Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mfNzmi-1CAWJdVAo0zjIRThiK0Y.roa
File:                     mfNzmi-1CAWJdVAo0zjIRThiK0Y.roa (raw, json)
Hash identifier:          Rvot1tBs3GNUWXbuyNYS95mu7hu0/igWG+hy63b2oKA=
Subject key identifier:   99:F3:73:9A:2F:B5:08:05:89:75:50:28:D3:38:C8:45:38:62:2B:46
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC5013A1C9AC7034C8682ABF17C07CE45
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mfNzmi-1CAWJdVAo0zjIRThiK0Y.roa
Signing time:             Mon 01 Jan 2024 12:30:41 +0000
ROA not before:           Mon 01 Jan 2024 12:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9087
IP address blocks:        88.216.182.0/23 maxlen: 23
                          84.32.208.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 02:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:3a:1c:9a:c7:03:4c:86:82:ab:f1:7c:07:ce:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99f3739a2fb5080589755028d338c84538622b46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:cb:a4:ab:08:e7:44:1b:a6:5d:16:10:58:ec:
                    6f:27:90:70:57:4b:ba:7c:4e:66:96:57:0f:d2:64:
                    64:74:03:a4:05:8e:39:3b:3f:ed:2b:bf:dd:35:83:
                    16:01:a3:3c:7e:52:04:31:7c:d7:b6:81:54:b5:b2:
                    5c:ba:bf:4b:91:94:d7:f9:39:f0:9d:d0:61:7a:13:
                    c0:87:0e:d0:4e:ea:20:8f:b9:78:26:17:cf:c0:82:
                    50:ad:36:6e:55:cf:23:83:3f:c8:81:26:c1:59:ea:
                    85:f1:61:5e:dc:37:c8:29:18:4b:fc:5b:8b:87:24:
                    11:75:a1:ee:39:4a:c7:f5:5f:6f:19:e0:1e:92:26:
                    8e:c9:89:d7:2e:38:97:eb:27:49:be:4f:e1:c5:04:
                    0e:b1:6b:75:79:da:66:59:db:c5:c5:83:1e:d7:05:
                    e5:b9:42:39:9a:5b:bc:10:cd:67:a7:dc:44:b1:62:
                    c5:54:c8:0c:f7:4c:74:3d:60:dd:7d:f2:83:9e:40:
                    67:3d:f9:7d:28:19:0c:db:12:8c:e4:f9:a4:6a:ea:
                    85:e2:7b:0e:a0:92:4f:a4:52:1b:91:23:52:ab:af:
                    5e:da:3f:d9:c3:d3:50:7d:4e:fe:47:bc:50:b3:fd:
                    ed:a3:8c:49:0d:5a:2f:8a:da:b5:b1:c5:34:e8:51:
                    31:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:F3:73:9A:2F:B5:08:05:89:75:50:28:D3:38:C8:45:38:62:2B:46
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mfNzmi-1CAWJdVAo0zjIRThiK0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.208.0/23
                  88.216.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:3d:b0:df:03:db:b0:4b:ff:f6:83:33:0a:8f:7e:5b:a4:8e:
         92:30:5c:e1:fe:72:2a:c8:5c:a4:29:80:02:cb:3f:4c:0e:51:
         69:ab:ac:81:3c:68:d4:eb:f9:f9:f7:1b:3d:d6:0c:b0:11:2b:
         c5:72:59:04:2b:d5:ed:41:24:02:4d:69:cb:b4:46:9e:42:da:
         7a:d1:19:14:e2:3d:82:59:36:3e:24:22:a6:43:be:ab:12:94:
         76:cb:81:86:55:f7:0f:13:ed:b7:0c:c7:46:41:e0:99:5f:f0:
         5e:2d:d3:84:3c:78:c6:4b:fc:9d:65:3c:ca:4f:7e:85:f1:48:
         2f:c3:f0:c1:7a:f4:ea:f9:f4:f5:ec:b6:29:1f:ab:62:47:8f:
         e1:a7:f8:49:d6:66:f2:14:19:fa:9e:45:af:34:39:2b:4d:8e:
         67:41:e4:20:13:57:d4:69:fc:74:a7:ed:a8:0c:af:30:28:be:
         a7:21:19:b1:df:e2:90:44:a8:af:c3:91:05:6a:5c:b8:73:9f:
         cb:ab:16:a8:db:47:72:d8:37:33:bb:c1:60:07:2d:dd:17:24:
         0c:4b:74:f7:f6:b3:f6:59:58:88:6a:ad:5f:fc:81:d4:38:bd:
         77:5e:fa:af:e8:82:be:40:b4:ff:ef:45:02:b9:a3:13:5a:d6:
         7e:a5:22:82
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFATocmscDTIaCq/F8B85FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWYzNzM5YTJmYjUwODA1ODk3NTUwMjhkMzM4Yzg0NTM4NjIyYjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcukqwjnRBumXRYQWOxvJ5BwV0u6
fE5mllcP0mRkdAOkBY45Oz/tK7/dNYMWAaM8flIEMXzXtoFUtbJcur9LkZTX+Tnw
ndBhehPAhw7QTuogj7l4JhfPwIJQrTZuVc8jgz/IgSbBWeqF8WFe3DfIKRhL/FuL
hyQRdaHuOUrH9V9vGeAekiaOyYnXLjiX6ydJvk/hxQQOsWt1edpmWdvFxYMe1wXl
uUI5mlu8EM1np9xEsWLFVMgM90x0PWDdffKDnkBnPfl9KBkM2xKM5PmkauqF4nsO
oJJPpFIbkSNSq69e2j/Zw9NQfU7+R7xQs/3to4xJDVovitq1scU06FExSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJnzc5ovtQgFiXVQKNM4yEU4YitGMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvbWZOem1pLTFDQVdKZFZBbzB6aklSVGhpSzBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBVCDQAwQB
WNi2MA0GCSqGSIb3DQEBCwUAA4IBAQCePbDfA9uwS//2gzMKj35bpI6SMFzh/nIq
yFykKYACyz9MDlFpq6yBPGjU6/n59xs91gywESvFclkEK9XtQSQCTWnLtEaeQtp6
0RkU4j2CWTY+JCKmQ76rEpR2y4GGVfcPE+23DMdGQeCZX/BeLdOEPHjGS/ydZTzK
T36F8Ugvw/DBevTq+fT17LYpH6tiR4/hp/hJ1mbyFBn6nkWvNDkrTY5nQeQgE1fU
afx0p+2oDK8wKL6nIRmx3+KQRKivw5EFaly4c5/Lqxao20dy2Dczu8FgBy3dFyQM
S3T39rP2WViIaq1f/IHUOL13Xvqv6IK+QLT/70UCuaMTWtZ+pSKC
-----END CERTIFICATE-----