Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/w_XS0cuYTGPVyzK4PQUU9PCzAWU.roa
File:                     w_XS0cuYTGPVyzK4PQUU9PCzAWU.roa (raw, json)
Hash identifier:          F4Gh0sihK8Oqcj+qw3oSbg2gmJCHac8Z88SQZR1Ni0w=
Subject key identifier:   C3:F5:D2:D1:CB:98:4C:63:D5:CB:32:B8:3D:05:14:F4:F0:B3:01:65
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018E957DFBB95C83850D1B66731155108C52
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/w_XS0cuYTGPVyzK4PQUU9PCzAWU.roa
Signing time:             Sun 31 Mar 2024 17:10:45 +0000
ROA not before:           Sun 31 Mar 2024 17:10:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210926
IP address blocks:        84.32.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:95:7d:fb:b9:5c:83:85:0d:1b:66:73:11:55:10:8c:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Mar 31 17:10:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3f5d2d1cb984c63d5cb32b83d0514f4f0b30165
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:c8:56:ae:06:7f:7c:24:10:4a:8b:87:42:b0:
                    f1:81:2c:3c:6e:23:ae:a2:44:47:5e:c8:1f:ad:38:
                    e6:3a:16:9e:58:de:7b:c7:a9:a6:3c:e7:96:fa:ed:
                    4b:1b:5c:cd:a9:69:a2:73:ca:60:ef:dd:22:41:aa:
                    01:d6:ad:e8:b6:f5:f9:95:98:19:8a:c3:2e:cb:36:
                    ff:a4:fa:83:01:88:d9:48:af:97:c8:e2:0a:fc:91:
                    cd:af:51:5b:7e:9b:f0:1f:6b:07:b0:78:a9:c1:c7:
                    c0:0f:2f:e5:a5:c2:ea:8b:d3:28:71:81:b8:58:46:
                    3a:40:3d:aa:0d:2b:38:0c:77:33:c7:96:0f:b8:c6:
                    63:c9:04:e0:b4:c7:9c:27:c2:82:5b:a6:de:93:10:
                    63:3f:64:6e:38:f8:a3:d6:06:39:e4:00:fd:26:7f:
                    5c:d6:5d:72:3e:84:5f:1a:95:d1:93:ca:88:95:34:
                    4d:5e:44:60:7a:c9:ac:82:d6:e2:e1:c9:39:5b:db:
                    e0:87:cb:89:57:10:9a:86:fb:89:c5:3b:d2:2a:bb:
                    c2:53:6a:4e:40:0e:60:0a:3f:a7:b5:c0:bb:21:da:
                    86:2c:1e:89:c7:a5:b3:7e:77:1a:e3:c9:99:10:24:
                    7e:f9:eb:55:5d:09:b3:47:3a:b6:80:fb:3f:19:83:
                    ed:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:F5:D2:D1:CB:98:4C:63:D5:CB:32:B8:3D:05:14:F4:F0:B3:01:65
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/w_XS0cuYTGPVyzK4PQUU9PCzAWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:36:92:bb:aa:0d:2f:0c:17:d5:96:bf:a9:ff:85:ca:ff:94:
         0d:fb:7b:0c:8d:17:23:99:6b:4b:86:c6:54:fa:e2:d3:7c:5a:
         e8:30:99:df:d3:d7:24:6a:34:01:14:d3:a5:f5:97:a3:2a:7c:
         7f:28:5a:c7:11:cd:fe:7e:48:b8:e4:8c:77:26:92:aa:a6:2d:
         93:d8:ac:1e:77:da:d4:8a:3f:31:18:ec:b8:cc:63:3b:eb:f3:
         2a:86:0e:87:46:57:36:a4:36:10:b2:7c:7e:65:37:3f:f1:45:
         44:41:0d:1a:0a:39:51:61:b4:94:31:5b:e5:ec:4b:a7:bc:89:
         97:a9:b6:2a:49:1c:3b:0c:07:a2:2e:1c:02:37:ab:27:a6:64:
         8a:e2:04:d9:72:e9:1d:5c:c8:19:22:ca:e5:54:5d:17:a8:bd:
         d4:b5:ce:48:4f:c9:f1:75:05:ad:6c:c2:3e:51:8e:d7:6a:0b:
         f7:9c:89:2f:e0:4f:bd:20:7c:ae:72:5e:58:8c:42:36:b4:a9:
         98:58:3e:08:85:06:59:d4:b6:33:94:c4:7c:f8:c8:4f:cb:3c:
         79:49:66:6b:a1:12:88:0d:09:1a:29:55:f0:c2:d9:ed:db:06:
         17:74:22:bd:74:70:d0:c0:2d:de:b4:5f:4c:45:1d:f7:a3:01:
         ff:3f:3f:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6Vffu5XIOFDRtmcxFVEIxSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMzMxMTcxMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2Y1ZDJkMWNiOTg0YzYzZDVjYjMyYjgzZDA1MTRmNGYwYjMwMTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08hWrgZ/fCQQSouHQrDxgSw8biOu
okRHXsgfrTjmOhaeWN57x6mmPOeW+u1LG1zNqWmic8pg790iQaoB1q3otvX5lZgZ
isMuyzb/pPqDAYjZSK+XyOIK/JHNr1FbfpvwH2sHsHipwcfADy/lpcLqi9MocYG4
WEY6QD2qDSs4DHczx5YPuMZjyQTgtMecJ8KCW6bekxBjP2RuOPij1gY55AD9Jn9c
1l1yPoRfGpXRk8qIlTRNXkRgesmsgtbi4ck5W9vgh8uJVxCahvuJxTvSKrvCU2pO
QA5gCj+ntcC7IdqGLB6Jx6Wzfnca48mZECR++etVXQmzRzq2gPs/GYPt8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMP10tHLmExj1csyuD0FFPTwswFlMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvd19YUzBjdVlUR1BWeXpLNFBRVVU5UEN6QVdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCAaMA0G
CSqGSIb3DQEBCwUAA4IBAQA/NpK7qg0vDBfVlr+p/4XK/5QN+3sMjRcjmWtLhsZU
+uLTfFroMJnf09ckajQBFNOl9ZejKnx/KFrHEc3+fki45Ix3JpKqpi2T2Kwed9rU
ij8xGOy4zGM76/Mqhg6HRlc2pDYQsnx+ZTc/8UVEQQ0aCjlRYbSUMVvl7EunvImX
qbYqSRw7DAeiLhwCN6snpmSK4gTZcukdXMgZIsrlVF0XqL3Utc5IT8nxdQWtbMI+
UY7Xagv3nIkv4E+9IHyucl5YjEI2tKmYWD4IhQZZ1LYzlMR8+MhPyzx5SWZroRKI
DQkaKVXwwtnt2wYXdCK9dHDQwC3etF9MRR33owH/Pz9h
-----END CERTIFICATE-----