Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/SqheJvAsEpeaf6lQRIZkxlIQua4.roa
File:                     SqheJvAsEpeaf6lQRIZkxlIQua4.roa (raw, json)
Hash identifier:          QwIX/NBC4x5IMrctaVeG4TPMavGzchajxGt/1W2pRQ4=
Subject key identifier:   4A:A8:5E:26:F0:2C:12:97:9A:7F:A9:50:44:86:64:C6:52:10:B9:AE
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01920FDFF75213CB65A73A596CD893942A4A
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/SqheJvAsEpeaf6lQRIZkxlIQua4.roa
Signing time:             Fri 20 Sep 2024 14:39:48 +0000
ROA not before:           Fri 20 Sep 2024 14:39:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142561
IP address blocks:        84.32.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:55:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:0f:df:f7:52:13:cb:65:a7:3a:59:6c:d8:93:94:2a:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Sep 20 14:39:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4aa85e26f02c12979a7fa950448664c65210b9ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:31:2d:cb:ac:71:6d:af:92:28:c8:75:90:cd:
                    52:d0:50:af:6e:dc:9d:fc:0a:44:76:6d:17:7d:b8:
                    cf:88:9f:0e:55:4d:c3:c2:d9:81:7e:f5:e4:5b:58:
                    e8:e4:70:f1:e2:94:2c:7f:77:69:e9:c1:a6:61:95:
                    a9:e5:bb:bd:51:8b:38:c7:1c:e0:2b:e0:33:1f:b2:
                    f2:e7:bf:7d:b5:a0:43:98:d2:fb:12:63:14:2c:df:
                    e4:b9:bd:6f:bb:5a:c0:58:3d:2a:d9:d5:59:e8:6b:
                    e6:e5:27:5a:4f:4c:0a:91:72:94:3d:4b:a2:44:94:
                    60:ed:d7:f3:63:c0:3e:62:c2:eb:80:11:1c:36:7d:
                    43:1d:cc:a7:ea:98:b4:f8:5d:fb:d5:43:fc:e4:43:
                    9e:22:12:89:7e:c4:f0:94:31:36:5f:4a:dd:7a:9d:
                    8f:43:0b:b9:44:ea:24:78:64:c0:9f:ed:4f:35:f0:
                    c3:b5:48:df:87:44:02:eb:6e:d7:7a:40:c0:fb:bb:
                    6d:65:28:02:a7:e3:42:81:55:f4:df:bf:ec:4e:26:
                    03:84:c7:7b:96:a1:3a:2f:2b:58:05:18:47:e2:a3:
                    fd:90:cb:47:a1:11:de:b1:e0:fa:cd:d2:7a:f8:32:
                    36:27:97:df:8f:ce:91:f3:8e:25:22:da:f4:ee:19:
                    45:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:A8:5E:26:F0:2C:12:97:9A:7F:A9:50:44:86:64:C6:52:10:B9:AE
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/SqheJvAsEpeaf6lQRIZkxlIQua4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:f3:d6:1a:99:a6:19:42:49:12:6d:23:05:90:8d:bf:81:bf:
         16:96:e5:43:b2:7d:a3:e8:72:31:84:a4:47:28:ec:b7:ca:dd:
         40:dd:cc:29:a3:da:10:e8:97:38:b3:cf:e8:06:bf:36:7d:d5:
         0c:91:c0:0c:84:d8:1f:dd:68:63:90:e7:fd:37:77:33:da:10:
         bb:a1:de:41:a7:16:95:33:e8:cc:1c:9b:2a:74:b9:94:27:91:
         fc:3a:2a:e9:1c:bb:a6:9d:bd:ee:e0:4b:8e:71:5f:0f:4a:cb:
         41:10:1b:4e:15:54:a8:56:01:68:a9:c0:5d:86:45:45:13:1e:
         f7:d5:63:7e:45:c4:16:ad:1b:d9:96:69:f8:0d:5f:5d:62:d7:
         84:14:43:79:d9:07:fb:dd:99:9a:af:a7:8a:76:20:67:e5:9b:
         e1:6d:48:aa:12:cf:24:21:84:e9:09:d5:07:de:bd:61:26:ec:
         79:22:38:60:c4:2a:9b:48:80:b7:72:f6:19:ba:74:0d:b5:8f:
         6e:34:77:05:0d:8a:03:87:52:6c:1f:74:8b:8e:72:a8:b6:2d:
         4d:99:85:04:b8:d6:2f:fc:01:85:1e:c8:de:aa:ef:27:86:a8:
         6e:3a:e4:35:40:ff:db:84:12:ff:38:f2:7a:fd:f5:ae:99:d3:
         39:64:1f:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIP3/dSE8tlpzpZbNiTlCpKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwOTIwMTQzOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWE4NWUyNmYwMmMxMjk3OWE3ZmE5NTA0NDg2NjRjNjUyMTBiOWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwzEty6xxba+SKMh1kM1S0FCvbtyd
/ApEdm0XfbjPiJ8OVU3DwtmBfvXkW1jo5HDx4pQsf3dp6cGmYZWp5bu9UYs4xxzg
K+AzH7Ly5799taBDmNL7EmMULN/kub1vu1rAWD0q2dVZ6Gvm5SdaT0wKkXKUPUui
RJRg7dfzY8A+YsLrgBEcNn1DHcyn6pi0+F371UP85EOeIhKJfsTwlDE2X0rdep2P
Qwu5ROokeGTAn+1PNfDDtUjfh0QC627XekDA+7ttZSgCp+NCgVX037/sTiYDhMd7
lqE6LytYBRhH4qP9kMtHoRHeseD6zdJ6+DI2J5ffj86R844lItr07hlF8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEqoXibwLBKXmn+pUESGZMZSELmuMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvU3FoZUp2QXNFcGVhZjZsUVJJWmt4bElRdWE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCBoMA0G
CSqGSIb3DQEBCwUAA4IBAQBF89YamaYZQkkSbSMFkI2/gb8WluVDsn2j6HIxhKRH
KOy3yt1A3cwpo9oQ6Jc4s8/oBr82fdUMkcAMhNgf3WhjkOf9N3cz2hC7od5BpxaV
M+jMHJsqdLmUJ5H8OirpHLumnb3u4EuOcV8PSstBEBtOFVSoVgFoqcBdhkVFEx73
1WN+RcQWrRvZlmn4DV9dYteEFEN52Qf73Zmar6eKdiBn5ZvhbUiqEs8kIYTpCdUH
3r1hJux5IjhgxCqbSIC3cvYZunQNtY9uNHcFDYoDh1JsH3SLjnKoti1NmYUEuNYv
/AGFHsjequ8nhqhuOuQ1QP/bhBL/OPJ6/fWumdM5ZB8o
-----END CERTIFICATE-----