Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mdC28BjWG55pQChWDDhCUXCB68Y.roa
File:                     mdC28BjWG55pQChWDDhCUXCB68Y.roa (raw, json)
Hash identifier:          DuysOZc4wWW7tdhUB7Hu9d08tlaSi2nUGTF2i6hoCMc=
Subject key identifier:   99:D0:B6:F0:18:D6:1B:9E:69:40:28:56:0C:38:42:51:70:81:EB:C6
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       019A6D62BA6D7C710E05D196DA5D489016D1
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mdC28BjWG55pQChWDDhCUXCB68Y.roa
Signing time:             Mon 10 Nov 2025 10:49:37 +0000
ROA not before:           Mon 10 Nov 2025 10:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43350
IP address blocks:        84.32.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Nov 2025 15:37:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:6d:62:ba:6d:7c:71:0e:05:d1:96:da:5d:48:90:16:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov 10 10:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99d0b6f018d61b9e694028560c3842517081ebc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:8f:e0:c0:15:81:1e:58:41:e8:fb:2d:1d:7f:
                    66:dc:38:d8:90:c9:a6:e2:28:5b:26:1a:9f:85:ec:
                    78:3e:f8:c9:f8:f5:03:a2:58:3c:cf:c8:62:6d:93:
                    8f:ea:46:63:40:6a:ec:17:e9:67:17:3e:9b:64:72:
                    97:b7:2a:41:0d:56:55:d8:ca:9e:0c:5a:4e:28:b2:
                    aa:5c:fa:9c:9a:0c:3f:d8:70:ba:da:9c:40:02:c1:
                    2d:21:f0:53:aa:4f:8b:d1:33:13:20:97:10:61:82:
                    19:20:4c:9a:43:11:ed:56:c7:73:10:8a:c2:09:1e:
                    b7:2c:6f:70:be:8d:af:a0:3d:05:e5:c0:4c:8d:65:
                    5d:f8:3d:f2:3f:48:dd:8f:88:2c:d3:43:df:fc:dd:
                    90:8a:cf:66:ba:2f:ff:ad:64:c9:b0:79:81:58:c9:
                    f8:9a:5b:fe:03:cc:3c:cb:24:59:b2:93:88:0b:ef:
                    49:fb:bc:04:ef:c7:2e:26:5d:da:60:40:69:6d:68:
                    be:61:6a:c8:de:a2:eb:4e:95:cd:4b:b0:d6:25:41:
                    18:35:74:5c:40:2f:f3:c0:fc:3c:70:94:d5:e6:5e:
                    4e:4b:bb:d5:51:f4:66:22:e8:70:b8:87:6d:dc:f0:
                    5f:2b:e4:55:ad:ee:a5:f0:f1:9a:2d:8c:42:30:d2:
                    5f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:D0:B6:F0:18:D6:1B:9E:69:40:28:56:0C:38:42:51:70:81:EB:C6
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mdC28BjWG55pQChWDDhCUXCB68Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:f3:5a:f6:d3:84:8b:70:b7:0d:d3:a1:0d:b6:ea:18:c6:87:
         b6:a1:61:a6:7f:86:db:62:75:dd:f7:6f:58:cc:5b:ba:d2:e8:
         fc:c3:0f:e5:58:13:24:9b:fd:88:a8:b3:f9:4a:55:c1:1f:cd:
         2e:23:93:25:e3:ea:63:82:c2:18:0e:3e:c0:16:27:41:4c:29:
         14:e3:48:f5:c1:5f:1a:0b:39:e1:26:a5:27:49:17:c0:ac:7b:
         d1:cf:23:66:9c:6a:a8:55:13:bb:11:78:c5:db:00:f4:39:d6:
         b4:31:41:d5:e5:2c:0a:13:cb:58:f8:d7:4f:48:81:75:55:d8:
         08:7d:96:30:12:a2:da:cc:ef:a2:08:e8:f9:e9:65:1a:6a:90:
         8f:9e:25:a0:f5:6d:c3:c5:31:4a:8c:87:b6:39:b5:29:6c:7f:
         03:d3:06:db:08:1b:9f:d3:82:39:95:43:20:3e:19:e3:b3:fc:
         98:48:2b:17:66:78:f7:12:23:fc:87:b6:c1:31:1f:22:0e:ac:
         9e:83:09:9a:26:f8:ea:8e:f7:a3:d5:49:2f:fd:59:2d:a8:5d:
         1d:b3:f5:c4:9d:66:e8:bf:3d:d5:fd:8a:ea:93:68:dc:f8:9b:
         19:0f:c0:01:7d:47:0f:d8:97:14:4c:90:36:f2:dd:21:70:37:
         44:e5:c4:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZptYrptfHEOBdGW2l1IkBbRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUxMTEwMTA0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWQwYjZmMDE4ZDYxYjllNjk0MDI4NTYwYzM4NDI1MTcwODFlYmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAto/gwBWBHlhB6PstHX9m3DjYkMmm
4ihbJhqfhex4PvjJ+PUDolg8z8hibZOP6kZjQGrsF+lnFz6bZHKXtypBDVZV2Mqe
DFpOKLKqXPqcmgw/2HC62pxAAsEtIfBTqk+L0TMTIJcQYYIZIEyaQxHtVsdzEIrC
CR63LG9wvo2voD0F5cBMjWVd+D3yP0jdj4gs00Pf/N2Qis9mui//rWTJsHmBWMn4
mlv+A8w8yyRZspOIC+9J+7wE78cuJl3aYEBpbWi+YWrI3qLrTpXNS7DWJUEYNXRc
QC/zwPw8cJTV5l5OS7vVUfRmIuhwuIdt3PBfK+RVre6l8PGaLYxCMNJf6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJnQtvAY1hueaUAoVgw4QlFwgevGMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvbWRDMjhCaldHNTVwUUNoV0REaENVWENCNjhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCAKMA0G
CSqGSIb3DQEBCwUAA4IBAQBv81r204SLcLcN06ENtuoYxoe2oWGmf4bbYnXd929Y
zFu60uj8ww/lWBMkm/2IqLP5SlXBH80uI5Ml4+pjgsIYDj7AFidBTCkU40j1wV8a
CznhJqUnSRfArHvRzyNmnGqoVRO7EXjF2wD0Oda0MUHV5SwKE8tY+NdPSIF1VdgI
fZYwEqLazO+iCOj56WUaapCPniWg9W3DxTFKjIe2ObUpbH8D0wbbCBuf04I5lUMg
Phnjs/yYSCsXZnj3EiP8h7bBMR8iDqyegwmaJvjqjvej1Ukv/VktqF0ds/XEnWbo
vz3V/Yrqk2jc+JsZD8ABfUcP2JcUTJA28t0hcDdE5cRL
-----END CERTIFICATE-----