Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/jRFl2vLqtwvHoYiw5EP_z5wASZc.roa
File:                     jRFl2vLqtwvHoYiw5EP_z5wASZc.roa (raw, json)
Hash identifier:          75/ONoHWnShyzCeNns/inyVbrpd2/cWB6hB02hvbXFw=
Subject key identifier:   8D:11:65:DA:F2:EA:B7:0B:C7:A1:88:B0:E4:43:FF:CF:9C:00:49:97
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0196CD52626B57A451D357708E69F914744F
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/jRFl2vLqtwvHoYiw5EP_z5wASZc.roa
Signing time:             Wed 14 May 2025 05:44:10 +0000
ROA not before:           Wed 14 May 2025 05:44:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58061
IP address blocks:        84.32.106.0/24 maxlen: 24
                          88.216.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Jun 2025 13:26:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cd:52:62:6b:57:a4:51:d3:57:70:8e:69:f9:14:74:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: May 14 05:44:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d1165daf2eab70bc7a188b0e443ffcf9c004997
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ef:23:63:2c:30:67:c6:99:25:ed:c2:25:21:
                    6b:ae:82:df:20:5b:9e:ae:a1:4e:8f:f8:36:16:89:
                    3e:5e:89:14:cb:94:84:ea:2e:f2:2c:69:41:cf:29:
                    95:9d:75:18:6b:44:ad:5a:34:95:6a:b4:14:2b:9e:
                    f4:45:bc:c1:0c:3d:66:ed:fa:e3:55:e6:76:22:c8:
                    3a:cb:51:82:b0:c0:02:f7:77:b2:70:b4:d6:24:aa:
                    c2:e2:b7:f1:82:30:ac:e8:50:c1:f0:e4:c1:89:18:
                    57:c8:97:42:54:39:96:84:04:c2:18:f7:14:34:24:
                    b3:fb:e4:76:1f:95:fc:07:3e:91:ca:b7:da:2b:76:
                    91:b2:b3:85:fa:58:8d:af:b3:d2:00:00:46:8c:6a:
                    45:94:15:8c:72:06:de:8b:cd:18:9b:8e:f9:78:90:
                    ec:80:0b:f9:81:7c:19:d3:86:9f:ac:67:8b:43:9d:
                    a1:e5:f6:2b:c2:72:0a:00:89:18:aa:2e:58:8b:56:
                    f3:d4:2c:88:86:02:c7:c7:e6:02:70:ee:94:2b:1c:
                    81:b3:02:3b:b1:85:fb:0e:2f:b9:78:49:e0:22:4b:
                    9e:60:ba:e7:a8:bc:98:be:29:54:21:a0:14:8a:94:
                    1e:56:63:d5:9f:52:1f:b5:a1:94:62:1b:09:ae:c6:
                    7f:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:11:65:DA:F2:EA:B7:0B:C7:A1:88:B0:E4:43:FF:CF:9C:00:49:97
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/jRFl2vLqtwvHoYiw5EP_z5wASZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.106.0/24
                  88.216.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:b4:4c:81:dd:fc:e1:32:b5:9a:a6:aa:e2:e8:b9:f5:10:d3:
         23:91:84:9b:33:90:75:f2:83:46:b9:1c:cc:c5:47:a7:80:28:
         a6:04:39:c1:79:26:17:8e:e7:ad:b8:56:2d:c3:36:cb:17:15:
         cd:e6:68:95:d3:39:65:7f:e4:b7:7d:82:81:07:97:68:09:0d:
         c2:62:3c:52:38:74:90:c5:62:e6:a0:e7:f4:d5:34:5c:b5:6c:
         76:88:f9:f4:04:a5:8b:2f:19:92:65:63:9d:ae:02:16:ec:36:
         04:cd:9b:1b:36:24:f4:b3:82:01:b9:71:e2:30:82:35:d0:2c:
         56:68:5e:a4:3f:eb:3b:f5:5a:cc:86:b3:ae:1a:17:f6:5c:e0:
         cf:ce:cb:6d:86:1b:99:a0:46:80:e0:84:41:71:31:dc:f9:f1:
         d4:f3:b1:35:32:63:d1:f0:b4:88:54:c6:18:cb:5d:2b:10:32:
         1b:b1:de:28:cc:d2:d2:ea:52:ff:80:aa:7f:57:f3:5b:05:9e:
         3b:00:ea:81:88:3e:a9:ed:6f:93:4e:75:21:e3:0d:3c:f7:29:
         fa:4d:26:fc:b0:95:ba:2f:ce:cd:9d:92:38:d7:6b:91:a4:fd:
         d3:e3:a4:f5:73:43:f3:7c:a2:97:07:16:99:e0:d2:11:42:4e:
         08:3d:27:68
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbNUmJrV6RR01dwjmn5FHRPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwNTE0MDU0NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDExNjVkYWYyZWFiNzBiYzdhMTg4YjBlNDQzZmZjZjljMDA0OTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuO8jYywwZ8aZJe3CJSFrroLfIFue
rqFOj/g2Fok+XokUy5SE6i7yLGlBzymVnXUYa0StWjSVarQUK570RbzBDD1m7frj
VeZ2Isg6y1GCsMAC93eycLTWJKrC4rfxgjCs6FDB8OTBiRhXyJdCVDmWhATCGPcU
NCSz++R2H5X8Bz6RyrfaK3aRsrOF+liNr7PSAABGjGpFlBWMcgbei80Ym475eJDs
gAv5gXwZ04afrGeLQ52h5fYrwnIKAIkYqi5Yi1bz1CyIhgLHx+YCcO6UKxyBswI7
sYX7Di+5eEngIkueYLrnqLyYvilUIaAUipQeVmPVn1IftaGUYhsJrsZ/pwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI0RZdry6rcLx6GIsORD/8+cAEmXMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvalJGbDJ2THF0d3ZIb1lpdzVFUF96NXdBU1pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVCBqAwQA
WNgrMA0GCSqGSIb3DQEBCwUAA4IBAQAptEyB3fzhMrWapqri6Ln1ENMjkYSbM5B1
8oNGuRzMxUengCimBDnBeSYXjuetuFYtwzbLFxXN5miV0zllf+S3fYKBB5doCQ3C
YjxSOHSQxWLmoOf01TRctWx2iPn0BKWLLxmSZWOdrgIW7DYEzZsbNiT0s4IBuXHi
MII10CxWaF6kP+s79VrMhrOuGhf2XODPzstthhuZoEaA4IRBcTHc+fHU87E1MmPR
8LSIVMYYy10rEDIbsd4ozNLS6lL/gKp/V/NbBZ47AOqBiD6p7W+TTnUh4w089yn6
TSb8sJW6L87NnZI412uRpP3T46T1c0PzfKKXBxaZ4NIRQk4IPSdo
-----END CERTIFICATE-----