Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/f89685-1174-45d5-a5dc-09db57469bb8/1/f4H3r4NrA132mPbNIypSh4LY2wQ.roa
File:                     f4H3r4NrA132mPbNIypSh4LY2wQ.roa (raw, json)
Hash identifier:          PLB89yuiKEc1cL7xwcN2E9vN5v20DRPFhJt+vibPmi8=
Subject key identifier:   7F:81:F7:AF:83:6B:03:5D:F6:98:F6:CD:23:2A:52:87:82:D8:DB:04
Certificate issuer:       /CN=4e5caf5e5495f54b039f1d0f2471112467c9791c
Certificate serial:       018CC9BC4E56D56D387F381A21D3E92B91F7
Authority key identifier: 4E:5C:AF:5E:54:95:F5:4B:03:9F:1D:0F:24:71:11:24:67:C9:79:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TlyvXlSV9UsDnx0PJHERJGfJeRw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/f89685-1174-45d5-a5dc-09db57469bb8/1/f4H3r4NrA132mPbNIypSh4LY2wQ.roa
Signing time:             Tue 02 Jan 2024 10:33:30 +0000
ROA not before:           Tue 02 Jan 2024 10:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58231
IP address blocks:        194.33.92.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/f89685-1174-45d5-a5dc-09db57469bb8/1/TlyvXlSV9UsDnx0PJHERJGfJeRw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/f89685-1174-45d5-a5dc-09db57469bb8/1/TlyvXlSV9UsDnx0PJHERJGfJeRw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TlyvXlSV9UsDnx0PJHERJGfJeRw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:4e:56:d5:6d:38:7f:38:1a:21:d3:e9:2b:91:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e5caf5e5495f54b039f1d0f2471112467c9791c
        Validity
            Not Before: Jan  2 10:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f81f7af836b035df698f6cd232a528782d8db04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:bb:06:6b:19:7f:14:b3:9a:b4:85:69:90:dc:
                    a2:1e:a6:b8:fd:84:4a:dd:8e:cb:4a:77:2f:66:e8:
                    47:84:d6:dd:72:c6:00:61:4b:ac:4e:db:3d:64:f2:
                    61:da:91:fe:c6:4e:2b:ef:f7:7c:3a:83:cc:74:c0:
                    62:54:16:c3:a2:dd:33:91:8f:f9:e2:b2:d1:c6:91:
                    33:15:85:dd:f1:4f:70:98:7a:1b:c3:83:69:ee:b7:
                    f3:3b:4a:29:de:e6:5e:35:57:67:9b:fd:d0:07:1e:
                    59:66:15:74:a8:fd:81:38:cb:7c:2c:44:98:9d:58:
                    d7:03:58:07:bf:ff:12:58:4f:ca:49:96:73:da:23:
                    ab:6b:1c:63:e8:f4:33:b3:ba:cd:48:e0:5d:38:ab:
                    a0:35:0c:21:2e:d3:8f:bb:12:f6:da:ac:5e:cb:4b:
                    48:80:1f:d9:f0:43:b1:57:47:78:91:a5:2c:78:4e:
                    ad:b9:22:d5:8d:02:f6:e9:be:ec:7d:4d:93:15:de:
                    0b:35:a7:14:e5:14:27:e6:8c:85:3f:12:24:12:ed:
                    12:40:88:40:7a:2e:a9:81:9b:5f:42:7d:23:c0:e3:
                    a1:dd:d0:f0:09:29:c7:48:ed:c7:36:dd:69:4f:54:
                    a9:58:14:3f:28:13:7f:b0:17:52:17:e5:59:5d:04:
                    24:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:81:F7:AF:83:6B:03:5D:F6:98:F6:CD:23:2A:52:87:82:D8:DB:04
            X509v3 Authority Key Identifier:
                keyid:4E:5C:AF:5E:54:95:F5:4B:03:9F:1D:0F:24:71:11:24:67:C9:79:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TlyvXlSV9UsDnx0PJHERJGfJeRw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/f89685-1174-45d5-a5dc-09db57469bb8/1/f4H3r4NrA132mPbNIypSh4LY2wQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/f89685-1174-45d5-a5dc-09db57469bb8/1/TlyvXlSV9UsDnx0PJHERJGfJeRw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:ec:12:92:91:20:9e:f3:e2:3a:bd:ba:90:58:e8:4b:fa:95:
         7a:ac:a7:77:b8:25:b8:6a:f6:6c:df:e8:d9:b7:4e:7f:3a:bf:
         63:e2:27:4d:4a:5b:4e:a9:21:09:9f:a5:8d:03:1b:4a:38:49:
         72:8f:82:51:74:ae:57:ee:25:96:62:26:5a:93:c9:7a:b4:5b:
         8c:38:2b:c0:c1:bc:a6:ce:b5:fa:c7:48:76:34:82:56:48:d6:
         6d:0c:71:6e:fe:eb:d1:88:4f:8d:97:89:9a:dc:54:c2:bd:5c:
         4e:5b:2e:85:f7:f9:fc:86:17:66:7f:9e:0e:9f:a5:0f:43:ce:
         37:4c:47:69:47:4b:83:5d:44:d4:be:48:ce:32:ca:94:47:0f:
         3f:4d:ef:25:97:66:e4:8e:cc:df:98:cf:d1:b2:54:d2:ae:f3:
         c1:2d:31:ab:d4:33:89:35:bb:5c:a6:a2:44:3b:3f:5d:d1:e8:
         b8:ff:0d:b3:18:86:33:31:18:92:22:2f:90:a7:66:e6:1c:6f:
         1b:1c:0b:42:8c:c3:77:77:b3:3a:ad:05:79:8d:6f:25:9c:b8:
         38:60:83:af:2c:08:be:08:74:7b:2a:2f:c7:ce:0e:bd:02:1a:
         63:01:dd:4b:0f:30:2b:30:c1:71:dc:e5:09:f0:20:1d:04:c8:
         9c:7d:6c:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvE5W1W04fzgaIdPpK5H3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNWNhZjVlNTQ5NWY1NGIwMzlmMWQwZjI0NzExMTI0Njdj
OTc5MWMwHhcNMjQwMTAyMTAzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjgxZjdhZjgzNmIwMzVkZjY5OGY2Y2QyMzJhNTI4NzgyZDhkYjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7sGaxl/FLOatIVpkNyiHqa4/YRK
3Y7LSncvZuhHhNbdcsYAYUusTts9ZPJh2pH+xk4r7/d8OoPMdMBiVBbDot0zkY/5
4rLRxpEzFYXd8U9wmHobw4Np7rfzO0op3uZeNVdnm/3QBx5ZZhV0qP2BOMt8LESY
nVjXA1gHv/8SWE/KSZZz2iOraxxj6PQzs7rNSOBdOKugNQwhLtOPuxL22qxey0tI
gB/Z8EOxV0d4kaUseE6tuSLVjQL26b7sfU2TFd4LNacU5RQn5oyFPxIkEu0SQIhA
ei6pgZtfQn0jwOOh3dDwCSnHSO3HNt1pT1SpWBQ/KBN/sBdSF+VZXQQkYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH+B96+DawNd9pj2zSMqUoeC2NsEMB8GA1UdIwQY
MBaAFE5cr15UlfVLA58dDyRxESRnyXkcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGx5dlhsU1Y5VXNEbngwUEpIRVJKR2ZKZVJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9mODk2ODUtMTE3NC00NWQ1LWE1ZGMt
MDlkYjU3NDY5YmI4LzEvZjRIM3I0TnJBMTMybVBiTkl5cFNoNExZMndRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9mODk2ODUtMTE3NC00NWQ1LWE1ZGMtMDlkYjU3NDY5YmI4
LzEvVGx5dlhsU1Y5VXNEbngwUEpIRVJKR2ZKZVJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiFcMA0G
CSqGSIb3DQEBCwUAA4IBAQAw7BKSkSCe8+I6vbqQWOhL+pV6rKd3uCW4avZs3+jZ
t05/Or9j4idNSltOqSEJn6WNAxtKOElyj4JRdK5X7iWWYiZak8l6tFuMOCvAwbym
zrX6x0h2NIJWSNZtDHFu/uvRiE+Nl4ma3FTCvVxOWy6F9/n8hhdmf54On6UPQ843
TEdpR0uDXUTUvkjOMsqURw8/Te8ll2bkjszfmM/RslTSrvPBLTGr1DOJNbtcpqJE
Oz9d0ei4/w2zGIYzMRiSIi+Qp2bmHG8bHAtCjMN3d7M6rQV5jW8lnLg4YIOvLAi+
CHR7Ki/Hzg69AhpjAd1LDzArMMFx3OUJ8CAdBMicfWyK
-----END CERTIFICATE-----