Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/x9pt_sOVx1DbRHiI-I1BLRgk7vs.roa
File:                     x9pt_sOVx1DbRHiI-I1BLRgk7vs.roa (raw, json)
Hash identifier:          SyVfeiroACgMljf64NnelqpRtkp6Z03WIn006d13hVk=
Subject key identifier:   C7:DA:6D:FE:C3:95:C7:50:DB:44:78:88:F8:8D:41:2D:18:24:EE:FB
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC5013C2AEDF985DD3DF553B397042EC7
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/x9pt_sOVx1DbRHiI-I1BLRgk7vs.roa
Signing time:             Mon 01 Jan 2024 12:30:41 +0000
ROA not before:           Mon 01 Jan 2024 12:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20454
IP address blocks:        88.216.134.0/23 maxlen: 23
                          88.216.44.0/23 maxlen: 23
                          84.32.46.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:3c:2a:ed:f9:85:dd:3d:f5:53:b3:97:04:2e:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7da6dfec395c750db447888f88d412d1824eefb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:30:b9:a6:f3:32:6c:a7:fa:b2:7b:c0:b7:bc:
                    85:83:f3:f6:1b:a7:ef:74:06:4a:93:05:1e:99:cb:
                    c9:79:70:23:19:5a:2e:a3:f3:c9:3f:b1:f4:8e:d2:
                    7c:9e:72:0e:5f:0c:a5:4a:e4:e0:12:df:56:0b:77:
                    e1:1e:80:94:bf:88:2e:cb:94:d6:5d:b0:26:85:e2:
                    24:57:ac:13:14:96:7a:65:20:b2:a0:40:05:45:a9:
                    1e:62:65:ca:38:b4:a3:b1:46:01:fb:d7:14:5d:9b:
                    f2:49:19:99:74:c6:91:4d:0d:dc:31:a8:f1:ef:25:
                    dd:3a:0a:db:2e:fd:ab:1f:41:42:cc:1d:0e:1a:d9:
                    b4:e9:a8:3b:de:6f:a6:c3:ef:33:a4:a2:39:a9:80:
                    1d:22:da:f5:af:69:70:8b:bd:4e:3b:fc:29:5c:c9:
                    e8:69:57:bb:c7:84:68:5a:e5:8b:2e:85:25:f6:d7:
                    c0:a3:49:b4:98:a7:84:65:7a:a5:db:36:71:55:28:
                    90:ab:ee:31:0e:1a:ad:d5:19:f8:8c:dc:c5:8a:90:
                    b3:6d:2e:40:af:08:57:fc:d4:3f:7d:7c:03:6d:ba:
                    40:48:b8:da:8e:d8:09:bb:8e:2e:09:fa:ee:b3:35:
                    63:8c:23:64:0e:cc:3e:1d:df:3a:56:c0:48:21:8e:
                    83:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:DA:6D:FE:C3:95:C7:50:DB:44:78:88:F8:8D:41:2D:18:24:EE:FB
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/x9pt_sOVx1DbRHiI-I1BLRgk7vs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.46.0/23
                  88.216.44.0/23
                  88.216.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         26:dc:c2:96:43:b6:d9:94:63:bd:87:8c:20:5d:a0:e3:99:a3:
         1a:8e:70:52:93:28:bd:5c:21:6b:13:43:cb:08:12:c9:24:3d:
         b3:26:35:00:fc:3a:8f:9b:ab:d8:65:b6:83:a9:3f:55:b5:a1:
         4b:b5:57:32:2a:86:d4:4f:72:19:98:d1:d2:2c:30:ae:0f:68:
         d2:8f:64:ac:b4:86:2f:23:b2:a7:9e:54:44:c7:5e:eb:cc:fd:
         b8:d2:29:0c:a6:23:6d:6a:9e:79:c4:15:59:74:75:45:6e:06:
         a7:e1:fb:b8:37:64:42:59:25:12:7b:a9:eb:a9:94:98:8a:d8:
         bb:40:19:b0:18:67:de:5d:e2:cd:f1:0b:18:f8:04:ac:d0:71:
         ce:26:5c:d2:d6:10:6e:15:b5:64:5d:54:7d:f9:0c:1d:88:79:
         9d:23:69:f4:99:c1:80:4b:e4:f6:ed:d5:11:fc:37:96:6b:f7:
         23:ef:b4:d8:f6:1f:30:7d:f4:e5:08:19:59:f5:74:17:e8:20:
         88:84:ae:0e:93:e9:4b:13:bd:f8:83:12:0b:ab:d9:18:34:c1:
         dd:ec:54:3f:5d:5e:1b:bd:14:53:45:28:ef:0b:c9:b3:a9:b7:
         07:3a:e5:33:a4:b9:f5:df:d8:d8:88:68:4e:f4:7f:97:fe:b0:
         11:a3:85:75
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFATwq7fmF3T31U7OXBC7HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2RhNmRmZWMzOTVjNzUwZGI0NDc4ODhmODhkNDEyZDE4MjRlZWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDC5pvMybKf6snvAt7yFg/P2G6fv
dAZKkwUemcvJeXAjGVouo/PJP7H0jtJ8nnIOXwylSuTgEt9WC3fhHoCUv4guy5TW
XbAmheIkV6wTFJZ6ZSCyoEAFRakeYmXKOLSjsUYB+9cUXZvySRmZdMaRTQ3cMajx
7yXdOgrbLv2rH0FCzB0OGtm06ag73m+mw+8zpKI5qYAdItr1r2lwi71OO/wpXMno
aVe7x4RoWuWLLoUl9tfAo0m0mKeEZXql2zZxVSiQq+4xDhqt1Rn4jNzFipCzbS5A
rwhX/NQ/fXwDbbpASLjajtgJu44uCfruszVjjCNkDsw+Hd86VsBIIY6DeQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMfabf7DlcdQ20R4iPiNQS0YJO77MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEveDlwdF9zT1Z4MURiUkhpSS1JMUJMUmdrN3ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBVCAuAwQB
WNgsAwQBWNiGMA0GCSqGSIb3DQEBCwUAA4IBAQAm3MKWQ7bZlGO9h4wgXaDjmaMa
jnBSkyi9XCFrE0PLCBLJJD2zJjUA/DqPm6vYZbaDqT9VtaFLtVcyKobUT3IZmNHS
LDCuD2jSj2SstIYvI7KnnlREx17rzP240ikMpiNtap55xBVZdHVFbgan4fu4N2RC
WSUSe6nrqZSYiti7QBmwGGfeXeLN8QsY+ASs0HHOJlzS1hBuFbVkXVR9+QwdiHmd
I2n0mcGAS+T27dUR/DeWa/cj77TY9h8wffTlCBlZ9XQX6CCIhK4Ok+lLE734gxIL
q9kYNMHd7FQ/XV4bvRRTRSjvC8mzqbcHOuUzpLn139jYiGhO9H+X/rARo4V1
-----END CERTIFICATE-----