Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/0D3E1xVLDUHIjAGbVoWxSLIZugo.roa
File:                     0D3E1xVLDUHIjAGbVoWxSLIZugo.roa (raw, json)
Hash identifier:          dJ+Bib7nkmrjwRK87Eb6cBCV+4bZjhRNsSBO88Zw4RM=
Subject key identifier:   D0:3D:C4:D7:15:4B:0D:41:C8:8C:01:9B:56:85:B1:48:B2:19:BA:0A
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018F09AB3F89BCFC41F26F2A75E6CF66F4E6
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/0D3E1xVLDUHIjAGbVoWxSLIZugo.roa
Signing time:             Tue 23 Apr 2024 06:36:08 +0000
ROA not before:           Tue 23 Apr 2024 06:36:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199297
IP address blocks:        84.32.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:09:ab:3f:89:bc:fc:41:f2:6f:2a:75:e6:cf:66:f4:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Apr 23 06:36:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d03dc4d7154b0d41c88c019b5685b148b219ba0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:2d:67:db:76:ba:ad:97:32:01:b2:f5:11:4d:
                    f8:82:a0:23:3e:81:05:52:cd:57:39:d9:d3:f5:f0:
                    c9:31:97:a9:40:f3:79:4c:fd:09:52:5d:29:f1:9c:
                    84:8c:be:47:31:64:40:c0:d2:32:d7:93:16:c1:b6:
                    74:b1:5c:3f:2b:c1:57:20:bb:da:7b:73:38:07:5f:
                    6e:63:47:53:a2:f7:d4:db:dd:34:60:6a:11:2e:d4:
                    75:4b:b0:d2:f6:30:8d:17:c0:13:eb:cb:74:5c:9f:
                    b1:e9:f1:e0:04:a2:13:58:b4:90:45:17:7b:29:3c:
                    a4:12:16:3f:7d:e6:79:82:74:e2:ff:e7:6c:04:c6:
                    c8:49:19:91:7d:5c:00:b0:bf:b2:3b:ad:b6:62:27:
                    9f:4b:68:43:bf:e2:77:ce:0c:35:d7:2d:ac:63:91:
                    f3:93:cc:cc:b6:2b:4f:84:10:c2:65:f8:98:e1:58:
                    d8:00:ea:89:2b:f5:6e:0a:a2:13:1b:03:f3:92:04:
                    be:83:e3:65:43:99:17:e9:b7:e0:2b:42:aa:35:e0:
                    fe:eb:ee:f5:a0:a9:57:fe:c5:b5:e0:83:2f:38:7b:
                    dd:fa:16:28:e1:de:bd:13:b6:44:06:eb:cd:43:91:
                    7e:ef:04:ef:ba:47:c5:a0:f9:67:dc:2b:cf:c3:c1:
                    62:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:3D:C4:D7:15:4B:0D:41:C8:8C:01:9B:56:85:B1:48:B2:19:BA:0A
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/0D3E1xVLDUHIjAGbVoWxSLIZugo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:fa:9f:88:97:97:7f:f7:d2:1b:e1:9c:52:39:a0:56:b2:8f:
         c2:d7:af:a0:bc:82:48:08:0b:48:f9:9f:cf:90:4f:55:64:e1:
         96:90:32:3d:22:18:c3:5d:43:ee:a5:60:a5:a6:31:d4:99:a6:
         2f:7a:75:50:db:0f:f7:e1:32:e8:ab:94:9c:76:81:72:31:74:
         4e:57:51:38:3f:71:ce:3f:9c:a5:24:91:39:a6:ff:58:d2:c3:
         97:a5:53:6a:f1:36:b2:57:f0:1a:9a:34:cd:6a:fe:a7:39:63:
         fe:95:1c:af:8e:5c:e2:55:90:6e:bd:ec:cc:a3:2a:e8:fc:64:
         f4:d4:17:22:8b:78:2c:5c:80:0e:f5:ee:4a:52:ca:85:e4:98:
         15:07:c5:82:29:a1:3e:a5:8c:ae:1a:71:80:1a:8b:d2:b0:96:
         ee:13:95:cb:0d:92:92:b4:1f:35:c0:dd:3d:16:f5:91:40:3e:
         20:8d:a7:d6:75:2e:80:b2:c4:73:44:fb:3f:22:37:10:68:8b:
         39:79:f0:a9:0c:f1:41:fa:2e:38:ba:3b:54:a1:f6:95:17:3f:
         5d:79:eb:95:cb:84:32:30:6b:74:3b:7d:59:9e:f4:2f:0d:47:
         53:de:72:7d:9d:c3:6c:d3:f1:69:5c:4a:ed:be:24:d9:cf:f1:
         52:55:5a:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8Jqz+JvPxB8m8qdebPZvTmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwNDIzMDYzNjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDNkYzRkNzE1NGIwZDQxYzg4YzAxOWI1Njg1YjE0OGIyMTliYTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy1n23a6rZcyAbL1EU34gqAjPoEF
Us1XOdnT9fDJMZepQPN5TP0JUl0p8ZyEjL5HMWRAwNIy15MWwbZ0sVw/K8FXILva
e3M4B19uY0dTovfU2900YGoRLtR1S7DS9jCNF8AT68t0XJ+x6fHgBKITWLSQRRd7
KTykEhY/feZ5gnTi/+dsBMbISRmRfVwAsL+yO622YiefS2hDv+J3zgw11y2sY5Hz
k8zMtitPhBDCZfiY4VjYAOqJK/VuCqITGwPzkgS+g+NlQ5kX6bfgK0KqNeD+6+71
oKlX/sW14IMvOHvd+hYo4d69E7ZEBuvNQ5F+7wTvukfFoPln3CvPw8FiMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNA9xNcVSw1ByIwBm1aFsUiyGboKMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvMEQzRTF4VkxEVUhJakFHYlZvV3hTTEladWdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCAJMA0G
CSqGSIb3DQEBCwUAA4IBAQAa+p+Il5d/99Ib4ZxSOaBWso/C16+gvIJICAtI+Z/P
kE9VZOGWkDI9IhjDXUPupWClpjHUmaYvenVQ2w/34TLoq5ScdoFyMXROV1E4P3HO
P5ylJJE5pv9Y0sOXpVNq8TayV/AamjTNav6nOWP+lRyvjlziVZBuvezMoyro/GT0
1Bcii3gsXIAO9e5KUsqF5JgVB8WCKaE+pYyuGnGAGovSsJbuE5XLDZKStB81wN09
FvWRQD4gjafWdS6AssRzRPs/IjcQaIs5efCpDPFB+i44ujtUofaVFz9deeuVy4Qy
MGt0O31ZnvQvDUdT3nJ9ncNs0/FpXErtviTZz/FSVVo+
-----END CERTIFICATE-----