Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/BqtgGIHQm8gwf5mR-abOBPk56T8.roa
File:                     BqtgGIHQm8gwf5mR-abOBPk56T8.roa (raw, json)
Hash identifier:          ex00IOrnxqpbHCPajuozr/FFGdkHsMOOwOY+7WNTDJc=
Subject key identifier:   06:AB:60:18:81:D0:9B:C8:30:7F:99:91:F9:A6:CE:04:F9:39:E9:3F
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01942826B53F751C8658F74E214F15092B8B
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/BqtgGIHQm8gwf5mR-abOBPk56T8.roa
Signing time:             Thu 02 Jan 2025 17:53:32 +0000
ROA not before:           Thu 02 Jan 2025 17:53:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56485
IP address blocks:        84.32.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:b5:3f:75:1c:86:58:f7:4e:21:4f:15:09:2b:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  2 17:53:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06ab601881d09bc8307f9991f9a6ce04f939e93f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:06:4c:86:b5:af:4c:23:52:6d:47:48:f9:03:
                    60:7d:3b:7b:2a:eb:30:e4:72:3a:c8:c8:7a:95:78:
                    54:05:c1:23:15:9a:7b:f3:fc:0b:9b:3e:f4:e6:ab:
                    80:37:55:40:38:a9:06:1b:46:2a:58:d4:ed:4e:c9:
                    7e:6f:e5:ea:b4:99:8c:ae:9b:e6:60:79:d1:b1:ac:
                    a0:3a:e7:44:b9:e9:d1:e1:46:61:0f:9f:fb:58:6b:
                    ac:50:cf:ee:de:3c:4a:c5:f2:38:4b:cb:62:86:16:
                    74:27:9c:37:63:4a:42:13:53:c7:ab:bf:25:7b:41:
                    42:28:b4:47:05:50:dd:6e:ad:74:9c:67:6f:c8:80:
                    00:e4:84:ad:86:67:5e:e0:71:90:6b:44:b7:c2:21:
                    63:ce:91:42:10:dd:78:85:93:16:11:a7:d1:9c:ce:
                    d2:27:20:ce:b4:96:13:28:24:0f:41:9d:02:1a:de:
                    85:e8:f6:77:b9:4f:e8:23:79:c4:cf:9b:af:74:f6:
                    47:6c:75:22:24:c0:38:99:a2:1f:b5:a4:96:ed:30:
                    91:c4:d6:69:00:45:b8:04:0f:8d:6c:ef:d6:96:14:
                    c6:66:cb:a5:64:f7:be:09:2d:33:4d:7e:6a:c9:b2:
                    71:08:e2:23:70:66:e0:c7:0a:29:d9:be:b1:11:f6:
                    dd:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:AB:60:18:81:D0:9B:C8:30:7F:99:91:F9:A6:CE:04:F9:39:E9:3F
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/BqtgGIHQm8gwf5mR-abOBPk56T8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:f1:87:c1:65:06:80:cf:5e:a8:b5:48:57:71:46:f5:a9:a6:
         c3:57:70:34:0a:ba:bd:de:6e:77:df:0e:cd:25:cd:25:3c:78:
         1d:91:0f:29:13:50:14:84:71:c6:55:fe:a4:c8:75:e0:e7:a8:
         6a:1c:f7:1e:c0:19:34:e9:2d:85:c9:f2:cc:86:8f:d5:74:99:
         d6:b3:d0:a6:28:6f:63:45:90:0c:a4:16:81:99:43:74:a4:cb:
         7c:d7:c8:a1:8f:90:d7:34:29:44:fd:ad:65:c7:c7:2c:bb:8e:
         d1:aa:a4:c1:0b:1a:a3:86:ff:a7:68:bd:4a:4a:26:5f:bb:e9:
         a5:42:4f:dc:ff:c2:bb:27:98:a3:49:1d:c3:e8:23:6a:49:0f:
         27:72:dd:7b:7f:53:ba:25:f4:26:56:ae:3d:f9:a8:30:df:ac:
         85:2c:26:9a:ef:63:a9:49:cc:b2:46:7d:cd:b1:c3:f3:67:39:
         e3:71:3f:48:04:24:f1:64:5b:a9:fb:5a:29:1d:ec:0a:64:f2:
         1b:5b:bd:5d:78:2d:16:72:b1:1a:01:bb:e1:db:69:51:89:a4:
         f6:7b:4c:3f:79:9f:01:b9:64:13:c4:31:74:40:c3:db:eb:37:
         6c:5f:9a:e1:d4:53:ab:3a:f4:25:c8:81:81:69:aa:f1:f5:c5:
         77:d5:2a:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJrU/dRyGWPdOIU8VCSuLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwMTAyMTc1MzMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmFiNjAxODgxZDA5YmM4MzA3Zjk5OTFmOWE2Y2UwNGY5MzllOTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8gZMhrWvTCNSbUdI+QNgfTt7Kusw
5HI6yMh6lXhUBcEjFZp78/wLmz705quAN1VAOKkGG0YqWNTtTsl+b+XqtJmMrpvm
YHnRsaygOudEuenR4UZhD5/7WGusUM/u3jxKxfI4S8tihhZ0J5w3Y0pCE1PHq78l
e0FCKLRHBVDdbq10nGdvyIAA5ISthmde4HGQa0S3wiFjzpFCEN14hZMWEafRnM7S
JyDOtJYTKCQPQZ0CGt6F6PZ3uU/oI3nEz5uvdPZHbHUiJMA4maIftaSW7TCRxNZp
AEW4BA+NbO/WlhTGZsulZPe+CS0zTX5qybJxCOIjcGbgxwop2b6xEfbdbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAarYBiB0JvIMH+ZkfmmzgT5Oek/MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvQnF0Z0dJSFFtOGd3ZjVtUi1hYk9CUGs1NlQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCA5MA0G
CSqGSIb3DQEBCwUAA4IBAQBG8YfBZQaAz16otUhXcUb1qabDV3A0Crq93m533w7N
Jc0lPHgdkQ8pE1AUhHHGVf6kyHXg56hqHPcewBk06S2FyfLMho/VdJnWs9CmKG9j
RZAMpBaBmUN0pMt818ihj5DXNClE/a1lx8csu47RqqTBCxqjhv+naL1KSiZfu+ml
Qk/c/8K7J5ijSR3D6CNqSQ8nct17f1O6JfQmVq49+agw36yFLCaa72OpScyyRn3N
scPzZznjcT9IBCTxZFup+1opHewKZPIbW71deC0WcrEaAbvh22lRiaT2e0w/eZ8B
uWQTxDF0QMPb6zdsX5rh1FOrOvQlyIGBaarx9cV31SpC
-----END CERTIFICATE-----