Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/seZwbp8AkKvk4geypswKXtPQzl4.roa
File:                     seZwbp8AkKvk4geypswKXtPQzl4.roa (raw, json)
Hash identifier:          z9LLh+ptHQ8BrQ67SY8umOsCwtn65YPBOa4LKAT0HdM=
Subject key identifier:   B1:E6:70:6E:9F:00:90:AB:E4:E2:07:B2:A6:CC:0A:5E:D3:D0:CE:5E
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC5014EB66801E6742090379D92EDD9F8
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/seZwbp8AkKvk4geypswKXtPQzl4.roa
Signing time:             Mon 01 Jan 2024 12:30:46 +0000
ROA not before:           Mon 01 Jan 2024 12:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212669
IP address blocks:        84.32.69.0/24 maxlen: 24
                          84.32.86.0/24 maxlen: 24
                          84.32.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4e:b6:68:01:e6:74:20:90:37:9d:92:ed:d9:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1e6706e9f0090abe4e207b2a6cc0a5ed3d0ce5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:12:72:97:49:14:15:e8:e3:6b:14:ef:34:b8:
                    71:73:5b:e5:f5:52:c9:b8:bc:eb:1a:10:47:5f:f8:
                    05:4a:4d:c1:24:b8:25:3c:39:d2:a5:0e:4f:ea:cc:
                    75:24:fc:52:cc:2c:8f:55:10:4d:27:66:ab:0d:7a:
                    c5:e4:01:27:e0:c8:c3:6e:f3:35:b2:e1:65:18:1e:
                    84:53:ae:e5:34:b1:cc:8b:50:74:99:74:a7:8a:d7:
                    12:78:ac:0d:86:12:50:e7:e5:6c:11:27:df:b2:2e:
                    45:78:24:f5:3f:db:2f:33:50:ef:d7:06:d2:4e:f9:
                    9a:4d:1c:24:1b:4f:09:c7:a5:dc:9d:4d:c5:2c:a0:
                    e6:ca:3f:22:99:81:e8:6d:ee:84:9d:17:50:b4:5f:
                    03:c4:6e:3d:ed:f3:fd:f2:87:e9:f0:67:51:e4:a3:
                    11:df:3d:ea:df:7e:f9:6f:33:9b:23:c0:90:7e:c7:
                    3d:3b:8b:d8:99:88:87:fe:0e:0b:f7:13:e5:60:ec:
                    e7:20:58:16:fd:0c:ed:34:8b:15:7e:35:1c:74:5b:
                    70:ad:a0:6a:da:b3:98:7b:17:00:f2:e8:65:d9:ed:
                    2f:f6:80:be:bc:b5:c9:3c:2b:6e:be:c7:03:fc:e2:
                    80:38:94:5b:93:c7:65:07:0f:40:aa:62:15:58:bd:
                    3a:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:E6:70:6E:9F:00:90:AB:E4:E2:07:B2:A6:CC:0A:5E:D3:D0:CE:5E
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/seZwbp8AkKvk4geypswKXtPQzl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.69.0/24
                  84.32.86.0/24
                  84.32.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:d6:94:b0:c7:fd:e9:ae:2d:80:3e:a2:5e:ec:b2:72:c6:f2:
         be:ca:29:4e:c1:01:03:ff:37:8a:51:db:18:c4:00:52:2a:7a:
         3c:4e:43:8c:e3:29:de:d3:41:f7:74:09:cd:fa:4b:9b:cb:5c:
         b9:68:d0:a0:c7:11:f2:53:3a:15:74:5a:33:ce:15:57:7a:bf:
         46:b4:66:b0:9a:4b:81:c4:53:de:d4:ac:7e:45:7d:8c:c5:3e:
         24:7b:a9:99:87:77:f7:db:9c:c9:5d:54:01:6f:1c:9c:f0:21:
         ba:d3:fb:19:c6:72:6d:44:d9:e4:27:6f:1a:d0:00:c5:b8:f5:
         ad:fe:c7:39:96:95:44:d8:3b:04:9d:58:cf:e8:60:4a:7c:bd:
         a5:2d:2a:5d:c7:9a:a8:29:9b:ea:6f:c5:48:55:88:53:1d:fc:
         a3:2b:9c:89:d8:0b:a6:74:a0:fe:cc:47:57:9e:07:0f:69:6b:
         66:c2:c3:b5:19:cf:c5:97:fb:ea:b3:06:07:bf:78:e8:46:d7:
         90:36:ae:5b:df:2d:c8:ca:6c:a5:32:13:24:4a:be:43:ab:c8:
         ac:b0:20:ff:7f:ce:f9:09:79:5c:80:1d:03:08:31:ff:fb:58:
         02:9b:6d:7e:9e:9f:90:c4:90:b0:2e:c7:15:0d:23:82:d2:1f:
         13:3b:54:a6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFAU62aAHmdCCQN52S7dn4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWU2NzA2ZTlmMDA5MGFiZTRlMjA3YjJhNmNjMGE1ZWQzZDBjZTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgxJyl0kUFejjaxTvNLhxc1vl9VLJ
uLzrGhBHX/gFSk3BJLglPDnSpQ5P6sx1JPxSzCyPVRBNJ2arDXrF5AEn4MjDbvM1
suFlGB6EU67lNLHMi1B0mXSnitcSeKwNhhJQ5+VsESffsi5FeCT1P9svM1Dv1wbS
TvmaTRwkG08Jx6XcnU3FLKDmyj8imYHobe6EnRdQtF8DxG497fP98ofp8GdR5KMR
3z3q3375bzObI8CQfsc9O4vYmYiH/g4L9xPlYOznIFgW/QztNIsVfjUcdFtwraBq
2rOYexcA8uhl2e0v9oC+vLXJPCtuvscD/OKAOJRbk8dlBw9AqmIVWL06LwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLHmcG6fAJCr5OIHsqbMCl7T0M5eMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvc2Vad2JwOEFrS3ZrNGdleXBzd0tYdFBRemw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVCBFAwQA
VCBWAwQAVCDjMA0GCSqGSIb3DQEBCwUAA4IBAQAf1pSwx/3pri2APqJe7LJyxvK+
yilOwQED/zeKUdsYxABSKno8TkOM4yne00H3dAnN+kuby1y5aNCgxxHyUzoVdFoz
zhVXer9GtGawmkuBxFPe1Kx+RX2MxT4ke6mZh3f325zJXVQBbxyc8CG60/sZxnJt
RNnkJ28a0ADFuPWt/sc5lpVE2DsEnVjP6GBKfL2lLSpdx5qoKZvqb8VIVYhTHfyj
K5yJ2AumdKD+zEdXngcPaWtmwsO1Gc/Fl/vqswYHv3joRteQNq5b3y3IymylMhMk
Sr5Dq8issCD/f875CXlcgB0DCDH/+1gCm21+np+QxJCwLscVDSOC0h8TO1Sm
-----END CERTIFICATE-----