Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/iUoBIoW6mMz3HfKYX1qFouctsWs.roa
File:                     iUoBIoW6mMz3HfKYX1qFouctsWs.roa (raw, json)
Hash identifier:          sZjbMBkab4SpWHDvK28u+9SZnH9irMgVv+3dFQuW95o=
Subject key identifier:   89:4A:01:22:85:BA:98:CC:F7:1D:F2:98:5F:5A:85:A2:E7:2D:B1:6B
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018D6467BE0C198809988F6B094661C036FD
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/iUoBIoW6mMz3HfKYX1qFouctsWs.roa
Signing time:             Thu 01 Feb 2024 11:22:16 +0000
ROA not before:           Thu 01 Feb 2024 11:22:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201364
IP address blocks:        84.32.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:64:67:be:0c:19:88:09:98:8f:6b:09:46:61:c0:36:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Feb  1 11:22:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=894a012285ba98ccf71df2985f5a85a2e72db16b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:2e:cd:a6:dd:c4:03:f7:78:a5:9c:7f:90:b7:
                    fd:07:9c:d0:e0:69:3a:92:be:96:7f:3e:85:0d:f5:
                    76:20:4a:51:33:7e:fa:e5:0c:2b:02:28:f4:32:0d:
                    e8:cb:65:46:7f:93:43:1b:18:e1:72:d9:1c:0d:aa:
                    06:ff:06:17:2d:35:57:7a:9d:de:0e:c8:fd:80:92:
                    63:7f:b5:ca:68:0e:6b:a3:bd:1d:8c:6e:9b:d9:ee:
                    5b:5b:2d:18:e5:33:62:d1:fb:a4:56:5c:1f:55:49:
                    bc:5f:85:42:f6:a3:88:b3:d6:cd:fb:4f:01:58:44:
                    6a:d9:f7:6a:24:a9:63:8d:ea:c1:c7:c1:c5:85:43:
                    65:6d:19:f8:51:87:da:fe:78:c0:0c:92:92:18:9d:
                    a9:db:48:a9:02:93:cc:3a:da:c6:b0:61:fe:d1:c4:
                    b3:84:d4:fc:73:25:ad:cf:bd:18:2c:14:60:ef:f4:
                    f9:45:4f:8f:2f:1b:72:7b:aa:6f:6b:7f:80:49:df:
                    71:c9:e7:1a:be:b7:bb:82:fc:ef:3e:96:35:6e:f7:
                    48:73:23:e6:4f:53:67:68:2e:77:8f:9a:d8:b1:ac:
                    38:96:3c:08:2a:d5:6f:a7:f7:73:51:c6:53:af:34:
                    16:cc:e0:4d:b3:07:79:14:0f:aa:aa:0e:ad:c0:16:
                    be:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:4A:01:22:85:BA:98:CC:F7:1D:F2:98:5F:5A:85:A2:E7:2D:B1:6B
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/iUoBIoW6mMz3HfKYX1qFouctsWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:a1:16:f1:1d:a2:b9:cc:54:ce:9c:ef:62:7c:91:a0:e9:09:
         4f:40:32:5b:14:b0:77:2f:0b:c2:a0:2e:d9:1c:cc:b6:83:7d:
         37:50:8c:2a:31:f6:1a:3e:d9:7a:dc:5f:e8:6d:28:fb:82:84:
         a8:df:23:08:72:fd:61:d2:dc:45:d1:dc:69:36:fa:6e:2e:86:
         e3:4b:25:97:46:a5:eb:09:de:58:d3:97:5e:e0:a8:42:7f:51:
         7f:67:97:0e:af:b3:a8:72:b9:7f:fc:8c:eb:6f:a6:22:81:f5:
         db:5e:aa:39:64:61:bb:57:87:c4:66:f6:16:f0:e8:52:57:9d:
         d3:d4:fe:01:62:7d:24:48:94:95:e7:90:99:32:af:eb:39:fe:
         86:30:5d:98:2c:3e:49:60:8e:f7:ef:8d:2a:80:58:53:d4:c7:
         c7:af:cd:b8:af:0d:0f:10:a5:47:72:90:fb:10:73:50:e5:6b:
         48:df:8f:a1:af:69:18:a5:28:66:f8:78:d7:51:46:d5:d9:24:
         f8:52:63:23:a1:e2:40:95:39:f0:8a:d5:9e:ee:15:ca:23:e5:
         10:56:75:2b:28:2f:7d:e1:7f:d0:bf:71:d5:e2:56:8b:4a:36:
         ea:12:ab:28:b9:18:a4:54:40:0e:ca:3d:7b:66:8a:35:e5:bf:
         a2:a9:5d:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1kZ74MGYgJmI9rCUZhwDb9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMjAxMTEyMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTRhMDEyMjg1YmE5OGNjZjcxZGYyOTg1ZjVhODVhMmU3MmRiMTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkC7Npt3EA/d4pZx/kLf9B5zQ4Gk6
kr6Wfz6FDfV2IEpRM3765QwrAij0Mg3oy2VGf5NDGxjhctkcDaoG/wYXLTVXep3e
Dsj9gJJjf7XKaA5ro70djG6b2e5bWy0Y5TNi0fukVlwfVUm8X4VC9qOIs9bN+08B
WERq2fdqJKljjerBx8HFhUNlbRn4UYfa/njADJKSGJ2p20ipApPMOtrGsGH+0cSz
hNT8cyWtz70YLBRg7/T5RU+PLxtye6pva3+ASd9xyecavre7gvzvPpY1bvdIcyPm
T1NnaC53j5rYsaw4ljwIKtVvp/dzUcZTrzQWzOBNswd5FA+qqg6twBa+FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIlKASKFupjM9x3ymF9ahaLnLbFrMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvaVVvQklvVzZtTXozSGZLWVgxcUZvdWN0c1dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCDnMA0G
CSqGSIb3DQEBCwUAA4IBAQAFoRbxHaK5zFTOnO9ifJGg6QlPQDJbFLB3LwvCoC7Z
HMy2g303UIwqMfYaPtl63F/obSj7goSo3yMIcv1h0txF0dxpNvpuLobjSyWXRqXr
Cd5Y05de4KhCf1F/Z5cOr7Oocrl//Izrb6YigfXbXqo5ZGG7V4fEZvYW8OhSV53T
1P4BYn0kSJSV55CZMq/rOf6GMF2YLD5JYI73740qgFhT1MfHr824rw0PEKVHcpD7
EHNQ5WtI34+hr2kYpShm+HjXUUbV2ST4UmMjoeJAlTnwitWe7hXKI+UQVnUrKC99
4X/Qv3HV4laLSjbqEqsouRikVEAOyj17Zoo15b+iqV19
-----END CERTIFICATE-----