Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/IYSL8kovycVWK9zT3J9PQTAWO94.roa
File:                     IYSL8kovycVWK9zT3J9PQTAWO94.roa (raw, json)
Hash identifier:          7K49dkFUpqNyrlNKGheOL22Hr4mmwCVDqLMpASR3l2w=
Subject key identifier:   21:84:8B:F2:4A:2F:C9:C5:56:2B:DC:D3:DC:9F:4F:41:30:16:3B:DE
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018FFE8F312FE34464312889260884BD06FC
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/IYSL8kovycVWK9zT3J9PQTAWO94.roa
Signing time:             Sun 09 Jun 2024 19:52:28 +0000
ROA not before:           Sun 09 Jun 2024 19:52:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210542
IP address blocks:        84.32.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:fe:8f:31:2f:e3:44:64:31:28:89:26:08:84:bd:06:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jun  9 19:52:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21848bf24a2fc9c5562bdcd3dc9f4f4130163bde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:a5:31:b3:e0:36:d9:bf:41:a8:75:c4:4e:34:
                    1d:1b:13:e2:3f:cc:bf:ef:ca:d9:cd:24:f1:b8:f1:
                    f6:7e:8a:d8:f0:3f:88:1d:60:11:20:8d:8e:fe:e4:
                    47:7c:44:83:43:5b:63:aa:29:c2:78:89:43:0c:5f:
                    66:69:76:85:73:74:ba:2f:87:88:71:de:a3:26:08:
                    47:d2:1c:50:ee:e7:a1:4a:bd:6e:fd:6f:46:e5:73:
                    fd:4c:43:9a:67:75:2e:02:e1:34:e7:aa:b2:97:58:
                    23:52:04:3b:77:a2:53:c7:b9:5c:f4:b8:b9:8e:3b:
                    50:5c:a2:5f:25:a0:f6:84:e5:51:0f:03:e3:d7:1d:
                    7e:7a:a6:dc:05:fc:11:c4:55:c0:90:07:ce:73:0c:
                    74:cf:eb:df:b8:2a:69:76:33:e1:c1:84:ba:bd:c8:
                    b5:f5:c5:85:1a:28:22:d0:7f:83:e7:30:b1:28:25:
                    1e:ed:dd:ce:06:36:f6:22:07:ba:c5:6a:32:ee:e3:
                    f4:73:1c:3f:1c:b0:a8:8e:d7:b0:62:e0:e8:10:eb:
                    70:0e:fd:c3:02:f5:69:55:ea:87:21:cf:7a:d6:bd:
                    f8:73:21:25:15:9d:21:d3:a5:1f:4b:29:02:6b:32:
                    52:ed:5a:8a:9a:2b:37:ca:b5:7b:22:68:db:14:20:
                    50:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:84:8B:F2:4A:2F:C9:C5:56:2B:DC:D3:DC:9F:4F:41:30:16:3B:DE
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/IYSL8kovycVWK9zT3J9PQTAWO94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:ce:0e:99:25:12:61:90:e7:ed:83:e4:aa:52:c2:c7:ad:2d:
         f1:7a:68:1d:31:3c:4b:86:be:81:24:38:ea:43:39:ff:d4:34:
         13:d1:ed:23:94:9c:d2:f5:b2:43:50:fe:19:a4:85:30:f3:41:
         e2:24:e9:47:df:6d:d5:1a:d2:e1:53:14:f9:89:6f:8e:4d:bd:
         42:7a:36:b1:60:9d:7f:a1:da:0d:8b:2a:06:11:d7:72:85:1e:
         fd:c6:7f:73:ae:f9:3a:59:ab:85:23:73:c7:1f:ec:3b:32:90:
         00:e0:7b:67:51:d9:5c:3d:cf:e8:9d:9f:07:c9:77:d1:8d:87:
         c2:23:86:08:e1:98:75:0c:60:8c:df:ee:59:f7:0b:7b:04:f2:
         46:8e:0c:a4:9b:0b:72:ab:e5:dd:1f:e3:12:c5:9a:c3:41:19:
         cc:a7:71:96:dc:e7:6d:c5:bf:d2:1e:e0:b9:ce:5c:08:9f:d2:
         97:2f:2d:05:db:45:01:b9:e7:ac:24:7d:8e:77:a4:e2:4c:a3:
         2c:03:a1:bc:6d:88:d3:c6:88:39:27:8b:c9:c3:76:41:81:38:
         46:6a:b6:ad:fa:5b:2e:7b:90:eb:48:1e:c2:ac:be:b2:5a:99:
         45:6b:2d:6b:37:29:ae:ff:0a:6c:36:5d:a2:a2:69:99:64:51:
         59:c2:0b:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/+jzEv40RkMSiJJgiEvQb8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwNjA5MTk1MjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTg0OGJmMjRhMmZjOWM1NTYyYmRjZDNkYzlmNGY0MTMwMTYzYmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4aUxs+A22b9BqHXETjQdGxPiP8y/
78rZzSTxuPH2forY8D+IHWARII2O/uRHfESDQ1tjqinCeIlDDF9maXaFc3S6L4eI
cd6jJghH0hxQ7uehSr1u/W9G5XP9TEOaZ3UuAuE056qyl1gjUgQ7d6JTx7lc9Li5
jjtQXKJfJaD2hOVRDwPj1x1+eqbcBfwRxFXAkAfOcwx0z+vfuCppdjPhwYS6vci1
9cWFGigi0H+D5zCxKCUe7d3OBjb2Ige6xWoy7uP0cxw/HLCojtewYuDoEOtwDv3D
AvVpVeqHIc961r34cyElFZ0h06UfSykCazJS7VqKmis3yrV7ImjbFCBQLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCGEi/JKL8nFVivc09yfT0EwFjveMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvSVlTTDhrb3Z5Y1ZXSzl6VDNKOVBRVEFXTzk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCAVMA0G
CSqGSIb3DQEBCwUAA4IBAQCgzg6ZJRJhkOftg+SqUsLHrS3xemgdMTxLhr6BJDjq
Qzn/1DQT0e0jlJzS9bJDUP4ZpIUw80HiJOlH323VGtLhUxT5iW+OTb1CejaxYJ1/
odoNiyoGEddyhR79xn9zrvk6WauFI3PHH+w7MpAA4HtnUdlcPc/onZ8HyXfRjYfC
I4YI4Zh1DGCM3+5Z9wt7BPJGjgykmwtyq+XdH+MSxZrDQRnMp3GW3Odtxb/SHuC5
zlwIn9KXLy0F20UBueesJH2Od6TiTKMsA6G8bYjTxog5J4vJw3ZBgThGarat+lsu
e5DrSB7CrL6yWplFay1rNymu/wpsNl2iommZZFFZwgsJ
-----END CERTIFICATE-----