Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Sn1q2BdAEsS0NavuS5DYCfnJqGI.roa
File:                     Sn1q2BdAEsS0NavuS5DYCfnJqGI.roa (raw, json)
Hash identifier:          XXLlnSJHsMRo5GjuyGr6skRc0IKO4boctJUOj1Ko9vE=
Subject key identifier:   4A:7D:6A:D8:17:40:12:C4:B4:35:AB:EE:4B:90:D8:09:F9:C9:A8:62
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       019643F0663C835918B3D4DEBF891847CB3D
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Sn1q2BdAEsS0NavuS5DYCfnJqGI.roa
Signing time:             Thu 17 Apr 2025 13:29:10 +0000
ROA not before:           Thu 17 Apr 2025 13:29:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211440
IP address blocks:        84.32.69.0/24 maxlen: 24
                          88.216.46.0/24 maxlen: 24
                          88.216.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:43:f0:66:3c:83:59:18:b3:d4:de:bf:89:18:47:cb:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Apr 17 13:29:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a7d6ad8174012c4b435abee4b90d809f9c9a862
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:55:ae:6a:00:ef:51:cd:ee:49:fe:aa:53:c9:
                    a7:31:cb:82:66:64:e2:57:e6:59:04:b2:ab:c3:a8:
                    8d:ed:d7:c6:a5:f1:c5:af:ee:3c:a4:ca:30:0e:4a:
                    bb:a9:ae:fa:0d:66:ce:0e:51:32:86:85:71:75:d8:
                    fb:cd:75:07:41:b2:18:87:5d:99:9d:c8:fb:2d:e8:
                    5f:76:9b:8b:49:3b:34:c5:31:80:1e:d1:d1:8a:fb:
                    08:2d:58:b7:cc:ba:04:82:f6:08:a0:0e:14:8e:e8:
                    e2:1a:e9:fd:ca:d0:92:57:3e:bc:ef:da:1c:cd:79:
                    41:00:d5:89:2a:8a:a9:5f:0b:51:36:6c:4e:38:eb:
                    dd:41:21:0d:ff:52:e3:77:fe:9d:0c:ba:30:74:cb:
                    6d:3d:ea:bc:40:43:b9:5b:46:b2:af:a6:4c:b7:1a:
                    5f:3b:86:39:89:2a:e1:00:1f:6c:4a:a5:c5:c4:4e:
                    72:4b:f8:65:38:81:f4:9f:c9:0e:09:a0:e8:ba:33:
                    e7:08:aa:26:24:d0:e5:bf:cd:fe:26:c9:e2:6f:26:
                    f5:6c:7e:0f:4c:27:db:96:76:f2:69:3a:4c:6d:bd:
                    7d:7f:40:b8:d9:7c:7c:c0:a1:79:00:a4:e5:6f:a7:
                    dd:d7:9c:61:4e:79:21:63:63:71:5f:71:b3:b8:0c:
                    1a:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:7D:6A:D8:17:40:12:C4:B4:35:AB:EE:4B:90:D8:09:F9:C9:A8:62
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Sn1q2BdAEsS0NavuS5DYCfnJqGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.69.0/24
                  88.216.46.0/24
                  88.216.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:80:31:aa:82:52:a1:10:f7:dd:e2:86:ab:e1:1f:63:36:44:
         6f:c3:2c:91:47:fd:3a:60:71:26:0b:93:a1:73:19:bd:8a:18:
         53:5a:f7:b3:64:5c:8f:b6:67:b3:a1:ad:34:22:9d:49:fe:5f:
         9d:f8:40:c9:ff:e1:80:da:2e:33:f3:96:a5:71:8c:2d:ce:af:
         c8:7a:b3:c1:72:e2:83:b9:41:88:22:d3:8e:9a:11:c1:b5:c3:
         a2:5d:dc:10:50:4d:a2:cc:4a:e8:30:bd:e3:8b:95:4a:3e:ab:
         6a:d9:c0:4c:bc:9c:34:df:f1:94:bc:95:9c:f1:15:4e:20:51:
         d9:42:91:a1:a4:fb:76:09:8f:db:39:5e:5b:58:18:a0:49:78:
         0a:a5:fc:ba:63:95:fa:46:a3:99:d0:b5:40:a9:fb:7b:79:85:
         de:6e:d2:ee:c4:5a:11:bd:62:f6:a7:86:e9:73:51:d2:ad:e2:
         2e:73:28:37:47:e8:d6:b4:02:27:d9:82:ef:b6:51:c4:91:5b:
         c5:21:a2:9a:47:8c:9b:ea:e4:ae:8d:4e:0c:0a:99:99:f6:66:
         41:58:b7:83:b5:57:b2:99:42:bf:c9:9f:2a:6a:39:94:71:94:
         b5:fa:56:10:bb:3f:a2:7d:68:06:41:7d:cd:2b:af:c3:e8:93:
         2f:49:3e:30
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZZD8GY8g1kYs9Tev4kYR8s9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwNDE3MTMyOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTdkNmFkODE3NDAxMmM0YjQzNWFiZWU0YjkwZDgwOWY5YzlhODYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVWuagDvUc3uSf6qU8mnMcuCZmTi
V+ZZBLKrw6iN7dfGpfHFr+48pMowDkq7qa76DWbODlEyhoVxddj7zXUHQbIYh12Z
ncj7LehfdpuLSTs0xTGAHtHRivsILVi3zLoEgvYIoA4UjujiGun9ytCSVz6879oc
zXlBANWJKoqpXwtRNmxOOOvdQSEN/1Ljd/6dDLowdMttPeq8QEO5W0ayr6ZMtxpf
O4Y5iSrhAB9sSqXFxE5yS/hlOIH0n8kOCaDoujPnCKomJNDlv83+Jsnibyb1bH4P
TCfblnbyaTpMbb19f0C42Xx8wKF5AKTlb6fd15xhTnkhY2NxX3GzuAwaxQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEp9atgXQBLEtDWr7kuQ2An5yahiMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvU24xcTJCZEFFc1MwTmF2dVM1RFlDZm5KcUdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVCBFAwQA
WNguAwQAWNjRMA0GCSqGSIb3DQEBCwUAA4IBAQBAgDGqglKhEPfd4oar4R9jNkRv
wyyRR/06YHEmC5Ohcxm9ihhTWvezZFyPtmezoa00Ip1J/l+d+EDJ/+GA2i4z85al
cYwtzq/IerPBcuKDuUGIItOOmhHBtcOiXdwQUE2izEroML3ji5VKPqtq2cBMvJw0
3/GUvJWc8RVOIFHZQpGhpPt2CY/bOV5bWBigSXgKpfy6Y5X6RqOZ0LVAqft7eYXe
btLuxFoRvWL2p4bpc1HSreIucyg3R+jWtAIn2YLvtlHEkVvFIaKaR4yb6uSujU4M
CpmZ9mZBWLeDtVeymUK/yZ8qajmUcZS1+lYQuz+ifWgGQX3NK6/D6JMvST4w
-----END CERTIFICATE-----