Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/c9UBwedRqHr5Q0oUoykQzZv5nyY.roa
File:                     c9UBwedRqHr5Q0oUoykQzZv5nyY.roa (raw, json)
Hash identifier:          665FDqB3lsc7sEDo09VMBw4BTo0vHvqzWULyhOQy6yo=
Subject key identifier:   73:D5:01:C1:E7:51:A8:7A:F9:43:4A:14:A3:29:10:CD:9B:F9:9F:26
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       019361D773CABE544925D77496355BEAC59D
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/c9UBwedRqHr5Q0oUoykQzZv5nyY.roa
Signing time:             Mon 25 Nov 2024 05:42:10 +0000
ROA not before:           Mon 25 Nov 2024 05:42:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214304
IP address blocks:        84.32.24.0/22 maxlen: 24
                          84.32.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:61:d7:73:ca:be:54:49:25:d7:74:96:35:5b:ea:c5:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov 25 05:42:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73d501c1e751a87af9434a14a32910cd9bf99f26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:55:61:97:e0:5e:32:5f:59:a5:89:b3:ed:09:
                    3b:f4:7e:c7:2a:59:f8:de:e8:e7:dc:ec:0b:9b:31:
                    c3:94:49:a4:e3:e2:9b:e3:3b:7a:1c:f2:6c:62:54:
                    c6:f1:2b:42:10:15:a2:d0:5d:bb:86:6a:7d:8d:7b:
                    0c:4c:0e:b7:17:e6:44:ef:0d:98:49:13:d7:39:97:
                    98:2c:51:45:5f:62:eb:6c:8f:35:4e:14:2d:6e:2d:
                    68:5a:3b:ab:3e:65:9f:b2:72:b8:f4:a9:63:c5:79:
                    f1:7d:21:d3:89:2b:01:7d:56:fb:ac:69:cf:d6:02:
                    50:a4:25:04:e9:ae:08:6f:ca:d6:c1:1f:ad:32:f5:
                    1e:77:f7:a2:0b:49:3c:b7:cc:53:25:99:53:67:59:
                    3f:a4:3b:a9:e0:55:9d:51:27:e0:99:06:26:3b:a7:
                    dc:10:95:24:0d:b7:6a:98:51:3e:31:aa:c7:c4:97:
                    c6:a1:cf:1a:1a:e0:e7:08:06:ca:90:5b:37:36:15:
                    d4:96:38:ba:ec:43:5c:13:53:0c:80:9a:d9:5b:08:
                    c3:7f:0d:3d:a6:19:62:8b:b1:fc:d1:5a:7f:ba:bf:
                    f4:4d:bb:85:6e:ba:9a:a3:c5:bb:e6:af:da:a0:03:
                    0a:42:9b:ed:82:05:ee:db:63:f0:cb:b9:36:48:c2:
                    ce:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:D5:01:C1:E7:51:A8:7A:F9:43:4A:14:A3:29:10:CD:9B:F9:9F:26
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/c9UBwedRqHr5Q0oUoykQzZv5nyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:72:df:7e:30:19:77:7b:19:4f:61:9a:79:c7:53:6d:fa:a4:
         38:87:27:6e:95:ee:0f:95:98:ec:58:4c:5a:8f:cb:e9:7f:9c:
         3c:17:16:69:03:08:97:2a:3a:0f:b5:23:69:be:02:f6:f2:2d:
         2b:65:98:85:59:71:31:85:b3:d4:ec:d3:12:45:6c:2c:ce:6e:
         71:39:5b:ed:89:d0:12:69:37:5f:f4:e9:b0:dc:e7:97:f7:97:
         81:e6:67:60:08:d4:a9:d3:0d:eb:9f:60:1c:f3:47:ae:89:be:
         ff:00:fb:e2:81:fd:f5:c5:7b:85:a9:3f:a4:b2:01:e9:f9:d2:
         5b:fe:63:d9:e4:c2:46:39:06:2b:42:9d:c6:70:5f:79:fd:fd:
         64:a4:48:98:2b:0b:0a:ac:64:e2:bc:ee:7d:29:ce:9e:d4:df:
         f5:86:09:5b:25:aa:b6:00:52:af:7c:25:c6:a9:00:5f:9d:8d:
         11:80:53:cc:6c:19:79:df:ee:45:92:7c:21:f2:f7:8a:f4:b2:
         6e:23:6f:a3:b8:63:6d:43:cd:91:9f:ad:75:74:f6:1d:70:02:
         25:a9:bc:02:25:d5:1f:70:54:b0:de:17:40:1b:41:2d:99:b4:
         a5:8b:31:74:a9:5b:1d:34:9f:c3:eb:41:ab:ad:36:3d:8d:03:
         88:3d:6a:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNh13PKvlRJJdd0ljVb6sWdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQxMTI1MDU0MjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2Q1MDFjMWU3NTFhODdhZjk0MzRhMTRhMzI5MTBjZDliZjk5ZjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1Vhl+BeMl9ZpYmz7Qk79H7HKln4
3ujn3OwLmzHDlEmk4+Kb4zt6HPJsYlTG8StCEBWi0F27hmp9jXsMTA63F+ZE7w2Y
SRPXOZeYLFFFX2LrbI81ThQtbi1oWjurPmWfsnK49KljxXnxfSHTiSsBfVb7rGnP
1gJQpCUE6a4Ib8rWwR+tMvUed/eiC0k8t8xTJZlTZ1k/pDup4FWdUSfgmQYmO6fc
EJUkDbdqmFE+MarHxJfGoc8aGuDnCAbKkFs3NhXUlji67ENcE1MMgJrZWwjDfw09
phlii7H80Vp/ur/0TbuFbrqao8W75q/aoAMKQpvtggXu22Pwy7k2SMLOvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHPVAcHnUah6+UNKFKMpEM2b+Z8mMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvYzlVQndlZFJxSHI1UTBvVW95a1F6WnY1bnlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVCAYMA0G
CSqGSIb3DQEBCwUAA4IBAQA3ct9+MBl3exlPYZp5x1Nt+qQ4hydule4PlZjsWExa
j8vpf5w8FxZpAwiXKjoPtSNpvgL28i0rZZiFWXExhbPU7NMSRWwszm5xOVvtidAS
aTdf9Omw3OeX95eB5mdgCNSp0w3rn2Ac80euib7/APvigf31xXuFqT+ksgHp+dJb
/mPZ5MJGOQYrQp3GcF95/f1kpEiYKwsKrGTivO59Kc6e1N/1hglbJaq2AFKvfCXG
qQBfnY0RgFPMbBl53+5Fknwh8veK9LJuI2+juGNtQ82Rn611dPYdcAIlqbwCJdUf
cFSw3hdAG0EtmbSlizF0qVsdNJ/D60GrrTY9jQOIPWoP
-----END CERTIFICATE-----