Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/wKsKRHXRAIxY-b-avq0mUjS6ApE.roa
File:                     wKsKRHXRAIxY-b-avq0mUjS6ApE.roa (raw, json)
Hash identifier:          8yNoYK6pdgktB0HhZIHOrtjzeIr2iOIDe7SF/oNwksY=
Subject key identifier:   C0:AB:0A:44:75:D1:00:8C:58:F9:BF:9A:BE:AD:26:52:34:BA:02:91
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018D9EE285E5B842C87A1782EBDF48374A86
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/wKsKRHXRAIxY-b-avq0mUjS6ApE.roa
Signing time:             Mon 12 Feb 2024 19:54:21 +0000
ROA not before:           Mon 12 Feb 2024 19:54:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210164
IP address blocks:        84.32.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 02:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9e:e2:85:e5:b8:42:c8:7a:17:82:eb:df:48:37:4a:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Feb 12 19:54:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0ab0a4475d1008c58f9bf9abead265234ba0291
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:08:91:d5:e7:e5:fa:f0:0b:3f:6e:9f:dd:8a:
                    17:f1:8c:03:9d:99:68:0d:3f:43:f6:3f:bc:58:a5:
                    a8:cf:c8:fd:18:26:18:71:9f:4a:99:14:9c:4f:1f:
                    32:b0:ad:06:75:54:b9:51:07:c3:85:ae:a4:2b:b9:
                    ac:bc:c4:ef:3d:4d:92:e5:3f:52:a0:67:25:4d:6f:
                    ed:80:45:d8:f4:1b:64:0a:cb:03:70:a3:82:34:b0:
                    00:69:98:d5:b5:d4:de:69:de:c4:10:f3:41:3b:24:
                    e2:cb:74:3d:1c:61:d1:93:ff:db:a7:7c:a8:d6:cf:
                    d8:15:1f:d6:61:57:67:11:57:95:e8:a2:e8:ff:d9:
                    53:44:90:8c:6e:d9:6f:53:87:41:6c:89:a0:70:73:
                    33:a7:7e:b4:11:26:02:ee:7e:b8:c7:ee:c4:ff:2e:
                    eb:2e:67:76:1c:3f:98:19:bf:c7:01:73:62:31:57:
                    62:df:86:75:d6:5a:89:ea:f5:a0:64:30:bc:8c:1a:
                    6d:0d:e5:13:0c:9d:f3:25:34:52:66:67:b0:8c:f2:
                    d4:b6:0d:b1:01:5a:e6:9e:69:49:ad:10:d0:11:f3:
                    de:38:c7:94:ed:f0:93:a8:d1:c4:bd:f9:05:5b:01:
                    24:10:bd:01:b0:51:71:47:fd:e8:ed:57:29:44:94:
                    5b:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:AB:0A:44:75:D1:00:8C:58:F9:BF:9A:BE:AD:26:52:34:BA:02:91
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/wKsKRHXRAIxY-b-avq0mUjS6ApE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:99:dc:5f:d3:5e:1c:47:90:8d:e9:ce:68:dc:70:a9:fa:16:
         55:d5:60:ef:5a:75:35:b5:f8:5b:f0:01:19:4c:d0:3f:fa:bb:
         ff:68:66:4b:da:7c:45:9b:82:b9:0a:3e:75:52:78:bc:cc:8a:
         ac:54:8d:a9:b5:43:51:b9:b9:6a:ec:06:c5:20:4b:84:25:c4:
         de:19:e9:1f:ec:ae:22:24:8f:a7:9e:72:b0:74:70:c0:b6:46:
         d8:fa:47:66:e1:b1:40:54:5a:20:8a:82:1e:a2:3a:76:1f:54:
         87:f8:81:b6:e4:7b:9a:d3:f6:6e:c1:09:61:bc:6a:7d:e9:8e:
         d7:0d:fa:21:f4:ef:26:25:ee:f6:0d:ff:13:69:78:cd:38:e4:
         8b:d2:4e:75:fc:79:87:be:d7:14:fc:b1:79:50:f1:4c:04:2a:
         18:88:bf:f0:f8:19:8b:0b:79:32:05:da:64:a0:d9:70:0d:ea:
         d8:a4:f5:3c:46:06:3b:7e:2e:4e:f7:f5:34:79:8c:ec:cf:2a:
         e1:88:83:93:59:13:8f:36:11:8a:ae:b8:8c:64:80:9a:47:8b:
         95:5f:1a:1d:f6:c9:7d:9c:df:87:2c:45:0f:44:0b:0a:0d:8a:
         8b:05:85:ad:78:65:14:0e:7d:21:bd:89:d8:fe:25:64:e5:f6:
         b5:54:4d:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2e4oXluELIeheC699IN0qGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMjEyMTk1NDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGFiMGE0NDc1ZDEwMDhjNThmOWJmOWFiZWFkMjY1MjM0YmEwMjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQiR1efl+vALP26f3YoX8YwDnZlo
DT9D9j+8WKWoz8j9GCYYcZ9KmRScTx8ysK0GdVS5UQfDha6kK7msvMTvPU2S5T9S
oGclTW/tgEXY9BtkCssDcKOCNLAAaZjVtdTead7EEPNBOyTiy3Q9HGHRk//bp3yo
1s/YFR/WYVdnEVeV6KLo/9lTRJCMbtlvU4dBbImgcHMzp360ESYC7n64x+7E/y7r
Lmd2HD+YGb/HAXNiMVdi34Z11lqJ6vWgZDC8jBptDeUTDJ3zJTRSZmewjPLUtg2x
AVrmnmlJrRDQEfPeOMeU7fCTqNHEvfkFWwEkEL0BsFFxR/3o7VcpRJRbWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMCrCkR10QCMWPm/mr6tJlI0ugKRMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvd0tzS1JIWFJBSXhZLWItYXZxMG1ValM2QXBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCDcMA0G
CSqGSIb3DQEBCwUAA4IBAQABmdxf014cR5CN6c5o3HCp+hZV1WDvWnU1tfhb8AEZ
TNA/+rv/aGZL2nxFm4K5Cj51Uni8zIqsVI2ptUNRublq7AbFIEuEJcTeGekf7K4i
JI+nnnKwdHDAtkbY+kdm4bFAVFogioIeojp2H1SH+IG25Hua0/ZuwQlhvGp96Y7X
Dfoh9O8mJe72Df8TaXjNOOSL0k51/HmHvtcU/LF5UPFMBCoYiL/w+BmLC3kyBdpk
oNlwDerYpPU8RgY7fi5O9/U0eYzszyrhiIOTWROPNhGKrriMZICaR4uVXxod9sl9
nN+HLEUPRAsKDYqLBYWteGUUDn0hvYnY/iVk5fa1VE2i
-----END CERTIFICATE-----