Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/KsX8p8MaIbhNSSbZo1l-1CCB0eI.roa
File:                     KsX8p8MaIbhNSSbZo1l-1CCB0eI.roa (raw, json)
Hash identifier:          8AzcCjz1hgZ0pM6p7KYtEDksrnbwEi9KwjReQzrIJ78=
Subject key identifier:   2A:C5:FC:A7:C3:1A:21:B8:4D:49:26:D9:A3:59:7E:D4:20:81:D1:E2
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018D17A261630DAC48612BA279303275FF1C
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/KsX8p8MaIbhNSSbZo1l-1CCB0eI.roa
Signing time:             Wed 17 Jan 2024 13:35:34 +0000
ROA not before:           Wed 17 Jan 2024 13:35:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56485
IP address blocks:        84.32.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:17:a2:61:63:0d:ac:48:61:2b:a2:79:30:32:75:ff:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan 17 13:35:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ac5fca7c31a21b84d4926d9a3597ed42081d1e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:95:a1:9d:fa:af:fd:c3:04:87:6b:fc:5d:f3:
                    cb:06:fa:ca:53:bc:bd:52:c6:ae:eb:b1:61:73:bf:
                    35:f4:1f:ce:4b:25:1d:c5:91:48:75:ef:3d:9c:ab:
                    c6:c4:b9:14:19:f7:11:06:b5:9f:17:43:57:5a:70:
                    72:39:9e:fc:ce:6f:3d:38:c9:f5:f6:3e:44:8a:96:
                    3b:f9:2a:fd:96:4a:4c:16:a9:1c:ec:cf:e7:c4:be:
                    1d:0e:42:cd:50:9a:35:a6:48:f0:4f:e2:83:01:b3:
                    c4:97:c1:93:66:dc:e2:28:74:7e:fa:51:60:fc:2e:
                    af:5d:63:09:0e:52:1c:0c:9e:68:f2:6f:97:ca:9a:
                    8e:9b:cf:ca:39:ff:16:7a:b8:aa:f3:27:c5:be:40:
                    b1:ba:19:ca:77:13:ce:fc:b0:fa:c9:4f:48:f7:82:
                    86:fe:bf:2e:9c:bb:01:fa:9e:c4:b8:28:9a:47:bb:
                    22:fa:94:3f:4d:a8:95:76:87:9d:17:52:08:77:9b:
                    ba:2c:85:41:8a:dd:57:62:cd:d9:92:6f:4e:9b:12:
                    67:70:72:ae:90:2d:b4:d0:9c:db:ee:9f:fe:a9:d3:
                    3a:c7:99:1c:20:02:6d:b7:77:72:53:63:b1:0b:97:
                    2e:d6:98:b4:b3:27:2d:53:9f:c5:9a:f7:8e:27:c3:
                    5b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:C5:FC:A7:C3:1A:21:B8:4D:49:26:D9:A3:59:7E:D4:20:81:D1:E2
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/KsX8p8MaIbhNSSbZo1l-1CCB0eI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:37:ee:e9:38:3a:db:60:d4:dd:d8:22:15:b4:43:31:05:35:
         a8:d6:48:af:ae:03:88:ef:0c:4e:d1:3d:65:3f:a8:cc:78:c6:
         57:58:2e:24:5d:8e:69:72:4b:37:48:9e:23:fe:0e:9e:8d:3c:
         b9:df:0e:10:0f:0e:55:e7:d1:4f:20:aa:fe:aa:7d:8e:d8:b5:
         f6:47:88:10:c5:ae:ef:3a:0d:34:56:a8:92:e8:99:5a:ac:bf:
         03:b0:8d:75:85:51:1d:67:02:a8:32:85:50:79:56:57:c6:23:
         89:16:49:aa:4d:15:56:ab:62:e6:1c:a1:e7:79:8e:46:59:5f:
         87:6a:d4:53:7f:67:a9:00:8b:35:15:41:b8:6d:ee:fd:36:68:
         1a:74:84:f9:7a:45:f4:21:fc:16:25:00:1a:74:20:d1:c5:95:
         44:85:fe:49:80:db:1e:af:90:70:af:99:7d:81:d7:e4:36:de:
         71:a0:1f:27:59:06:dc:f4:cd:c1:f2:bc:98:9c:4b:d3:7c:92:
         1c:1f:a9:e9:14:e4:2d:35:b7:69:34:5f:8d:70:1b:ff:8f:9a:
         10:ae:5d:45:fa:7f:90:f2:a9:b3:72:55:05:e9:10:de:46:4a:
         31:5a:f7:3f:a3:1d:f2:38:02:fe:3f:2f:79:39:ca:62:e9:01:
         c3:92:f9:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0XomFjDaxIYSuieTAydf8cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTE3MTMzNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWM1ZmNhN2MzMWEyMWI4NGQ0OTI2ZDlhMzU5N2VkNDIwODFkMWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJWhnfqv/cMEh2v8XfPLBvrKU7y9
Usau67Fhc7819B/OSyUdxZFIde89nKvGxLkUGfcRBrWfF0NXWnByOZ78zm89OMn1
9j5EipY7+Sr9lkpMFqkc7M/nxL4dDkLNUJo1pkjwT+KDAbPEl8GTZtziKHR++lFg
/C6vXWMJDlIcDJ5o8m+XypqOm8/KOf8Weriq8yfFvkCxuhnKdxPO/LD6yU9I94KG
/r8unLsB+p7EuCiaR7si+pQ/TaiVdoedF1IId5u6LIVBit1XYs3Zkm9OmxJncHKu
kC200Jzb7p/+qdM6x5kcIAJtt3dyU2OxC5cu1pi0syctU5/FmveOJ8NbQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrF/KfDGiG4TUkm2aNZftQggdHiMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvS3NYOHA4TWFJYmhOU1NiWm8xbC0xQ0NCMGVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCA5MA0G
CSqGSIb3DQEBCwUAA4IBAQB5N+7pODrbYNTd2CIVtEMxBTWo1kivrgOI7wxO0T1l
P6jMeMZXWC4kXY5pcks3SJ4j/g6ejTy53w4QDw5V59FPIKr+qn2O2LX2R4gQxa7v
Og00VqiS6JlarL8DsI11hVEdZwKoMoVQeVZXxiOJFkmqTRVWq2LmHKHneY5GWV+H
atRTf2epAIs1FUG4be79NmgadIT5ekX0IfwWJQAadCDRxZVEhf5JgNser5Bwr5l9
gdfkNt5xoB8nWQbc9M3B8ryYnEvTfJIcH6npFOQtNbdpNF+NcBv/j5oQrl1F+n+Q
8qmzclUF6RDeRkoxWvc/ox3yOAL+Py95Ocpi6QHDkvkb
-----END CERTIFICATE-----