Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/udxVcZfjWVs7IaLZrxPExVbIc-g.roa
File:                     udxVcZfjWVs7IaLZrxPExVbIc-g.roa (raw, json)
Hash identifier:          keL3J7JJI5OxIDrp3sU1wJwO0pLBaMLzWUbdcjNquQo=
Subject key identifier:   B9:DC:55:71:97:E3:59:5B:3B:21:A2:D9:AF:13:C4:C5:56:C8:73:E8
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0194CB103E6B77C04ADBF7042C24802D37DE
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/udxVcZfjWVs7IaLZrxPExVbIc-g.roa
Signing time:             Mon 03 Feb 2025 09:07:06 +0000
ROA not before:           Mon 03 Feb 2025 09:07:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62164
IP address blocks:        84.32.5.0/24 maxlen: 24
                          88.216.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:cb:10:3e:6b:77:c0:4a:db:f7:04:2c:24:80:2d:37:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Feb  3 09:07:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b9dc557197e3595b3b21a2d9af13c4c556c873e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:84:9b:05:d6:e6:0f:f7:bc:bc:b4:9a:07:6e:
                    6c:95:16:7e:36:82:35:f0:cb:1c:d1:ad:7a:78:aa:
                    41:e1:fb:aa:46:53:3b:ec:8d:f6:86:19:5b:ab:9e:
                    c3:c2:70:01:89:4f:93:4a:d3:b8:37:33:d5:60:f4:
                    75:84:a8:b3:04:bb:c5:d0:b2:41:46:cb:63:da:d5:
                    6d:78:79:c4:0a:f7:e0:c8:85:59:87:95:63:d3:b3:
                    0a:2a:3a:4f:f0:74:29:46:90:cb:fd:3c:fe:e2:7c:
                    de:24:59:1c:e0:73:f5:fc:19:d5:d7:47:55:ad:db:
                    21:c4:13:13:d1:3e:b5:90:06:56:18:7a:73:6a:89:
                    26:53:65:36:07:1e:4a:e9:29:62:23:db:1e:00:2e:
                    b8:05:45:bc:fa:83:3a:f6:be:28:11:33:46:a1:a4:
                    24:d4:ef:6b:87:ce:e0:79:89:66:20:b5:f6:02:e8:
                    56:13:8d:50:e4:63:ea:e6:18:c7:d9:0d:5f:cc:74:
                    49:cf:f9:3b:ac:7a:5b:be:75:74:6d:27:82:ca:2a:
                    68:55:16:85:70:2e:dc:88:80:d1:ef:0e:a7:d2:78:
                    33:e3:6b:0d:1c:03:d6:96:8e:53:b8:a4:51:45:21:
                    6c:f2:9f:dd:a4:8c:22:de:8b:ae:da:c9:50:a0:27:
                    64:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:DC:55:71:97:E3:59:5B:3B:21:A2:D9:AF:13:C4:C5:56:C8:73:E8
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/udxVcZfjWVs7IaLZrxPExVbIc-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.5.0/24
                  88.216.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:69:bf:ac:99:d3:17:67:42:ad:25:52:a7:94:7b:2e:93:3e:
         71:1b:39:1e:a7:e2:33:a4:52:c1:f7:95:32:35:bc:b6:47:49:
         78:c0:52:41:b2:12:4a:d7:31:e1:70:b0:c8:e9:e6:3c:35:08:
         eb:eb:64:0f:88:54:ef:0b:09:2d:bd:c2:ee:ed:78:b3:88:de:
         bb:0d:60:09:89:ee:2d:de:f2:06:ef:e3:1d:31:3e:62:c0:66:
         30:c4:a5:03:ab:c3:bd:7b:63:31:e6:f6:eb:5f:f8:e6:d0:9f:
         e9:e8:8e:d8:e0:cc:ea:33:f4:6b:f6:de:ca:7e:bb:37:9c:2b:
         3c:9c:4e:33:ac:38:e7:a1:4b:5e:a6:2e:7d:53:eb:35:31:3f:
         ec:f0:49:b4:82:ec:55:4b:6a:f8:ad:51:1a:7c:1c:e8:28:12:
         f8:ac:b6:ca:d9:11:c8:4e:8a:8c:9a:62:87:cb:be:15:5e:84:
         4f:de:45:09:26:be:d7:c9:2c:d6:d0:6b:8f:51:7c:54:6e:98:
         e5:2a:46:63:0c:c2:66:4b:7e:65:16:df:e0:35:b6:d9:f1:43:
         57:c1:19:60:e6:cc:2d:8a:d7:4c:c9:aa:35:9b:11:bf:c3:0c:
         2e:6f:30:de:8a:9c:dc:cb:a5:d1:c1:71:2d:74:f9:56:47:1f:
         a6:4e:d9:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZTLED5rd8BK2/cELCSALTfeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwMjAzMDkwNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWRjNTU3MTk3ZTM1OTViM2IyMWEyZDlhZjEzYzRjNTU2Yzg3M2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYSbBdbmD/e8vLSaB25slRZ+NoI1
8Msc0a16eKpB4fuqRlM77I32hhlbq57DwnABiU+TStO4NzPVYPR1hKizBLvF0LJB
Rstj2tVteHnECvfgyIVZh5Vj07MKKjpP8HQpRpDL/Tz+4nzeJFkc4HP1/BnV10dV
rdshxBMT0T61kAZWGHpzaokmU2U2Bx5K6SliI9seAC64BUW8+oM69r4oETNGoaQk
1O9rh87geYlmILX2AuhWE41Q5GPq5hjH2Q1fzHRJz/k7rHpbvnV0bSeCyipoVRaF
cC7ciIDR7w6n0ngz42sNHAPWlo5TuKRRRSFs8p/dpIwi3ouu2slQoCdkYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLncVXGX41lbOyGi2a8TxMVWyHPoMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvdWR4VmNaZmpXVnM3SWFMWnJ4UEV4VmJJYy1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVCAFAwQA
WNhjMA0GCSqGSIb3DQEBCwUAA4IBAQAIab+smdMXZ0KtJVKnlHsukz5xGzkep+Iz
pFLB95UyNby2R0l4wFJBshJK1zHhcLDI6eY8NQjr62QPiFTvCwktvcLu7XiziN67
DWAJie4t3vIG7+MdMT5iwGYwxKUDq8O9e2Mx5vbrX/jm0J/p6I7Y4MzqM/Rr9t7K
frs3nCs8nE4zrDjnoUtepi59U+s1MT/s8Em0guxVS2r4rVEafBzoKBL4rLbK2RHI
ToqMmmKHy74VXoRP3kUJJr7XySzW0GuPUXxUbpjlKkZjDMJmS35lFt/gNbbZ8UNX
wRlg5swtitdMyao1mxG/wwwubzDeipzcy6XRwXEtdPlWRx+mTtns
-----END CERTIFICATE-----