Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Nv5fGdpJ1EMjj5oGIHpObQn9vfo.roa
File:                     Nv5fGdpJ1EMjj5oGIHpObQn9vfo.roa (raw, json)
Hash identifier:          VtR3XKh+72F/cYHKNNjM2psZrY+KExv4vAIu9lww8wA=
Subject key identifier:   36:FE:5F:19:DA:49:D4:43:23:8F:9A:06:20:7A:4E:6D:09:FD:BD:FA
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018E5799DE302E718496AC9B86697C5094D2
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Nv5fGdpJ1EMjj5oGIHpObQn9vfo.roa
Signing time:             Tue 19 Mar 2024 16:44:45 +0000
ROA not before:           Tue 19 Mar 2024 16:44:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200017
IP address blocks:        84.32.148.0/24 maxlen: 24
                          84.32.210.0/24 maxlen: 24
                          88.216.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 05:42:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:57:99:de:30:2e:71:84:96:ac:9b:86:69:7c:50:94:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Mar 19 16:44:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36fe5f19da49d443238f9a06207a4e6d09fdbdfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:54:b7:68:13:a7:22:91:b3:dd:f0:16:f0:6d:
                    83:69:72:ab:7d:61:f6:62:24:84:cd:df:7f:52:3d:
                    b4:5e:8c:68:57:6c:6f:ba:0a:6e:bb:a4:83:cd:ae:
                    89:af:88:ff:d3:f2:58:60:b6:6c:81:3e:83:12:7c:
                    3b:40:6a:47:f0:ce:3c:4d:dc:68:56:3b:71:92:d0:
                    2b:42:1d:1b:5d:e4:b2:76:d5:9d:63:28:54:10:6c:
                    6f:e1:e9:a6:54:10:1b:51:93:2d:d2:27:e9:ba:4e:
                    cf:e4:ab:d9:6d:04:eb:d6:e3:1f:05:9c:71:46:c1:
                    50:73:9c:f4:da:8c:5d:76:e8:7a:ef:b3:f9:96:77:
                    7b:9f:49:3d:9f:80:cc:d2:5e:5e:b0:0e:92:31:5d:
                    3b:a1:2e:18:80:58:2e:36:09:c8:25:9e:b4:48:57:
                    4b:82:91:b8:7a:57:4e:9e:e9:35:b0:c4:0d:df:82:
                    15:ce:f7:fa:be:88:e7:9a:d8:02:b8:37:21:e6:90:
                    1c:86:8c:41:67:6a:fb:60:47:0f:c3:b6:13:86:06:
                    19:6e:f6:77:40:44:51:f6:a4:16:e4:76:fa:0d:26:
                    cc:76:ff:df:75:e9:9e:a2:69:0c:a9:b9:df:ec:59:
                    8c:77:d4:22:ce:de:75:1d:bb:bc:c8:98:f2:d5:67:
                    af:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:FE:5F:19:DA:49:D4:43:23:8F:9A:06:20:7A:4E:6D:09:FD:BD:FA
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Nv5fGdpJ1EMjj5oGIHpObQn9vfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.148.0/24
                  84.32.210.0/24
                  88.216.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:c6:f6:e7:56:19:c8:3d:b3:b9:cb:b8:81:04:d7:cb:e5:bd:
         35:9a:7f:d0:40:d1:ec:48:34:53:9f:72:96:c2:6d:c3:e1:da:
         5c:20:98:04:d0:e6:e3:49:53:18:bc:34:f5:d6:43:77:76:76:
         75:bd:c8:a6:d6:32:da:6e:51:9a:61:88:11:55:57:90:85:77:
         e2:fd:5c:9d:f3:4c:98:eb:c4:e7:34:de:ea:d8:14:8b:a4:7a:
         71:f6:ef:3a:c6:76:ee:07:df:f1:cd:3d:83:ae:eb:63:36:0d:
         7a:23:2d:dd:8b:ac:e0:ac:cc:5f:f7:6e:54:78:5d:a2:87:6b:
         5b:ba:27:c4:88:3f:9a:7b:6d:50:db:43:e6:f7:97:59:38:f2:
         36:ad:a2:a7:d9:52:f6:d8:b9:c8:e3:30:81:88:86:a8:29:c6:
         69:45:9e:bb:2e:2f:a0:38:f3:89:b8:d5:1e:e5:a4:02:8b:fb:
         8a:c7:b7:39:e7:cd:9d:26:01:15:66:c6:a5:49:e8:08:94:49:
         98:c9:ad:aa:a8:da:0a:fc:ab:6c:2e:d2:bd:1f:c1:69:06:d2:
         44:5d:b8:78:02:7e:c9:68:98:79:f5:b6:c7:aa:57:1d:9c:d0:
         5b:01:05:e9:4c:80:81:2f:77:67:99:35:25:0d:5b:75:1e:bf:
         b9:ff:e8:0e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY5Xmd4wLnGElqybhml8UJTSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMzE5MTY0NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmZlNWYxOWRhNDlkNDQzMjM4ZjlhMDYyMDdhNGU2ZDA5ZmRiZGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1S3aBOnIpGz3fAW8G2DaXKrfWH2
YiSEzd9/Uj20XoxoV2xvugpuu6SDza6Jr4j/0/JYYLZsgT6DEnw7QGpH8M48Tdxo
VjtxktArQh0bXeSydtWdYyhUEGxv4emmVBAbUZMt0ifpuk7P5KvZbQTr1uMfBZxx
RsFQc5z02oxdduh677P5lnd7n0k9n4DM0l5esA6SMV07oS4YgFguNgnIJZ60SFdL
gpG4eldOnuk1sMQN34IVzvf6vojnmtgCuDch5pAchoxBZ2r7YEcPw7YThgYZbvZ3
QERR9qQW5Hb6DSbMdv/fdemeomkMqbnf7FmMd9Qizt51Hbu8yJjy1WevqQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDb+XxnaSdRDI4+aBiB6Tm0J/b36MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvTnY1ZkdkcEoxRU1qajVvR0lIcE9iUW45dmZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVCCUAwQA
VCDSAwQAWNhsMA0GCSqGSIb3DQEBCwUAA4IBAQBUxvbnVhnIPbO5y7iBBNfL5b01
mn/QQNHsSDRTn3KWwm3D4dpcIJgE0ObjSVMYvDT11kN3dnZ1vcim1jLablGaYYgR
VVeQhXfi/Vyd80yY68TnNN7q2BSLpHpx9u86xnbuB9/xzT2DrutjNg16Iy3di6zg
rMxf925UeF2ih2tbuifEiD+ae21Q20Pm95dZOPI2raKn2VL22LnI4zCBiIaoKcZp
RZ67Li+gOPOJuNUe5aQCi/uKx7c5582dJgEVZsalSegIlEmYya2qqNoK/KtsLtK9
H8FpBtJEXbh4An7JaJh59bbHqlcdnNBbAQXpTICBL3dnmTUlDVt1Hr+5/+gO
-----END CERTIFICATE-----