Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/8kjnCJthSf69G17T3SolQ4Of9lw.roa
File:                     8kjnCJthSf69G17T3SolQ4Of9lw.roa (raw, json)
Hash identifier:          aIGXeRP+M1+iuIJvJiPERBj4YiL7tPx+NVzpMyNAxoI=
Subject key identifier:   F2:48:E7:08:9B:61:49:FE:BD:1B:5E:D3:DD:2A:25:43:83:9F:F6:5C
Certificate issuer:       /CN=3df8a40c6a2c6993c9fbe81df3ea7dd372f96dec
Certificate serial:       018CC4939592C0394D8455B69B260373FEB4
Authority key identifier: 3D:F8:A4:0C:6A:2C:69:93:C9:FB:E8:1D:F3:EA:7D:D3:72:F9:6D:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PfikDGosaZPJ--gd8-p903L5bew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/8kjnCJthSf69G17T3SolQ4Of9lw.roa
Signing time:             Mon 01 Jan 2024 10:30:55 +0000
ROA not before:           Mon 01 Jan 2024 10:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        212.4.240.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/PfikDGosaZPJ--gd8-p903L5bew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/PfikDGosaZPJ--gd8-p903L5bew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PfikDGosaZPJ--gd8-p903L5bew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:95:92:c0:39:4d:84:55:b6:9b:26:03:73:fe:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3df8a40c6a2c6993c9fbe81df3ea7dd372f96dec
        Validity
            Not Before: Jan  1 10:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f248e7089b6149febd1b5ed3dd2a2543839ff65c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:a9:17:2c:ca:0d:79:a5:d7:54:75:71:f0:3e:
                    6f:46:2f:48:ec:20:b2:7d:47:54:63:97:55:71:17:
                    f5:84:6e:30:ab:21:da:a0:66:59:29:22:36:a1:2c:
                    b6:dd:02:5c:e4:e2:81:99:f0:88:0b:cc:98:f4:13:
                    f9:fa:4f:e5:bd:5f:0f:4c:74:a1:c7:54:73:cf:a6:
                    82:f8:17:b2:df:b9:46:75:d4:23:fc:32:55:e7:48:
                    06:d8:3a:96:22:d1:56:53:92:64:05:48:54:e6:03:
                    00:83:d4:d7:49:29:28:9f:0e:72:c9:46:35:7b:cd:
                    45:06:d6:6c:48:09:ef:79:20:67:9f:ee:2d:c0:dd:
                    aa:79:8a:bb:a9:2d:fb:3d:a1:3b:99:33:a4:e4:2a:
                    3a:19:a1:18:b4:c0:e4:d5:79:4d:3e:80:6d:19:5d:
                    27:78:4b:ad:df:88:10:c2:39:92:e6:62:30:79:1e:
                    32:64:13:ce:2b:6a:61:fb:43:84:a1:3a:26:94:cc:
                    86:3d:25:01:76:4b:42:66:d5:81:8e:97:e6:00:73:
                    f4:6a:43:8c:9e:bf:82:89:10:70:c8:24:f1:30:dc:
                    68:18:5d:ad:23:dd:82:a1:06:dd:0d:b6:33:db:76:
                    f4:c2:54:3a:54:6f:4e:bc:25:b4:d0:21:e6:04:9e:
                    db:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:48:E7:08:9B:61:49:FE:BD:1B:5E:D3:DD:2A:25:43:83:9F:F6:5C
            X509v3 Authority Key Identifier:
                keyid:3D:F8:A4:0C:6A:2C:69:93:C9:FB:E8:1D:F3:EA:7D:D3:72:F9:6D:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PfikDGosaZPJ--gd8-p903L5bew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/8kjnCJthSf69G17T3SolQ4Of9lw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/PfikDGosaZPJ--gd8-p903L5bew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.4.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:3b:b2:37:af:f3:4f:cb:ff:29:b9:d1:bb:54:03:33:c5:6b:
         01:15:59:89:1f:aa:d5:73:dd:7a:a0:25:dd:bb:13:6c:01:44:
         ea:f4:53:7c:ae:d9:2c:2d:40:0b:12:ee:b4:a4:cf:2e:40:56:
         17:7f:d8:ff:46:9e:ff:d2:42:a9:46:1e:86:9c:7d:ab:69:18:
         90:e4:93:34:6d:81:3b:2a:0f:49:f8:45:c0:25:11:78:3c:54:
         6f:af:b2:1c:38:9d:cf:17:5f:93:41:e3:4f:24:72:81:5e:e6:
         6a:53:3d:d3:d4:0f:e6:49:40:f8:b9:bd:e9:0c:0c:e3:ad:dd:
         cd:24:b9:07:d0:de:07:e1:4c:c3:3f:bf:fd:65:58:32:bf:9a:
         f1:ff:51:05:9f:7e:31:aa:64:58:8d:fe:8d:02:fc:e6:d9:81:
         2b:12:6d:55:7d:59:81:a3:d3:d3:56:dc:e9:bc:99:79:b5:7a:
         a4:62:92:9d:5a:54:f0:f5:4c:ba:ca:5b:c6:c7:e1:b1:b4:1f:
         ab:e1:8e:1b:9e:3c:ce:a2:1a:2c:4b:08:f7:6d:ff:7b:56:a9:
         d9:ca:12:d2:d3:84:08:c6:cd:26:c7:2d:1d:ef:5e:da:ba:5a:
         a7:fa:80:13:6b:a8:52:9c:c4:03:8e:c3:e9:24:34:b2:47:2a:
         db:ee:8a:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5WSwDlNhFW2myYDc/60MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZjhhNDBjNmEyYzY5OTNjOWZiZTgxZGYzZWE3ZGQzNzJm
OTZkZWMwHhcNMjQwMTAxMTAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjQ4ZTcwODliNjE0OWZlYmQxYjVlZDNkZDJhMjU0MzgzOWZmNjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA36kXLMoNeaXXVHVx8D5vRi9I7CCy
fUdUY5dVcRf1hG4wqyHaoGZZKSI2oSy23QJc5OKBmfCIC8yY9BP5+k/lvV8PTHSh
x1Rzz6aC+Bey37lGddQj/DJV50gG2DqWItFWU5JkBUhU5gMAg9TXSSkonw5yyUY1
e81FBtZsSAnveSBnn+4twN2qeYq7qS37PaE7mTOk5Co6GaEYtMDk1XlNPoBtGV0n
eEut34gQwjmS5mIweR4yZBPOK2ph+0OEoTomlMyGPSUBdktCZtWBjpfmAHP0akOM
nr+CiRBwyCTxMNxoGF2tI92CoQbdDbYz23b0wlQ6VG9OvCW00CHmBJ7baQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJI5wibYUn+vRte090qJUODn/ZcMB8GA1UdIwQY
MBaAFD34pAxqLGmTyfvoHfPqfdNy+W3sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGZpa0RHb3NhWlBKLS1nZDgtcDkwM0w1YmV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8zZTY2ODctN2E0NC00MGQ4LTk5M2Yt
ODk1YTVhMzkyNDM4LzEvOGtqbkNKdGhTZjY5RzE3VDNTb2xRNE9mOWx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8zZTY2ODctN2E0NC00MGQ4LTk5M2YtODk1YTVhMzkyNDM4
LzEvUGZpa0RHb3NhWlBKLS1nZDgtcDkwM0w1YmV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1ATwMA0G
CSqGSIb3DQEBCwUAA4IBAQBfO7I3r/NPy/8pudG7VAMzxWsBFVmJH6rVc916oCXd
uxNsAUTq9FN8rtksLUALEu60pM8uQFYXf9j/Rp7/0kKpRh6GnH2raRiQ5JM0bYE7
Kg9J+EXAJRF4PFRvr7IcOJ3PF1+TQeNPJHKBXuZqUz3T1A/mSUD4ub3pDAzjrd3N
JLkH0N4H4UzDP7/9ZVgyv5rx/1EFn34xqmRYjf6NAvzm2YErEm1VfVmBo9PTVtzp
vJl5tXqkYpKdWlTw9Uy6ylvGx+GxtB+r4Y4bnjzOohosSwj3bf97VqnZyhLS04QI
xs0mxy0d717aulqn+oATa6hSnMQDjsPpJDSyRyrb7ooA
-----END CERTIFICATE-----