Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/E2zNnb04xNMvKMHeZh3rv8m8Pfg.roa
File:                     E2zNnb04xNMvKMHeZh3rv8m8Pfg.roa (raw, json)
Hash identifier:          v8Ba9I+Ben8x8D1vNZFiGXsXtNU5rJpUfclS0VfgfgQ=
Subject key identifier:   13:6C:CD:9D:BD:38:C4:D3:2F:28:C1:DE:66:1D:EB:BF:C9:BC:3D:F8
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01942826BEA5771ED92074D3A110B7A5E755
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/E2zNnb04xNMvKMHeZh3rv8m8Pfg.roa
Signing time:             Thu 02 Jan 2025 17:53:35 +0000
ROA not before:           Thu 02 Jan 2025 17:53:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200017
IP address blocks:        84.32.148.0/24 maxlen: 24
                          84.32.210.0/24 maxlen: 24
                          88.216.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 02:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:be:a5:77:1e:d9:20:74:d3:a1:10:b7:a5:e7:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  2 17:53:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=136ccd9dbd38c4d32f28c1de661debbfc9bc3df8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:65:27:0d:65:71:0a:e9:3c:22:60:80:d6:db:
                    0e:1d:70:03:da:86:57:77:c9:d2:e3:88:e3:dc:7f:
                    5e:9f:2d:96:e5:fc:ea:e3:c7:61:00:be:58:6e:2b:
                    1d:93:8d:06:7e:7b:c2:ba:51:aa:ab:6a:77:e9:96:
                    72:39:cf:04:3b:a7:61:b8:ab:44:f5:31:a7:cd:ee:
                    f4:b4:c5:76:7c:c2:da:37:28:6c:67:28:e8:89:ac:
                    44:dd:01:80:d7:a1:ab:ea:3a:b6:44:c0:9c:cd:3b:
                    41:c7:80:fd:65:37:6c:6c:53:e3:f7:d5:a3:3b:6f:
                    e0:0a:62:21:57:90:f7:18:d8:39:15:cd:fd:92:89:
                    ee:b1:8b:54:ab:3a:7c:b8:70:fa:2e:6d:85:ae:8a:
                    96:f0:e7:6f:b9:0e:fd:92:54:aa:c8:e1:15:11:c1:
                    72:e8:55:5f:66:b9:63:54:fc:e6:63:34:e3:d7:ff:
                    cb:b0:35:22:2c:db:9a:36:e4:f0:dd:18:f5:62:e0:
                    a1:ef:86:bb:f1:6c:42:4d:81:1f:18:8d:5c:4e:d2:
                    74:92:35:bd:d7:95:eb:85:a2:05:d1:cc:84:14:71:
                    3f:58:e1:52:ef:c9:cd:ca:3b:ea:ad:d3:51:63:05:
                    2b:a6:78:e6:34:74:fc:78:04:c0:11:b8:86:c4:3b:
                    61:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:6C:CD:9D:BD:38:C4:D3:2F:28:C1:DE:66:1D:EB:BF:C9:BC:3D:F8
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/E2zNnb04xNMvKMHeZh3rv8m8Pfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.148.0/24
                  84.32.210.0/24
                  88.216.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:d5:59:99:f3:16:9d:fa:ba:2d:cb:1f:f0:73:cd:28:ba:9f:
         e2:8b:66:6f:5a:60:32:40:0a:7c:1e:a8:93:88:69:67:fc:7c:
         bf:23:4b:c3:8a:ef:69:03:09:b1:84:e0:a9:42:08:4a:94:c4:
         fe:4a:3f:08:15:8f:7d:ea:fd:6f:ee:9a:01:9e:77:ca:bc:56:
         5a:eb:3f:f3:e1:39:cf:53:61:e3:48:ab:a7:cb:1c:d3:7c:73:
         ed:ab:1b:02:94:aa:fd:1a:54:db:99:ee:30:b7:ec:0b:37:22:
         b5:0d:30:90:8f:55:8e:9c:5a:c5:1f:7b:a5:fb:47:85:69:37:
         4b:f9:44:25:ea:3b:52:25:9c:16:fb:b6:54:34:8a:83:01:0d:
         44:b7:28:4f:3c:6e:4f:84:17:c2:7b:a3:70:2e:38:90:f2:36:
         d9:33:de:2d:78:8e:93:0c:89:d0:58:8d:2d:4c:2b:ee:88:74:
         f0:04:5b:2e:e5:cc:f4:ea:90:6a:b8:13:ac:22:6e:9f:91:1e:
         18:df:72:b8:96:73:bd:a7:a0:af:5c:22:98:01:56:fb:ee:44:
         a8:5b:80:c7:b0:c4:08:3a:b0:a7:05:b4:06:2e:9f:bd:87:24:
         ad:25:2d:70:7b:e2:6b:7d:08:d5:21:eb:81:10:71:ac:d0:cb:
         8a:fa:80:65
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQoJr6ldx7ZIHTToRC3pedVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwMTAyMTc1MzM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzZjY2Q5ZGJkMzhjNGQzMmYyOGMxZGU2NjFkZWJiZmM5YmMzZGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGUnDWVxCuk8ImCA1tsOHXAD2oZX
d8nS44jj3H9eny2W5fzq48dhAL5Ybisdk40GfnvCulGqq2p36ZZyOc8EO6dhuKtE
9TGnze70tMV2fMLaNyhsZyjoiaxE3QGA16Gr6jq2RMCczTtBx4D9ZTdsbFPj99Wj
O2/gCmIhV5D3GNg5Fc39konusYtUqzp8uHD6Lm2FroqW8OdvuQ79klSqyOEVEcFy
6FVfZrljVPzmYzTj1//LsDUiLNuaNuTw3Rj1YuCh74a78WxCTYEfGI1cTtJ0kjW9
15XrhaIF0cyEFHE/WOFS78nNyjvqrdNRYwUrpnjmNHT8eATAEbiGxDthTwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBNszZ29OMTTLyjB3mYd67/JvD34MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvRTJ6Tm5iMDR4Tk12S01IZVpoM3J2OG04UGZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVCCUAwQA
VCDSAwQAWNhsMA0GCSqGSIb3DQEBCwUAA4IBAQAA1VmZ8xad+rotyx/wc80oup/i
i2ZvWmAyQAp8HqiTiGln/Hy/I0vDiu9pAwmxhOCpQghKlMT+Sj8IFY996v1v7poB
nnfKvFZa6z/z4TnPU2HjSKunyxzTfHPtqxsClKr9GlTbme4wt+wLNyK1DTCQj1WO
nFrFH3ul+0eFaTdL+UQl6jtSJZwW+7ZUNIqDAQ1EtyhPPG5PhBfCe6NwLjiQ8jbZ
M94teI6TDInQWI0tTCvuiHTwBFsu5cz06pBquBOsIm6fkR4Y33K4lnO9p6CvXCKY
AVb77kSoW4DHsMQIOrCnBbQGLp+9hyStJS1we+JrfQjVIeuBEHGs0MuK+oBl
-----END CERTIFICATE-----