Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/3d56f6-9410-4844-a472-5615513fdcf4/1/PzTDSELNWJk4OG4k3czPxIDDrzM.roa
File:                     PzTDSELNWJk4OG4k3czPxIDDrzM.roa (raw, json)
Hash identifier:          fnvRfzPk7n8WTHDpBqpNK9SDvUOmfPqSiJGMyi9YEgA=
Subject key identifier:   3F:34:C3:48:42:CD:58:99:38:38:6E:24:DD:CC:CF:C4:80:C3:AF:33
Certificate issuer:       /CN=6029b1a08139e1da9643dd0424f5cd64507e3771
Certificate serial:       018CC3494007A140298497EB8CC38F73367A
Authority key identifier: 60:29:B1:A0:81:39:E1:DA:96:43:DD:04:24:F5:CD:64:50:7E:37:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YCmxoIE54dqWQ90EJPXNZFB-N3E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/3d56f6-9410-4844-a472-5615513fdcf4/1/PzTDSELNWJk4OG4k3czPxIDDrzM.roa
Signing time:             Mon 01 Jan 2024 04:30:06 +0000
ROA not before:           Mon 01 Jan 2024 04:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204002
IP address blocks:        185.43.89.0/24 maxlen: 24
                          185.43.90.0/24 maxlen: 24
                          185.43.91.0/24 maxlen: 24
                          185.43.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/3d56f6-9410-4844-a472-5615513fdcf4/1/YCmxoIE54dqWQ90EJPXNZFB-N3E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/3d56f6-9410-4844-a472-5615513fdcf4/1/YCmxoIE54dqWQ90EJPXNZFB-N3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YCmxoIE54dqWQ90EJPXNZFB-N3E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:40:07:a1:40:29:84:97:eb:8c:c3:8f:73:36:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6029b1a08139e1da9643dd0424f5cd64507e3771
        Validity
            Not Before: Jan  1 04:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f34c34842cd589938386e24ddcccfc480c3af33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:8b:ea:12:a2:41:a0:49:d1:a5:0a:90:c6:c9:
                    f6:8f:80:d5:e2:28:b1:e9:63:f2:3b:ea:de:0b:c1:
                    a8:7c:e4:4d:7a:31:fc:50:06:78:c2:c6:8e:0a:eb:
                    a3:af:46:49:3e:c1:d1:9f:28:af:d7:a2:ff:2a:7a:
                    c5:f5:08:02:20:d4:5f:ca:5b:e0:67:78:f1:4c:56:
                    83:b4:fe:09:cd:8f:75:fa:09:e2:d4:ba:f7:ad:62:
                    b3:d3:6d:77:b8:8e:70:df:a9:9d:78:46:2b:9c:95:
                    6b:a0:84:c9:71:cc:63:bc:dd:84:f7:63:6b:eb:f1:
                    da:98:cf:5d:7e:6e:11:8f:e6:33:eb:44:73:2f:03:
                    4c:ca:7b:f7:bb:44:b6:79:33:eb:eb:1c:6f:ba:d8:
                    ec:38:bc:d2:bf:7f:f1:06:2a:c8:aa:a1:f5:fd:0d:
                    fb:04:8f:75:71:33:ef:0f:96:05:45:f2:72:b7:b9:
                    e5:a4:a7:95:97:9f:f4:d9:69:3b:aa:b7:95:a3:38:
                    7b:56:40:2f:47:78:e0:9f:df:d8:f2:ae:cf:26:ab:
                    10:27:b8:4d:e2:28:1f:f9:2f:01:a7:d7:96:5c:f2:
                    28:ce:01:57:14:48:9a:d8:eb:68:d9:1a:c2:15:ba:
                    d5:8d:44:38:5c:61:20:0b:9a:96:83:95:2c:c1:38:
                    1d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:34:C3:48:42:CD:58:99:38:38:6E:24:DD:CC:CF:C4:80:C3:AF:33
            X509v3 Authority Key Identifier:
                keyid:60:29:B1:A0:81:39:E1:DA:96:43:DD:04:24:F5:CD:64:50:7E:37:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YCmxoIE54dqWQ90EJPXNZFB-N3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3d56f6-9410-4844-a472-5615513fdcf4/1/PzTDSELNWJk4OG4k3czPxIDDrzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3d56f6-9410-4844-a472-5615513fdcf4/1/YCmxoIE54dqWQ90EJPXNZFB-N3E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:8f:c7:55:c7:8d:88:d3:8b:31:39:ff:fb:ba:48:ac:95:a9:
         87:e0:3d:de:29:cc:c4:1b:9b:d0:34:01:66:22:88:8d:e4:52:
         f3:c3:82:0d:c8:6d:f1:d7:38:50:04:21:2b:52:99:02:8f:ec:
         25:bb:fc:ac:5c:81:76:ee:b5:3b:8b:dc:04:71:f2:5b:77:da:
         7b:92:0a:6a:a4:66:ef:2e:e6:2d:65:1a:95:52:74:00:d9:f4:
         42:2c:89:3f:b8:50:9d:fd:9a:c9:65:23:2b:42:7f:0f:5b:53:
         f2:49:5f:60:10:38:df:05:2c:73:87:74:d5:86:2a:c5:8e:53:
         8d:ba:a4:91:e1:57:41:42:ce:45:31:44:50:0d:df:92:ae:38:
         8f:00:fa:b5:7e:91:df:fe:fb:88:90:6d:77:95:26:1a:d0:44:
         1f:fb:7e:df:f7:2b:56:32:37:16:34:89:b4:eb:de:ed:fd:e0:
         ed:8b:4d:a8:b8:88:b2:b2:e7:95:a4:00:c5:d9:6d:84:d9:67:
         64:96:e6:3d:8e:80:36:14:05:86:62:c3:b2:b3:ef:7b:7b:bf:
         6c:35:c1:2d:ef:8c:f1:df:0b:0a:a9:31:11:fa:42:8b:68:53:
         75:d7:5b:d6:11:0e:3e:27:bb:91:31:b7:f3:02:3d:58:97:bf:
         0d:92:2a:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSUAHoUAphJfrjMOPczZ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMjliMWEwODEzOWUxZGE5NjQzZGQwNDI0ZjVjZDY0NTA3
ZTM3NzEwHhcNMjQwMTAxMDQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjM0YzM0ODQyY2Q1ODk5MzgzODZlMjRkZGNjY2ZjNDgwYzNhZjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA04vqEqJBoEnRpQqQxsn2j4DV4iix
6WPyO+reC8GofORNejH8UAZ4wsaOCuujr0ZJPsHRnyiv16L/KnrF9QgCINRfylvg
Z3jxTFaDtP4JzY91+gni1Lr3rWKz0213uI5w36mdeEYrnJVroITJccxjvN2E92Nr
6/HamM9dfm4Rj+Yz60RzLwNMynv3u0S2eTPr6xxvutjsOLzSv3/xBirIqqH1/Q37
BI91cTPvD5YFRfJyt7nlpKeVl5/02Wk7qreVozh7VkAvR3jgn9/Y8q7PJqsQJ7hN
4igf+S8Bp9eWXPIozgFXFEia2Oto2RrCFbrVjUQ4XGEgC5qWg5UswTgdIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD80w0hCzViZODhuJN3Mz8SAw68zMB8GA1UdIwQY
MBaAFGApsaCBOeHalkPdBCT1zWRQfjdxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUNteG9JRTU0ZHFXUTkwRUpQWE5aRkItTjNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zZDU2ZjYtOTQxMC00ODQ0LWE0NzIt
NTYxNTUxM2ZkY2Y0LzEvUHpURFNFTE5XSms0T0c0azNjelB4SUREcnpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zZDU2ZjYtOTQxMC00ODQ0LWE0NzItNTYxNTUxM2ZkY2Y0
LzEvWUNteG9JRTU0ZHFXUTkwRUpQWE5aRkItTjNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuStYMA0G
CSqGSIb3DQEBCwUAA4IBAQA9j8dVx42I04sxOf/7ukislamH4D3eKczEG5vQNAFm
IoiN5FLzw4INyG3x1zhQBCErUpkCj+wlu/ysXIF27rU7i9wEcfJbd9p7kgpqpGbv
LuYtZRqVUnQA2fRCLIk/uFCd/ZrJZSMrQn8PW1PySV9gEDjfBSxzh3TVhirFjlON
uqSR4VdBQs5FMURQDd+SrjiPAPq1fpHf/vuIkG13lSYa0EQf+37f9ytWMjcWNIm0
697t/eDti02ouIiysueVpADF2W2E2WdkluY9joA2FAWGYsOys+97e79sNcEt74zx
3wsKqTER+kKLaFN111vWEQ4+J7uRMbfzAj1Yl78NkipH
-----END CERTIFICATE-----