Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/qiR_8o1SXx3C4eXRWKWE5ylYX6I.roa
File:                     qiR_8o1SXx3C4eXRWKWE5ylYX6I.roa (raw, json)
Hash identifier:          RoCR75mzDDvPCfYX33nsHC2XAZh3bWtG3HUi+DWYm4o=
Subject key identifier:   AA:24:7F:F2:8D:52:5F:1D:C2:E1:E5:D1:58:A5:84:E7:29:58:5F:A2
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0190BF4E8DD689DD653A4B18561072FEFF91
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/qiR_8o1SXx3C4eXRWKWE5ylYX6I.roa
Signing time:             Wed 17 Jul 2024 06:08:34 +0000
ROA not before:           Wed 17 Jul 2024 06:08:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138997
IP address blocks:        84.32.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:55:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bf:4e:8d:d6:89:dd:65:3a:4b:18:56:10:72:fe:ff:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jul 17 06:08:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa247ff28d525f1dc2e1e5d158a584e729585fa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:2e:b6:bf:cc:55:38:d6:08:b2:2e:34:14:88:
                    80:41:16:21:08:44:e8:4a:32:1a:a2:95:94:97:b0:
                    d9:c0:db:50:0c:cb:f4:1b:18:2f:f8:b1:e0:5e:1b:
                    c8:4d:8d:e6:1d:6a:a2:d0:96:16:45:65:37:ec:3e:
                    aa:66:70:bb:a6:c5:f9:5b:60:0c:1e:a8:98:ea:40:
                    99:3c:79:57:9d:29:ad:fa:78:d1:36:af:2b:f4:2f:
                    17:cc:3d:88:2a:90:b3:c6:64:7c:36:63:b1:f4:92:
                    ac:ff:2d:dd:b9:43:c4:a8:2c:ba:ea:ac:3b:fb:35:
                    6c:cb:21:f9:da:b7:df:e3:21:aa:85:ae:a4:96:88:
                    29:32:52:78:98:c6:00:b1:6e:a5:88:ec:62:13:92:
                    6f:0b:b5:10:55:ca:ea:51:8f:97:50:3e:75:ee:ca:
                    49:4d:e0:5f:c6:1c:c6:03:6c:9a:b2:72:e6:ac:9e:
                    89:3e:4b:80:ac:e0:2b:aa:78:b9:3f:c0:f6:70:3d:
                    76:5f:31:6f:ec:e2:61:36:cf:63:45:70:a1:65:68:
                    05:cc:d7:41:e4:cf:1e:6a:34:ba:ba:04:04:c1:6b:
                    d3:e7:69:22:b4:17:b8:28:55:88:40:f1:78:65:76:
                    4f:6e:da:9f:e7:53:c7:7d:88:bd:3d:36:c0:09:1c:
                    d4:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:24:7F:F2:8D:52:5F:1D:C2:E1:E5:D1:58:A5:84:E7:29:58:5F:A2
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/qiR_8o1SXx3C4eXRWKWE5ylYX6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:68:04:26:d0:37:8e:d7:22:13:a8:96:8b:da:0b:24:b9:45:
         b7:f4:99:11:9f:78:70:2b:b3:1f:42:7e:13:e2:93:2b:65:bd:
         bf:3b:6b:a4:bb:6d:a4:04:f2:33:65:12:3e:e0:c6:b9:dd:8b:
         6e:1e:d6:3d:f3:7c:ba:f5:5c:f3:3d:2e:1a:d8:92:31:b5:84:
         56:60:99:98:e3:ef:44:b8:f0:c2:71:b8:36:5a:c2:6f:df:8a:
         be:7d:06:ad:82:f5:52:99:62:3e:c7:3a:2f:59:c7:0b:89:81:
         6a:6a:2e:4a:22:97:9e:b9:2f:ec:ff:e5:31:21:d7:e7:f9:9e:
         23:16:b4:21:3a:0e:7b:0a:de:39:c2:6a:29:35:1c:a9:59:54:
         c8:09:56:c0:d7:a5:fe:fb:43:ad:0c:9e:01:2e:06:ba:4f:9d:
         22:73:80:55:20:bc:c7:bc:ab:93:9c:e2:7e:41:0d:0e:08:19:
         db:14:f0:88:8d:28:98:d1:e8:16:70:5e:e2:73:59:06:65:d5:
         1e:dd:91:9a:12:fd:d5:55:c3:d2:95:45:8e:46:c2:e0:1f:97:
         0c:e7:1d:0a:95:99:f8:f0:11:9a:3f:85:5c:be:14:99:28:23:
         2f:54:55:60:75:35:49:03:ef:a7:32:b4:a4:87:6c:65:ed:d8:
         4f:ff:57:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZC/To3Wid1lOksYVhBy/v+RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwNzE3MDYwODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTI0N2ZmMjhkNTI1ZjFkYzJlMWU1ZDE1OGE1ODRlNzI5NTg1ZmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvy62v8xVONYIsi40FIiAQRYhCETo
SjIaopWUl7DZwNtQDMv0Gxgv+LHgXhvITY3mHWqi0JYWRWU37D6qZnC7psX5W2AM
HqiY6kCZPHlXnSmt+njRNq8r9C8XzD2IKpCzxmR8NmOx9JKs/y3duUPEqCy66qw7
+zVsyyH52rff4yGqha6klogpMlJ4mMYAsW6liOxiE5JvC7UQVcrqUY+XUD517spJ
TeBfxhzGA2yasnLmrJ6JPkuArOArqni5P8D2cD12XzFv7OJhNs9jRXChZWgFzNdB
5M8eajS6ugQEwWvT52kitBe4KFWIQPF4ZXZPbtqf51PHfYi9PTbACRzUhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKokf/KNUl8dwuHl0VilhOcpWF+iMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvcWlSXzhvMVNYeDNDNGVYUldLV0U1eWxZWDZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCAVMA0G
CSqGSIb3DQEBCwUAA4IBAQBEaAQm0DeO1yITqJaL2gskuUW39JkRn3hwK7MfQn4T
4pMrZb2/O2uku22kBPIzZRI+4Ma53YtuHtY983y69VzzPS4a2JIxtYRWYJmY4+9E
uPDCcbg2WsJv34q+fQatgvVSmWI+xzovWccLiYFqai5KIpeeuS/s/+UxIdfn+Z4j
FrQhOg57Ct45wmopNRypWVTICVbA16X++0OtDJ4BLga6T50ic4BVILzHvKuTnOJ+
QQ0OCBnbFPCIjSiY0egWcF7ic1kGZdUe3ZGaEv3VVcPSlUWORsLgH5cM5x0KlZn4
8BGaP4VcvhSZKCMvVFVgdTVJA++nMrSkh2xl7dhP/1dI
-----END CERTIFICATE-----