Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/XfFmdZpywxMj3F7nkgPchoR04nk.roa
File:                     XfFmdZpywxMj3F7nkgPchoR04nk.roa (raw, json)
Hash identifier:          Yr4wRJkO4l5TGptsPcqiwgliK7l2UocSaxJgCDarr6c=
Subject key identifier:   5D:F1:66:75:9A:72:C3:13:23:DC:5E:E7:92:03:DC:86:84:74:E2:79
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01930032AECD0E0B211365C962B832E9A905
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/XfFmdZpywxMj3F7nkgPchoR04nk.roa
Signing time:             Wed 06 Nov 2024 06:39:01 +0000
ROA not before:           Wed 06 Nov 2024 06:39:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22427
IP address blocks:        84.32.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:00:32:ae:cd:0e:0b:21:13:65:c9:62:b8:32:e9:a9:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov  6 06:39:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5df166759a72c31323dc5ee79203dc868474e279
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:a0:10:cc:13:47:0b:b2:2d:b8:0e:11:80:b5:
                    19:f3:7b:9a:c8:f3:7e:71:1c:ce:34:1d:03:3e:4d:
                    e2:d8:7d:50:37:6d:96:eb:7a:c4:ae:69:87:4c:e1:
                    0e:ff:69:5e:7b:12:18:a0:5d:d2:da:e3:93:4f:5b:
                    4b:57:fd:c1:5e:41:22:86:bb:62:87:07:df:67:b3:
                    04:c1:ce:9d:19:ea:87:cc:fe:d1:2d:5a:f5:a9:3b:
                    4a:22:65:c5:a8:3e:31:a0:ca:2e:b7:73:ba:2e:07:
                    91:95:f9:94:92:b9:c9:93:cc:f9:c1:ee:ce:65:66:
                    8b:ed:60:34:15:f4:79:55:31:d3:62:a9:5d:05:87:
                    89:4c:60:40:13:32:36:d7:92:10:cf:5d:c9:8b:de:
                    26:6a:7a:d8:6b:8b:b9:f2:c3:b7:ec:03:84:18:65:
                    5b:c6:70:5b:42:6a:36:2b:10:85:45:fc:e1:47:02:
                    a9:bc:45:25:e6:6a:5e:f9:1c:4a:f8:47:fa:6e:73:
                    64:5e:1b:a1:bb:98:00:ae:b8:17:e1:3a:01:ae:14:
                    eb:c9:97:2c:6b:62:46:f0:9b:d6:06:6a:15:5e:08:
                    91:10:23:ad:da:a3:06:31:d3:c8:f4:dc:cc:ea:36:
                    8d:c9:0a:3f:05:9f:d2:5b:cb:39:6f:32:a3:32:10:
                    30:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:F1:66:75:9A:72:C3:13:23:DC:5E:E7:92:03:DC:86:84:74:E2:79
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/XfFmdZpywxMj3F7nkgPchoR04nk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:7f:4d:05:35:2c:ad:bb:a4:ef:8e:e2:81:55:c5:a5:f3:48:
         7a:07:12:45:4f:92:0c:b9:a1:b7:0c:ed:ba:c4:5d:92:7f:30:
         eb:82:2d:53:bf:6a:d8:aa:be:db:89:0b:2e:55:df:47:01:06:
         e9:ee:2e:75:bb:66:5a:8d:7c:ef:af:e1:2f:93:ad:9c:76:7b:
         86:c9:c2:b3:6e:26:8c:99:e1:68:9f:5a:9b:38:0c:cc:ed:8f:
         08:6b:df:48:c4:2c:f3:75:3a:5d:78:c3:07:2c:ae:04:2a:ec:
         09:e5:5d:c8:fa:2c:d6:a8:18:b5:36:29:1c:dc:0c:dd:14:29:
         7e:5a:42:ff:e7:50:9c:92:c2:fa:23:85:03:67:f9:ea:9a:3f:
         f0:9c:1e:26:92:4f:cf:d6:8f:9c:1e:bc:7f:8b:2e:d4:f2:c8:
         66:ef:15:f5:2e:25:22:80:50:17:d9:35:82:12:eb:db:7e:bf:
         f0:fb:b2:12:98:b1:9e:af:38:58:20:ed:7c:fc:8e:a0:b5:7f:
         60:fd:08:64:84:ef:a5:e7:30:06:34:59:ca:51:7a:9c:ae:dc:
         c2:c7:7c:25:53:11:70:be:5c:af:61:80:f8:13:63:04:af:e9:
         c9:02:64:eb:02:dd:e0:1b:66:42:2b:97:2e:23:c9:4e:1b:fd:
         28:e4:ae:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMAMq7NDgshE2XJYrgy6akFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQxMTA2MDYzOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGYxNjY3NTlhNzJjMzEzMjNkYzVlZTc5MjAzZGM4Njg0NzRlMjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA56AQzBNHC7ItuA4RgLUZ83uayPN+
cRzONB0DPk3i2H1QN22W63rErmmHTOEO/2leexIYoF3S2uOTT1tLV/3BXkEihrti
hwffZ7MEwc6dGeqHzP7RLVr1qTtKImXFqD4xoMout3O6LgeRlfmUkrnJk8z5we7O
ZWaL7WA0FfR5VTHTYqldBYeJTGBAEzI215IQz13Ji94manrYa4u58sO37AOEGGVb
xnBbQmo2KxCFRfzhRwKpvEUl5mpe+RxK+Ef6bnNkXhuhu5gArrgX4ToBrhTryZcs
a2JG8JvWBmoVXgiRECOt2qMGMdPI9NzM6jaNyQo/BZ/SW8s5bzKjMhAwtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF3xZnWacsMTI9xe55ID3IaEdOJ5MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvWGZGbWRacHl3eE1qM0Y3bmtnUGNob1IwNG5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCBAMA0G
CSqGSIb3DQEBCwUAA4IBAQBxf00FNSytu6TvjuKBVcWl80h6BxJFT5IMuaG3DO26
xF2SfzDrgi1Tv2rYqr7biQsuVd9HAQbp7i51u2ZajXzvr+Evk62cdnuGycKzbiaM
meFon1qbOAzM7Y8Ia99IxCzzdTpdeMMHLK4EKuwJ5V3I+izWqBi1Nikc3AzdFCl+
WkL/51CcksL6I4UDZ/nqmj/wnB4mkk/P1o+cHrx/iy7U8shm7xX1LiUigFAX2TWC
Euvbfr/w+7ISmLGerzhYIO18/I6gtX9g/QhkhO+l5zAGNFnKUXqcrtzCx3wlUxFw
vlyvYYD4E2MEr+nJAmTrAt3gG2ZCK5cuI8lOG/0o5K5E
-----END CERTIFICATE-----