Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/KFEDnYC0eKJ4UocV48CHgkBNkm4.roa
File:                     KFEDnYC0eKJ4UocV48CHgkBNkm4.roa (raw, json)
Hash identifier:          W8q2V8zBGvj68FzjnoFrSOHIaNEdQe/15z2OeLZul78=
Subject key identifier:   28:51:03:9D:80:B4:78:A2:78:52:87:15:E3:C0:87:82:40:4D:92:6E
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018ED68384C5D1BB9C1AA07F3CD652D3F19F
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/KFEDnYC0eKJ4UocV48CHgkBNkm4.roa
Signing time:             Sat 13 Apr 2024 08:12:07 +0000
ROA not before:           Sat 13 Apr 2024 08:12:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62068
IP address blocks:        84.32.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 02:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d6:83:84:c5:d1:bb:9c:1a:a0:7f:3c:d6:52:d3:f1:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Apr 13 08:12:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2851039d80b478a278528715e3c08782404d926e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f6:47:7e:80:f0:82:8b:4d:12:81:a8:1e:f9:
                    37:65:40:9e:17:08:52:af:e5:9e:f7:41:5f:b1:40:
                    ee:58:cb:6f:01:82:5b:83:2c:24:40:39:0c:fa:ed:
                    73:5d:fd:47:fc:08:dd:82:ee:ac:52:a8:7b:5d:6c:
                    92:df:76:72:29:f9:20:0b:44:3c:e7:79:9e:b8:d7:
                    98:d7:a8:2b:b7:6f:75:e3:d4:42:4d:b6:96:ae:fe:
                    94:58:c1:0f:20:b6:8f:58:b3:ba:57:74:05:c3:78:
                    90:73:45:7c:d5:14:7d:66:44:28:47:0e:52:96:2e:
                    1b:74:8c:46:56:b6:fd:f0:95:e0:95:a2:0f:2f:9c:
                    51:d9:c2:76:40:70:11:a0:d1:bb:b5:37:14:2b:f2:
                    f1:64:cc:36:b4:9a:e4:a8:da:14:da:2f:e2:f2:9f:
                    47:52:c5:62:29:ac:b4:7c:73:74:14:b7:a2:a3:a8:
                    3e:35:7c:88:91:23:b3:0a:03:66:e8:b2:43:3b:07:
                    96:38:6b:32:a4:1b:ba:62:92:e7:39:80:4b:ed:db:
                    6b:5e:27:34:e1:23:91:74:84:e4:1f:81:1f:4d:9e:
                    d5:11:a7:de:3d:1c:a6:6a:bd:c2:56:67:b7:47:12:
                    d6:5d:a8:b0:60:51:a8:6e:68:f5:c3:5e:c6:54:af:
                    a4:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:51:03:9D:80:B4:78:A2:78:52:87:15:E3:C0:87:82:40:4D:92:6E
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/KFEDnYC0eKJ4UocV48CHgkBNkm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:7e:13:d4:99:3f:8e:00:1e:bd:d3:30:44:31:71:09:81:dd:
         c0:fa:1f:6d:6d:8f:c9:f5:df:96:73:30:39:68:7f:e1:06:6d:
         49:89:fa:a6:d0:18:c3:6b:78:36:c4:1d:ca:77:de:9f:38:95:
         90:cc:35:04:89:da:62:77:72:c0:9a:10:10:54:46:bf:00:49:
         d6:e5:11:19:5c:b1:43:2c:2e:ae:79:95:a6:be:ff:03:4f:8a:
         35:ce:1e:1a:86:d1:e5:5e:2c:b8:0f:f6:2f:1b:bd:04:2f:e7:
         8d:d6:b6:56:9d:85:2c:8b:98:6c:76:4a:a1:3a:a2:d9:86:37:
         97:9b:bd:58:59:9f:cb:f3:1b:a6:a2:b1:b2:56:07:fe:2b:5d:
         47:a5:6f:8c:a3:15:91:d5:78:6f:8a:fa:44:26:0f:ea:d8:e2:
         82:72:83:66:aa:4c:2c:e3:a6:fb:69:57:fd:4a:49:8f:2b:6b:
         33:da:11:69:a1:51:d0:9b:c1:f5:dd:7a:07:a1:ab:fc:b5:45:
         8c:49:af:b4:3e:90:03:be:95:5d:8f:74:56:d5:47:ba:2b:82:
         f9:38:ce:5d:da:3d:e5:79:f0:c3:ee:c3:86:64:0d:7d:7d:1e:
         31:60:4c:ef:25:a2:36:b2:dd:d9:2e:6c:73:07:23:52:45:a7:
         d8:98:92:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7Wg4TF0bucGqB/PNZS0/GfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwNDEzMDgxMjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODUxMDM5ZDgwYjQ3OGEyNzg1Mjg3MTVlM2MwODc4MjQwNGQ5MjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/ZHfoDwgotNEoGoHvk3ZUCeFwhS
r+We90FfsUDuWMtvAYJbgywkQDkM+u1zXf1H/Ajdgu6sUqh7XWyS33ZyKfkgC0Q8
53meuNeY16grt29149RCTbaWrv6UWMEPILaPWLO6V3QFw3iQc0V81RR9ZkQoRw5S
li4bdIxGVrb98JXglaIPL5xR2cJ2QHARoNG7tTcUK/LxZMw2tJrkqNoU2i/i8p9H
UsViKay0fHN0FLeio6g+NXyIkSOzCgNm6LJDOweWOGsypBu6YpLnOYBL7dtrXic0
4SORdITkH4EfTZ7VEafePRymar3CVme3RxLWXaiwYFGobmj1w17GVK+k6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFChRA52AtHiieFKHFePAh4JATZJuMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvS0ZFRG5ZQzBlS0o0VW9jVjQ4Q0hna0JOa200LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCCwMA0G
CSqGSIb3DQEBCwUAA4IBAQBLfhPUmT+OAB690zBEMXEJgd3A+h9tbY/J9d+WczA5
aH/hBm1Jifqm0BjDa3g2xB3Kd96fOJWQzDUEidpid3LAmhAQVEa/AEnW5REZXLFD
LC6ueZWmvv8DT4o1zh4ahtHlXiy4D/YvG70EL+eN1rZWnYUsi5hsdkqhOqLZhjeX
m71YWZ/L8xumorGyVgf+K11HpW+MoxWR1XhvivpEJg/q2OKCcoNmqkws46b7aVf9
SkmPK2sz2hFpoVHQm8H13XoHoav8tUWMSa+0PpADvpVdj3RW1Ue6K4L5OM5d2j3l
efDD7sOGZA19fR4xYEzvJaI2st3ZLmxzByNSRafYmJLg
-----END CERTIFICATE-----