Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/8jjp0B05Z68TdO_Lj1xmRNzD-r4.roa
File:                     8jjp0B05Z68TdO_Lj1xmRNzD-r4.roa (raw, json)
Hash identifier:          O9ghqEhGtXX67+jc/HFT2shzAqVYLklGQMlobS7WSlI=
Subject key identifier:   F2:38:E9:D0:1D:39:67:AF:13:74:EF:CB:8F:5C:66:44:DC:C3:FA:BE
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018E957D1214BFE8C5C75724F30E5A0E705D
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/8jjp0B05Z68TdO_Lj1xmRNzD-r4.roa
Signing time:             Sun 31 Mar 2024 17:09:45 +0000
ROA not before:           Sun 31 Mar 2024 17:09:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212504
IP address blocks:        84.32.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:55:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:95:7d:12:14:bf:e8:c5:c7:57:24:f3:0e:5a:0e:70:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Mar 31 17:09:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f238e9d01d3967af1374efcb8f5c6644dcc3fabe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c3:b4:ac:b8:d6:51:4a:b2:82:8c:bd:fc:98:
                    39:48:79:d3:5c:7f:9f:42:9a:d7:74:93:69:3a:b0:
                    28:ed:78:fd:21:63:e4:af:86:db:a5:c8:a8:e0:36:
                    27:df:8d:1e:fe:36:ed:3e:09:85:01:81:c0:ba:3a:
                    cd:fb:61:8b:16:4d:ec:b5:60:36:62:6f:51:93:f0:
                    85:21:01:8a:74:dd:85:3f:ab:5e:e0:ab:17:79:7a:
                    e1:d4:73:ce:66:8f:d4:6b:a2:d1:30:bb:e8:c1:7e:
                    a9:e0:0c:1f:df:f2:e6:60:2a:e9:1a:32:5a:e6:0e:
                    97:14:97:70:23:55:76:36:d8:e0:b6:64:1f:17:7a:
                    02:a2:f0:2e:56:51:4e:ad:0b:23:15:46:b4:0c:68:
                    2c:57:1d:1b:30:e2:84:e7:4a:56:44:7d:ec:84:ad:
                    53:4a:c3:ef:22:35:82:94:9c:cd:5d:09:d7:17:bf:
                    b1:1a:e9:b4:ea:a4:f6:16:1f:b6:c2:08:e6:0a:84:
                    54:a8:c7:e8:bc:e3:c3:58:7f:fd:a3:76:7b:d9:64:
                    d3:ea:ca:59:c0:d1:02:ec:aa:f7:95:9d:2b:19:6e:
                    96:b2:18:ad:3b:62:b9:a1:42:fc:30:03:bf:81:41:
                    e8:48:af:fe:8f:78:38:d2:77:61:b9:5a:07:7b:c7:
                    8f:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:38:E9:D0:1D:39:67:AF:13:74:EF:CB:8F:5C:66:44:DC:C3:FA:BE
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/8jjp0B05Z68TdO_Lj1xmRNzD-r4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:10:e5:c0:76:91:2d:fa:0d:c3:0c:6f:1b:91:22:52:78:16:
         d5:ce:66:9e:e9:9c:cd:33:cd:7f:8b:c7:7f:83:a0:78:c0:3d:
         b9:b9:ab:4e:d5:52:13:df:ca:56:0b:65:21:51:8e:cf:e6:c1:
         d4:50:a3:0f:a0:e1:92:0a:8d:da:e5:8f:dc:06:7e:bb:dd:0a:
         64:75:2f:f4:7c:98:a1:89:b7:3a:f5:93:6a:35:b6:cb:e4:f6:
         5b:0a:5f:fb:da:5b:cf:df:95:9b:27:22:d0:11:dd:b3:ae:44:
         86:cf:c1:da:cc:02:4c:f4:59:9d:fc:b7:93:b7:40:39:88:bf:
         b7:94:ec:c9:12:89:de:ee:a3:81:2d:c6:3f:4f:68:d3:e1:58:
         ed:c5:da:47:a3:85:30:29:cd:21:a0:23:33:2e:b4:43:5a:92:
         60:c5:1e:88:e7:89:7e:c2:66:27:70:b7:b9:5f:59:fb:c1:78:
         1e:89:0e:e4:3b:9f:56:08:b1:b4:61:60:af:a2:d5:4c:72:95:
         9c:2a:6d:c8:6f:18:00:82:3a:69:db:ea:22:40:2e:78:c1:3d:
         67:45:53:ec:b8:21:65:84:1e:16:68:bb:22:8e:a0:9a:16:4c:
         21:7b:7b:df:ce:bf:82:44:47:9f:61:b6:e4:88:a6:77:a5:fa:
         f0:0f:65:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6VfRIUv+jFx1ck8w5aDnBdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMzMxMTcwOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjM4ZTlkMDFkMzk2N2FmMTM3NGVmY2I4ZjVjNjY0NGRjYzNmYWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsO0rLjWUUqygoy9/Jg5SHnTXH+f
QprXdJNpOrAo7Xj9IWPkr4bbpcio4DYn340e/jbtPgmFAYHAujrN+2GLFk3stWA2
Ym9Rk/CFIQGKdN2FP6te4KsXeXrh1HPOZo/Ua6LRMLvowX6p4Awf3/LmYCrpGjJa
5g6XFJdwI1V2NtjgtmQfF3oCovAuVlFOrQsjFUa0DGgsVx0bMOKE50pWRH3shK1T
SsPvIjWClJzNXQnXF7+xGum06qT2Fh+2wgjmCoRUqMfovOPDWH/9o3Z72WTT6spZ
wNEC7Kr3lZ0rGW6WshitO2K5oUL8MAO/gUHoSK/+j3g40ndhuVoHe8ePEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPI46dAdOWevE3Tvy49cZkTcw/q+MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvOGpqcDBCMDVaNjhUZE9fTGoxeG1STnpELXI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCAaMA0G
CSqGSIb3DQEBCwUAA4IBAQB/EOXAdpEt+g3DDG8bkSJSeBbVzmae6ZzNM81/i8d/
g6B4wD25uatO1VIT38pWC2UhUY7P5sHUUKMPoOGSCo3a5Y/cBn673QpkdS/0fJih
ibc69ZNqNbbL5PZbCl/72lvP35WbJyLQEd2zrkSGz8HazAJM9Fmd/LeTt0A5iL+3
lOzJEone7qOBLcY/T2jT4VjtxdpHo4UwKc0hoCMzLrRDWpJgxR6I54l+wmYncLe5
X1n7wXgeiQ7kO59WCLG0YWCvotVMcpWcKm3IbxgAgjpp2+oiQC54wT1nRVPsuCFl
hB4WaLsijqCaFkwhe3vfzr+CREefYbbkiKZ3pfrwD2VJ
-----END CERTIFICATE-----