Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/i7OI96vpqAuRDeEd-FKSUzyCP2M.roa
File:                     i7OI96vpqAuRDeEd-FKSUzyCP2M.roa (raw, json)
Hash identifier:          jSiW7oOXfUr+DLxg3PTeIUDMPlSpr+2g8EmEzuChvj0=
Subject key identifier:   8B:B3:88:F7:AB:E9:A8:0B:91:0D:E1:1D:F8:52:92:53:3C:82:3F:63
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018DB109BE8752B2D280BC42A8CAFA054AE0
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/i7OI96vpqAuRDeEd-FKSUzyCP2M.roa
Signing time:             Fri 16 Feb 2024 08:30:22 +0000
ROA not before:           Fri 16 Feb 2024 08:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5650
IP address blocks:        84.32.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b1:09:be:87:52:b2:d2:80:bc:42:a8:ca:fa:05:4a:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Feb 16 08:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bb388f7abe9a80b910de11df85292533c823f63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:76:3c:64:d3:1a:85:b6:08:36:46:aa:c9:1d:
                    1a:d3:c1:50:95:da:c3:40:68:b4:e7:ad:9e:b7:77:
                    b5:b8:ad:b4:75:5a:77:a6:00:af:52:e5:30:58:f0:
                    79:e0:27:8f:75:70:5b:76:99:4b:e2:6f:c6:99:5f:
                    51:d7:c2:dd:ee:5e:82:c3:28:59:2e:05:9f:da:0b:
                    5a:c1:41:b7:19:cc:7b:91:0a:c0:84:ad:0f:07:d5:
                    2e:f8:e0:4f:9d:be:5d:2b:45:b8:ec:05:4a:3c:fb:
                    b9:2a:88:e1:f3:40:6a:83:3a:e6:67:63:78:97:32:
                    84:8b:41:78:bd:af:a5:98:fc:af:ed:8c:c9:c7:b0:
                    ac:7a:35:b3:62:53:a6:aa:23:ba:a7:ce:b1:0d:d9:
                    9a:69:84:01:46:e1:c4:c0:ca:27:0f:43:d9:38:55:
                    38:6c:fe:0b:da:3b:d6:bb:7f:18:71:9a:6b:a8:60:
                    c0:c4:01:d3:ec:7f:ad:c2:71:55:43:dc:73:d7:75:
                    55:a0:ac:62:f9:79:1e:4d:69:01:23:86:4b:a1:2d:
                    b8:1b:9a:ec:e5:f5:58:d2:ff:b9:8a:24:28:07:fb:
                    ed:e1:2f:eb:97:1a:cc:1e:a0:4c:b8:6d:c7:92:be:
                    1b:63:d8:ac:b2:c7:b9:6f:5c:10:c8:60:1f:c8:b6:
                    d3:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:B3:88:F7:AB:E9:A8:0B:91:0D:E1:1D:F8:52:92:53:3C:82:3F:63
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/i7OI96vpqAuRDeEd-FKSUzyCP2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:2b:41:f1:2e:8e:ed:86:94:e3:18:78:ff:03:cf:e4:8b:99:
         2d:db:7f:9b:cd:ac:4b:06:6c:4c:56:07:14:8a:4a:99:cf:c7:
         41:4c:de:7d:1f:ab:13:2a:db:df:8d:e9:b8:39:cc:b4:b2:0b:
         a0:fa:3a:74:59:71:b2:cb:0f:04:6c:c7:ac:75:13:5e:15:60:
         2a:16:c2:5f:6d:19:2c:38:49:61:e4:46:02:8b:5c:54:c2:0d:
         de:71:87:f4:e9:3e:91:da:fc:64:20:0d:6d:e8:a1:df:48:db:
         d0:a7:e4:f6:77:a9:94:2b:1f:d3:48:d9:15:b0:03:a2:fa:f7:
         9f:52:08:15:06:9d:16:52:9b:71:7e:d2:79:ac:1f:3e:1b:31:
         ca:d1:d3:33:49:02:b3:63:b5:c7:2a:63:19:93:76:6f:ba:9a:
         d7:3a:84:4d:66:36:2b:1c:25:80:c5:1e:80:0a:96:2e:f3:03:
         75:0d:82:62:15:86:ce:fd:d1:32:11:3c:f5:35:b6:75:0b:4e:
         3a:d4:21:78:5a:98:26:02:ee:95:7f:5a:44:0d:b7:4f:a2:6e:
         d6:7b:4e:da:d5:32:d8:16:90:bb:f6:5d:b6:ed:91:5d:b4:c2:
         12:fe:eb:89:99:5e:6f:92:0c:90:86:2a:3e:78:6e:26:98:f5:
         b2:91:ed:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2xCb6HUrLSgLxCqMr6BUrgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMjE2MDgzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmIzODhmN2FiZTlhODBiOTEwZGUxMWRmODUyOTI1MzNjODIzZjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2nY8ZNMahbYINkaqyR0a08FQldrD
QGi0562et3e1uK20dVp3pgCvUuUwWPB54CePdXBbdplL4m/GmV9R18Ld7l6CwyhZ
LgWf2gtawUG3Gcx7kQrAhK0PB9Uu+OBPnb5dK0W47AVKPPu5Kojh80BqgzrmZ2N4
lzKEi0F4va+lmPyv7YzJx7CsejWzYlOmqiO6p86xDdmaaYQBRuHEwMonD0PZOFU4
bP4L2jvWu38YcZprqGDAxAHT7H+twnFVQ9xz13VVoKxi+XkeTWkBI4ZLoS24G5rs
5fVY0v+5iiQoB/vt4S/rlxrMHqBMuG3Hkr4bY9issse5b1wQyGAfyLbTaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuziPer6agLkQ3hHfhSklM8gj9jMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvaTdPSTk2dnBxQXVSRGVFZC1GS1NVenlDUDJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCDYMA0G
CSqGSIb3DQEBCwUAA4IBAQAkK0HxLo7thpTjGHj/A8/ki5kt23+bzaxLBmxMVgcU
ikqZz8dBTN59H6sTKtvfjem4Ocy0sgug+jp0WXGyyw8EbMesdRNeFWAqFsJfbRks
OElh5EYCi1xUwg3ecYf06T6R2vxkIA1t6KHfSNvQp+T2d6mUKx/TSNkVsAOi+vef
UggVBp0WUptxftJ5rB8+GzHK0dMzSQKzY7XHKmMZk3ZvuprXOoRNZjYrHCWAxR6A
CpYu8wN1DYJiFYbO/dEyETz1NbZ1C0461CF4WpgmAu6Vf1pEDbdPom7We07a1TLY
FpC79l227ZFdtMIS/uuJmV5vkgyQhio+eG4mmPWyke2H
-----END CERTIFICATE-----