Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/OVYudwpuUgb3VhM5mxdCEZ3YMCs.roa
File:                     OVYudwpuUgb3VhM5mxdCEZ3YMCs.roa (raw, json)
Hash identifier:          i+QIk9upd17oZzmf/BYqqCXEU7gVaRodeeAlPz0gDzo=
Subject key identifier:   39:56:2E:77:0A:6E:52:06:F7:56:13:39:9B:17:42:11:9D:D8:30:2B
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018DA667E17F53DF4D736AC02C01EC708B69
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/OVYudwpuUgb3VhM5mxdCEZ3YMCs.roa
Signing time:             Wed 14 Feb 2024 06:57:22 +0000
ROA not before:           Wed 14 Feb 2024 06:57:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14445
IP address blocks:        84.32.70.0/24 maxlen: 24
                          88.216.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a6:67:e1:7f:53:df:4d:73:6a:c0:2c:01:ec:70:8b:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Feb 14 06:57:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39562e770a6e5206f75613399b1742119dd8302b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:36:58:9c:b7:5c:7d:7f:83:ca:4b:eb:8d:8d:
                    de:71:54:b3:a9:7a:b8:ec:87:da:e4:3b:a0:0e:e7:
                    80:f9:bb:7c:5b:aa:7d:9b:03:01:c6:6e:50:9b:49:
                    a5:92:1f:60:62:7a:bb:4b:27:6d:6e:6b:92:0b:a2:
                    35:d0:37:af:e0:c5:f0:5c:38:cc:ec:3d:da:44:a0:
                    b3:f1:97:c1:b1:d0:77:f4:1e:1f:db:58:cd:44:ee:
                    11:a7:d3:c3:e7:3e:60:f1:34:f0:42:b5:4a:93:b5:
                    54:5d:a5:e2:05:00:06:ce:bf:b2:99:6a:f8:6b:87:
                    f5:7a:5e:f8:19:6f:91:e5:d9:e0:51:50:3b:f8:e3:
                    50:98:2a:ca:3d:c5:98:65:2a:f0:68:7d:af:36:8e:
                    1d:98:1c:95:cf:db:8b:42:90:44:50:7c:e9:1f:ec:
                    c6:88:f5:84:05:9e:96:53:b6:61:58:bf:90:2e:66:
                    bf:eb:8b:81:ac:eb:68:4f:19:54:5f:9d:56:e5:76:
                    af:29:bc:f0:ec:80:8b:fb:57:16:5f:69:89:0b:6a:
                    bc:dc:c4:46:88:3b:98:7e:61:25:31:86:0d:13:95:
                    8f:c2:4a:af:fa:5c:6d:60:5b:47:f1:8d:48:f8:37:
                    5e:49:51:ff:60:e2:b7:e7:a9:ed:1c:89:5c:48:1a:
                    15:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:56:2E:77:0A:6E:52:06:F7:56:13:39:9B:17:42:11:9D:D8:30:2B
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/OVYudwpuUgb3VhM5mxdCEZ3YMCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.70.0/24
                  88.216.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:51:30:24:0f:1f:4e:2d:81:85:04:f6:74:e8:99:7d:26:bf:
         23:0c:73:80:bc:3d:00:e6:c8:d7:a2:f1:06:85:d4:bb:8b:c2:
         a0:0e:5d:da:0e:7e:e6:03:37:b2:dc:74:c5:b6:91:5c:c3:c9:
         10:a6:38:ec:15:39:bd:22:45:12:17:b3:4f:c7:47:6d:a3:23:
         b1:fc:11:b6:26:ef:45:54:d7:fc:e2:cc:62:13:fb:05:66:33:
         4d:59:00:71:86:20:51:93:46:6b:cc:a0:6b:2c:c2:fd:d6:fb:
         fa:0d:e8:f9:4f:5e:6b:38:18:bd:f5:8a:0a:1c:1b:78:36:a0:
         b3:5e:1d:57:b6:14:b4:38:21:91:8e:2c:ff:84:c6:e0:3e:cc:
         2f:35:38:16:e4:0b:9e:f5:2f:0e:42:43:0b:e1:7e:fb:07:c4:
         d5:b6:89:3c:ef:c8:ab:73:8d:2a:e2:70:91:7d:6a:ad:32:d0:
         60:d3:d0:1b:fe:fb:41:e4:43:b9:5c:4d:7a:cb:8f:ae:37:bf:
         a6:fc:5a:4b:ae:0f:64:b3:f5:51:3c:c6:8f:4a:b6:ea:b8:98:
         ea:56:3e:bb:c9:0c:3a:0b:e6:0d:75:91:85:42:4d:0d:39:7e:
         c5:2c:e7:e9:f8:14:2f:89:c3:fa:c0:a0:63:2b:07:54:7a:5b:
         8d:3f:ed:58
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2mZ+F/U99Nc2rALAHscItpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMjE0MDY1NzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTU2MmU3NzBhNmU1MjA2Zjc1NjEzMzk5YjE3NDIxMTlkZDgzMDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTZYnLdcfX+DykvrjY3ecVSzqXq4
7Ifa5DugDueA+bt8W6p9mwMBxm5Qm0mlkh9gYnq7SydtbmuSC6I10Dev4MXwXDjM
7D3aRKCz8ZfBsdB39B4f21jNRO4Rp9PD5z5g8TTwQrVKk7VUXaXiBQAGzr+ymWr4
a4f1el74GW+R5dngUVA7+ONQmCrKPcWYZSrwaH2vNo4dmByVz9uLQpBEUHzpH+zG
iPWEBZ6WU7ZhWL+QLma/64uBrOtoTxlUX51W5XavKbzw7ICL+1cWX2mJC2q83MRG
iDuYfmElMYYNE5WPwkqv+lxtYFtH8Y1I+DdeSVH/YOK356ntHIlcSBoVCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDlWLncKblIG91YTOZsXQhGd2DArMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvT1ZZdWR3cHVVZ2IzVmhNNW14ZENFWjNZTUNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVCBGAwQA
WNjdMA0GCSqGSIb3DQEBCwUAA4IBAQCVUTAkDx9OLYGFBPZ06Jl9Jr8jDHOAvD0A
5sjXovEGhdS7i8KgDl3aDn7mAzey3HTFtpFcw8kQpjjsFTm9IkUSF7NPx0dtoyOx
/BG2Ju9FVNf84sxiE/sFZjNNWQBxhiBRk0ZrzKBrLML91vv6Dej5T15rOBi99YoK
HBt4NqCzXh1XthS0OCGRjiz/hMbgPswvNTgW5Aue9S8OQkML4X77B8TVtok878ir
c40q4nCRfWqtMtBg09Ab/vtB5EO5XE16y4+uN7+m/FpLrg9ks/VRPMaPSrbquJjq
Vj67yQw6C+YNdZGFQk0NOX7FLOfp+BQvicP6wKBjKwdUeluNP+1Y
-----END CERTIFICATE-----