Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/ZcHPTWTTxebXawSjv8MDff3carQ.roa
File:                     ZcHPTWTTxebXawSjv8MDff3carQ.roa (raw, json)
Hash identifier:          2lIHw/fXh/Jkda5Z5qaiCr3SoLdziwy4ltL3YdHaiBw=
Subject key identifier:   65:C1:CF:4D:64:D3:C5:E6:D7:6B:04:A3:BF:C3:03:7D:FD:DC:6A:B4
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       019351948D8FC702B5F84445CBE7491A6622
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/ZcHPTWTTxebXawSjv8MDff3carQ.roa
Signing time:             Fri 22 Nov 2024 01:55:10 +0000
ROA not before:           Fri 22 Nov 2024 01:55:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214304
IP address blocks:        84.32.24.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:51:94:8d:8f:c7:02:b5:f8:44:45:cb:e7:49:1a:66:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov 22 01:55:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65c1cf4d64d3c5e6d76b04a3bfc3037dfddc6ab4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:f5:92:eb:0f:31:28:64:82:c1:04:c6:8e:86:
                    a7:97:6a:ab:23:f6:22:dc:bf:9f:5b:92:4b:de:de:
                    38:04:54:e1:36:e0:c8:7a:14:84:bd:61:cc:76:3b:
                    b2:29:f8:02:06:d8:83:e5:bf:7c:ce:8e:a7:0b:c7:
                    5e:54:15:b2:cf:8f:7b:9e:8a:40:57:f9:09:8b:b2:
                    14:75:f7:a0:39:93:60:86:4e:d0:ce:77:36:2e:47:
                    7a:2f:08:da:5b:36:86:66:15:14:33:30:f0:62:2e:
                    a8:78:ee:9d:e0:d3:48:a2:8e:86:49:9c:b3:26:6a:
                    ff:59:68:d1:c0:d2:81:89:da:03:dd:fd:78:02:0e:
                    ad:ba:86:8d:b6:52:53:c9:ab:36:f4:a4:d8:78:26:
                    bd:25:c5:69:f9:b8:32:88:bd:b0:d7:91:55:70:c1:
                    50:cc:88:aa:0b:e9:41:b9:17:2b:72:22:dd:65:45:
                    f0:fa:81:81:3d:a6:42:07:d2:a7:9c:7b:4f:2f:10:
                    4a:80:05:c9:63:7c:15:5d:17:67:d0:c4:47:cf:7e:
                    12:31:6a:bb:46:1d:78:09:cb:ac:30:ec:62:59:87:
                    d9:0a:9c:f1:74:ce:ac:a7:e7:76:7c:ca:63:aa:eb:
                    55:68:66:5e:db:88:24:8a:6c:27:44:ea:8c:b6:0c:
                    cc:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:C1:CF:4D:64:D3:C5:E6:D7:6B:04:A3:BF:C3:03:7D:FD:DC:6A:B4
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/ZcHPTWTTxebXawSjv8MDff3carQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:2b:28:91:45:83:f1:be:19:3a:26:98:dc:5e:0e:92:3e:3c:
         10:b3:99:b7:f7:6a:80:32:a2:5d:65:56:f7:c9:ad:89:bf:f0:
         1d:52:c1:b5:dd:cf:58:2c:6d:5a:4d:f0:a4:6a:79:65:ac:64:
         d4:b2:03:c3:15:a2:a9:49:c0:b3:ca:57:cb:16:f8:c3:f3:9a:
         d7:c4:3a:b2:ca:b7:04:33:ec:26:85:4e:4e:7d:3b:a2:36:89:
         e2:f4:32:02:9b:0e:10:7e:cd:50:b0:8c:f0:de:11:4e:f4:e7:
         ff:85:37:82:73:0c:4c:31:fc:5c:8a:e9:82:3a:05:df:4d:8d:
         f2:e8:a3:eb:3d:b8:ff:7a:dc:7f:e3:df:86:42:0c:48:9c:6d:
         55:bb:6c:a5:98:e3:cc:f7:0e:91:4b:37:a6:cd:7f:5c:d5:11:
         a7:75:78:2d:a4:73:32:20:40:5c:f0:18:2e:12:bf:1f:f0:16:
         30:37:ff:7a:62:0f:11:72:3c:8b:8e:47:ef:c6:65:7f:2f:a9:
         d0:49:a9:18:fc:8f:36:55:3c:f7:b0:c5:1e:42:21:f3:a3:5e:
         fb:f2:86:28:fc:20:d6:ad:bc:43:6e:15:5c:80:4b:ed:72:0c:
         cb:a8:49:51:a2:6b:17:0c:82:31:27:56:23:5b:2e:c0:f4:a5:
         71:c4:6a:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNRlI2PxwK1+ERFy+dJGmYiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQxMTIyMDE1NTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWMxY2Y0ZDY0ZDNjNWU2ZDc2YjA0YTNiZmMzMDM3ZGZkZGM2YWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vWS6w8xKGSCwQTGjoanl2qrI/Yi
3L+fW5JL3t44BFThNuDIehSEvWHMdjuyKfgCBtiD5b98zo6nC8deVBWyz497nopA
V/kJi7IUdfegOZNghk7Qznc2Lkd6LwjaWzaGZhUUMzDwYi6oeO6d4NNIoo6GSZyz
Jmr/WWjRwNKBidoD3f14Ag6tuoaNtlJTyas29KTYeCa9JcVp+bgyiL2w15FVcMFQ
zIiqC+lBuRcrciLdZUXw+oGBPaZCB9KnnHtPLxBKgAXJY3wVXRdn0MRHz34SMWq7
Rh14CcusMOxiWYfZCpzxdM6sp+d2fMpjqutVaGZe24gkimwnROqMtgzMGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGXBz01k08Xm12sEo7/DA3393Gq0MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvWmNIUFRXVFR4ZWJYYXdTanY4TURmZjNjYXJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVCAYMA0G
CSqGSIb3DQEBCwUAA4IBAQAGKyiRRYPxvhk6JpjcXg6SPjwQs5m392qAMqJdZVb3
ya2Jv/AdUsG13c9YLG1aTfCkanllrGTUsgPDFaKpScCzylfLFvjD85rXxDqyyrcE
M+wmhU5OfTuiNoni9DICmw4Qfs1QsIzw3hFO9Of/hTeCcwxMMfxciumCOgXfTY3y
6KPrPbj/etx/49+GQgxInG1Vu2ylmOPM9w6RSzemzX9c1RGndXgtpHMyIEBc8Bgu
Er8f8BYwN/96Yg8RcjyLjkfvxmV/L6nQSakY/I82VTz3sMUeQiHzo1778oYo/CDW
rbxDbhVcgEvtcgzLqElRomsXDIIxJ1YjWy7A9KVxxGpo
-----END CERTIFICATE-----