Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/UUWNfPIsssP7ilC9nxmXzALJQ54.roa
File:                     UUWNfPIsssP7ilC9nxmXzALJQ54.roa (raw, json)
Hash identifier:          bK2PVPX7BEoc+CuM/JAaLCqw6AInv46gb4MODJjfZv8=
Subject key identifier:   51:45:8D:7C:F2:2C:B2:C3:FB:8A:50:BD:9F:19:97:CC:02:C9:43:9E
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC50149E241C672B2F3849FAB81136FEA
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/UUWNfPIsssP7ilC9nxmXzALJQ54.roa
Signing time:             Mon 01 Jan 2024 12:30:45 +0000
ROA not before:           Mon 01 Jan 2024 12:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198510
IP address blocks:        84.32.104.0/24 maxlen: 24
                          84.32.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:49:e2:41:c6:72:b2:f3:84:9f:ab:81:13:6f:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51458d7cf22cb2c3fb8a50bd9f1997cc02c9439e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3b:14:d4:5a:a4:67:4f:07:96:15:23:cf:67:
                    2a:4f:79:25:89:44:49:8f:72:09:be:af:b0:0f:1b:
                    8d:f9:51:60:dd:02:38:43:22:03:e4:f9:ed:56:30:
                    e9:87:8b:96:41:97:22:29:28:7f:13:fd:97:38:fc:
                    45:92:7f:62:5b:47:06:70:12:8a:b3:ac:46:4b:32:
                    f3:1f:16:16:13:1f:88:b2:9a:ac:e5:ac:56:09:51:
                    bc:c1:4a:b8:7d:eb:4a:da:54:32:40:6e:1c:e8:9a:
                    9a:b4:71:6a:4f:c5:2d:8a:c8:23:f2:5a:d5:c4:66:
                    6b:ac:ae:b6:f6:c1:16:01:ae:ef:c5:20:e2:08:b9:
                    4d:5e:56:e9:67:90:fe:cc:79:d1:25:c9:74:54:86:
                    6a:ca:b5:43:2e:50:b1:2e:33:35:c1:05:d7:19:d4:
                    a4:ae:94:0a:58:75:e1:f3:9f:4a:86:71:21:8c:1e:
                    2d:09:ea:43:cf:84:cc:1e:23:6b:ee:bb:5e:87:32:
                    16:58:1b:20:67:81:88:7f:d7:b9:63:cc:60:2d:7e:
                    c2:ab:a9:bb:f2:07:d4:96:30:13:bc:a1:f2:bd:39:
                    df:cf:9f:2c:b1:04:0b:a7:88:46:ea:a4:24:f9:65:
                    d4:a7:b2:6b:98:7f:6d:04:19:8e:39:a0:e1:c6:dd:
                    04:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:45:8D:7C:F2:2C:B2:C3:FB:8A:50:BD:9F:19:97:CC:02:C9:43:9E
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/UUWNfPIsssP7ilC9nxmXzALJQ54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.104.0/24
                  84.32.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:6b:e9:7e:8a:c3:4c:00:f6:1e:dd:0f:f5:fe:5a:d1:db:16:
         4d:c9:9b:33:d4:1d:7d:b8:4b:74:20:fa:3e:8c:bd:67:1b:b4:
         99:05:1a:48:41:73:a9:60:ba:70:ab:f6:4d:ea:7f:05:f0:5e:
         f3:1e:25:b3:69:20:7b:ce:d6:37:b7:a4:30:21:c5:53:42:73:
         28:d1:07:35:bf:6e:92:09:e3:23:61:a0:eb:2b:81:e5:e9:4b:
         aa:8e:e4:29:df:37:b2:6b:ec:a9:c4:3d:1d:aa:d7:5d:a5:06:
         ff:af:21:49:dc:e7:14:7a:8b:99:80:a3:fa:01:5b:9b:a6:17:
         00:53:8e:bc:2f:4d:69:16:62:94:8d:3d:e3:a0:fe:cd:44:71:
         21:e9:c6:72:91:f6:08:48:a4:c2:61:88:0a:ac:f8:cf:e9:dc:
         11:95:b0:66:0a:88:b3:73:21:ca:69:43:a0:27:7f:88:b0:95:
         d0:e8:23:ae:29:5c:7a:d4:44:0d:9c:2b:99:7c:60:f8:22:eb:
         53:80:3e:36:ec:89:55:b9:2d:bd:ec:09:e0:1c:f8:52:09:fd:
         cd:80:60:0e:d8:8c:d2:74:dc:7e:c6:2d:b3:ce:ef:0b:2e:f4:
         71:29:b4:b8:b7:97:5b:be:82:dc:7e:ed:f4:20:bd:5d:71:58:
         63:85:3b:91
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAUniQcZysvOEn6uBE2/qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTQ1OGQ3Y2YyMmNiMmMzZmI4YTUwYmQ5ZjE5OTdjYzAyYzk0MzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjsU1FqkZ08HlhUjz2cqT3kliURJ
j3IJvq+wDxuN+VFg3QI4QyID5PntVjDph4uWQZciKSh/E/2XOPxFkn9iW0cGcBKK
s6xGSzLzHxYWEx+Ispqs5axWCVG8wUq4fetK2lQyQG4c6JqatHFqT8Utisgj8lrV
xGZrrK629sEWAa7vxSDiCLlNXlbpZ5D+zHnRJcl0VIZqyrVDLlCxLjM1wQXXGdSk
rpQKWHXh859KhnEhjB4tCepDz4TMHiNr7rtehzIWWBsgZ4GIf9e5Y8xgLX7Cq6m7
8gfUljATvKHyvTnfz58ssQQLp4hG6qQk+WXUp7JrmH9tBBmOOaDhxt0EBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFFFjXzyLLLD+4pQvZ8Zl8wCyUOeMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvVVVXTmZQSXNzc1A3aWxDOW54bVh6QUxKUTU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVCBoAwQA
VCDfMA0GCSqGSIb3DQEBCwUAA4IBAQAAa+l+isNMAPYe3Q/1/lrR2xZNyZsz1B19
uEt0IPo+jL1nG7SZBRpIQXOpYLpwq/ZN6n8F8F7zHiWzaSB7ztY3t6QwIcVTQnMo
0Qc1v26SCeMjYaDrK4Hl6UuqjuQp3zeya+ypxD0dqtddpQb/ryFJ3OcUeouZgKP6
AVubphcAU468L01pFmKUjT3joP7NRHEh6cZykfYISKTCYYgKrPjP6dwRlbBmCoiz
cyHKaUOgJ3+IsJXQ6COuKVx61EQNnCuZfGD4IutTgD427IlVuS297AngHPhSCf3N
gGAO2IzSdNx+xi2zzu8LLvRxKbS4t5dbvoLcfu30IL1dcVhjhTuR
-----END CERTIFICATE-----