Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/y5yFzXFzJWLy1vRIK2OIJNvQs3Q.roa
File:                     y5yFzXFzJWLy1vRIK2OIJNvQs3Q.roa (raw, json)
Hash identifier:          S3uYnMGY16WljvDuE/ANGW9dOTDQzYg1TKZOwLy4z30=
Subject key identifier:   CB:9C:85:CD:71:73:25:62:F2:D6:F4:48:2B:63:88:24:DB:D0:B3:74
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC50147A05849DE62399618212BB523A5
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/y5yFzXFzJWLy1vRIK2OIJNvQs3Q.roa
Signing time:             Mon 01 Jan 2024 12:30:44 +0000
ROA not before:           Mon 01 Jan 2024 12:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62425
IP address blocks:        84.32.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:47:a0:58:49:de:62:39:96:18:21:2b:b5:23:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb9c85cd71732562f2d6f4482b638824dbd0b374
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:4c:69:d7:22:6f:72:d6:39:80:c9:fc:9c:39:
                    94:c3:90:b6:08:c9:1b:be:50:c2:f9:f2:90:16:48:
                    fb:0e:fc:37:08:e0:30:95:dd:96:a3:52:72:f4:64:
                    b6:63:9a:0a:32:50:95:e4:f8:2a:c5:31:15:b6:00:
                    56:40:3e:cd:74:52:63:b5:f3:bf:25:f7:5c:99:6f:
                    99:69:53:25:f9:26:5a:8d:ff:20:c3:fb:b1:c8:48:
                    68:c1:72:b2:a8:52:21:c1:60:d3:d7:72:09:66:98:
                    84:4f:6c:cd:ab:70:28:33:23:b5:7e:1b:a9:07:c8:
                    a8:08:56:fc:7e:f4:ce:47:49:db:88:ea:27:d1:06:
                    e2:6f:5e:3b:0c:fc:09:25:f6:9c:20:02:54:ff:8e:
                    9b:99:a5:5d:ec:b8:57:93:b9:fb:f5:ce:a4:a6:c4:
                    81:12:2c:a5:8d:32:9c:55:30:89:2a:fa:c5:a3:68:
                    5c:a7:96:5d:6a:29:b3:96:1b:4b:c5:df:ae:6c:cc:
                    65:84:8d:f6:a9:ab:71:1b:37:f5:d5:51:47:ab:4b:
                    ae:03:df:e7:8a:55:a3:26:66:e3:3d:f2:7b:16:e1:
                    7c:8f:fe:59:a2:f7:ee:86:25:28:b5:97:be:0b:33:
                    fd:7f:5b:93:4c:3e:08:eb:ed:b8:5e:e1:8b:bf:0f:
                    24:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:9C:85:CD:71:73:25:62:F2:D6:F4:48:2B:63:88:24:DB:D0:B3:74
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/y5yFzXFzJWLy1vRIK2OIJNvQs3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:80:9f:2c:59:0f:db:3b:99:10:fc:d0:41:db:e1:fa:2e:03:
         59:1a:e5:ee:bd:50:5c:aa:fc:9b:a1:5a:f2:a1:a1:ff:f6:7f:
         8c:5f:18:e4:8a:d7:6d:64:95:35:6b:a7:eb:0b:6e:c9:49:4b:
         ff:1e:36:02:b0:03:f5:80:41:60:07:21:fc:8f:55:41:6d:ed:
         8e:b6:17:e7:34:ad:a6:80:5d:c9:d5:08:17:01:eb:28:3d:e4:
         c0:c3:f0:ca:26:ac:cb:57:d8:f9:a7:a3:0f:71:9e:9d:8e:8f:
         ce:db:e8:cf:56:ee:8b:e6:c1:f0:e8:e7:e0:84:9d:9d:4b:04:
         7a:57:94:ef:24:54:27:40:71:5a:17:28:f6:6f:3b:21:d9:d7:
         ae:32:a3:51:8d:2a:10:69:85:58:00:d4:52:e7:5f:a0:58:80:
         0c:67:4f:8c:f8:62:b0:37:fc:ec:d3:6f:71:56:ef:28:21:95:
         47:a1:f6:57:68:69:27:4f:b0:57:a8:82:20:ec:44:70:9b:c2:
         0b:ca:0b:7c:f9:26:78:30:ac:20:0e:d3:12:c9:f1:45:74:d8:
         5a:e4:8e:97:43:5a:fa:2d:b2:55:f1:73:5c:6f:fb:9e:2e:02:
         2c:49:94:e4:35:56:12:1f:ef:3e:58:1f:46:61:29:14:4d:a3:
         08:de:1c:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUegWEneYjmWGCErtSOlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjljODVjZDcxNzMyNTYyZjJkNmY0NDgyYjYzODgyNGRiZDBiMzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjExp1yJvctY5gMn8nDmUw5C2CMkb
vlDC+fKQFkj7Dvw3COAwld2Wo1Jy9GS2Y5oKMlCV5PgqxTEVtgBWQD7NdFJjtfO/
JfdcmW+ZaVMl+SZajf8gw/uxyEhowXKyqFIhwWDT13IJZpiET2zNq3AoMyO1fhup
B8ioCFb8fvTOR0nbiOon0Qbib147DPwJJfacIAJU/46bmaVd7LhXk7n79c6kpsSB
EiyljTKcVTCJKvrFo2hcp5ZdaimzlhtLxd+ubMxlhI32qatxGzf11VFHq0uuA9/n
ilWjJmbjPfJ7FuF8j/5ZovfuhiUotZe+CzP9f1uTTD4I6+24XuGLvw8kYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMuchc1xcyVi8tb0SCtjiCTb0LN0MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEveTV5RnpYRnpKV0x5MXZSSUsyT0lKTnZRczNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCDmMA0G
CSqGSIb3DQEBCwUAA4IBAQAIgJ8sWQ/bO5kQ/NBB2+H6LgNZGuXuvVBcqvyboVry
oaH/9n+MXxjkitdtZJU1a6frC27JSUv/HjYCsAP1gEFgByH8j1VBbe2OthfnNK2m
gF3J1QgXAesoPeTAw/DKJqzLV9j5p6MPcZ6djo/O2+jPVu6L5sHw6OfghJ2dSwR6
V5TvJFQnQHFaFyj2bzsh2deuMqNRjSoQaYVYANRS51+gWIAMZ0+M+GKwN/zs029x
Vu8oIZVHofZXaGknT7BXqIIg7ERwm8ILygt8+SZ4MKwgDtMSyfFFdNha5I6XQ1r6
LbJV8XNcb/ueLgIsSZTkNVYSH+8+WB9GYSkUTaMI3hyW
-----END CERTIFICATE-----