy+gDh/ieGMXoaCltpCARaFDtJiY9g4JObxbQQxAmH
Qv8T73xrCEUn0dlOQjtrk6t8T80tUHaD5OUvwxjlFQD85HomxHx1Qqqw+sZTkhmy
q04YivOg0qu1nl1c84Jw+ApJ1AguoQcGO6c04vjisby9KhLoEHEO0Q5DIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN6b+L9BIr4CQjz8IlE/O3aulxUYMB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvM3B2NHYwRWl2Z0pDUFB3aVVUODdkcTZYRlJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVadAwQA
wSb7MA0GCSqGSIb3DQEBCwUAA4IBAQA0ZHE/Cm0e8JrZln3s8n7V2FOMHYbyfCSn
gBElLR26b0rm2n8fg7utpxNnJUWO87+Os6yK60Gs1bKMbHYkCqkFCMucMBg94Xjg
wGo+L/2XPm2GXGs9XmJrPCh15scS1PUK+aj2f44eHOpdbqTDPLzmElPX6oFYFtt4
RunyL1cXOe2M5z31oLYfjI73b0ECxguaCInJXY+RLyIb8FpDyceflALtUGpzm2JM
ZUcqzHHzNqhUKkEuONz9hVhlH/CuqZCLWl5yhF7WESMmGHXD47t3JNftYJXquqW/
d1dUAbDQpls1P+Zl7caO4g2tFZlgG4ujJaOTCqj4AW+BO9JoWR4R
-----END CERTIFICATE-----