Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/dLRSFilVx_l9dUaLe6LhOzrgxWE.roa
File:                     dLRSFilVx_l9dUaLe6LhOzrgxWE.roa (raw, json)
Hash identifier:          JzUaU6UjnZliUocI+B8HJ/1TdnYSPPJEe+GZL3+WYgg=
Subject key identifier:   74:B4:52:16:29:55:C7:F9:7D:75:46:8B:7B:A2:E1:3B:3A:E0:C5:61
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01942826CA0E979AAA197A85658E13E9EC4B
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/dLRSFilVx_l9dUaLe6LhOzrgxWE.roa
Signing time:             Thu 02 Jan 2025 17:53:38 +0000
ROA not before:           Thu 02 Jan 2025 17:53:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216444
IP address blocks:        84.32.22.0/23 maxlen: 24
                          84.32.249.0/24 maxlen: 24
                          88.216.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 02:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:ca:0e:97:9a:aa:19:7a:85:65:8e:13:e9:ec:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  2 17:53:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74b452162955c7f97d75468b7ba2e13b3ae0c561
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:48:59:6d:c1:02:85:2e:2c:fc:12:e3:b2:37:
                    e0:9d:70:e0:4c:c6:54:54:fc:84:3b:dd:cc:37:ed:
                    d9:c2:34:c5:82:77:4a:e5:b3:73:00:2b:82:bc:ca:
                    5c:1f:0a:b4:20:32:0f:b5:4a:f6:39:9d:6d:8a:b8:
                    10:ec:8a:2b:ff:bb:e1:ff:fd:d7:72:34:80:8a:2b:
                    f4:25:8d:b3:05:60:35:fe:c4:1b:79:ea:58:33:e4:
                    96:05:22:3f:d3:7e:ad:83:7b:41:3d:21:32:67:b6:
                    b9:d8:fb:32:0f:74:2a:a1:0e:7d:c1:e2:f9:4e:e0:
                    c7:d9:ff:f9:f8:be:d9:1f:03:23:24:e1:2c:72:47:
                    7e:eb:8c:87:21:8b:65:73:fc:90:9b:16:4b:c0:1b:
                    7b:b7:29:bb:69:de:f8:62:cf:59:f9:4b:fd:8e:e7:
                    71:b3:90:2e:a9:c5:cb:24:b1:12:ae:b7:34:38:a6:
                    91:bf:cc:a0:6b:e5:88:60:a8:dd:d9:0f:6d:5d:d4:
                    25:9c:dc:3e:53:9a:0d:07:dc:1c:2a:90:6b:35:f2:
                    59:22:b4:3c:01:32:c7:9d:8d:94:54:05:ef:de:94:
                    30:7e:3e:68:c5:64:74:e1:5d:83:91:05:98:ff:a6:
                    10:8b:1e:21:17:9c:3a:12:37:be:89:3b:a3:88:20:
                    25:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:B4:52:16:29:55:C7:F9:7D:75:46:8B:7B:A2:E1:3B:3A:E0:C5:61
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/dLRSFilVx_l9dUaLe6LhOzrgxWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.22.0/23
                  84.32.249.0/24
                  88.216.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:68:f0:71:be:87:6e:62:b1:69:87:43:08:7c:8f:1d:3d:b0:
         7a:80:62:32:28:63:07:f7:ce:22:d9:cd:e9:c4:da:a9:ca:9a:
         41:e5:6b:6f:e1:65:99:f5:3a:ec:8c:3f:56:28:60:67:1c:91:
         ad:b1:8f:65:2f:5f:17:1c:f0:5e:ea:4a:76:57:e5:a1:1a:18:
         0b:f1:ff:fb:d3:43:ba:47:a8:48:83:ba:e0:c7:0a:aa:0f:ac:
         1d:73:ea:56:84:05:cc:af:84:fb:6f:b6:94:c5:0d:7c:6a:31:
         98:2f:6a:ec:bb:2e:bc:72:c8:97:71:b2:49:bb:c0:23:ec:1e:
         46:b3:a9:8f:3c:59:bf:61:ac:8f:57:a7:42:9b:f4:80:03:4a:
         63:9e:10:43:56:a9:53:ac:7e:c9:70:ce:4a:2d:6b:9b:98:15:
         65:20:a7:b0:97:4f:2c:0a:a9:b7:a8:31:54:f4:eb:bd:53:a7:
         0f:e2:47:ba:1c:7f:99:04:85:9d:48:53:47:1c:dd:41:ed:db:
         56:e1:a3:74:6c:3d:20:64:0e:7c:ea:c8:6a:9f:e1:12:68:49:
         45:42:42:af:fe:c3:f9:e2:66:4a:4e:14:32:dc:ff:b4:26:22:
         9d:8f:fd:df:76:c3:66:10:fd:8e:9a:ab:08:06:31:8a:af:81:
         a6:ac:59:94
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQoJsoOl5qqGXqFZY4T6exLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwMTAyMTc1MzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGI0NTIxNjI5NTVjN2Y5N2Q3NTQ2OGI3YmEyZTEzYjNhZTBjNTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEhZbcEChS4s/BLjsjfgnXDgTMZU
VPyEO93MN+3ZwjTFgndK5bNzACuCvMpcHwq0IDIPtUr2OZ1tirgQ7Ior/7vh//3X
cjSAiiv0JY2zBWA1/sQbeepYM+SWBSI/036tg3tBPSEyZ7a52PsyD3QqoQ59weL5
TuDH2f/5+L7ZHwMjJOEsckd+64yHIYtlc/yQmxZLwBt7tym7ad74Ys9Z+Uv9judx
s5AuqcXLJLESrrc0OKaRv8yga+WIYKjd2Q9tXdQlnNw+U5oNB9wcKpBrNfJZIrQ8
ATLHnY2UVAXv3pQwfj5oxWR04V2DkQWY/6YQix4hF5w6Eje+iTujiCAlmQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHS0UhYpVcf5fXVGi3ui4Ts64MVhMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvZExSU0ZpbFZ4X2w5ZFVhTGU2TGhPenJneFdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBVCAWAwQA
VCD5AwQAWNjQMA0GCSqGSIb3DQEBCwUAA4IBAQCVaPBxvoduYrFph0MIfI8dPbB6
gGIyKGMH984i2c3pxNqpyppB5Wtv4WWZ9TrsjD9WKGBnHJGtsY9lL18XHPBe6kp2
V+WhGhgL8f/700O6R6hIg7rgxwqqD6wdc+pWhAXMr4T7b7aUxQ18ajGYL2rsuy68
csiXcbJJu8Aj7B5Gs6mPPFm/YayPV6dCm/SAA0pjnhBDVqlTrH7JcM5KLWubmBVl
IKewl08sCqm3qDFU9Ou9U6cP4ke6HH+ZBIWdSFNHHN1B7dtW4aN0bD0gZA586shq
n+ESaElFQkKv/sP54mZKThQy3P+0JiKdj/3fdsNmEP2OmqsIBjGKr4GmrFmU
-----END CERTIFICATE-----