Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/W1nl5doMzgi4icuXayGGUcn0dGI.roa
File:                     W1nl5doMzgi4icuXayGGUcn0dGI.roa (raw, json)
Hash identifier:          cc6sRyIAeltH/Hs7vfvXjXvS0Y0nocq4JeeUe3zWME8=
Subject key identifier:   5B:59:E5:E5:DA:0C:CE:08:B8:89:CB:97:6B:21:86:51:C9:F4:74:62
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0199161CB6752195049ACD0701E99C735165
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/W1nl5doMzgi4icuXayGGUcn0dGI.roa
Signing time:             Thu 04 Sep 2025 19:03:24 +0000
ROA not before:           Thu 04 Sep 2025 19:03:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     996
IP address blocks:        84.32.136.0/22 maxlen: 24
                          88.216.248.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 17:17:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:16:1c:b6:75:21:95:04:9a:cd:07:01:e9:9c:73:51:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Sep  4 19:03:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b59e5e5da0cce08b889cb976b218651c9f47462
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ab:69:e9:a6:d5:9d:f2:9a:c9:5f:6c:71:b3:
                    9b:98:20:98:5a:ab:df:00:bb:cc:ff:67:04:27:6c:
                    5d:a0:8d:32:70:6b:c9:0a:fa:1a:e9:20:f9:71:25:
                    8b:25:f3:7b:96:41:5a:50:99:eb:c2:d5:56:47:3e:
                    c2:2b:47:46:74:1a:4e:81:c9:9d:b0:8b:d5:d4:01:
                    5c:ef:f8:b2:ad:fb:c9:8a:65:11:e6:9d:44:a7:e8:
                    70:91:42:66:69:fe:92:19:9d:17:b4:52:7d:1a:1b:
                    a2:11:3d:c2:91:11:dd:40:ae:15:ff:b9:08:8b:5c:
                    b6:34:61:86:17:e3:f5:ef:e6:e5:41:41:46:4b:1d:
                    ef:30:f9:e9:b2:ad:34:8c:4b:14:22:3d:c8:4b:02:
                    64:37:82:a7:6a:67:c8:8c:48:77:04:ae:fc:0a:17:
                    c1:75:0f:6e:1f:4d:d9:e4:70:a5:af:0e:87:6f:86:
                    fe:ba:47:c6:57:5e:25:d1:f0:19:65:6d:29:c2:76:
                    ac:8c:36:7b:1c:cf:d9:e1:a2:d8:23:af:d7:e2:0e:
                    0c:77:fe:ac:05:c0:4b:8f:7d:7f:f0:f5:6d:ab:d6:
                    51:eb:a0:c0:e9:a4:4f:18:2d:eb:1e:80:76:30:bd:
                    26:db:02:48:74:37:aa:2d:8e:83:a8:73:89:af:af:
                    e1:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:59:E5:E5:DA:0C:CE:08:B8:89:CB:97:6B:21:86:51:C9:F4:74:62
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/W1nl5doMzgi4icuXayGGUcn0dGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.136.0/22
                  88.216.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:9a:ad:f8:45:a1:f4:57:d5:f6:b6:f2:6a:ba:68:e4:a9:1a:
         cd:bc:89:8b:a4:5c:7f:f9:da:70:9d:2a:82:70:db:46:c4:92:
         58:d1:56:73:de:aa:e6:3f:4c:28:00:01:08:c4:04:99:ae:bb:
         93:ac:f1:40:70:f3:03:19:a2:70:18:10:ed:45:e9:9a:b1:74:
         f6:da:f6:b2:79:10:93:99:9d:b1:48:44:9c:6f:2b:32:59:55:
         f8:ac:37:8c:df:bf:93:37:c6:43:a8:b7:df:8a:a9:59:ea:33:
         a0:45:2a:84:f7:ee:04:e6:e7:5f:02:8b:cd:27:a2:04:d0:eb:
         86:5e:e9:8b:58:51:5e:4b:5f:a5:9e:0b:d3:a2:54:17:07:68:
         22:f0:a4:6a:f1:94:48:4f:74:9b:ad:ad:78:38:17:cb:9b:6b:
         af:9d:6f:75:4b:b5:7c:96:2a:5f:19:3d:13:05:d8:a0:c2:9e:
         96:70:a2:2d:80:c0:6a:90:4c:bc:46:fa:a7:f4:4a:a0:a2:af:
         b7:bc:ce:0a:bc:2c:cc:e2:06:31:db:aa:0c:66:9e:c0:84:34:
         db:73:bd:8a:6e:16:8f:95:33:09:d2:c8:81:7f:fd:7c:70:e9:
         61:67:7a:b8:ae:47:60:a5:4d:5c:53:44:76:20:c7:af:70:97:
         7a:bc:96:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkWHLZ1IZUEms0HAemcc1FlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwOTA0MTkwMzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjU5ZTVlNWRhMGNjZTA4Yjg4OWNiOTc2YjIxODY1MWM5ZjQ3NDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwatp6abVnfKayV9scbObmCCYWqvf
ALvM/2cEJ2xdoI0ycGvJCvoa6SD5cSWLJfN7lkFaUJnrwtVWRz7CK0dGdBpOgcmd
sIvV1AFc7/iyrfvJimUR5p1Ep+hwkUJmaf6SGZ0XtFJ9GhuiET3CkRHdQK4V/7kI
i1y2NGGGF+P17+blQUFGSx3vMPnpsq00jEsUIj3ISwJkN4KnamfIjEh3BK78ChfB
dQ9uH03Z5HClrw6Hb4b+ukfGV14l0fAZZW0pwnasjDZ7HM/Z4aLYI6/X4g4Md/6s
BcBLj31/8PVtq9ZR66DA6aRPGC3rHoB2ML0m2wJIdDeqLY6DqHOJr6/hWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFtZ5eXaDM4IuInLl2shhlHJ9HRiMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvVzFubDVkb016Z2k0aWN1WGF5R0dVY24wZEdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCVCCIAwQC
WNj4MA0GCSqGSIb3DQEBCwUAA4IBAQB6mq34RaH0V9X2tvJqumjkqRrNvImLpFx/
+dpwnSqCcNtGxJJY0VZz3qrmP0woAAEIxASZrruTrPFAcPMDGaJwGBDtRemasXT2
2vayeRCTmZ2xSEScbysyWVX4rDeM37+TN8ZDqLffiqlZ6jOgRSqE9+4E5udfAovN
J6IE0OuGXumLWFFeS1+lngvTolQXB2gi8KRq8ZRIT3Sbra14OBfLm2uvnW91S7V8
lipfGT0TBdigwp6WcKItgMBqkEy8Rvqn9Eqgoq+3vM4KvCzM4gYx26oMZp7AhDTb
c72KbhaPlTMJ0siBf/18cOlhZ3q4rkdgpU1cU0R2IMevcJd6vJY4
-----END CERTIFICATE-----