Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/MjDdi818_0HR0U86F_lhekJ6N0U.roa
File:                     MjDdi818_0HR0U86F_lhekJ6N0U.roa (raw, json)
Hash identifier:          sjDerj5YKsTMsF3bT1fpruyak8h9ro08ai/YCqmsgNM=
Subject key identifier:   32:30:DD:8B:CD:7C:FF:41:D1:D1:4F:3A:17:F9:61:7A:42:7A:37:45
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01968FA9C73A8DEB18599A387C8BE475F7AA
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/MjDdi818_0HR0U86F_lhekJ6N0U.roa
Signing time:             Fri 02 May 2025 06:23:10 +0000
ROA not before:           Fri 02 May 2025 06:23:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48215
IP address blocks:        84.32.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 13:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:8f:a9:c7:3a:8d:eb:18:59:9a:38:7c:8b:e4:75:f7:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: May  2 06:23:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3230dd8bcd7cff41d1d14f3a17f9617a427a3745
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:5d:a9:7e:2b:93:be:0c:ae:70:61:f4:90:38:
                    ab:90:fc:78:33:76:10:67:1a:77:4f:52:3f:af:ae:
                    70:f2:f4:30:b5:a3:80:a0:39:8f:76:80:af:3a:f7:
                    79:4b:ae:2e:f9:21:e2:d7:33:0b:0e:57:d7:0f:ee:
                    40:33:99:48:cb:69:aa:9e:2b:af:6b:06:4a:0d:59:
                    c6:f4:bb:f4:8a:3f:86:85:67:59:03:5b:1f:b9:4c:
                    0d:85:60:df:f0:af:10:d3:84:ea:b4:b7:93:7c:49:
                    bd:b7:63:67:3c:01:a9:5e:fb:af:66:0e:99:c2:bf:
                    52:a2:c1:bb:52:dd:f2:7d:d1:fe:c8:97:b5:ae:e0:
                    8d:87:f8:a1:66:b0:3e:01:35:8c:53:f8:7d:a8:c8:
                    9f:45:a4:6b:bb:c7:cf:a4:17:e5:8a:c2:38:ee:20:
                    df:3c:e8:22:cf:60:29:27:5b:b4:3d:df:11:05:c7:
                    b4:cd:3c:ec:eb:04:63:7c:66:4c:39:85:3f:5c:a0:
                    1f:39:e1:26:be:1a:ab:fe:1b:fe:9a:98:0b:83:5f:
                    ba:75:cb:63:d5:2d:9b:26:a9:a2:f6:ba:1b:52:16:
                    14:6a:76:1a:9c:ae:2c:31:07:e9:45:b2:66:41:c5:
                    76:9b:1d:3c:64:cf:2b:11:de:10:6f:fc:9c:5b:60:
                    bb:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:30:DD:8B:CD:7C:FF:41:D1:D1:4F:3A:17:F9:61:7A:42:7A:37:45
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/MjDdi818_0HR0U86F_lhekJ6N0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:71:34:08:13:ba:8d:1f:c9:1b:f7:d4:6e:40:14:a3:74:55:
         0f:2c:e8:2b:f1:54:bc:f0:50:60:c7:f4:a6:2b:64:f8:6b:f2:
         d1:a1:80:fc:c5:8d:af:1c:b5:f8:d7:0c:f9:6e:bc:b2:a2:f9:
         66:96:7a:b3:28:47:59:90:3a:cd:77:00:a6:85:64:1c:78:bc:
         2a:91:28:fb:b9:1c:57:57:23:d8:02:99:58:92:b1:b8:7b:cb:
         a8:48:ea:54:15:e0:c3:4d:2e:2c:16:84:6a:26:dc:eb:55:16:
         48:24:b1:97:d0:c0:5f:c4:f0:27:aa:76:ec:a0:b6:35:56:d3:
         bb:fb:e7:c9:86:e3:4a:77:6f:46:9d:31:20:4d:cd:7e:bb:c1:
         3b:5b:d4:98:71:cc:f5:68:64:c5:95:f5:69:68:be:71:40:33:
         7c:d1:4c:36:0b:a5:3d:29:d7:0b:59:37:74:49:09:03:12:58:
         fc:e2:83:c2:84:96:db:86:98:5c:5f:9a:cf:cd:67:51:57:26:
         68:a3:7f:2d:0d:fc:a8:c6:58:bb:6b:1f:22:91:92:ef:88:2f:
         02:92:23:bb:9e:08:42:03:92:13:30:f5:76:49:a6:b5:24:28:
         9f:f9:e0:0d:cf:74:a7:cf:a8:c0:3f:fd:99:43:fa:07:1a:0e:
         d4:62:bc:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaPqcc6jesYWZo4fIvkdfeqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwNTAyMDYyMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjMwZGQ4YmNkN2NmZjQxZDFkMTRmM2ExN2Y5NjE3YTQyN2EzNzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnV2pfiuTvgyucGH0kDirkPx4M3YQ
Zxp3T1I/r65w8vQwtaOAoDmPdoCvOvd5S64u+SHi1zMLDlfXD+5AM5lIy2mqniuv
awZKDVnG9Lv0ij+GhWdZA1sfuUwNhWDf8K8Q04TqtLeTfEm9t2NnPAGpXvuvZg6Z
wr9SosG7Ut3yfdH+yJe1ruCNh/ihZrA+ATWMU/h9qMifRaRru8fPpBflisI47iDf
POgiz2ApJ1u0Pd8RBce0zTzs6wRjfGZMOYU/XKAfOeEmvhqr/hv+mpgLg1+6dctj
1S2bJqmi9robUhYUanYanK4sMQfpRbJmQcV2mx08ZM8rEd4Qb/ycW2C7NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDIw3YvNfP9B0dFPOhf5YXpCejdFMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvTWpEZGk4MThfMEhSMFU4NkZfbGhla0o2TjBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCDmMA0G
CSqGSIb3DQEBCwUAA4IBAQBqcTQIE7qNH8kb99RuQBSjdFUPLOgr8VS88FBgx/Sm
K2T4a/LRoYD8xY2vHLX41wz5bryyovlmlnqzKEdZkDrNdwCmhWQceLwqkSj7uRxX
VyPYAplYkrG4e8uoSOpUFeDDTS4sFoRqJtzrVRZIJLGX0MBfxPAnqnbsoLY1VtO7
++fJhuNKd29GnTEgTc1+u8E7W9SYccz1aGTFlfVpaL5xQDN80Uw2C6U9KdcLWTd0
SQkDElj84oPChJbbhphcX5rPzWdRVyZoo38tDfyoxli7ax8ikZLviC8CkiO7nghC
A5ITMPV2Saa1JCif+eANz3Snz6jAP/2ZQ/oHGg7UYrxZ
-----END CERTIFICATE-----