Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/HIf2bVC--D-O9fxhExg13zivdwE.roa
File:                     HIf2bVC--D-O9fxhExg13zivdwE.roa (raw, json)
Hash identifier:          QdZRuqHrVqGk87bDr4zhQgnU2d/tN/xoZ2Hdv97NOj0=
Subject key identifier:   1C:87:F6:6D:50:BE:F8:3F:8E:F5:FC:61:13:18:35:DF:38:AF:77:01
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01931A9BD92AC0FE5F23621798D20CAB7F6A
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/HIf2bVC--D-O9fxhExg13zivdwE.roa
Signing time:             Mon 11 Nov 2024 09:44:01 +0000
ROA not before:           Mon 11 Nov 2024 09:44:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213941
IP address blocks:        84.32.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1a:9b:d9:2a:c0:fe:5f:23:62:17:98:d2:0c:ab:7f:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov 11 09:44:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c87f66d50bef83f8ef5fc61131835df38af7701
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:9f:9b:1b:a4:1c:8c:e3:47:a9:f4:e0:51:d6:
                    f4:20:ed:af:43:e3:1d:11:71:e0:43:63:83:6d:f9:
                    cf:5a:ca:64:2b:2a:87:68:bf:74:8b:4b:d9:c3:6d:
                    bc:61:fd:9e:0d:90:81:6c:53:61:4a:3c:6d:f7:ca:
                    16:18:d3:64:d0:ed:7e:99:59:2c:be:7b:b3:58:65:
                    3e:f7:c6:6a:0c:bf:a0:ab:c3:07:42:04:e5:69:9c:
                    f9:c9:d9:b2:71:60:88:35:43:85:1f:ea:24:d2:3b:
                    61:55:09:30:ad:6e:6f:7b:3e:a4:87:e4:23:e6:bd:
                    4f:bd:bb:88:c3:04:fe:f3:0f:81:e4:ad:a4:a8:01:
                    f1:1b:b9:f1:c6:b6:bc:63:d0:a6:d4:54:6b:b0:4e:
                    ae:fb:42:92:a3:65:f8:ca:51:4c:c6:bc:38:98:65:
                    9a:13:0b:7f:30:55:63:0c:8a:8c:8b:a3:30:2e:cf:
                    b1:f3:99:8d:ff:bb:1d:8a:d2:c6:64:c3:da:ea:cb:
                    dc:1d:09:6b:c8:ba:25:de:14:00:6f:2e:b1:ec:ed:
                    45:83:66:bb:67:89:86:b4:ad:f6:e3:36:4a:78:d0:
                    d9:e9:fc:18:cb:67:3b:f3:c1:38:4c:32:2e:d8:9b:
                    f2:f4:8b:4f:50:12:44:67:b6:6d:d5:52:c7:98:37:
                    b3:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:87:F6:6D:50:BE:F8:3F:8E:F5:FC:61:13:18:35:DF:38:AF:77:01
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/HIf2bVC--D-O9fxhExg13zivdwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:fd:0b:31:2e:41:3c:ac:1b:b6:42:58:4d:76:9a:58:c7:a5:
         1b:be:22:7b:fc:5d:9b:6f:ec:ae:e3:0f:76:40:d9:60:66:2b:
         53:6c:0b:b6:ea:8f:8d:4d:d8:ee:59:fd:63:d3:00:db:e1:2f:
         e1:47:9e:fc:b2:91:74:20:fd:59:94:6a:b8:06:16:96:17:15:
         4f:9c:0e:c7:91:5d:cd:d5:85:34:0f:84:f0:6e:b5:76:7d:e4:
         fe:7e:ed:70:6d:49:ec:da:cb:4d:b0:61:7c:f0:f0:51:89:80:
         b3:46:ad:a2:3c:8f:39:96:69:44:36:a8:ec:28:8a:b9:cd:fa:
         b0:f4:17:37:cd:d0:e3:0b:5e:9f:91:69:64:7b:e6:45:45:3e:
         00:eb:01:df:38:18:b8:f0:84:7e:8b:6e:b1:de:79:ae:5d:d7:
         18:81:5b:4b:99:db:1a:c0:21:02:74:9a:c6:0c:7d:17:82:bc:
         83:ee:1b:8a:e8:c4:ed:68:98:4c:83:f0:32:2e:59:32:e6:14:
         b9:53:31:b4:b7:ca:b1:ab:ff:19:79:19:d0:83:0c:3c:3b:ad:
         3d:ca:94:f6:be:fc:64:45:76:05:d7:1e:8c:b6:87:6b:5f:d1:
         40:d3:4f:f7:65:a2:84:40:f6:56:13:e8:78:44:35:42:6b:84:
         61:70:4c:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMam9kqwP5fI2IXmNIMq39qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQxMTExMDk0NDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzg3ZjY2ZDUwYmVmODNmOGVmNWZjNjExMzE4MzVkZjM4YWY3NzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAup+bG6QcjONHqfTgUdb0IO2vQ+Md
EXHgQ2ODbfnPWspkKyqHaL90i0vZw228Yf2eDZCBbFNhSjxt98oWGNNk0O1+mVks
vnuzWGU+98ZqDL+gq8MHQgTlaZz5ydmycWCINUOFH+ok0jthVQkwrW5vez6kh+Qj
5r1PvbuIwwT+8w+B5K2kqAHxG7nxxra8Y9Cm1FRrsE6u+0KSo2X4ylFMxrw4mGWa
Ewt/MFVjDIqMi6MwLs+x85mN/7sditLGZMPa6svcHQlryLol3hQAby6x7O1Fg2a7
Z4mGtK324zZKeNDZ6fwYy2c788E4TDIu2Jvy9ItPUBJEZ7Zt1VLHmDezOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFByH9m1Qvvg/jvX8YRMYNd84r3cBMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvSElmMmJWQy0tRC1POWZ4aEV4ZzEzeml2ZHdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCAaMA0G
CSqGSIb3DQEBCwUAA4IBAQCE/QsxLkE8rBu2QlhNdppYx6UbviJ7/F2bb+yu4w92
QNlgZitTbAu26o+NTdjuWf1j0wDb4S/hR578spF0IP1ZlGq4BhaWFxVPnA7HkV3N
1YU0D4TwbrV2feT+fu1wbUns2stNsGF88PBRiYCzRq2iPI85lmlENqjsKIq5zfqw
9Bc3zdDjC16fkWlke+ZFRT4A6wHfOBi48IR+i26x3nmuXdcYgVtLmdsawCECdJrG
DH0XgryD7huK6MTtaJhMg/AyLlky5hS5UzG0t8qxq/8ZeRnQgww8O609ypT2vvxk
RXYF1x6MtodrX9FA00/3ZaKEQPZWE+h4RDVCa4RhcEwz
-----END CERTIFICATE-----