Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Gase8kRjwvZYPfRuomuKGJp68zc.roa
File:                     Gase8kRjwvZYPfRuomuKGJp68zc.roa (raw, json)
Hash identifier:          4oHxq4n8hLH5AkrYOMgMiiEC3rtHdJfe7wOngd9ZBas=
Subject key identifier:   19:AB:1E:F2:44:63:C2:F6:58:3D:F4:6E:A2:6B:8A:18:9A:7A:F3:37
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC5013D35274D97C76E1EFD9724E6ECA2
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Gase8kRjwvZYPfRuomuKGJp68zc.roa
Signing time:             Mon 01 Jan 2024 12:30:41 +0000
ROA not before:           Mon 01 Jan 2024 12:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25198
IP address blocks:        84.32.91.0/24 maxlen: 24
                          88.216.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 02:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:3d:35:27:4d:97:c7:6e:1e:fd:97:24:e6:ec:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19ab1ef24463c2f6583df46ea26b8a189a7af337
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:47:27:be:40:c8:8c:1d:fe:1c:bd:b6:3a:3f:
                    93:df:89:67:3d:7d:4d:15:1e:f3:70:01:23:24:5b:
                    69:6c:9b:8a:42:0f:cc:c7:aa:ed:40:c1:b0:73:af:
                    ff:04:3e:d5:95:6c:9a:bf:8e:54:76:81:8b:16:22:
                    e8:bf:a9:e0:b1:81:65:b2:29:b1:cc:9c:6a:c9:1c:
                    2e:34:61:84:bf:7d:65:5c:ba:6b:80:9c:d7:74:41:
                    d5:bc:2b:52:bf:8a:fb:71:a5:8c:a7:b0:e6:b2:0b:
                    25:69:90:3a:58:62:de:95:0e:75:35:47:e1:f9:6e:
                    dd:53:ff:d3:a5:a9:db:17:2e:7b:03:09:4e:da:13:
                    ab:fb:7b:e8:c0:c2:67:51:14:d3:71:d9:3f:22:12:
                    94:6d:4f:e9:87:00:e8:de:5a:fa:88:e7:02:f2:e0:
                    15:7b:0a:c1:c7:97:3e:86:be:8d:92:5a:9d:f9:a4:
                    ad:11:86:33:c8:03:a6:d8:2e:69:74:e4:f7:a9:d8:
                    cf:01:6a:a4:90:fc:ac:a4:81:6f:3f:52:b3:3b:46:
                    8b:28:fa:6b:3f:c2:0a:8f:f3:06:66:6b:e9:77:c8:
                    46:66:0d:4f:d1:74:47:d0:05:94:6a:09:83:ce:d0:
                    08:63:47:64:eb:f8:e6:7b:0b:5f:36:d5:ef:41:c2:
                    39:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:AB:1E:F2:44:63:C2:F6:58:3D:F4:6E:A2:6B:8A:18:9A:7A:F3:37
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Gase8kRjwvZYPfRuomuKGJp68zc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.91.0/24
                  88.216.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:c5:da:14:2a:be:96:e2:ff:aa:fb:65:cd:66:f7:f3:5d:3b:
         0f:ac:0b:96:09:21:b0:22:81:d2:b5:72:7c:37:64:dc:05:94:
         e1:8d:f3:78:37:53:af:ea:23:ae:ad:5e:b2:fa:23:7b:c7:ab:
         a9:34:8c:35:69:c4:a9:9e:5c:ae:c7:25:40:f8:77:06:80:db:
         ee:fd:f3:5f:21:95:88:97:a5:02:4b:e8:f9:36:94:39:d4:75:
         40:c3:cc:0e:1d:16:da:f7:98:0b:80:f5:e3:84:6a:f5:23:be:
         d7:73:55:b5:f1:9d:6a:c7:ed:45:d9:07:32:bf:47:d0:dc:9f:
         a3:ea:5d:f9:1a:be:a4:5f:e9:9e:6f:52:d4:fe:2f:d0:28:f7:
         b4:ee:4d:81:03:54:81:da:8f:45:a6:71:4f:3e:4d:d6:97:3f:
         a3:b4:66:ac:98:0b:90:19:d1:53:0a:4d:41:93:0b:0c:9f:49:
         fe:f0:bb:b1:d5:39:bf:88:4c:f7:ab:18:4b:55:aa:78:12:16:
         9b:86:df:d8:7f:cb:09:4e:43:12:a9:14:2b:ee:a4:64:04:84:
         88:24:d8:8b:98:cb:64:14:90:8f:ac:4e:74:4b:2c:b4:82:41:
         7f:3e:a4:57:85:9e:bb:62:17:82:9d:10:42:e2:cf:61:ba:ec:
         09:79:98:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAT01J02Xx24e/Zck5uyiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWFiMWVmMjQ0NjNjMmY2NTgzZGY0NmVhMjZiOGExODlhN2FmMzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEcnvkDIjB3+HL22Oj+T34lnPX1N
FR7zcAEjJFtpbJuKQg/Mx6rtQMGwc6//BD7VlWyav45UdoGLFiLov6ngsYFlsimx
zJxqyRwuNGGEv31lXLprgJzXdEHVvCtSv4r7caWMp7DmsgslaZA6WGLelQ51NUfh
+W7dU//TpanbFy57AwlO2hOr+3vowMJnURTTcdk/IhKUbU/phwDo3lr6iOcC8uAV
ewrBx5c+hr6Nklqd+aStEYYzyAOm2C5pdOT3qdjPAWqkkPyspIFvP1KzO0aLKPpr
P8IKj/MGZmvpd8hGZg1P0XRH0AWUagmDztAIY0dk6/jmewtfNtXvQcI5BwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBmrHvJEY8L2WD30bqJrihiaevM3MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvR2FzZThrUmp3dlpZUGZSdW9tdUtHSnA2OHpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVCBbAwQA
WNiDMA0GCSqGSIb3DQEBCwUAA4IBAQAfxdoUKr6W4v+q+2XNZvfzXTsPrAuWCSGw
IoHStXJ8N2TcBZThjfN4N1Ov6iOurV6y+iN7x6upNIw1acSpnlyuxyVA+HcGgNvu
/fNfIZWIl6UCS+j5NpQ51HVAw8wOHRba95gLgPXjhGr1I77Xc1W18Z1qx+1F2Qcy
v0fQ3J+j6l35Gr6kX+meb1LU/i/QKPe07k2BA1SB2o9FpnFPPk3Wlz+jtGasmAuQ
GdFTCk1BkwsMn0n+8Lux1Tm/iEz3qxhLVap4Ehabht/Yf8sJTkMSqRQr7qRkBISI
JNiLmMtkFJCPrE50Syy0gkF/PqRXhZ67YheCnRBC4s9huuwJeZg+
-----END CERTIFICATE-----