Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Xi3pJvox75kKgsrfwHAC94WI73o.roa
File:                     Xi3pJvox75kKgsrfwHAC94WI73o.roa (raw, json)
Hash identifier:          IzhnsSJH7iaWrg7XrSrgN91u+iHqM/RZp3WZ8Ma+krI=
Subject key identifier:   5E:2D:E9:26:FA:31:EF:99:0A:82:CA:DF:C0:70:02:F7:85:88:EF:7A
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0198129271D5D37366D521F7556FA0536731
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Xi3pJvox75kKgsrfwHAC94WI73o.roa
Signing time:             Wed 16 Jul 2025 09:30:43 +0000
ROA not before:           Wed 16 Jul 2025 09:30:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        84.32.108.0/22 maxlen: 24
                          84.32.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 21:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:12:92:71:d5:d3:73:66:d5:21:f7:55:6f:a0:53:67:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jul 16 09:30:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e2de926fa31ef990a82cadfc07002f78588ef7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:59:00:10:88:97:61:1a:8e:49:e1:49:65:89:
                    73:f6:f3:4a:2d:43:26:7d:6e:f3:02:f7:63:35:d7:
                    62:6b:c4:74:db:43:c9:4e:e1:82:03:92:c6:df:e2:
                    72:8a:62:b0:3f:30:55:e8:ee:c7:63:6e:21:e4:52:
                    4f:ae:d4:ee:97:9b:45:59:a0:76:26:6f:06:a3:c1:
                    54:78:69:14:ec:d1:9a:b9:c1:c0:de:28:a9:27:b0:
                    dc:b9:87:41:28:90:5d:63:64:44:ab:9d:21:73:fe:
                    41:5b:a0:71:be:4f:d7:9f:73:37:b8:0b:79:14:4e:
                    28:f3:d4:f6:8f:22:93:46:0c:66:8c:84:ad:e7:0b:
                    df:97:41:f4:e9:7a:f5:1d:8b:37:e0:7d:e9:af:13:
                    dd:3a:66:a7:b8:f3:df:11:a1:4b:21:a7:9b:df:7f:
                    6d:0c:91:0e:9b:dd:86:b4:97:bf:af:c8:16:a6:e5:
                    65:9f:cb:1a:bd:29:5b:80:e0:a5:7c:c8:09:3a:c7:
                    ba:67:df:44:45:66:93:5f:17:65:71:6d:d1:91:60:
                    c2:24:cc:c7:26:7b:c2:86:ef:44:b5:2e:eb:a6:f1:
                    2a:09:60:51:ca:f7:1d:bc:a1:bc:98:43:95:56:86:
                    46:5e:35:64:15:5b:e3:db:e0:1b:c7:40:fb:28:08:
                    22:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:2D:E9:26:FA:31:EF:99:0A:82:CA:DF:C0:70:02:F7:85:88:EF:7A
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Xi3pJvox75kKgsrfwHAC94WI73o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:73:28:5a:4d:31:87:ab:2b:b8:44:5a:a7:ee:0c:ba:80:54:
         1f:7f:80:ea:ea:99:f5:b8:74:ab:49:be:67:8f:5b:81:9f:19:
         9c:82:fa:5a:59:08:56:8c:ee:ec:8d:81:fe:39:12:8f:55:ed:
         5a:d0:c5:db:78:7a:70:85:57:cd:6b:7d:85:e0:e6:97:b5:2e:
         f6:eb:55:0e:19:78:9b:fb:47:9a:a4:2c:12:7d:02:a7:18:1c:
         45:78:46:90:14:3f:a9:60:a1:43:04:1e:a1:82:9f:24:48:48:
         df:2f:79:14:0e:4e:9b:e7:bd:df:03:2a:f0:e2:62:ca:c2:48:
         ed:99:9d:47:a3:70:3b:29:5b:0a:43:4b:db:e6:10:8c:ba:04:
         ab:80:b5:e2:8e:f9:3a:ed:27:d9:86:0f:1d:b0:e7:bd:1b:e2:
         0b:71:2a:80:b5:f5:af:60:f7:84:3a:ed:cb:dd:ce:4c:ff:2a:
         02:b8:33:a3:75:d2:86:d5:af:77:8b:f8:87:7c:62:4b:1f:b1:
         a3:75:3d:67:b6:0f:75:30:7d:43:f0:37:6a:41:9c:81:9d:77:
         70:e5:d2:4a:e0:c7:48:38:58:d5:26:ca:88:d2:25:f4:e8:b7:
         e8:9e:66:a5:76:69:8d:18:7a:f7:8f:f7:63:01:1a:ae:9a:f5:
         b9:55:0e:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgSknHV03Nm1SH3VW+gU2cxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwNzE2MDkzMDQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTJkZTkyNmZhMzFlZjk5MGE4MmNhZGZjMDcwMDJmNzg1ODhlZjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlkAEIiXYRqOSeFJZYlz9vNKLUMm
fW7zAvdjNddia8R020PJTuGCA5LG3+JyimKwPzBV6O7HY24h5FJPrtTul5tFWaB2
Jm8Go8FUeGkU7NGaucHA3iipJ7DcuYdBKJBdY2REq50hc/5BW6Bxvk/Xn3M3uAt5
FE4o89T2jyKTRgxmjISt5wvfl0H06Xr1HYs34H3prxPdOmanuPPfEaFLIaeb339t
DJEOm92GtJe/r8gWpuVln8savSlbgOClfMgJOse6Z99ERWaTXxdlcW3RkWDCJMzH
JnvChu9EtS7rpvEqCWBRyvcdvKG8mEOVVoZGXjVkFVvj2+Abx0D7KAgi+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF4t6Sb6Me+ZCoLK38BwAveFiO96MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvWGkzcEp2b3g3NWtLZ3NyZndIQUM5NFdJNzNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVCBsMA0G
CSqGSIb3DQEBCwUAA4IBAQBNcyhaTTGHqyu4RFqn7gy6gFQff4Dq6pn1uHSrSb5n
j1uBnxmcgvpaWQhWjO7sjYH+ORKPVe1a0MXbeHpwhVfNa32F4OaXtS7261UOGXib
+0eapCwSfQKnGBxFeEaQFD+pYKFDBB6hgp8kSEjfL3kUDk6b573fAyrw4mLKwkjt
mZ1Ho3A7KVsKQ0vb5hCMugSrgLXijvk67SfZhg8dsOe9G+ILcSqAtfWvYPeEOu3L
3c5M/yoCuDOjddKG1a93i/iHfGJLH7GjdT1ntg91MH1D8DdqQZyBnXdw5dJK4MdI
OFjVJsqI0iX06LfonmaldmmNGHr3j/djARqumvW5VQ7W
-----END CERTIFICATE-----