Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Fr7bJ0IlAkETIbKzX7vpjSkTcZ8.roa
File:                     Fr7bJ0IlAkETIbKzX7vpjSkTcZ8.roa (raw, json)
Hash identifier:          sexsq7pMVjYC29hr02989ky6I7wdn8H2yYNzZopttIc=
Subject key identifier:   16:BE:DB:27:42:25:02:41:13:21:B2:B3:5F:BB:E9:8D:29:13:71:9F
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC5014AFBC6A8676A037EB48B9CCD8325
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Fr7bJ0IlAkETIbKzX7vpjSkTcZ8.roa
Signing time:             Mon 01 Jan 2024 12:30:45 +0000
ROA not before:           Mon 01 Jan 2024 12:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201579
IP address blocks:        84.32.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4a:fb:c6:a8:67:6a:03:7e:b4:8b:9c:cd:83:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16bedb27422502411321b2b35fbbe98d2913719f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f3:a0:5e:12:50:de:34:ca:db:f4:28:5e:f7:
                    b3:44:62:cc:56:6b:a2:02:28:5a:4e:12:47:9f:f3:
                    c2:fc:52:9a:77:e3:ab:0f:d7:b0:ee:79:bc:3e:aa:
                    6f:38:52:f6:0c:f4:6a:24:3c:bf:70:5a:4f:4b:fe:
                    33:4d:0c:c2:6f:b7:30:d8:5b:f2:b6:80:21:13:e1:
                    1e:df:15:96:58:45:c2:39:27:6f:91:dd:e2:05:0d:
                    20:ed:7b:83:8e:30:2b:f5:63:ae:2d:c4:f9:1f:5d:
                    32:5e:8f:ac:3a:50:fe:b2:aa:aa:83:35:25:63:10:
                    79:4d:c6:cc:31:cd:88:52:94:df:78:a8:74:7a:7c:
                    0f:19:43:e5:10:b7:4a:a7:04:40:2a:6a:d7:08:80:
                    59:a7:6f:d3:53:3b:2f:f1:f7:22:a4:75:db:3c:cc:
                    67:69:74:6c:c6:94:91:68:d3:a8:e7:29:1a:44:d8:
                    cc:33:ed:16:e5:a3:a4:84:56:51:84:32:fe:d7:3e:
                    c2:b2:9e:2f:ca:50:8d:ca:dc:91:aa:d9:4a:d3:fe:
                    7a:be:e4:48:5e:4f:9c:3e:3f:bd:ef:1a:5a:c8:5c:
                    8b:8f:0c:54:5d:31:67:a8:e8:f0:c1:cc:1b:52:d9:
                    5f:40:e7:76:1f:ac:11:5a:ca:47:1e:f4:80:af:05:
                    e4:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:BE:DB:27:42:25:02:41:13:21:B2:B3:5F:BB:E9:8D:29:13:71:9F
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Fr7bJ0IlAkETIbKzX7vpjSkTcZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:7b:be:0e:a9:0d:0c:66:61:33:50:91:55:bd:65:2f:bd:a3:
         1c:70:d3:1e:71:61:65:ed:4a:81:84:a9:8a:5c:36:c0:60:77:
         ee:2b:7b:95:e5:e3:8f:d1:12:ef:cb:fa:a0:64:26:20:fe:65:
         12:f8:a8:f3:18:9a:6b:21:1b:86:a1:2b:2b:7c:c1:aa:d3:e6:
         b3:a1:c2:ef:9a:7d:4f:ff:04:3a:13:12:0b:72:09:06:ae:4c:
         fb:b9:2c:c7:a1:d7:f9:92:81:7b:bd:ac:7c:46:1b:95:e1:6c:
         4e:50:3c:08:37:6e:c0:0d:f7:91:d0:be:7e:8b:5d:10:99:8a:
         0e:e5:0b:50:13:c6:8d:82:ec:e6:b8:6a:7f:1e:5d:e6:08:6a:
         6a:bc:e6:6e:0d:3f:4b:5d:43:45:e9:8b:44:6c:e5:ee:af:c3:
         0f:b3:14:cc:ce:2f:71:46:5c:d6:53:5b:25:10:eb:e4:5f:39:
         6c:0a:ea:5f:44:4d:d6:2e:cb:b4:8c:3c:1e:5c:f9:63:ed:b1:
         d0:6f:1a:e0:92:c5:6e:7d:2a:69:ff:5b:f2:dc:2e:7c:3a:0f:
         2f:86:91:50:df:b8:03:eb:dc:ef:f8:c8:31:4d:dc:db:f9:3d:
         3e:da:01:16:8f:ba:33:7c:e9:a9:81:c2:bb:a4:74:e2:dc:19:
         a8:f3:b5:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUr7xqhnagN+tIuczYMlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmJlZGIyNzQyMjUwMjQxMTMyMWIyYjM1ZmJiZTk4ZDI5MTM3MTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/OgXhJQ3jTK2/QoXvezRGLMVmui
AihaThJHn/PC/FKad+OrD9ew7nm8PqpvOFL2DPRqJDy/cFpPS/4zTQzCb7cw2Fvy
toAhE+Ee3xWWWEXCOSdvkd3iBQ0g7XuDjjAr9WOuLcT5H10yXo+sOlD+sqqqgzUl
YxB5TcbMMc2IUpTfeKh0enwPGUPlELdKpwRAKmrXCIBZp2/TUzsv8fcipHXbPMxn
aXRsxpSRaNOo5ykaRNjMM+0W5aOkhFZRhDL+1z7Csp4vylCNytyRqtlK0/56vuRI
Xk+cPj+97xpayFyLjwxUXTFnqOjwwcwbUtlfQOd2H6wRWspHHvSArwXkNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBa+2ydCJQJBEyGys1+76Y0pE3GfMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvRnI3YkowSWxBa0VUSWJLelg3dnBqU2tUY1o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCApMA0G
CSqGSIb3DQEBCwUAA4IBAQCce74OqQ0MZmEzUJFVvWUvvaMccNMecWFl7UqBhKmK
XDbAYHfuK3uV5eOP0RLvy/qgZCYg/mUS+KjzGJprIRuGoSsrfMGq0+azocLvmn1P
/wQ6ExILcgkGrkz7uSzHodf5koF7vax8RhuV4WxOUDwIN27ADfeR0L5+i10QmYoO
5QtQE8aNguzmuGp/Hl3mCGpqvOZuDT9LXUNF6YtEbOXur8MPsxTMzi9xRlzWU1sl
EOvkXzlsCupfRE3WLsu0jDweXPlj7bHQbxrgksVufSpp/1vy3C58Og8vhpFQ37gD
69zv+MgxTdzb+T0+2gEWj7ozfOmpgcK7pHTi3Bmo87Wa
-----END CERTIFICATE-----