Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/zbjoSzdeQVZ0bImUKm3s8M7SK1w.roa
File:                     zbjoSzdeQVZ0bImUKm3s8M7SK1w.roa (raw, json)
Hash identifier:          SySvwIKrm6S5LgDybCJrbG+9/kwnovzJyRa1OaPZJ3g=
Subject key identifier:   CD:B8:E8:4B:37:5E:41:56:74:6C:89:94:2A:6D:EC:F0:CE:D2:2B:5C
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0195AFDF6C78F0CE93AA2E16B30B342C799E
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/zbjoSzdeQVZ0bImUKm3s8M7SK1w.roa
Signing time:             Wed 19 Mar 2025 19:26:49 +0000
ROA not before:           Wed 19 Mar 2025 19:26:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212609
IP address blocks:        84.32.78.0/24 maxlen: 24
                          88.216.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:af:df:6c:78:f0:ce:93:aa:2e:16:b3:0b:34:2c:79:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Mar 19 19:26:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cdb8e84b375e4156746c89942a6decf0ced22b5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:67:a8:52:fb:60:4d:b7:46:c7:9c:a1:7a:f0:
                    5a:fd:2b:6b:6b:67:2c:db:3f:26:dc:e9:8f:6b:74:
                    98:c5:78:e5:2c:16:b7:c9:6b:5c:07:22:37:87:62:
                    bb:5d:19:dd:fd:2b:22:14:7e:14:67:e4:4c:88:bb:
                    a0:41:32:80:05:a7:27:16:d6:f0:42:5c:cf:ba:97:
                    8a:e3:cf:9a:6b:ab:f5:8c:3b:22:17:c4:d5:3a:63:
                    74:85:3b:99:da:8d:87:b5:12:e0:b8:1f:c4:c7:6f:
                    e6:fa:db:0d:8d:5f:cb:0d:01:fe:67:d7:ab:f8:2c:
                    00:d5:26:b5:ba:e8:6a:ce:b1:a6:eb:3f:e1:0b:89:
                    fb:66:a0:f8:41:64:ed:26:30:df:04:14:ff:3d:3b:
                    a5:71:f3:f9:1d:7d:1f:37:dd:ac:54:51:4f:c2:53:
                    11:4a:fc:29:15:c4:3a:c2:6e:84:ad:51:db:bf:62:
                    2c:c0:91:8d:eb:9d:64:73:fb:4e:c2:51:55:b7:7e:
                    80:d8:0a:fa:ff:98:60:80:e9:79:e8:c8:78:d0:f9:
                    c6:f6:6a:f3:79:a5:c6:3f:e1:99:e5:ca:9b:63:ac:
                    b3:86:8b:33:1f:fa:9e:57:ae:cf:44:19:bf:5f:e4:
                    a4:cf:dc:5f:3f:c5:8a:e2:02:59:05:33:0b:77:01:
                    5d:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:B8:E8:4B:37:5E:41:56:74:6C:89:94:2A:6D:EC:F0:CE:D2:2B:5C
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/zbjoSzdeQVZ0bImUKm3s8M7SK1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.78.0/24
                  88.216.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:07:24:a4:c3:4a:b3:92:b2:8c:bf:ad:89:9f:1b:71:96:93:
         5a:58:c9:01:24:c7:d1:8a:d8:8d:ab:26:8e:1f:4c:d3:50:0e:
         c8:e8:02:9d:c0:8c:27:9c:b4:de:66:0a:f4:46:81:26:b3:36:
         01:00:a6:23:b7:7f:7a:36:9d:22:b7:4c:e1:f2:c5:d6:dd:e6:
         90:8f:cb:3d:8a:c6:29:62:37:01:2c:0e:2d:97:fe:3e:4f:0a:
         4b:e7:6e:66:4f:03:cb:39:d5:97:d7:e3:66:92:59:73:b5:06:
         b1:84:fc:ab:66:39:17:46:72:a0:7d:18:58:18:50:f7:4d:96:
         2e:34:07:fb:9b:b1:77:2f:f6:ff:cd:5f:60:85:a9:4b:5d:85:
         1e:ba:1e:ae:e4:40:54:b2:4b:0d:aa:91:5f:1a:f5:62:14:7e:
         fd:14:31:91:bf:c6:7c:1f:fb:93:d7:98:f5:5f:97:01:ff:2a:
         00:9a:9a:22:f9:22:8e:95:be:aa:fa:a0:e5:ad:dd:b6:6c:66:
         5d:26:56:ba:fd:02:11:53:ea:b6:1d:54:1c:45:2b:fb:ab:0f:
         43:57:d6:fd:1e:ab:72:cc:c2:e7:cd:5e:77:05:90:91:8c:93:
         2f:93:2f:88:07:10:de:68:03:45:32:8a:74:a9:c9:0c:f1:37:
         59:ee:04:f0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZWv32x48M6Tqi4Wsws0LHmeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwMzE5MTkyNjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGI4ZTg0YjM3NWU0MTU2NzQ2Yzg5OTQyYTZkZWNmMGNlZDIyYjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWeoUvtgTbdGx5yhevBa/Stra2cs
2z8m3OmPa3SYxXjlLBa3yWtcByI3h2K7XRnd/SsiFH4UZ+RMiLugQTKABacnFtbw
QlzPupeK48+aa6v1jDsiF8TVOmN0hTuZ2o2HtRLguB/Ex2/m+tsNjV/LDQH+Z9er
+CwA1Sa1uuhqzrGm6z/hC4n7ZqD4QWTtJjDfBBT/PTulcfP5HX0fN92sVFFPwlMR
SvwpFcQ6wm6ErVHbv2IswJGN651kc/tOwlFVt36A2Ar6/5hggOl56Mh40PnG9mrz
eaXGP+GZ5cqbY6yzhoszH/qeV67PRBm/X+Skz9xfP8WK4gJZBTMLdwFdcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM246Es3XkFWdGyJlCpt7PDO0itcMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvemJqb1N6ZGVRVlowYkltVUttM3M4TTdTSzF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVCBOAwQA
WNi0MA0GCSqGSIb3DQEBCwUAA4IBAQAVBySkw0qzkrKMv62JnxtxlpNaWMkBJMfR
itiNqyaOH0zTUA7I6AKdwIwnnLTeZgr0RoEmszYBAKYjt396Np0it0zh8sXW3eaQ
j8s9isYpYjcBLA4tl/4+TwpL525mTwPLOdWX1+NmkllztQaxhPyrZjkXRnKgfRhY
GFD3TZYuNAf7m7F3L/b/zV9ghalLXYUeuh6u5EBUsksNqpFfGvViFH79FDGRv8Z8
H/uT15j1X5cB/yoAmpoi+SKOlb6q+qDlrd22bGZdJla6/QIRU+q2HVQcRSv7qw9D
V9b9HqtyzMLnzV53BZCRjJMvky+IBxDeaANFMop0qckM8TdZ7gTw
-----END CERTIFICATE-----