Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/42710b-65c3-4c0f-ae97-b1f4384313c0/1/4VHCL53oJB7LSMeGXMhTQPehN0M.roa
File:                     4VHCL53oJB7LSMeGXMhTQPehN0M.roa (raw, json)
Hash identifier:          e7bqkFhAnJenj7QuaWRGaHDRghglFXv7iV5KJAuaFRc=
Subject key identifier:   E1:51:C2:2F:9D:E8:24:1E:CB:48:C7:86:5C:C8:53:40:F7:A1:37:43
Certificate issuer:       /CN=f78b6354748fe3e852e06498282c21540075fc66
Certificate serial:       01928EF71B83513098E2C99A707B39CCCC68
Authority key identifier: F7:8B:63:54:74:8F:E3:E8:52:E0:64:98:28:2C:21:54:00:75:FC:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/94tjVHSP4-hS4GSYKCwhVAB1_GY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/42710b-65c3-4c0f-ae97-b1f4384313c0/1/4VHCL53oJB7LSMeGXMhTQPehN0M.roa
Signing time:             Tue 15 Oct 2024 06:56:51 +0000
ROA not before:           Tue 15 Oct 2024 06:56:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30058
IP address blocks:        193.47.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/42710b-65c3-4c0f-ae97-b1f4384313c0/1/94tjVHSP4-hS4GSYKCwhVAB1_GY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/42710b-65c3-4c0f-ae97-b1f4384313c0/1/94tjVHSP4-hS4GSYKCwhVAB1_GY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/94tjVHSP4-hS4GSYKCwhVAB1_GY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8e:f7:1b:83:51:30:98:e2:c9:9a:70:7b:39:cc:cc:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f78b6354748fe3e852e06498282c21540075fc66
        Validity
            Not Before: Oct 15 06:56:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e151c22f9de8241ecb48c7865cc85340f7a13743
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:eb:6e:01:e5:12:82:ea:93:49:9d:77:bd:ce:
                    a7:40:a4:89:6d:69:17:a5:a3:06:13:1e:e7:c0:cb:
                    5a:a9:c3:d3:51:fc:69:ce:f9:b1:0c:ba:c1:4e:99:
                    74:b7:c4:a8:a7:b0:ef:0f:a4:d2:32:16:39:63:b2:
                    be:c8:e8:3f:b1:5e:7e:32:1c:46:8b:d9:b1:7d:49:
                    d6:fb:d1:de:2f:0c:79:17:60:c7:ed:14:d6:5d:5b:
                    fc:78:8b:92:db:cd:2f:81:7f:c3:5a:b7:81:45:50:
                    7c:2e:5d:7d:56:a2:dc:f8:21:01:aa:43:be:eb:31:
                    04:a0:19:9a:df:0b:19:2e:ca:c6:6e:cd:ba:fd:39:
                    a5:94:52:9b:f6:20:ad:82:2d:a2:7e:59:a0:16:cb:
                    5d:49:89:67:a4:09:25:6e:68:9d:79:bf:b5:f4:ca:
                    f5:c4:c8:57:59:bd:4a:df:bb:77:da:f6:0d:39:80:
                    54:07:d1:0b:ba:d8:b9:a0:ab:4f:8d:53:54:ff:83:
                    53:33:79:31:0a:10:87:aa:2d:89:31:89:b7:f6:e1:
                    bb:48:8d:fa:9c:75:31:8f:54:70:7d:9a:7d:c2:6e:
                    b8:26:c3:2a:87:fc:7d:3c:cd:d3:ed:5d:37:b7:a2:
                    20:fa:76:6c:56:fa:a4:9e:73:fc:f2:9c:0e:74:ef:
                    58:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:51:C2:2F:9D:E8:24:1E:CB:48:C7:86:5C:C8:53:40:F7:A1:37:43
            X509v3 Authority Key Identifier:
                keyid:F7:8B:63:54:74:8F:E3:E8:52:E0:64:98:28:2C:21:54:00:75:FC:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/94tjVHSP4-hS4GSYKCwhVAB1_GY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/42710b-65c3-4c0f-ae97-b1f4384313c0/1/4VHCL53oJB7LSMeGXMhTQPehN0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/42710b-65c3-4c0f-ae97-b1f4384313c0/1/94tjVHSP4-hS4GSYKCwhVAB1_GY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.47.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:ae:b4:1b:4a:09:03:05:ea:b3:e6:32:fe:17:34:05:17:53:
         e9:78:e2:1e:5c:76:5e:ce:f9:44:b7:83:fc:d2:6b:fd:b8:c6:
         df:ad:4e:19:f5:07:b0:fb:2f:6c:fb:e5:0c:e8:fb:61:3d:13:
         7d:36:9b:42:7b:4d:6b:9f:af:a5:86:5d:73:3a:7d:53:7a:99:
         3b:66:c5:35:75:e5:cf:9b:29:35:90:7a:8c:3b:53:35:40:94:
         69:ee:b2:d6:2b:1a:47:aa:57:78:c8:51:4f:4a:1e:25:1a:dc:
         28:38:09:f0:16:ea:b2:15:b5:4c:47:9e:b4:cc:36:b0:17:79:
         6e:15:05:2f:19:41:d3:87:02:e7:f7:de:cc:0b:d7:31:94:78:
         39:1e:92:8c:1c:03:21:d4:c1:34:18:74:2e:df:f0:33:3d:f0:
         33:ca:0f:44:7a:d5:b0:37:ef:c9:7a:6d:d7:78:19:ab:ca:4d:
         96:cd:f3:f6:4b:ce:fb:9f:bc:03:3a:d8:d4:18:52:c2:69:7c:
         ce:02:ff:9a:99:05:bd:0b:f7:60:a0:66:90:b4:e8:21:02:38:
         3d:79:a2:91:73:77:be:8f:8a:d0:48:2f:ef:0f:33:51:99:93:
         5b:2d:cd:0a:e2:bf:26:f3:14:56:03:39:42:da:0b:93:30:fb:
         0b:84:9d:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKO9xuDUTCY4smacHs5zMxoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3OGI2MzU0NzQ4ZmUzZTg1MmUwNjQ5ODI4MmMyMTU0MDA3
NWZjNjYwHhcNMjQxMDE1MDY1NjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTUxYzIyZjlkZTgyNDFlY2I0OGM3ODY1Y2M4NTM0MGY3YTEzNzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOtuAeUSguqTSZ13vc6nQKSJbWkX
paMGEx7nwMtaqcPTUfxpzvmxDLrBTpl0t8Sop7DvD6TSMhY5Y7K+yOg/sV5+MhxG
i9mxfUnW+9HeLwx5F2DH7RTWXVv8eIuS280vgX/DWreBRVB8Ll19VqLc+CEBqkO+
6zEEoBma3wsZLsrGbs26/TmllFKb9iCtgi2iflmgFstdSYlnpAklbmideb+19Mr1
xMhXWb1K37t32vYNOYBUB9ELuti5oKtPjVNU/4NTM3kxChCHqi2JMYm39uG7SI36
nHUxj1RwfZp9wm64JsMqh/x9PM3T7V03t6Ig+nZsVvqknnP88pwOdO9YNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFRwi+d6CQey0jHhlzIU0D3oTdDMB8GA1UdIwQY
MBaAFPeLY1R0j+PoUuBkmCgsIVQAdfxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTR0alZIU1A0LWhTNEdTWUtDd2hWQUIxX0dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy80MjcxMGItNjVjMy00YzBmLWFlOTct
YjFmNDM4NDMxM2MwLzEvNFZIQ0w1M29KQjdMU01lR1hNaFRRUGVoTjBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy80MjcxMGItNjVjMy00YzBmLWFlOTctYjFmNDM4NDMxM2Mw
LzEvOTR0alZIU1A0LWhTNEdTWUtDd2hWQUIxX0dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS8AMA0G
CSqGSIb3DQEBCwUAA4IBAQBkrrQbSgkDBeqz5jL+FzQFF1PpeOIeXHZezvlEt4P8
0mv9uMbfrU4Z9Qew+y9s++UM6PthPRN9NptCe01rn6+lhl1zOn1Tepk7ZsU1deXP
myk1kHqMO1M1QJRp7rLWKxpHqld4yFFPSh4lGtwoOAnwFuqyFbVMR560zDawF3lu
FQUvGUHThwLn997MC9cxlHg5HpKMHAMh1ME0GHQu3/AzPfAzyg9EetWwN+/Jem3X
eBmryk2WzfP2S877n7wDOtjUGFLCaXzOAv+amQW9C/dgoGaQtOghAjg9eaKRc3e+
j4rQSC/vDzNRmZNbLc0K4r8m8xRWAzlC2guTMPsLhJ0c
-----END CERTIFICATE-----