Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Pnta9YMsEgTxmOSGep5T_0ETCVE.roa
File:                     Pnta9YMsEgTxmOSGep5T_0ETCVE.roa (raw, json)
Hash identifier:          SlVvpkhOsKvHRfpi73wuSawqgximPg1Uq6Fa0HX5FX0=
Subject key identifier:   3E:7B:5A:F5:83:2C:12:04:F1:98:E4:86:7A:9E:53:FF:41:13:09:51
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018E9FDDED67E63609D888476EF2869EF7FE
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Pnta9YMsEgTxmOSGep5T_0ETCVE.roa
Signing time:             Tue 02 Apr 2024 17:31:45 +0000
ROA not before:           Tue 02 Apr 2024 17:31:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137409
IP address blocks:        84.32.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9f:dd:ed:67:e6:36:09:d8:88:47:6e:f2:86:9e:f7:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Apr  2 17:31:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e7b5af5832c1204f198e4867a9e53ff41130951
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:15:ae:12:f8:cc:f8:6a:80:46:e8:5a:f7:28:
                    8c:d0:a8:bf:54:f7:46:38:c2:e6:49:4b:28:9d:c2:
                    e2:5a:9c:5e:4d:5f:3e:05:19:11:f5:dc:78:b5:34:
                    50:ec:c2:94:8c:51:43:ee:66:8f:15:4f:e0:b4:06:
                    b6:3c:9b:32:7e:14:29:bc:f9:51:d1:74:84:ed:a0:
                    fb:72:ea:e5:ca:f2:c3:b9:d6:5f:f2:18:7d:f5:db:
                    af:4b:b3:94:ef:17:b6:ac:e4:38:8c:83:ed:d9:66:
                    b8:08:f4:f6:25:72:67:d3:ba:3e:68:88:06:cf:8b:
                    cd:99:14:85:70:16:6b:0f:7c:5f:66:f4:cc:86:9d:
                    ee:c3:4f:52:41:c7:06:8a:ce:73:a3:01:4d:7b:ae:
                    b3:68:cd:cd:63:1b:e6:a1:03:16:02:ea:64:51:d8:
                    30:aa:a8:1f:ae:fb:cd:93:3a:ad:67:3b:e2:44:d7:
                    63:4b:f6:78:36:89:ec:6d:36:fc:cc:d3:66:c7:ba:
                    1c:e9:2a:b5:c1:ec:d8:1e:6d:d4:6a:f1:bd:65:6e:
                    62:9c:f4:70:81:b6:3c:48:d7:2a:66:16:75:25:2f:
                    b4:cf:8e:b1:4b:ca:25:f4:05:35:56:69:7b:fa:1a:
                    e8:21:87:24:72:62:e8:73:e9:c3:21:3d:4b:5a:97:
                    3c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:7B:5A:F5:83:2C:12:04:F1:98:E4:86:7A:9E:53:FF:41:13:09:51
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Pnta9YMsEgTxmOSGep5T_0ETCVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:49:ab:72:68:87:ce:da:9a:bc:fa:18:a1:e7:d2:f4:46:9b:
         1d:16:8a:cc:e4:d8:3f:c0:3b:73:19:5a:31:79:e0:ce:14:e5:
         dc:f3:3c:2a:77:bc:88:4e:3d:50:e6:6d:59:f9:5b:bb:92:88:
         b7:de:45:af:92:bf:88:27:5a:a3:aa:74:b0:5e:f5:19:38:4f:
         9f:45:53:b4:84:58:47:94:f4:e7:99:2a:bb:f8:f6:59:a2:f5:
         77:01:b7:aa:a6:ed:d2:f0:4b:21:bf:2c:50:28:38:ef:99:a1:
         d6:43:c5:85:28:9a:27:63:6d:2d:d7:72:03:8f:a8:f1:fa:48:
         52:a3:14:08:0a:5a:a8:25:33:4c:3e:b5:8c:bf:6a:6e:e8:fe:
         ba:91:33:e0:58:ee:4e:b2:12:85:90:e5:82:95:ca:a2:34:d8:
         6b:a6:1e:cb:90:43:ac:b9:28:82:2a:1f:a1:56:d6:82:10:da:
         9b:6f:22:9d:3c:3b:cc:45:08:e8:a4:e4:8a:24:ec:c8:1b:42:
         66:30:86:5a:ed:91:26:32:77:f1:1e:58:0a:62:c1:ef:48:55:
         78:64:49:7d:85:15:94:8e:bd:c5:68:a3:5f:77:80:a8:05:d2:
         8e:ed:6f:7f:b6:40:7d:68:3b:ef:e2:0b:cc:a4:be:a3:f7:1b:
         ce:bc:dd:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6f3e1n5jYJ2IhHbvKGnvf+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwNDAyMTczMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTdiNWFmNTgzMmMxMjA0ZjE5OGU0ODY3YTllNTNmZjQxMTMwOTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBWuEvjM+GqARuha9yiM0Ki/VPdG
OMLmSUsoncLiWpxeTV8+BRkR9dx4tTRQ7MKUjFFD7maPFU/gtAa2PJsyfhQpvPlR
0XSE7aD7curlyvLDudZf8hh99duvS7OU7xe2rOQ4jIPt2Wa4CPT2JXJn07o+aIgG
z4vNmRSFcBZrD3xfZvTMhp3uw09SQccGis5zowFNe66zaM3NYxvmoQMWAupkUdgw
qqgfrvvNkzqtZzviRNdjS/Z4NonsbTb8zNNmx7oc6Sq1wezYHm3UavG9ZW5inPRw
gbY8SNcqZhZ1JS+0z46xS8ol9AU1Vml7+hroIYckcmLoc+nDIT1LWpc82QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD57WvWDLBIE8ZjkhnqeU/9BEwlRMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvUG50YTlZTXNFZ1R4bU9TR2VwNVRfMEVUQ1ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCBXMA0G
CSqGSIb3DQEBCwUAA4IBAQAaSatyaIfO2pq8+hih59L0RpsdForM5Ng/wDtzGVox
eeDOFOXc8zwqd7yITj1Q5m1Z+Vu7koi33kWvkr+IJ1qjqnSwXvUZOE+fRVO0hFhH
lPTnmSq7+PZZovV3Abeqpu3S8EshvyxQKDjvmaHWQ8WFKJonY20t13IDj6jx+khS
oxQIClqoJTNMPrWMv2pu6P66kTPgWO5OshKFkOWClcqiNNhrph7LkEOsuSiCKh+h
VtaCENqbbyKdPDvMRQjopOSKJOzIG0JmMIZa7ZEmMnfxHlgKYsHvSFV4ZEl9hRWU
jr3FaKNfd4CoBdKO7W9/tkB9aDvv4gvMpL6j9xvOvN3p
-----END CERTIFICATE-----