Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/KVvGURJIAvReciwlwGaFsuNXrdk.roa
File:                     KVvGURJIAvReciwlwGaFsuNXrdk.roa (raw, json)
Hash identifier:          0mzgThK8hZmV3kaTRRXPArZ0dDhRRvDgzjQ9PMdPCF4=
Subject key identifier:   29:5B:C6:51:12:48:02:F4:5E:72:2C:25:C0:66:85:B2:E3:57:AD:D9
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01942826B9FF3E0337014539B109DA6A70EA
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/KVvGURJIAvReciwlwGaFsuNXrdk.roa
Signing time:             Thu 02 Jan 2025 17:53:34 +0000
ROA not before:           Thu 02 Jan 2025 17:53:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62425
IP address blocks:        84.32.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:b9:ff:3e:03:37:01:45:39:b1:09:da:6a:70:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  2 17:53:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=295bc651124802f45e722c25c06685b2e357add9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c3:46:8b:9d:75:2f:a7:af:fd:05:2c:d8:74:
                    4f:59:31:1d:a1:4b:9a:7a:1f:4c:e0:65:fd:22:a8:
                    68:b2:3d:42:16:d2:25:e5:e9:5e:71:48:5a:5c:da:
                    83:59:75:93:b1:7a:15:6c:01:98:d5:4a:96:f5:1f:
                    0d:1f:11:f1:50:c4:2f:28:c8:af:8d:02:6d:a7:d8:
                    e3:5a:d2:91:5e:4e:df:6d:67:c7:b5:aa:b5:48:62:
                    79:e0:64:39:a9:17:e4:fe:e4:da:3d:c5:ce:b4:0b:
                    22:bf:cc:f8:36:8b:dd:fe:f6:29:a2:e5:71:31:8d:
                    86:c4:88:fd:da:81:78:88:bf:79:72:a9:73:1b:51:
                    bd:77:88:70:90:5c:e3:27:4b:c9:bc:d5:50:da:6b:
                    2b:e1:9f:b4:98:7f:fb:6e:20:89:a9:df:11:56:f8:
                    71:b9:9e:25:7c:1e:25:fb:56:93:2c:d2:61:14:53:
                    27:4f:34:2a:50:1e:eb:57:f9:0c:1a:e9:a9:2f:78:
                    15:f1:46:24:ac:61:9e:a8:f5:7f:10:91:6b:1f:0e:
                    f3:be:50:2f:7b:d3:c8:b6:14:8c:07:fe:2a:5a:4d:
                    4a:4d:99:d9:57:5c:0f:0f:18:8e:29:87:a6:ce:8c:
                    c9:bd:b7:96:34:b9:b7:1b:cc:fb:b5:a0:19:30:d3:
                    9a:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:5B:C6:51:12:48:02:F4:5E:72:2C:25:C0:66:85:B2:E3:57:AD:D9
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/KVvGURJIAvReciwlwGaFsuNXrdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:cf:c2:50:13:56:70:aa:59:db:d6:46:c3:c7:93:b9:45:26:
         00:f0:e5:7d:4d:fc:99:c1:db:e7:1e:11:25:44:5a:29:a1:00:
         2b:70:ca:37:14:b3:66:82:e6:83:6c:e2:a9:48:0c:c9:6f:76:
         53:e8:29:1b:83:03:bf:cd:79:a8:c4:81:1f:e2:83:13:27:0c:
         0d:1f:cb:41:77:6f:f4:04:ac:d1:12:70:6b:45:59:61:2e:d0:
         4c:a5:20:f8:da:c6:6b:14:6a:32:53:18:2e:fb:5c:4e:de:23:
         d8:7d:ae:5f:5a:a8:79:99:82:09:d6:40:8f:df:18:de:3a:ce:
         43:56:78:53:9c:fa:3a:ca:30:bc:ef:ce:15:74:e8:24:15:17:
         45:53:8e:81:dd:bc:d4:8e:ec:4b:1c:c1:85:c2:22:3d:5e:99:
         86:22:37:ac:c0:1c:7c:51:00:7c:a2:fe:cc:fa:ae:4c:98:d7:
         35:8e:19:db:8e:df:60:39:32:40:e6:3b:41:c9:2e:82:14:94:
         0c:73:e7:4c:28:d2:db:25:c3:f8:ed:ab:ea:1b:14:87:a8:84:
         f8:da:02:60:c7:4f:50:9a:b4:2b:b1:59:8b:0a:4b:93:a3:80:
         72:df:8d:59:32:f8:6f:92:ea:3b:35:dc:5a:93:22:7d:f8:d0:
         01:07:d8:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJrn/PgM3AUU5sQnaanDqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwMTAyMTc1MzM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTViYzY1MTEyNDgwMmY0NWU3MjJjMjVjMDY2ODViMmUzNTdhZGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMNGi511L6ev/QUs2HRPWTEdoUua
eh9M4GX9Iqhosj1CFtIl5elecUhaXNqDWXWTsXoVbAGY1UqW9R8NHxHxUMQvKMiv
jQJtp9jjWtKRXk7fbWfHtaq1SGJ54GQ5qRfk/uTaPcXOtAsiv8z4Novd/vYpouVx
MY2GxIj92oF4iL95cqlzG1G9d4hwkFzjJ0vJvNVQ2msr4Z+0mH/7biCJqd8RVvhx
uZ4lfB4l+1aTLNJhFFMnTzQqUB7rV/kMGumpL3gV8UYkrGGeqPV/EJFrHw7zvlAv
e9PIthSMB/4qWk1KTZnZV1wPDxiOKYemzozJvbeWNLm3G8z7taAZMNOa5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClbxlESSAL0XnIsJcBmhbLjV63ZMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvS1Z2R1VSSklBdlJlY2l3bHdHYUZzdU5YcmRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCDmMA0G
CSqGSIb3DQEBCwUAA4IBAQAoz8JQE1Zwqlnb1kbDx5O5RSYA8OV9TfyZwdvnHhEl
RFopoQArcMo3FLNmguaDbOKpSAzJb3ZT6CkbgwO/zXmoxIEf4oMTJwwNH8tBd2/0
BKzREnBrRVlhLtBMpSD42sZrFGoyUxgu+1xO3iPYfa5fWqh5mYIJ1kCP3xjeOs5D
VnhTnPo6yjC8784VdOgkFRdFU46B3bzUjuxLHMGFwiI9XpmGIjeswBx8UQB8ov7M
+q5MmNc1jhnbjt9gOTJA5jtByS6CFJQMc+dMKNLbJcP47avqGxSHqIT42gJgx09Q
mrQrsVmLCkuTo4By341ZMvhvkuo7NdxakyJ9+NABB9hH
-----END CERTIFICATE-----