Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/u1Gs70nzeRr3aq3hAeTAWR6th84.roa
File:                     u1Gs70nzeRr3aq3hAeTAWR6th84.roa (raw, json)
Hash identifier:          WBjJrtF97P9cO3jR/IsWPtSxRw4brBKxDoTWHYnwZqk=
Subject key identifier:   BB:51:AC:EF:49:F3:79:1A:F7:6A:AD:E1:01:E4:C0:59:1E:AD:87:CE
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018EC43293482A20018A15732060E63C0798
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/u1Gs70nzeRr3aq3hAeTAWR6th84.roa
Signing time:             Tue 09 Apr 2024 18:50:32 +0000
ROA not before:           Tue 09 Apr 2024 18:50:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        84.32.82.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c4:32:93:48:2a:20:01:8a:15:73:20:60:e6:3c:07:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Apr  9 18:50:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb51acef49f3791af76aade101e4c0591ead87ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a0:c5:09:c0:ba:a3:b8:9c:91:33:1d:c1:95:
                    69:04:05:dc:41:57:bf:54:d4:9f:ba:48:e1:b2:f6:
                    9c:c7:a2:c4:2a:0e:a1:ed:ce:9f:e4:68:c5:5a:97:
                    ad:80:8b:e4:5a:b7:2f:fb:0b:65:a5:a2:39:00:d8:
                    ff:c9:6f:97:ed:b3:f0:af:cd:e5:a8:03:52:20:8e:
                    b6:ba:f8:b0:5e:ee:16:24:3a:ec:68:d7:f8:df:6d:
                    33:9e:f1:68:57:35:8e:e0:ce:2b:23:12:a3:ba:cf:
                    8a:85:57:95:cb:98:db:1a:32:8c:7d:5b:0f:0e:8a:
                    70:08:0f:58:66:6e:36:9b:5e:1d:fb:37:bd:4c:ae:
                    3a:dd:06:d9:c0:24:fa:63:74:16:f0:e6:55:90:c1:
                    ef:65:e0:4a:d8:96:a9:b5:1f:cb:e2:29:94:b9:ef:
                    a4:66:3c:b9:c7:bb:be:f8:f6:19:3a:0e:30:15:57:
                    18:dd:76:18:42:0a:c2:f1:5e:40:2b:e5:55:a7:dc:
                    e8:4e:64:c5:22:13:99:3d:4e:fc:49:09:01:c6:be:
                    12:95:e7:b5:ed:bf:9d:4a:f1:0d:26:c5:a5:1f:60:
                    18:91:6d:96:8e:89:0f:25:18:e0:de:63:0a:40:cd:
                    1f:bf:e5:5c:90:31:eb:0e:5f:7e:55:f4:76:92:63:
                    7d:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:51:AC:EF:49:F3:79:1A:F7:6A:AD:E1:01:E4:C0:59:1E:AD:87:CE
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/u1Gs70nzeRr3aq3hAeTAWR6th84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:c7:74:26:e3:3e:ab:41:7c:ca:8d:f5:96:45:4f:37:6b:74:
         69:dc:30:ae:0d:69:fd:03:e1:34:af:b7:30:89:33:6a:31:c5:
         1f:56:56:b7:89:08:2d:f7:46:ea:ef:4d:0e:f2:37:12:92:c3:
         1b:21:6a:2a:2f:71:01:c4:cf:ab:59:27:0e:fe:d0:21:d6:aa:
         84:4f:1d:d4:f8:87:6f:7d:d4:3d:cb:47:08:6f:c2:57:9a:43:
         42:52:63:ee:f4:1f:98:e7:96:ac:1b:42:7a:19:3f:e3:4b:7f:
         1f:dc:48:54:af:27:62:7b:84:90:5d:cf:3d:54:ea:13:06:c2:
         42:5e:da:95:11:13:60:cd:33:45:11:bd:3d:1d:5d:08:8c:f4:
         8c:39:59:5d:a7:c1:44:71:8b:f7:00:77:b5:a1:a8:6e:4d:47:
         4b:b4:b5:bf:35:4e:8d:02:48:e2:ca:08:25:0e:8a:20:1e:ca:
         63:29:98:52:84:48:39:8b:b9:4c:52:5a:65:1a:b7:a0:68:20:
         18:94:82:fc:ca:72:48:10:94:b2:48:bb:0a:94:2c:85:6f:06:
         5f:e6:e2:f4:a9:93:7b:8d:7f:10:ca:21:ba:b7:29:a3:de:84:
         bc:11:1c:7a:b1:79:ec:1e:b0:d1:e4:46:a5:d6:3a:46:68:9e:
         6e:2f:a8:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7EMpNIKiABihVzIGDmPAeYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwNDA5MTg1MDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjUxYWNlZjQ5ZjM3OTFhZjc2YWFkZTEwMWU0YzA1OTFlYWQ4N2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKDFCcC6o7ickTMdwZVpBAXcQVe/
VNSfukjhsvacx6LEKg6h7c6f5GjFWpetgIvkWrcv+wtlpaI5ANj/yW+X7bPwr83l
qANSII62uviwXu4WJDrsaNf4320znvFoVzWO4M4rIxKjus+KhVeVy5jbGjKMfVsP
DopwCA9YZm42m14d+ze9TK463QbZwCT6Y3QW8OZVkMHvZeBK2JaptR/L4imUue+k
Zjy5x7u++PYZOg4wFVcY3XYYQgrC8V5AK+VVp9zoTmTFIhOZPU78SQkBxr4Slee1
7b+dSvENJsWlH2AYkW2WjokPJRjg3mMKQM0fv+VckDHrDl9+VfR2kmN9eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLtRrO9J83ka92qt4QHkwFkerYfOMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvdTFHczcwbnplUnIzYXEzaEFlVEFXUjZ0aDg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVCBSMA0G
CSqGSIb3DQEBCwUAA4IBAQAfx3Qm4z6rQXzKjfWWRU83a3Rp3DCuDWn9A+E0r7cw
iTNqMcUfVla3iQgt90bq700O8jcSksMbIWoqL3EBxM+rWScO/tAh1qqETx3U+Idv
fdQ9y0cIb8JXmkNCUmPu9B+Y55asG0J6GT/jS38f3EhUrydie4SQXc89VOoTBsJC
XtqVERNgzTNFEb09HV0IjPSMOVldp8FEcYv3AHe1oahuTUdLtLW/NU6NAkjiyggl
DoogHspjKZhShEg5i7lMUlplGregaCAYlIL8ynJIEJSySLsKlCyFbwZf5uL0qZN7
jX8QyiG6tymj3oS8ERx6sXnsHrDR5Eal1jpGaJ5uL6if
-----END CERTIFICATE-----