Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/M10mXldQUqExgOA4KwIZU2qz3uA.roa
File:                     M10mXldQUqExgOA4KwIZU2qz3uA.roa (raw, json)
Hash identifier:          Ttvas9z4+1lfWq+X1TSmuXei9DKDK7d9N83uKMMQIws=
Subject key identifier:   33:5D:26:5E:57:50:52:A1:31:80:E0:38:2B:02:19:53:6A:B3:DE:E0
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018D6467BDC67A0E02B98EDBF674421D97FD
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/M10mXldQUqExgOA4KwIZU2qz3uA.roa
Signing time:             Thu 01 Feb 2024 11:22:16 +0000
ROA not before:           Thu 01 Feb 2024 11:22:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47436
IP address blocks:        84.32.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:64:67:bd:c6:7a:0e:02:b9:8e:db:f6:74:42:1d:97:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Feb  1 11:22:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=335d265e575052a13180e0382b0219536ab3dee0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:10:93:ba:07:0c:84:38:e9:05:fc:da:78:f4:
                    5e:42:de:a8:2e:3a:7e:4e:be:50:2a:9a:ab:3c:61:
                    c3:e6:78:db:e3:3f:02:f6:e8:86:51:9a:8e:8d:11:
                    1a:bd:9c:e4:ce:d3:45:1f:2b:aa:b0:8c:67:2c:93:
                    06:66:3b:6a:39:cc:59:33:a5:ac:3f:17:76:d7:4d:
                    22:99:68:bf:a7:33:c3:ed:8b:7e:27:69:21:d9:d9:
                    ca:5e:12:5f:71:45:0d:66:6d:c6:23:31:c3:bb:b6:
                    8b:eb:5b:08:70:69:e0:b8:7a:90:5d:3f:fa:5b:a7:
                    ac:9c:4d:8e:1a:12:be:5b:a5:df:55:19:e4:73:09:
                    b0:6c:84:77:3a:4d:9f:c1:03:ee:62:17:f4:00:dc:
                    b1:3c:4f:b9:5f:34:70:75:3f:b4:0e:fa:8c:46:c6:
                    45:c9:b0:ca:1f:c9:ce:6d:d6:9c:d5:a1:cc:4b:0c:
                    91:34:5d:39:9a:57:39:69:9a:b3:4f:06:74:36:f4:
                    66:9c:87:08:83:d2:50:a0:b4:e1:42:79:fd:72:f6:
                    5b:b6:ab:da:ff:8f:32:6f:a1:a1:b3:1e:b8:20:06:
                    bc:aa:e7:62:11:c1:98:10:dd:0c:03:9c:c0:36:1a:
                    b6:fb:b4:25:d1:df:4f:1e:19:74:bd:39:57:d9:5c:
                    94:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:5D:26:5E:57:50:52:A1:31:80:E0:38:2B:02:19:53:6A:B3:DE:E0
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/M10mXldQUqExgOA4KwIZU2qz3uA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:a4:29:84:f5:5f:90:01:76:4a:af:e0:7f:5a:1d:93:9a:70:
         a4:b2:de:50:b1:16:9d:56:e3:75:36:71:35:4f:d1:ee:12:cc:
         03:49:31:79:cf:50:d1:3a:0b:ba:b6:c5:c3:4d:04:f5:a6:4a:
         16:7d:25:2e:72:20:d4:14:0e:77:b0:d0:82:b0:17:23:73:ae:
         96:78:40:af:01:7a:6c:09:65:c1:62:cd:b3:95:a7:e8:53:72:
         c6:30:47:df:98:6c:81:f7:fa:cc:be:ea:75:3c:05:67:f7:0c:
         1a:14:18:01:1d:79:0a:90:f9:2b:95:84:56:50:4f:2b:10:6f:
         fd:c0:b5:54:0d:8c:da:b8:0c:3a:f1:8d:6a:c5:8b:40:a4:1b:
         7b:73:79:74:76:71:69:c3:7c:7e:31:f0:b0:57:0e:f2:b6:b1:
         a8:3c:ed:fe:03:65:17:2f:a2:a1:82:f9:4f:57:66:29:ea:af:
         e0:94:a3:bb:97:86:43:0e:2c:66:66:c7:9e:aa:9f:93:b4:d9:
         43:5e:c8:e7:3e:15:d9:e6:e2:73:39:40:39:e8:0d:ba:55:3e:
         3d:13:9c:50:31:f1:56:5c:3e:c3:8d:c6:d3:2a:fd:a7:cc:41:
         93:64:78:1b:9b:81:54:78:f6:cf:f3:be:64:5e:4d:47:18:6a:
         73:b7:1b:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1kZ73Geg4CuY7b9nRCHZf9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMjAxMTEyMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzVkMjY1ZTU3NTA1MmExMzE4MGUwMzgyYjAyMTk1MzZhYjNkZWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhCTugcMhDjpBfzaePReQt6oLjp+
Tr5QKpqrPGHD5njb4z8C9uiGUZqOjREavZzkztNFHyuqsIxnLJMGZjtqOcxZM6Ws
Pxd2100imWi/pzPD7Yt+J2kh2dnKXhJfcUUNZm3GIzHDu7aL61sIcGnguHqQXT/6
W6esnE2OGhK+W6XfVRnkcwmwbIR3Ok2fwQPuYhf0ANyxPE+5XzRwdT+0DvqMRsZF
ybDKH8nObdac1aHMSwyRNF05mlc5aZqzTwZ0NvRmnIcIg9JQoLThQnn9cvZbtqva
/48yb6Ghsx64IAa8qudiEcGYEN0MA5zANhq2+7Ql0d9PHhl0vTlX2VyUKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDNdJl5XUFKhMYDgOCsCGVNqs97gMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvTTEwbVhsZFFVcUV4Z09BNEt3SVpVMnF6M3VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCDnMA0G
CSqGSIb3DQEBCwUAA4IBAQB8pCmE9V+QAXZKr+B/Wh2TmnCkst5QsRadVuN1NnE1
T9HuEswDSTF5z1DROgu6tsXDTQT1pkoWfSUuciDUFA53sNCCsBcjc66WeECvAXps
CWXBYs2zlafoU3LGMEffmGyB9/rMvup1PAVn9wwaFBgBHXkKkPkrlYRWUE8rEG/9
wLVUDYzauAw68Y1qxYtApBt7c3l0dnFpw3x+MfCwVw7ytrGoPO3+A2UXL6KhgvlP
V2Yp6q/glKO7l4ZDDixmZseeqp+TtNlDXsjnPhXZ5uJzOUA56A26VT49E5xQMfFW
XD7DjcbTKv2nzEGTZHgbm4FUePbP875kXk1HGGpztxu8
-----END CERTIFICATE-----