Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/3l3IfPsrXg3bKHbGXHn91CRUW3A.roa
File:                     3l3IfPsrXg3bKHbGXHn91CRUW3A.roa (raw, json)
Hash identifier:          yxMItc2Xo93RqGAF55UHb1JtVDVha1X7V92meJm33e8=
Subject key identifier:   DE:5D:C8:7C:FB:2B:5E:0D:DB:28:76:C6:5C:79:FD:D4:24:54:5B:70
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC50141D19AE221B25D677FB673DECB72
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/3l3IfPsrXg3bKHbGXHn91CRUW3A.roa
Signing time:             Mon 01 Jan 2024 12:30:43 +0000
ROA not before:           Mon 01 Jan 2024 12:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48215
IP address blocks:        84.32.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:41:d1:9a:e2:21:b2:5d:67:7f:b6:73:de:cb:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de5dc87cfb2b5e0ddb2876c65c79fdd424545b70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:12:33:47:1e:1a:c8:d9:81:9d:28:03:81:2d:
                    45:20:e0:f0:6d:61:62:fa:7a:37:7b:c2:a4:3a:46:
                    1c:8d:ec:6a:f5:d8:c1:75:01:c2:f8:c9:4d:6a:98:
                    d7:63:5c:68:9e:24:c0:0d:87:23:6f:a9:14:5b:32:
                    c9:31:bb:56:fe:e1:0c:37:42:6d:04:2a:38:5d:c3:
                    e2:76:cc:a6:4f:52:ad:66:b5:37:7e:9b:e4:ae:2d:
                    1c:44:8f:14:e6:7e:94:ca:59:72:3e:94:9a:04:6f:
                    71:e2:7e:5d:81:86:f3:fb:fd:1a:a0:7d:98:63:cb:
                    72:4c:27:fc:ca:c7:42:39:ba:2f:61:db:00:fe:c0:
                    5a:0c:e4:5a:5b:94:c2:9f:6e:17:d2:d5:54:32:9f:
                    17:40:24:11:32:36:e2:0a:f5:34:de:01:a1:a7:b3:
                    cd:ae:d9:fb:eb:57:90:47:0a:b2:3b:b3:70:ea:5e:
                    c4:17:43:b0:04:df:56:af:b3:d3:98:71:ef:ca:f0:
                    92:3e:de:ed:08:a7:07:b1:65:65:4c:9e:da:43:b9:
                    bc:3c:b6:48:2f:b3:15:e7:fb:5a:89:11:05:27:f6:
                    2a:a1:14:98:c7:66:8a:ac:4e:8e:98:90:e2:0e:fb:
                    c9:a8:5b:e7:3f:72:62:5a:48:c9:d8:e6:9c:38:f8:
                    61:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:5D:C8:7C:FB:2B:5E:0D:DB:28:76:C6:5C:79:FD:D4:24:54:5B:70
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/3l3IfPsrXg3bKHbGXHn91CRUW3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:32:55:c4:05:65:f1:14:ee:eb:ad:80:57:13:80:eb:02:78:
         b1:38:9b:19:b2:94:0a:09:5f:13:20:a8:5b:58:19:db:a9:c7:
         3e:24:26:1f:e2:c9:8a:99:d2:5c:7f:27:e1:13:ae:2f:1f:a0:
         2d:74:20:18:a0:f6:2a:63:c3:b4:fb:fd:ed:3a:15:99:18:fb:
         48:78:6e:e0:2d:b5:63:34:9f:f6:4f:84:61:a6:1f:7f:90:51:
         25:3f:41:8c:80:3d:43:27:6a:5c:0a:a5:16:75:cb:ba:2d:2d:
         ca:30:2d:4a:ff:0b:10:64:15:85:21:52:00:47:3b:75:08:58:
         a4:71:3a:de:a5:83:49:ba:47:ec:d4:8b:83:68:06:22:fb:66:
         21:5a:50:61:e3:84:ef:43:5a:70:47:09:da:2a:41:fd:8a:b4:
         49:da:31:f2:e5:21:27:b9:4a:e2:4b:b4:b1:3b:80:35:3f:e6:
         22:d4:a9:78:98:1e:16:33:99:1b:9c:e1:78:8b:a4:91:73:d4:
         67:72:4c:78:9c:9a:ad:42:16:dd:1e:34:f7:c9:c4:d3:04:33:
         0c:26:2e:1a:17:c4:c3:4b:19:28:23:ea:14:39:b6:ea:cf:8b:
         88:55:66:bb:5f:4f:38:98:ae:13:72:4d:a8:f7:0d:27:64:45:
         11:cb:7a:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUHRmuIhsl1nf7Zz3styMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTVkYzg3Y2ZiMmI1ZTBkZGIyODc2YzY1Yzc5ZmRkNDI0NTQ1YjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRIzRx4ayNmBnSgDgS1FIODwbWFi
+no3e8KkOkYcjexq9djBdQHC+MlNapjXY1xoniTADYcjb6kUWzLJMbtW/uEMN0Jt
BCo4XcPidsymT1KtZrU3fpvkri0cRI8U5n6UyllyPpSaBG9x4n5dgYbz+/0aoH2Y
Y8tyTCf8ysdCObovYdsA/sBaDORaW5TCn24X0tVUMp8XQCQRMjbiCvU03gGhp7PN
rtn761eQRwqyO7Nw6l7EF0OwBN9Wr7PTmHHvyvCSPt7tCKcHsWVlTJ7aQ7m8PLZI
L7MV5/taiREFJ/YqoRSYx2aKrE6OmJDiDvvJqFvnP3JiWkjJ2OacOPhh/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN5dyHz7K14N2yh2xlx5/dQkVFtwMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvM2wzSWZQc3JYZzNiS0hiR1hIbjkxQ1JVVzNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCDmMA0G
CSqGSIb3DQEBCwUAA4IBAQBFMlXEBWXxFO7rrYBXE4DrAnixOJsZspQKCV8TIKhb
WBnbqcc+JCYf4smKmdJcfyfhE64vH6AtdCAYoPYqY8O0+/3tOhWZGPtIeG7gLbVj
NJ/2T4Rhph9/kFElP0GMgD1DJ2pcCqUWdcu6LS3KMC1K/wsQZBWFIVIARzt1CFik
cTrepYNJukfs1IuDaAYi+2YhWlBh44TvQ1pwRwnaKkH9irRJ2jHy5SEnuUriS7Sx
O4A1P+Yi1Kl4mB4WM5kbnOF4i6SRc9Rnckx4nJqtQhbdHjT3ycTTBDMMJi4aF8TD
SxkoI+oUObbqz4uIVWa7X084mK4Tck2o9w0nZEURy3rR
-----END CERTIFICATE-----