Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/caOyGLfZ9nirM1AXtB9tZyvPc_0.roa
File:                     caOyGLfZ9nirM1AXtB9tZyvPc_0.roa (raw, json)
Hash identifier:          WJexJLwu9Z7btzBhya7Galgo4UCzBgiyPsVLbJJTXUE=
Subject key identifier:   71:A3:B2:18:B7:D9:F6:78:AB:33:50:17:B4:1F:6D:67:2B:CF:73:FD
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01942826BCD4AA61DAD84746EB4BDE48EFFB
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/caOyGLfZ9nirM1AXtB9tZyvPc_0.roa
Signing time:             Thu 02 Jan 2025 17:53:34 +0000
ROA not before:           Thu 02 Jan 2025 17:53:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142561
IP address blocks:        84.32.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 02:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:bc:d4:aa:61:da:d8:47:46:eb:4b:de:48:ef:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  2 17:53:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=71a3b218b7d9f678ab335017b41f6d672bcf73fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:1e:80:44:69:21:b5:9a:ca:b9:5e:47:03:44:
                    cf:29:17:db:9a:6c:e8:de:72:9d:24:ec:8f:2f:42:
                    c8:ad:e2:7d:3a:f2:16:c2:8e:b1:e8:1d:0e:52:0a:
                    c4:be:a4:f0:b3:6e:c9:9a:db:22:56:13:01:04:29:
                    fa:59:52:cf:47:88:92:a6:ea:e0:73:8e:7a:46:c0:
                    b7:2d:9b:50:4d:d2:6c:6d:51:fa:4a:cd:c4:70:9d:
                    a3:60:39:8d:a0:da:68:0e:9c:65:8d:21:4d:98:56:
                    75:20:1c:da:6d:08:a1:91:1b:89:74:b8:70:ed:05:
                    5d:e0:c0:1f:ba:6f:6f:e2:98:58:8a:ae:ea:18:4b:
                    b4:22:5a:6e:a9:e2:00:db:58:8a:91:3c:1b:93:28:
                    74:f8:ee:4e:cd:8a:b6:6e:03:80:22:13:76:af:61:
                    af:dc:07:2e:79:c1:66:fd:be:44:fa:1d:0c:1f:d7:
                    fa:10:af:33:ac:b5:f1:53:1a:88:b6:49:1a:ae:4b:
                    a4:3e:26:99:01:11:89:ae:ae:af:dd:37:f2:f7:ef:
                    38:c5:9c:92:fc:55:1e:c4:7a:5c:24:e8:f1:45:ae:
                    d7:06:39:e7:d0:6f:02:26:b0:eb:69:9d:d9:b0:c6:
                    58:4c:c7:79:07:97:d5:2e:71:8e:3d:bd:5c:6b:70:
                    41:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:A3:B2:18:B7:D9:F6:78:AB:33:50:17:B4:1F:6D:67:2B:CF:73:FD
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/caOyGLfZ9nirM1AXtB9tZyvPc_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:0a:81:d3:bb:4b:2e:04:7a:31:4c:5f:49:94:41:16:d5:b1:
         99:a5:1b:98:94:73:cb:95:f2:7a:8b:61:84:95:c7:76:79:30:
         f8:d1:55:16:20:a5:d8:25:f3:5a:aa:62:e2:01:a7:6a:62:ed:
         f8:7c:36:09:14:a3:ff:b8:a8:54:98:59:7f:80:06:d8:5e:ac:
         49:01:d9:5b:51:f8:88:fc:0d:cd:cc:0e:07:de:e0:be:fe:4d:
         ee:c8:7b:9e:b6:aa:41:fa:b4:c5:5e:a4:b4:7c:04:a9:3b:c5:
         bb:f1:e9:33:5e:c2:8b:d7:fd:c7:99:50:5f:9d:61:c2:e4:93:
         95:78:99:a1:15:9d:65:2d:65:75:bf:51:70:1b:f3:97:14:2e:
         0c:2f:5a:b5:78:1f:de:1e:66:5a:c7:08:2d:3c:46:62:45:dc:
         55:59:a1:f3:45:e9:b9:b9:6a:49:ba:74:95:5e:6c:39:30:0c:
         e1:7a:c4:4c:3a:d8:f4:b7:e1:3f:21:1b:07:35:2f:6b:ee:59:
         8e:05:dc:91:99:37:4f:08:45:f9:37:5e:d6:19:c9:30:ff:46:
         9c:51:72:a5:25:84:1f:d9:26:20:c5:e5:77:2e:88:c7:bb:f5:
         de:1a:0a:f1:76:2c:09:d5:10:b8:11:08:07:fe:ab:7b:cc:94:
         b0:15:4e:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJrzUqmHa2EdG60veSO/7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwMTAyMTc1MzM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWEzYjIxOGI3ZDlmNjc4YWIzMzUwMTdiNDFmNmQ2NzJiY2Y3M2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlR6ARGkhtZrKuV5HA0TPKRfbmmzo
3nKdJOyPL0LIreJ9OvIWwo6x6B0OUgrEvqTws27JmtsiVhMBBCn6WVLPR4iSpurg
c456RsC3LZtQTdJsbVH6Ss3EcJ2jYDmNoNpoDpxljSFNmFZ1IBzabQihkRuJdLhw
7QVd4MAfum9v4phYiq7qGEu0IlpuqeIA21iKkTwbkyh0+O5OzYq2bgOAIhN2r2Gv
3AcuecFm/b5E+h0MH9f6EK8zrLXxUxqItkkarkukPiaZARGJrq6v3Tfy9+84xZyS
/FUexHpcJOjxRa7XBjnn0G8CJrDraZ3ZsMZYTMd5B5fVLnGOPb1ca3BBGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGjshi32fZ4qzNQF7QfbWcrz3P9MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvY2FPeUdMZlo5bmlyTTFBWHRCOXRaeXZQY18wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCBoMA0G
CSqGSIb3DQEBCwUAA4IBAQBOCoHTu0suBHoxTF9JlEEW1bGZpRuYlHPLlfJ6i2GE
lcd2eTD40VUWIKXYJfNaqmLiAadqYu34fDYJFKP/uKhUmFl/gAbYXqxJAdlbUfiI
/A3NzA4H3uC+/k3uyHuetqpB+rTFXqS0fASpO8W78ekzXsKL1/3HmVBfnWHC5JOV
eJmhFZ1lLWV1v1FwG/OXFC4ML1q1eB/eHmZaxwgtPEZiRdxVWaHzRem5uWpJunSV
Xmw5MAzhesRMOtj0t+E/IRsHNS9r7lmOBdyRmTdPCEX5N17WGckw/0acUXKlJYQf
2SYgxeV3LojHu/XeGgrxdiwJ1RC4EQgH/qt7zJSwFU4j
-----END CERTIFICATE-----