Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/VATsli4CxmLdj0UGJ4WjWW_YIwc.roa
File:                     VATsli4CxmLdj0UGJ4WjWW_YIwc.roa (raw, json)
Hash identifier:          RnAhhFMMCtqoBt7jVqxnDZBcpRjbXkVG/YGDp/Q/tRw=
Subject key identifier:   54:04:EC:96:2E:02:C6:62:DD:8F:45:06:27:85:A3:59:6F:D8:23:07
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018EF64C214B06B23D3ADB1FDF674AD11546
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/VATsli4CxmLdj0UGJ4WjWW_YIwc.roa
Signing time:             Fri 19 Apr 2024 12:19:28 +0000
ROA not before:           Fri 19 Apr 2024 12:19:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198345
IP address blocks:        84.32.161.0/24 maxlen: 24
                          84.32.162.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f6:4c:21:4b:06:b2:3d:3a:db:1f:df:67:4a:d1:15:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Apr 19 12:19:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5404ec962e02c662dd8f45062785a3596fd82307
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:3d:82:02:2e:3c:ba:78:98:db:d1:e4:24:e1:
                    c5:fc:7c:bc:41:2d:e5:14:35:c5:e1:41:fd:00:37:
                    23:a8:98:dd:c6:37:69:fb:94:30:46:89:a4:6b:5c:
                    73:69:c7:41:0f:29:4a:38:55:f7:c4:04:5e:e1:2e:
                    ef:f3:0b:06:e0:b9:90:57:5a:10:a0:60:42:ec:2e:
                    8b:44:23:a6:6b:42:7b:f3:7b:2f:28:8f:6f:71:61:
                    5f:2a:51:36:b7:df:21:3b:eb:7e:2f:7b:85:20:ed:
                    af:b1:4e:4c:13:39:be:d6:ea:19:d2:cf:59:e6:e1:
                    b9:6a:9e:6d:57:68:00:3d:1d:e4:20:e2:8c:33:cd:
                    47:7d:bb:a1:74:e2:74:a5:c9:af:fd:e5:d4:d4:c0:
                    16:05:80:39:71:39:81:43:4f:83:99:78:f5:fd:4a:
                    76:fd:ae:a9:0d:9b:4a:57:fd:52:14:5a:80:9e:81:
                    7a:d2:c3:3b:78:8a:7f:f7:5d:f6:7f:c6:f2:cb:f1:
                    49:9a:05:11:22:66:87:9a:cc:0d:cb:0b:b0:7e:5b:
                    c0:51:05:6c:46:db:f8:08:24:da:38:e6:2b:70:ed:
                    b0:39:15:df:61:89:33:74:69:cf:98:49:e8:64:e5:
                    e7:bb:1f:90:32:b8:53:00:9e:c3:c9:ff:5b:3d:f6:
                    51:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:04:EC:96:2E:02:C6:62:DD:8F:45:06:27:85:A3:59:6F:D8:23:07
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/VATsli4CxmLdj0UGJ4WjWW_YIwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.161.0-84.32.163.255

    Signature Algorithm: sha256WithRSAEncryption
         55:73:77:63:8f:fd:e3:7a:6a:14:fe:82:a2:33:07:17:3a:e8:
         9a:d3:24:4d:92:57:b5:4b:81:09:4d:03:61:ba:b1:83:cc:6c:
         ff:82:a3:7e:f6:0b:76:54:1e:da:29:e6:e8:4b:89:f5:84:1e:
         61:32:29:f9:ba:4c:78:f4:b7:67:c8:4a:d5:7a:e2:9d:c8:9f:
         14:7e:f7:c1:40:98:17:81:68:c9:27:cb:9e:6a:85:e6:d7:5f:
         75:a9:97:21:8f:ac:2d:06:25:9d:5d:e3:6c:65:bb:f4:bd:4a:
         9f:ce:f9:87:f5:c4:0f:9f:52:81:37:ef:25:1a:3b:72:45:d1:
         67:bf:5f:c8:3d:b3:48:fd:5a:78:70:a4:59:0a:85:f5:bf:62:
         b2:c5:38:50:b3:49:b0:57:e7:86:11:e8:a7:0e:59:7b:51:52:
         85:5f:3c:02:09:b0:48:fa:21:5a:5b:e9:65:70:49:fe:c9:27:
         bc:a6:2c:83:38:6e:30:2f:8c:b6:1a:b5:97:0e:01:7b:75:8c:
         dd:c6:7f:0b:b4:fc:ca:ce:d3:92:9e:8f:3a:38:88:32:a0:2a:
         4e:af:08:fd:6e:d9:be:5e:ce:77:95:0c:81:e7:d3:d3:4b:ba:
         ee:3c:0a:f4:02:8e:a0:ea:7a:65:f2:b6:df:f4:d8:bd:db:ee:
         5e:de:5c:10
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY72TCFLBrI9Otsf32dK0RVGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwNDE5MTIxOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDA0ZWM5NjJlMDJjNjYyZGQ4ZjQ1MDYyNzg1YTM1OTZmZDgyMzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAij2CAi48uniY29HkJOHF/Hy8QS3l
FDXF4UH9ADcjqJjdxjdp+5QwRomka1xzacdBDylKOFX3xARe4S7v8wsG4LmQV1oQ
oGBC7C6LRCOma0J783svKI9vcWFfKlE2t98hO+t+L3uFIO2vsU5MEzm+1uoZ0s9Z
5uG5ap5tV2gAPR3kIOKMM81HfbuhdOJ0pcmv/eXU1MAWBYA5cTmBQ0+DmXj1/Up2
/a6pDZtKV/1SFFqAnoF60sM7eIp/9132f8byy/FJmgURImaHmswNywuwflvAUQVs
Rtv4CCTaOOYrcO2wORXfYYkzdGnPmEnoZOXnux+QMrhTAJ7Dyf9bPfZRXQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFQE7JYuAsZi3Y9FBieFo1lv2CMHMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvVkFUc2xpNEN4bUxkajBVR0o0V2pXV19ZSXdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABUIKED
BAJUIKAwDQYJKoZIhvcNAQELBQADggEBAFVzd2OP/eN6ahT+gqIzBxc66JrTJE2S
V7VLgQlNA2G6sYPMbP+Co372C3ZUHtop5uhLifWEHmEyKfm6THj0t2fIStV64p3I
nxR+98FAmBeBaMkny55qhebXX3WplyGPrC0GJZ1d42xlu/S9Sp/O+Yf1xA+fUoE3
7yUaO3JF0We/X8g9s0j9WnhwpFkKhfW/YrLFOFCzSbBX54YR6KcOWXtRUoVfPAIJ
sEj6IVpb6WVwSf7JJ7ymLIM4bjAvjLYatZcOAXt1jN3Gfwu0/MrO05Kejzo4iDKg
Kk6vCP1u2b5ezneVDIHn09NLuu48CvQCjqDqemXytt/02L3b7l7eXBA=
-----END CERTIFICATE-----