Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/M35iT83Vv_CMe7NFJbQm5pfV58U.roa
File:                     M35iT83Vv_CMe7NFJbQm5pfV58U.roa (raw, json)
Hash identifier:          oTb0mduRtJzs5xqr+KbXf/4a3g8ItG3NPHzrzQeEy4k=
Subject key identifier:   33:7E:62:4F:CD:D5:BF:F0:8C:7B:B3:45:25:B4:26:E6:97:D5:E7:C5
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC5014E0308411AE021AE067F6C56A279
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/M35iT83Vv_CMe7NFJbQm5pfV58U.roa
Signing time:             Mon 01 Jan 2024 12:30:46 +0000
ROA not before:           Mon 01 Jan 2024 12:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        84.32.236.0/24 maxlen: 24
                          88.216.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4e:03:08:41:1a:e0:21:ae:06:7f:6c:56:a2:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=337e624fcdd5bff08c7bb34525b426e697d5e7c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:67:1d:d1:2c:da:ad:c1:44:81:45:08:af:7e:
                    c4:5e:2f:62:74:b0:66:c0:08:78:0e:14:e0:1c:ea:
                    0f:8b:b4:95:e4:4d:c8:4d:81:60:9d:f0:fb:7a:67:
                    ce:ea:36:6f:d6:f5:bd:9f:74:96:49:71:33:ad:fd:
                    a0:fd:b8:6b:da:93:f2:79:1c:aa:ad:c6:1e:d3:ec:
                    e0:2e:e5:46:04:bd:81:83:30:91:24:93:47:7d:4d:
                    fe:fb:83:3a:71:40:12:e9:6b:8a:7a:db:48:e0:b9:
                    a5:e6:ad:b4:50:7d:be:c2:b2:01:31:9d:49:4c:d7:
                    2d:08:3d:e1:e9:e7:28:3a:8c:db:c2:2a:6a:3f:1e:
                    38:1b:9f:54:fb:50:fb:27:ca:73:00:e8:80:c4:5a:
                    d6:11:fa:7e:fa:9d:0d:bd:4c:05:6b:92:75:14:5b:
                    9b:0b:50:8e:25:a2:2b:b7:78:db:14:eb:37:0a:16:
                    71:f5:20:94:78:20:c7:8a:21:cf:69:63:00:9c:d5:
                    6e:25:86:3e:0b:f0:0f:59:db:e4:b8:17:98:37:31:
                    6d:05:50:65:e7:6e:ff:b8:94:72:49:6d:83:fa:6d:
                    a7:0f:22:cb:f9:11:3d:d2:29:b7:40:3c:5c:b9:de:
                    e8:f6:a9:5d:43:ec:34:33:83:ed:f2:de:d7:b7:1a:
                    1f:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:7E:62:4F:CD:D5:BF:F0:8C:7B:B3:45:25:B4:26:E6:97:D5:E7:C5
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/M35iT83Vv_CMe7NFJbQm5pfV58U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.236.0/24
                  88.216.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:66:17:de:83:57:2d:61:dc:a2:9d:e1:8f:58:b8:39:1e:ab:
         4c:32:35:fb:1c:98:c8:d0:f9:20:44:a8:2b:b1:b6:87:4f:f6:
         da:8b:46:c7:00:ff:15:94:15:9b:3b:cb:2c:e8:50:0e:cc:9a:
         f3:11:f9:2c:b0:13:94:5f:4c:7a:6a:f1:a5:a9:13:8d:55:23:
         3a:9b:28:55:87:d8:94:45:9e:14:c3:03:81:1d:c2:86:dd:1e:
         f5:11:b1:2b:74:2b:fa:5e:c5:56:ef:0b:27:18:4e:d5:86:3b:
         ec:83:ce:04:55:e7:be:04:e5:31:ae:21:18:02:9b:00:c7:f7:
         75:31:a9:3f:ec:49:5d:6d:91:b9:65:0d:65:61:1b:d5:74:03:
         1a:0d:c0:32:9b:3d:b8:95:ff:ad:1d:a6:56:71:1c:90:b8:f4:
         b7:c4:58:e4:01:80:39:bf:82:74:93:91:f5:d3:81:25:a9:49:
         f5:38:54:aa:95:42:e7:bc:e5:3a:0a:97:db:da:bb:34:b1:8c:
         93:01:0e:b1:f2:b6:d8:e6:ce:2e:b1:7e:77:af:70:78:b9:6e:
         c0:50:c1:f0:26:6a:88:4d:9e:ff:f9:04:25:47:22:0e:d8:86:
         22:45:ed:e0:76:9b:25:0c:06:4a:dd:91:58:28:a2:e1:57:b7:
         c5:60:73:c5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAU4DCEEa4CGuBn9sVqJ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzdlNjI0ZmNkZDViZmYwOGM3YmIzNDUyNWI0MjZlNjk3ZDVlN2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGcd0SzarcFEgUUIr37EXi9idLBm
wAh4DhTgHOoPi7SV5E3ITYFgnfD7emfO6jZv1vW9n3SWSXEzrf2g/bhr2pPyeRyq
rcYe0+zgLuVGBL2BgzCRJJNHfU3++4M6cUAS6WuKettI4Lml5q20UH2+wrIBMZ1J
TNctCD3h6ecoOozbwipqPx44G59U+1D7J8pzAOiAxFrWEfp++p0NvUwFa5J1FFub
C1COJaIrt3jbFOs3ChZx9SCUeCDHiiHPaWMAnNVuJYY+C/APWdvkuBeYNzFtBVBl
527/uJRySW2D+m2nDyLL+RE90im3QDxcud7o9qldQ+w0M4Pt8t7XtxofAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDN+Yk/N1b/wjHuzRSW0JuaX1efFMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvTTM1aVQ4M1Z2X0NNZTdORkpiUW01cGZWNThVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVCDsAwQA
WNgiMA0GCSqGSIb3DQEBCwUAA4IBAQACZhfeg1ctYdyineGPWLg5HqtMMjX7HJjI
0PkgRKgrsbaHT/bai0bHAP8VlBWbO8ss6FAOzJrzEfkssBOUX0x6avGlqRONVSM6
myhVh9iURZ4UwwOBHcKG3R71EbErdCv6XsVW7wsnGE7Vhjvsg84EVee+BOUxriEY
ApsAx/d1Mak/7EldbZG5ZQ1lYRvVdAMaDcAymz24lf+tHaZWcRyQuPS3xFjkAYA5
v4J0k5H104ElqUn1OFSqlULnvOU6Cpfb2rs0sYyTAQ6x8rbY5s4usX53r3B4uW7A
UMHwJmqITZ7/+QQlRyIO2IYiRe3gdpslDAZK3ZFYKKLhV7fFYHPF
-----END CERTIFICATE-----