Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/a08520-7f06-4f12-8640-49785fcdd9c4/1/4CUwsxsXUb8fJAAyXSs7xTJpVMI.roa
File:                     4CUwsxsXUb8fJAAyXSs7xTJpVMI.roa (raw, json)
Hash identifier:          oR7antQh76CEhDHFFXZkqPEYbaa+khvLRPgJ25BC7i8=
Subject key identifier:   E0:25:30:B3:1B:17:51:BF:1F:24:00:32:5D:2B:3B:C5:32:69:54:C2
Certificate issuer:       /CN=ad7d8de8ca061ea164e671c34eb3377f5736bbc3
Certificate serial:       018CC725811EAB3ECEDE0093622C43FF940E
Authority key identifier: AD:7D:8D:E8:CA:06:1E:A1:64:E6:71:C3:4E:B3:37:7F:57:36:BB:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rX2N6MoGHqFk5nHDTrM3f1c2u8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/a08520-7f06-4f12-8640-49785fcdd9c4/1/4CUwsxsXUb8fJAAyXSs7xTJpVMI.roa
Signing time:             Mon 01 Jan 2024 22:29:33 +0000
ROA not before:           Mon 01 Jan 2024 22:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33796
IP address blocks:        84.238.0.0/17 maxlen: 17
                          185.197.168.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/a08520-7f06-4f12-8640-49785fcdd9c4/1/rX2N6MoGHqFk5nHDTrM3f1c2u8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/a08520-7f06-4f12-8640-49785fcdd9c4/1/rX2N6MoGHqFk5nHDTrM3f1c2u8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rX2N6MoGHqFk5nHDTrM3f1c2u8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:81:1e:ab:3e:ce:de:00:93:62:2c:43:ff:94:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad7d8de8ca061ea164e671c34eb3377f5736bbc3
        Validity
            Not Before: Jan  1 22:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e02530b31b1751bf1f2400325d2b3bc5326954c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:fb:7c:6f:9a:98:b3:67:10:be:3f:ae:7f:b6:
                    1c:1e:83:66:86:8e:58:f6:99:45:4a:53:54:10:e6:
                    39:54:9d:6f:6d:23:b9:f1:b6:04:ac:11:68:45:3b:
                    e7:26:27:fb:cf:b1:a0:06:95:5b:ac:d0:b8:b6:4d:
                    62:5b:e9:10:ff:93:88:44:8e:e9:d1:35:a4:8a:51:
                    31:73:fc:24:9f:30:91:9f:0f:4e:0b:35:72:ac:33:
                    b3:b8:32:26:9c:2e:7f:b9:36:02:de:e6:3f:65:4f:
                    56:ef:b4:fb:82:fc:83:33:67:ed:3e:e2:8c:eb:99:
                    ff:99:71:8d:fe:d1:aa:5a:e0:c0:68:0a:fc:58:43:
                    3f:58:b6:a2:5f:f6:9f:3b:de:d6:93:ce:11:94:76:
                    f1:ff:2a:7f:28:af:37:3b:14:d3:94:2f:56:57:29:
                    f1:c4:7e:0b:42:eb:8f:3a:a4:2b:1b:f0:ac:6d:12:
                    b9:c6:44:b7:a9:6b:22:f8:46:db:c9:1b:49:14:9d:
                    ce:12:cc:f2:f6:0c:e4:a5:96:cc:25:90:97:24:b4:
                    7f:14:2e:fb:0d:46:29:3a:15:b0:92:54:fd:c8:d7:
                    f7:c6:8a:cf:50:7f:9d:22:69:6e:a0:c2:e4:fa:91:
                    5f:3d:40:fd:b7:fa:1a:88:e9:b0:73:8f:ac:55:b7:
                    32:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:25:30:B3:1B:17:51:BF:1F:24:00:32:5D:2B:3B:C5:32:69:54:C2
            X509v3 Authority Key Identifier:
                keyid:AD:7D:8D:E8:CA:06:1E:A1:64:E6:71:C3:4E:B3:37:7F:57:36:BB:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rX2N6MoGHqFk5nHDTrM3f1c2u8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/a08520-7f06-4f12-8640-49785fcdd9c4/1/4CUwsxsXUb8fJAAyXSs7xTJpVMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/a08520-7f06-4f12-8640-49785fcdd9c4/1/rX2N6MoGHqFk5nHDTrM3f1c2u8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.238.0.0/17
                  185.197.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:60:02:08:f2:f6:33:5f:ca:1a:cb:de:25:5c:49:e7:e6:ac:
         55:5a:f4:a1:80:15:81:77:c8:b7:18:5f:12:5f:54:df:07:ce:
         b2:7e:fc:25:68:fe:b5:ab:40:ca:b7:2d:d0:b5:a4:fa:29:77:
         af:ff:ee:91:25:05:a6:32:7e:46:3c:cf:0b:3a:6d:dc:f2:8e:
         65:05:54:16:bf:e0:8f:62:6f:94:61:ee:15:fe:36:13:cd:7d:
         53:67:e8:99:d2:3e:a7:b3:67:e3:55:cf:87:d8:4c:64:9c:24:
         9e:cd:17:1a:c7:1f:db:9b:06:71:06:39:03:33:f1:43:7b:bf:
         b4:29:00:02:d9:1d:93:fb:dc:c3:71:bb:e7:a7:f7:46:3a:94:
         a9:c2:08:a5:c9:0d:b6:70:d6:5f:af:9e:01:10:51:fe:81:cf:
         1e:8f:b2:4d:bb:44:11:ee:41:43:de:c7:70:84:56:17:48:7c:
         6a:a9:c5:a5:e1:1c:67:bb:90:63:f0:e5:12:cc:03:09:c4:05:
         a8:d1:03:5b:1b:7b:27:4c:39:f5:07:30:8b:f6:0f:f1:a4:8c:
         a6:ff:0d:30:a2:62:35:ef:10:3a:53:b9:4a:92:fc:f8:9f:49:
         e8:84:44:43:84:06:43:c4:9b:d2:4e:d1:5a:18:bd:e2:e9:14:
         f1:25:ca:8e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJYEeqz7O3gCTYixD/5QOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkN2Q4ZGU4Y2EwNjFlYTE2NGU2NzFjMzRlYjMzNzdmNTcz
NmJiYzMwHhcNMjQwMTAxMjIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDI1MzBiMzFiMTc1MWJmMWYyNDAwMzI1ZDJiM2JjNTMyNjk1NGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoft8b5qYs2cQvj+uf7YcHoNmho5Y
9plFSlNUEOY5VJ1vbSO58bYErBFoRTvnJif7z7GgBpVbrNC4tk1iW+kQ/5OIRI7p
0TWkilExc/wknzCRnw9OCzVyrDOzuDImnC5/uTYC3uY/ZU9W77T7gvyDM2ftPuKM
65n/mXGN/tGqWuDAaAr8WEM/WLaiX/afO97Wk84RlHbx/yp/KK83OxTTlC9WVynx
xH4LQuuPOqQrG/CsbRK5xkS3qWsi+EbbyRtJFJ3OEszy9gzkpZbMJZCXJLR/FC77
DUYpOhWwklT9yNf3xorPUH+dImluoMLk+pFfPUD9t/oaiOmwc4+sVbcybQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOAlMLMbF1G/HyQAMl0rO8UyaVTCMB8GA1UdIwQY
MBaAFK19jejKBh6hZOZxw06zN39XNrvDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclgyTjZNb0dIcUZrNW5IRFRyTTNmMWMydThNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9hMDg1MjAtN2YwNi00ZjEyLTg2NDAt
NDk3ODVmY2RkOWM0LzEvNENVd3N4c1hVYjhmSkFBeVhTczd4VEpwVk1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9hMDg1MjAtN2YwNi00ZjEyLTg2NDAtNDk3ODVmY2RkOWM0
LzEvclgyTjZNb0dIcUZrNW5IRFRyTTNmMWMydThNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQHVO4AAwQC
ucWoMA0GCSqGSIb3DQEBCwUAA4IBAQCCYAII8vYzX8oay94lXEnn5qxVWvShgBWB
d8i3GF8SX1TfB86yfvwlaP61q0DKty3QtaT6KXev/+6RJQWmMn5GPM8LOm3c8o5l
BVQWv+CPYm+UYe4V/jYTzX1TZ+iZ0j6ns2fjVc+H2ExknCSezRcaxx/bmwZxBjkD
M/FDe7+0KQAC2R2T+9zDcbvnp/dGOpSpwgilyQ22cNZfr54BEFH+gc8ej7JNu0QR
7kFD3sdwhFYXSHxqqcWl4Rxnu5Bj8OUSzAMJxAWo0QNbG3snTDn1BzCL9g/xpIym
/w0womI17xA6U7lKkvz4n0nohERDhAZDxJvSTtFaGL3i6RTxJcqO
-----END CERTIFICATE-----