Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/I9_ATEpF-8wwge5o_tKn7iP-dmY.roa
File:                     I9_ATEpF-8wwge5o_tKn7iP-dmY.roa (raw, json)
Hash identifier:          DHfrNQfT4E8f91u+gKQH9bz5h4t0b6VoZ24BGFzpkzQ=
Subject key identifier:   23:DF:C0:4C:4A:45:FB:CC:30:81:EE:68:FE:D2:A7:EE:23:FE:76:66
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       019508CFAD26DB46BCFDC78340C151DD8C58
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/I9_ATEpF-8wwge5o_tKn7iP-dmY.roa
Signing time:             Sat 15 Feb 2025 08:53:02 +0000
ROA not before:           Sat 15 Feb 2025 08:53:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4637
IP address blocks:        84.32.64.0/24 maxlen: 24
                          84.32.223.0/24 maxlen: 24
                          88.216.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:08:cf:ad:26:db:46:bc:fd:c7:83:40:c1:51:dd:8c:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Feb 15 08:53:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23dfc04c4a45fbcc3081ee68fed2a7ee23fe7666
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:88:cc:ee:34:f8:db:0a:da:0c:77:52:8d:4d:
                    02:e0:a1:4f:f8:02:85:81:e2:25:1a:10:a3:31:d4:
                    8c:8a:f4:b5:d1:34:5e:00:c5:1f:40:07:f7:1b:d6:
                    40:7f:ae:eb:44:d8:7c:70:9f:1d:9d:d0:57:2d:55:
                    6a:36:7d:14:0d:8a:ca:6a:76:ae:4b:b1:1d:14:38:
                    16:d2:58:db:45:8f:a8:32:ce:93:fd:23:e5:9e:b7:
                    a9:bd:9e:3c:a7:1f:a9:3b:88:76:83:ec:2e:ba:1e:
                    66:ab:c3:c9:ab:02:cf:c4:b7:8e:0f:c9:8b:42:da:
                    1b:e6:22:33:4a:1d:b0:0f:5e:87:01:7d:70:b7:a0:
                    99:07:3b:27:0c:29:8d:82:8a:1c:02:d8:11:04:87:
                    6b:57:bc:1f:4b:4e:cd:67:5b:1c:56:3e:db:09:e5:
                    4c:34:d0:ca:f3:f0:1e:10:e7:7e:86:68:df:dc:81:
                    1f:37:84:00:55:bd:83:cd:f8:95:5a:df:a8:b1:a3:
                    db:f7:89:4a:da:ea:c0:62:49:44:68:54:28:4e:5c:
                    8c:e2:fb:cc:06:61:e2:ad:ab:1e:05:6e:37:88:5f:
                    ee:cf:09:f2:9a:8e:dc:be:cf:76:17:61:77:13:5a:
                    15:a7:a5:e9:b2:e4:9d:d5:0d:7b:94:50:6b:dc:e6:
                    09:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:DF:C0:4C:4A:45:FB:CC:30:81:EE:68:FE:D2:A7:EE:23:FE:76:66
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/I9_ATEpF-8wwge5o_tKn7iP-dmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.64.0/24
                  84.32.223.0/24
                  88.216.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:87:48:62:04:35:af:58:c6:01:c1:e7:6c:ae:b3:b4:37:fc:
         0e:45:ee:66:65:d2:d1:71:9b:b9:da:44:85:cb:19:83:5a:d8:
         0a:dc:9c:0f:c5:83:63:fa:f7:b8:ed:7d:cf:56:f1:a8:89:ae:
         d0:b4:ca:a6:26:ec:fb:b7:f7:e6:cc:40:d2:5d:4e:9c:a0:82:
         c7:27:e9:ff:7f:5c:d0:99:06:ab:c9:8f:5c:55:31:d9:35:13:
         b0:8e:7f:13:e3:01:e2:2c:29:03:8c:4d:ba:7b:3a:e1:6e:54:
         ea:c4:0f:2d:50:94:38:f9:91:44:7e:41:c2:cb:37:7c:95:d8:
         9c:a0:df:a8:66:94:dd:14:ec:c1:79:75:80:ef:c9:fb:a8:dd:
         3e:ac:00:f6:54:e0:6d:cc:4e:d5:36:d2:1d:bb:d7:53:41:43:
         4f:85:36:7e:8d:7e:9f:be:56:77:e1:e1:1d:89:a4:b3:f5:c2:
         f8:64:8c:f0:04:3d:f5:1b:c6:39:82:d2:9c:09:6a:4c:82:52:
         62:5f:1e:cb:02:ec:c1:c6:ac:e5:02:82:a8:ad:e2:15:9c:47:
         4a:58:90:c7:7b:45:0d:8b:20:c4:7b:c9:c6:f2:f5:0a:2e:58:
         19:97:ed:3a:ee:a2:3b:3d:c8:7b:ce:59:0e:01:35:85:1c:23:
         24:f5:51:83
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZUIz60m20a8/ceDQMFR3YxYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwMjE1MDg1MzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2RmYzA0YzRhNDVmYmNjMzA4MWVlNjhmZWQyYTdlZTIzZmU3NjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIjM7jT42wraDHdSjU0C4KFP+AKF
geIlGhCjMdSMivS10TReAMUfQAf3G9ZAf67rRNh8cJ8dndBXLVVqNn0UDYrKanau
S7EdFDgW0ljbRY+oMs6T/SPlnrepvZ48px+pO4h2g+wuuh5mq8PJqwLPxLeOD8mL
Qtob5iIzSh2wD16HAX1wt6CZBzsnDCmNgoocAtgRBIdrV7wfS07NZ1scVj7bCeVM
NNDK8/AeEOd+hmjf3IEfN4QAVb2DzfiVWt+osaPb94lK2urAYklEaFQoTlyM4vvM
BmHiraseBW43iF/uzwnymo7cvs92F2F3E1oVp6XpsuSd1Q17lFBr3OYJwQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCPfwExKRfvMMIHuaP7Sp+4j/nZmMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvSTlfQVRFcEYtOHd3Z2U1b190S243aVAtZG1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVCBAAwQA
VCDfAwQAWNgiMA0GCSqGSIb3DQEBCwUAA4IBAQAOh0hiBDWvWMYBwedsrrO0N/wO
Re5mZdLRcZu52kSFyxmDWtgK3JwPxYNj+ve47X3PVvGoia7QtMqmJuz7t/fmzEDS
XU6coILHJ+n/f1zQmQaryY9cVTHZNROwjn8T4wHiLCkDjE26ezrhblTqxA8tUJQ4
+ZFEfkHCyzd8ldicoN+oZpTdFOzBeXWA78n7qN0+rAD2VOBtzE7VNtIdu9dTQUNP
hTZ+jX6fvlZ34eEdiaSz9cL4ZIzwBD31G8Y5gtKcCWpMglJiXx7LAuzBxqzlAoKo
reIVnEdKWJDHe0UNiyDEe8nG8vUKLlgZl+067qI7Pch7zlkOATWFHCMk9VGD
-----END CERTIFICATE-----