Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/OFraeLPWx-vkvDV8niGMeIfDUc8.roa
File:                     OFraeLPWx-vkvDV8niGMeIfDUc8.roa (raw, json)
Hash identifier:          mY/0MKE/MZ8u7nVUuPpKLN866EjaYXTsqZuiXK+05es=
Subject key identifier:   38:5A:DA:78:B3:D6:C7:EB:E4:BC:35:7C:9E:21:8C:78:87:C3:51:CF
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01942826AEC8C384662F6FA0B92E366A09A2
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/OFraeLPWx-vkvDV8niGMeIfDUc8.roa
Signing time:             Thu 02 Jan 2025 17:53:31 +0000
ROA not before:           Thu 02 Jan 2025 17:53:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        84.32.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 02:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:ae:c8:c3:84:66:2f:6f:a0:b9:2e:36:6a:09:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  2 17:53:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=385ada78b3d6c7ebe4bc357c9e218c7887c351cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:9a:c0:30:c3:56:bf:f7:d5:02:79:0e:ec:17:
                    4b:2f:9a:ae:9a:7d:45:fb:9a:ab:44:18:bb:7c:97:
                    57:00:e8:28:8d:af:3c:53:20:a5:42:b4:1a:0d:fc:
                    08:02:1d:f1:78:cf:18:9e:4f:ba:ec:87:7f:58:8f:
                    fd:3b:4d:ef:50:2b:1a:29:8e:aa:24:2b:34:fb:c4:
                    f7:81:31:16:16:b0:77:07:67:73:47:11:36:53:3e:
                    f0:c9:ce:59:d2:76:31:d6:b7:af:ac:88:2d:ad:a0:
                    42:fa:c3:f0:f2:e9:88:4a:09:7b:a7:6f:8f:c2:ba:
                    5e:6d:79:6a:b5:74:63:06:cf:ca:be:83:3d:08:95:
                    8d:a0:61:07:5b:9b:ab:5c:98:a4:1a:d4:a6:21:46:
                    ab:56:d6:47:46:aa:45:e1:20:74:38:b8:fb:9a:53:
                    ed:e7:1f:41:72:2d:e9:30:29:c3:b7:03:6d:cc:77:
                    16:93:e1:9e:52:f0:f0:3c:61:31:88:2d:53:46:98:
                    d8:b8:b6:fb:55:61:b4:3e:7e:f4:52:e0:3d:ab:21:
                    db:21:bf:fa:2a:62:66:05:e5:f8:3d:d3:ae:e6:72:
                    89:c5:3c:e1:09:d9:0d:02:a7:3e:63:86:c5:96:e6:
                    b7:a2:7e:c4:a4:06:4b:5b:e4:cc:e3:9b:92:6d:41:
                    f9:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:5A:DA:78:B3:D6:C7:EB:E4:BC:35:7C:9E:21:8C:78:87:C3:51:CF
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/OFraeLPWx-vkvDV8niGMeIfDUc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:e7:40:c4:aa:f7:f5:82:7e:4b:2b:cb:27:d8:b0:52:89:57:
         1b:95:72:8d:f9:49:19:23:5e:18:ee:d7:68:81:5e:21:60:37:
         b7:39:e9:3a:ca:24:0f:47:2e:a4:f4:03:34:a3:ac:a7:2a:01:
         bd:62:10:0a:a9:7c:f0:82:d2:78:cc:63:13:9f:5b:af:f5:6d:
         32:8f:2c:64:74:59:0a:8f:10:87:4a:81:65:dd:1e:8d:91:6c:
         7b:f8:ac:a6:73:5c:0b:b6:85:42:f9:a6:6b:b0:35:11:43:5d:
         96:a0:cf:16:d7:04:1f:2c:5d:c0:b5:6e:21:57:d7:1d:5d:16:
         04:c1:c5:c2:85:6a:03:f9:78:c0:6a:22:1f:17:8c:b6:3e:bb:
         bf:fe:21:b5:bb:dd:a0:08:98:7b:d3:bb:9a:2f:55:7d:f6:9e:
         63:2f:a4:82:a0:9e:c5:fe:e9:e2:fe:d1:bc:c1:48:9f:9e:20:
         83:d4:35:4a:4a:df:a0:20:03:b4:10:fd:16:43:e8:9d:71:99:
         32:05:0d:cd:1a:d6:0c:77:84:4b:1b:f6:84:90:01:70:90:f0:
         2e:9f:2b:5d:09:67:2b:ca:9f:f5:1e:f7:dd:69:8a:15:a9:3d:
         8e:cb:26:48:1e:71:50:ad:e7:70:10:02:3d:30:bb:ee:a5:c0:
         24:39:d5:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJq7Iw4RmL2+guS42agmiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwMTAyMTc1MzMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODVhZGE3OGIzZDZjN2ViZTRiYzM1N2M5ZTIxOGM3ODg3YzM1MWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZrAMMNWv/fVAnkO7BdLL5qumn1F
+5qrRBi7fJdXAOgoja88UyClQrQaDfwIAh3xeM8Ynk+67Id/WI/9O03vUCsaKY6q
JCs0+8T3gTEWFrB3B2dzRxE2Uz7wyc5Z0nYx1revrIgtraBC+sPw8umISgl7p2+P
wrpebXlqtXRjBs/KvoM9CJWNoGEHW5urXJikGtSmIUarVtZHRqpF4SB0OLj7mlPt
5x9Bci3pMCnDtwNtzHcWk+GeUvDwPGExiC1TRpjYuLb7VWG0Pn70UuA9qyHbIb/6
KmJmBeX4PdOu5nKJxTzhCdkNAqc+Y4bFlua3on7EpAZLW+TM45uSbUH5CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDha2niz1sfr5Lw1fJ4hjHiHw1HPMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvT0ZyYWVMUFd4LXZrdkRWOG5pR01lSWZEVWM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCAnMA0G
CSqGSIb3DQEBCwUAA4IBAQBI50DEqvf1gn5LK8sn2LBSiVcblXKN+UkZI14Y7tdo
gV4hYDe3Oek6yiQPRy6k9AM0o6ynKgG9YhAKqXzwgtJ4zGMTn1uv9W0yjyxkdFkK
jxCHSoFl3R6NkWx7+Kymc1wLtoVC+aZrsDURQ12WoM8W1wQfLF3AtW4hV9cdXRYE
wcXChWoD+XjAaiIfF4y2Pru//iG1u92gCJh707uaL1V99p5jL6SCoJ7F/uni/tG8
wUifniCD1DVKSt+gIAO0EP0WQ+idcZkyBQ3NGtYMd4RLG/aEkAFwkPAunytdCWcr
yp/1HvfdaYoVqT2OyyZIHnFQredwEAI9MLvupcAkOdXt
-----END CERTIFICATE-----