Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/kqDdzDh68nLJvXAv7wTHxmkcKt4.roa
File:                     kqDdzDh68nLJvXAv7wTHxmkcKt4.roa (raw, json)
Hash identifier:          GyP6Byrt5JgNiAb5QQQ6wTBX0dLDcg1Gi7YEodn03k8=
Subject key identifier:   92:A0:DD:CC:38:7A:F2:72:C9:BD:70:2F:EF:04:C7:C6:69:1C:2A:DE
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0192417A5475F0B0A486FEA69C07E624B70B
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/kqDdzDh68nLJvXAv7wTHxmkcKt4.roa
Signing time:             Mon 30 Sep 2024 05:49:48 +0000
ROA not before:           Mon 30 Sep 2024 05:49:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        84.32.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:41:7a:54:75:f0:b0:a4:86:fe:a6:9c:07:e6:24:b7:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Sep 30 05:49:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92a0ddcc387af272c9bd702fef04c7c6691c2ade
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:0a:2e:f8:c7:b0:0a:e8:64:bd:01:23:51:c1:
                    85:b6:37:8f:e1:c2:ef:ad:06:8b:30:26:3c:b8:b8:
                    3b:2d:80:c3:c4:36:f1:86:a2:01:79:d4:2e:f2:e0:
                    16:28:e2:61:e4:92:cf:15:c8:b3:79:bc:31:bf:b4:
                    57:92:e6:9b:34:82:2a:70:fe:0a:5e:39:ad:af:9f:
                    49:a5:fc:ad:bf:5c:24:45:f9:2f:f0:cf:31:56:34:
                    12:f1:3f:e3:c0:4a:d2:fc:89:e7:b0:b3:e7:fc:69:
                    42:09:ee:1e:d7:07:bf:8c:5c:86:b7:5b:5f:a8:a2:
                    48:eb:9c:73:1a:3d:13:67:88:63:b6:0e:a8:01:52:
                    d5:a0:bd:18:b7:db:fa:d0:28:da:95:3d:70:f0:b3:
                    d3:bf:40:cd:36:b6:bb:40:35:82:3a:5a:75:ae:d3:
                    04:37:74:57:a4:11:0b:dc:8e:e5:f7:a0:ac:f3:98:
                    da:8b:5c:2d:01:56:b2:ae:f7:6e:78:e9:13:91:e6:
                    ea:93:76:00:b1:43:cf:54:e0:ae:58:bf:cd:da:02:
                    30:05:6b:90:4e:ab:49:d0:92:67:17:96:28:c6:a9:
                    6d:01:09:5d:3c:2e:55:ee:af:30:3c:c8:81:38:94:
                    d7:d1:ab:39:6d:32:06:53:60:41:aa:f9:33:b2:a3:
                    ef:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:A0:DD:CC:38:7A:F2:72:C9:BD:70:2F:EF:04:C7:C6:69:1C:2A:DE
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/kqDdzDh68nLJvXAv7wTHxmkcKt4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:04:09:1d:91:d4:29:7e:c5:f8:c4:c4:c0:21:f5:f2:b0:9f:
         86:6b:09:a6:81:5e:48:d3:f1:75:e3:8a:72:50:f5:fe:7b:40:
         60:3d:fe:ef:10:df:c8:9e:97:91:9b:88:de:95:31:30:c7:6e:
         c2:93:7b:8f:3f:5c:bc:24:a2:47:d3:56:95:81:c1:6c:dd:a2:
         51:0f:a5:47:a9:99:02:58:e0:1d:a0:32:37:f3:b0:a4:79:e0:
         71:99:15:d7:6f:d6:c4:57:78:53:0e:9f:71:01:7e:15:ec:86:
         f9:77:34:c6:62:cb:b8:96:69:bc:c1:a3:2f:13:d9:e0:f1:17:
         c1:6a:db:7e:55:9e:d5:38:2d:ac:49:0c:e0:01:27:59:cd:84:
         05:4b:b1:19:2e:c6:7f:b8:b7:6d:a6:8a:4d:90:2d:53:d1:0d:
         60:c6:ba:fc:25:6b:c0:a9:49:d3:33:b2:ff:c6:6a:32:30:61:
         3c:72:70:c8:c7:1f:cd:cc:e0:85:08:95:53:f5:fe:91:89:28:
         fc:19:d7:78:dd:d0:ff:37:5c:53:ff:81:f1:3e:60:4f:47:52:
         c4:80:c9:95:4f:03:bd:0e:54:96:7d:19:c8:1e:52:69:9c:06:
         cd:3e:40:a7:65:44:69:a8:63:a0:60:18:b1:31:52:90:4d:21:
         41:ff:a8:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJBelR18LCkhv6mnAfmJLcLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwOTMwMDU0OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmEwZGRjYzM4N2FmMjcyYzliZDcwMmZlZjA0YzdjNjY5MWMyYWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAou+MewCuhkvQEjUcGFtjeP4cLv
rQaLMCY8uLg7LYDDxDbxhqIBedQu8uAWKOJh5JLPFcizebwxv7RXkuabNIIqcP4K
Xjmtr59Jpfytv1wkRfkv8M8xVjQS8T/jwErS/InnsLPn/GlCCe4e1we/jFyGt1tf
qKJI65xzGj0TZ4hjtg6oAVLVoL0Yt9v60CjalT1w8LPTv0DNNra7QDWCOlp1rtME
N3RXpBEL3I7l96Cs85jai1wtAVayrvdueOkTkebqk3YAsUPPVOCuWL/N2gIwBWuQ
TqtJ0JJnF5YoxqltAQldPC5V7q8wPMiBOJTX0as5bTIGU2BBqvkzsqPvGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKg3cw4evJyyb1wL+8Ex8ZpHCreMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEva3FEZHpEaDY4bkxKdlhBdjd3VEh4bWtjS3Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCAnMA0G
CSqGSIb3DQEBCwUAA4IBAQASBAkdkdQpfsX4xMTAIfXysJ+GawmmgV5I0/F144py
UPX+e0BgPf7vEN/InpeRm4jelTEwx27Ck3uPP1y8JKJH01aVgcFs3aJRD6VHqZkC
WOAdoDI387CkeeBxmRXXb9bEV3hTDp9xAX4V7Ib5dzTGYsu4lmm8waMvE9ng8RfB
att+VZ7VOC2sSQzgASdZzYQFS7EZLsZ/uLdtpopNkC1T0Q1gxrr8JWvAqUnTM7L/
xmoyMGE8cnDIxx/NzOCFCJVT9f6RiSj8Gdd43dD/N1xT/4HxPmBPR1LEgMmVTwO9
DlSWfRnIHlJpnAbNPkCnZURpqGOgYBixMVKQTSFB/6h2
-----END CERTIFICATE-----