Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/TiCl3yUGR-W98c46dzQHAeuSW3U.roa
File:                     TiCl3yUGR-W98c46dzQHAeuSW3U.roa (raw, json)
Hash identifier:          C0ghWgz82gvVOjjA7sKxMWVV/2aCt7SKL82XtzDXLgg=
Subject key identifier:   4E:20:A5:DF:25:06:47:E5:BD:F1:CE:3A:77:34:07:01:EB:92:5B:75
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC50148B80FF72FCF1BF428A7FC0CA329
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/TiCl3yUGR-W98c46dzQHAeuSW3U.roa
Signing time:             Mon 01 Jan 2024 12:30:44 +0000
ROA not before:           Mon 01 Jan 2024 12:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142036
IP address blocks:        84.32.44.0/24 maxlen: 24
                          84.32.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 11:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:48:b8:0f:f7:2f:cf:1b:f4:28:a7:fc:0c:a3:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e20a5df250647e5bdf1ce3a77340701eb925b75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ed:46:35:05:95:84:9b:3a:4b:3d:c4:4c:ff:
                    4d:ed:dd:e1:01:53:82:22:5c:6d:4f:26:c6:23:2b:
                    e7:d6:1a:86:6a:d4:59:fb:df:c8:21:68:c6:d2:86:
                    31:91:0d:25:46:eb:46:15:e3:c7:76:c6:47:3b:53:
                    44:78:88:6f:75:9a:d1:c1:a3:d9:22:29:63:41:9d:
                    82:35:66:89:73:7b:90:ea:d6:01:65:a3:0c:85:c9:
                    fc:f3:8b:83:b6:0f:01:eb:f2:9e:ee:6a:ae:4f:2d:
                    68:ad:86:a5:37:04:a1:cf:20:f4:2f:80:cc:05:21:
                    91:a0:f1:44:76:99:f5:69:5e:e7:a9:9d:0c:a7:ea:
                    5c:16:a6:64:7f:33:52:99:85:61:49:3a:89:07:d9:
                    aa:e3:ca:ec:df:01:49:bb:88:d7:60:f6:58:d7:d1:
                    0c:f2:b8:94:77:6e:fc:c5:a9:a9:c8:e6:af:de:ce:
                    02:73:68:b6:7d:c6:1e:59:86:71:87:bf:7f:fd:92:
                    9a:2f:4e:ee:c5:81:9f:2b:b7:2a:4d:ce:da:f8:05:
                    b1:d5:80:cf:41:5e:7f:97:77:2f:af:35:30:be:33:
                    14:8a:8a:7b:4b:11:92:ca:a5:9c:d5:2d:af:f7:84:
                    dd:b1:bb:04:a4:a3:c5:df:5e:a5:fb:7f:05:09:d5:
                    0f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:20:A5:DF:25:06:47:E5:BD:F1:CE:3A:77:34:07:01:EB:92:5B:75
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/TiCl3yUGR-W98c46dzQHAeuSW3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         96:ee:42:45:9d:bb:02:8e:43:60:19:df:b3:95:02:03:5b:1a:
         f1:3a:61:56:b0:61:15:04:e9:1a:57:3b:c1:0a:e7:c6:91:7b:
         ca:1b:9d:e0:6f:eb:35:e3:ff:02:f5:15:95:28:5a:75:d6:13:
         3e:6b:1f:34:db:3c:09:77:40:09:3a:da:0f:63:c5:5f:05:21:
         d5:ac:ae:03:dc:71:a2:e8:c0:65:9a:60:6c:0c:e1:c0:c7:27:
         6d:1b:1d:7f:52:d2:af:f8:c0:52:94:c1:7c:3e:53:fc:fa:4a:
         ce:d8:2d:7d:96:51:f7:6f:84:c8:9b:b3:ef:42:f8:15:95:8f:
         3e:85:5d:ed:ba:d5:09:7a:e9:40:20:60:e0:de:c2:7f:db:9d:
         5c:74:d4:ed:46:7b:09:2c:8c:35:19:78:52:5e:e7:93:2b:ea:
         93:35:11:fd:d4:48:76:17:c8:8c:d4:f8:2c:8d:8d:0e:d2:12:
         9c:01:64:2a:fd:c2:cd:db:25:6a:3b:0a:17:39:cd:cd:d2:1e:
         d2:66:97:ef:ba:3a:46:c3:7c:14:63:b5:9b:5d:cf:8d:3b:65:
         6d:e4:2f:07:cb:18:37:e3:5b:b6:01:cc:08:98:d8:1a:b1:d6:
         f5:59:14:d0:79:4c:74:7c:f9:d2:84:8f:9c:f9:32:59:13:b7:
         d8:2c:03:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUi4D/cvzxv0KKf8DKMpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTIwYTVkZjI1MDY0N2U1YmRmMWNlM2E3NzM0MDcwMWViOTI1Yjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+1GNQWVhJs6Sz3ETP9N7d3hAVOC
IlxtTybGIyvn1hqGatRZ+9/IIWjG0oYxkQ0lRutGFePHdsZHO1NEeIhvdZrRwaPZ
IiljQZ2CNWaJc3uQ6tYBZaMMhcn884uDtg8B6/Ke7mquTy1orYalNwShzyD0L4DM
BSGRoPFEdpn1aV7nqZ0Mp+pcFqZkfzNSmYVhSTqJB9mq48rs3wFJu4jXYPZY19EM
8riUd278xampyOav3s4Cc2i2fcYeWYZxh79//ZKaL07uxYGfK7cqTc7a+AWx1YDP
QV5/l3cvrzUwvjMUiop7SxGSyqWc1S2v94TdsbsEpKPF316l+38FCdUPjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE4gpd8lBkflvfHOOnc0BwHrklt1MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvVGlDbDN5VUdSLVc5OGM0NmR6UUhBZXVTVzNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVCAsMA0G
CSqGSIb3DQEBCwUAA4IBAQCW7kJFnbsCjkNgGd+zlQIDWxrxOmFWsGEVBOkaVzvB
CufGkXvKG53gb+s14/8C9RWVKFp11hM+ax802zwJd0AJOtoPY8VfBSHVrK4D3HGi
6MBlmmBsDOHAxydtGx1/UtKv+MBSlMF8PlP8+krO2C19llH3b4TIm7PvQvgVlY8+
hV3tutUJeulAIGDg3sJ/251cdNTtRnsJLIw1GXhSXueTK+qTNRH91Eh2F8iM1Pgs
jY0O0hKcAWQq/cLN2yVqOwoXOc3N0h7SZpfvujpGw3wUY7WbXc+NO2Vt5C8Hyxg3
41u2AcwImNgasdb1WRTQeUx0fPnShI+c+TJZE7fYLANk
-----END CERTIFICATE-----