Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/4wzrzTSe4OfvtHyfgVOfhTZzVMc.roa
File:                     4wzrzTSe4OfvtHyfgVOfhTZzVMc.roa (raw, json)
Hash identifier:          qFI+zaBmAHIEttJ/kaFzk4Tl6WLETr7kE2kQg9lJGak=
Subject key identifier:   E3:0C:EB:CD:34:9E:E0:E7:EF:B4:7C:9F:81:53:9F:85:36:73:54:C7
Certificate issuer:       /CN=3d3f87bb7f7874aa7e15cfec9bbf6aae3c9ce33a
Certificate serial:       018CF5193B7E9EBE03C6CAB835FF1B69ACCA
Authority key identifier: 3D:3F:87:BB:7F:78:74:AA:7E:15:CF:EC:9B:BF:6A:AE:3C:9C:E3:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/4wzrzTSe4OfvtHyfgVOfhTZzVMc.roa
Signing time:             Wed 10 Jan 2024 20:38:40 +0000
ROA not before:           Wed 10 Jan 2024 20:38:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        194.39.229.0/24 maxlen: 24
                          194.39.230.0/24 maxlen: 24
                          194.39.231.0/24 maxlen: 24
                          194.39.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f5:19:3b:7e:9e:be:03:c6:ca:b8:35:ff:1b:69:ac:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d3f87bb7f7874aa7e15cfec9bbf6aae3c9ce33a
        Validity
            Not Before: Jan 10 20:38:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e30cebcd349ee0e7efb47c9f81539f85367354c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:37:f9:f3:6f:6d:c6:70:ed:77:d8:d1:4f:99:
                    66:a8:b2:09:b1:9b:82:9e:8c:3c:1f:51:95:83:e8:
                    29:ca:bf:69:45:bc:e8:45:cd:dc:37:f0:7f:20:ab:
                    b1:44:c7:23:31:86:cd:61:75:4a:47:45:89:9a:ae:
                    b6:7d:1c:81:ba:b1:12:3e:3d:7e:65:25:aa:88:5a:
                    93:7d:2c:c4:32:04:e5:82:a9:a6:a3:2c:1e:b7:c0:
                    91:ef:c7:48:a0:9a:a0:69:f7:4e:9d:4a:61:86:1f:
                    33:2d:4a:47:a0:4e:19:06:92:bc:e1:9f:66:a9:1f:
                    5c:a3:88:e8:d8:d7:9a:83:90:9c:b8:c1:87:21:11:
                    38:48:22:5b:2d:9f:c4:a8:a3:d2:ae:32:fb:21:55:
                    a6:ba:0d:12:b3:e4:fa:03:d2:57:2a:4f:d2:17:2e:
                    08:63:ca:f6:bd:85:29:a7:9b:aa:38:9c:6a:7f:69:
                    64:54:d1:5f:6c:5d:55:5d:a3:08:08:65:85:70:b4:
                    05:f0:37:00:2c:35:4a:c8:e7:29:db:9b:e0:af:25:
                    0f:d7:d9:3e:22:a4:79:09:b7:b8:3b:56:b8:06:23:
                    ed:e9:68:82:c3:00:00:f0:81:0f:62:2a:49:60:16:
                    a1:08:98:d4:26:56:d0:f3:34:2f:77:67:8b:6f:36:
                    fb:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:0C:EB:CD:34:9E:E0:E7:EF:B4:7C:9F:81:53:9F:85:36:73:54:C7
            X509v3 Authority Key Identifier:
                keyid:3D:3F:87:BB:7F:78:74:AA:7E:15:CF:EC:9B:BF:6A:AE:3C:9C:E3:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/4wzrzTSe4OfvtHyfgVOfhTZzVMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:46:9f:0b:73:9d:fa:7b:de:d3:cf:bb:c9:b1:50:f3:ab:ae:
         7a:8c:b8:3c:56:bf:72:93:70:c1:41:9b:42:38:e0:ce:92:32:
         20:9d:4a:5f:54:51:65:a8:7c:c2:0c:b7:a4:42:35:aa:20:4a:
         b6:8c:54:b8:74:5b:5c:90:39:96:1b:bc:6b:2d:9d:92:f2:2a:
         cf:eb:5e:38:aa:69:ae:b8:d0:30:f9:d2:4f:46:b3:8e:22:44:
         e8:8f:52:19:e5:81:d4:e0:bc:84:7d:b7:95:82:fd:1d:cb:91:
         b1:3e:2e:79:b5:7c:f3:61:06:b4:e9:03:e4:8f:d0:d3:89:60:
         e5:0c:70:b7:f6:c9:73:5d:99:1a:4f:fe:fe:99:7b:c5:89:7c:
         be:57:79:96:31:95:0b:5d:fe:f2:bf:c5:aa:fc:82:3d:a9:00:
         0e:30:a4:69:70:82:92:32:4d:8b:c7:4d:b6:49:2f:8c:5c:01:
         9c:5f:b4:0e:80:ba:e6:60:a9:7a:86:00:b4:bf:23:1f:62:5e:
         e4:25:a4:2d:ef:30:56:59:05:95:fa:6a:91:f7:f4:58:ef:69:
         04:c1:f0:cd:ba:d4:9e:13:68:e7:6b:bd:1a:b6:d2:bd:95:d2:
         e3:d1:46:f9:17:bd:4d:5a:34:dd:c0:bd:e1:ab:d0:a3:c3:89:
         8d:a1:ff:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYz1GTt+nr4Dxsq4Nf8baazKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkM2Y4N2JiN2Y3ODc0YWE3ZTE1Y2ZlYzliYmY2YWFlM2M5
Y2UzM2EwHhcNMjQwMTEwMjAzODQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzBjZWJjZDM0OWVlMGU3ZWZiNDdjOWY4MTUzOWY4NTM2NzM1NGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDf5829txnDtd9jRT5lmqLIJsZuC
now8H1GVg+gpyr9pRbzoRc3cN/B/IKuxRMcjMYbNYXVKR0WJmq62fRyBurESPj1+
ZSWqiFqTfSzEMgTlgqmmoywet8CR78dIoJqgafdOnUphhh8zLUpHoE4ZBpK84Z9m
qR9co4jo2Neag5CcuMGHIRE4SCJbLZ/EqKPSrjL7IVWmug0Ss+T6A9JXKk/SFy4I
Y8r2vYUpp5uqOJxqf2lkVNFfbF1VXaMICGWFcLQF8DcALDVKyOcp25vgryUP19k+
IqR5Cbe4O1a4BiPt6WiCwwAA8IEPYipJYBahCJjUJlbQ8zQvd2eLbzb7EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOMM6800nuDn77R8n4FTn4U2c1THMB8GA1UdIwQY
MBaAFD0/h7t/eHSqfhXP7Ju/aq48nOM6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFQtSHUzOTRkS3AtRmNfc203OXFyanljNHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MTAxNWEtMTFiZS00NzFlLTk1OTIt
NjJiZTUzNDI1Njc2LzEvNHd6cnpUU2U0T2Z2dEh5ZmdWT2ZoVFp6Vk1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MTAxNWEtMTFiZS00NzFlLTk1OTItNjJiZTUzNDI1Njc2
LzEvUFQtSHUzOTRkS3AtRmNfc203OXFyanljNHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwifkMA0G
CSqGSIb3DQEBCwUAA4IBAQA+Rp8Lc536e97Tz7vJsVDzq656jLg8Vr9yk3DBQZtC
OODOkjIgnUpfVFFlqHzCDLekQjWqIEq2jFS4dFtckDmWG7xrLZ2S8irP6144qmmu
uNAw+dJPRrOOIkToj1IZ5YHU4LyEfbeVgv0dy5GxPi55tXzzYQa06QPkj9DTiWDl
DHC39slzXZkaT/7+mXvFiXy+V3mWMZULXf7yv8Wq/II9qQAOMKRpcIKSMk2Lx022
SS+MXAGcX7QOgLrmYKl6hgC0vyMfYl7kJaQt7zBWWQWV+mqR9/RY72kEwfDNutSe
E2jna70attK9ldLj0Ub5F71NWjTdwL3hq9Cjw4mNof94
-----END CERTIFICATE-----