Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mqrGhTvN1dZqbeOexQTrBk9YHNQ.roa
File:                     mqrGhTvN1dZqbeOexQTrBk9YHNQ.roa (raw, json)
Hash identifier:          tQXtiuYUi0hyuff2xKEeORcwTxGc7ujguM2T7xxwTxc=
Subject key identifier:   9A:AA:C6:85:3B:CD:D5:D6:6A:6D:E3:9E:C5:04:EB:06:4F:58:1C:D4
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018DA669B57D8A7B24B1D1FBDB7F78FEB96F
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mqrGhTvN1dZqbeOexQTrBk9YHNQ.roa
Signing time:             Wed 14 Feb 2024 06:59:22 +0000
ROA not before:           Wed 14 Feb 2024 06:59:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397630
IP address blocks:        84.32.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a6:69:b5:7d:8a:7b:24:b1:d1:fb:db:7f:78:fe:b9:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Feb 14 06:59:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9aaac6853bcdd5d66a6de39ec504eb064f581cd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:3d:64:41:20:9f:c7:1c:8b:58:3d:79:05:d9:
                    bb:ae:ca:ce:8d:c2:01:b2:8f:b8:9a:ef:68:5b:34:
                    00:9c:02:bf:c8:7e:1a:8b:0b:33:a9:4f:99:6d:b6:
                    84:e2:b9:02:43:f4:44:bb:15:43:23:d8:34:93:2f:
                    e8:f7:17:b1:af:ef:05:e0:61:c8:b9:05:6e:0f:0d:
                    d2:3a:d0:9d:83:f2:f0:08:73:3e:d9:9d:a6:55:84:
                    e9:32:a6:d2:64:93:5c:ae:4b:4f:dc:d2:ba:92:70:
                    8c:b6:be:91:cb:09:30:37:ec:1a:51:3d:db:09:f5:
                    65:cf:68:df:8c:6e:60:19:1c:a1:f3:7b:ec:96:ea:
                    c7:62:0e:df:3b:7c:53:da:60:51:b0:02:06:28:90:
                    9a:d5:c9:ea:28:8b:39:f0:1b:38:08:97:39:9f:65:
                    3d:16:85:0c:61:d2:2a:fc:36:b9:ac:7e:3e:08:8e:
                    db:74:5f:da:89:13:e5:a1:35:4f:f6:64:42:f9:c7:
                    c8:73:d1:12:01:60:46:1c:4d:f2:15:89:d1:dd:17:
                    c5:57:dd:f9:b1:00:ae:7e:a6:fe:4c:dd:7c:3b:89:
                    fb:db:1f:35:c1:f0:18:89:90:5a:94:65:e3:db:59:
                    7d:8b:9e:a8:32:37:9f:58:54:5b:ef:43:f7:48:d8:
                    db:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:AA:C6:85:3B:CD:D5:D6:6A:6D:E3:9E:C5:04:EB:06:4F:58:1C:D4
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mqrGhTvN1dZqbeOexQTrBk9YHNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:11:1b:a2:fe:bf:f8:b1:8d:fc:fd:bd:cc:09:45:6c:f7:60:
         de:2b:24:bf:65:12:02:39:48:ff:93:0a:64:e2:a7:7d:50:b7:
         11:f0:f4:1d:0d:81:f9:5b:87:64:f9:86:48:42:1c:10:11:fa:
         7e:b9:33:90:9a:ea:53:dd:c8:0b:45:6b:b4:2d:31:bf:fc:c5:
         ec:c7:db:c3:a1:45:db:2e:9b:a1:52:ae:56:0a:46:f1:dc:7f:
         a2:62:51:4b:14:13:5e:ad:43:29:ac:ba:83:f3:d6:2b:ca:17:
         30:11:37:bb:df:88:24:1d:5d:81:ce:90:68:4a:45:e1:f8:93:
         1f:9b:69:b0:28:55:22:35:20:6f:c4:cd:63:db:53:57:29:5e:
         ad:4c:0a:a8:d4:ff:64:ab:df:20:6c:88:d7:bf:fc:57:f5:a1:
         07:b8:5e:75:8a:98:36:30:41:49:a8:b9:6c:f8:80:02:9c:f1:
         93:0b:90:fb:56:e1:06:8c:d7:37:bd:84:84:c7:86:5c:b4:43:
         08:ce:89:02:28:fe:1c:b6:16:43:0f:89:58:60:32:bc:8f:2f:
         64:b0:ce:5f:d9:b1:cb:10:34:a8:e3:c2:26:fc:6e:4d:3a:f0:
         72:a3:8d:fd:a3:ab:de:16:78:62:1e:db:2a:b4:2c:0a:66:71:
         d7:86:df:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2mabV9insksdH72394/rlvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMjE0MDY1OTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWFhYzY4NTNiY2RkNWQ2NmE2ZGUzOWVjNTA0ZWIwNjRmNTgxY2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoT1kQSCfxxyLWD15Bdm7rsrOjcIB
so+4mu9oWzQAnAK/yH4aiwszqU+ZbbaE4rkCQ/REuxVDI9g0ky/o9xexr+8F4GHI
uQVuDw3SOtCdg/LwCHM+2Z2mVYTpMqbSZJNcrktP3NK6knCMtr6RywkwN+waUT3b
CfVlz2jfjG5gGRyh83vslurHYg7fO3xT2mBRsAIGKJCa1cnqKIs58Bs4CJc5n2U9
FoUMYdIq/Da5rH4+CI7bdF/aiRPloTVP9mRC+cfIc9ESAWBGHE3yFYnR3RfFV935
sQCufqb+TN18O4n72x81wfAYiZBalGXj21l9i56oMjefWFRb70P3SNjbfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJqqxoU7zdXWam3jnsUE6wZPWBzUMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvbXFyR2hUdk4xZFpxYmVPZXhRVHJCazlZSE5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCBAMA0G
CSqGSIb3DQEBCwUAA4IBAQCUERui/r/4sY38/b3MCUVs92DeKyS/ZRICOUj/kwpk
4qd9ULcR8PQdDYH5W4dk+YZIQhwQEfp+uTOQmupT3cgLRWu0LTG//MXsx9vDoUXb
LpuhUq5WCkbx3H+iYlFLFBNerUMprLqD89YryhcwETe734gkHV2BzpBoSkXh+JMf
m2mwKFUiNSBvxM1j21NXKV6tTAqo1P9kq98gbIjXv/xX9aEHuF51ipg2MEFJqLls
+IACnPGTC5D7VuEGjNc3vYSEx4ZctEMIzokCKP4cthZDD4lYYDK8jy9ksM5f2bHL
EDSo48Im/G5NOvByo439o6veFnhiHtsqtCwKZnHXht+h
-----END CERTIFICATE-----