Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/VnPSleeMHT-jEDZJvcj7wswo-uc.roa
File:                     VnPSleeMHT-jEDZJvcj7wswo-uc.roa (raw, json)
Hash identifier:          J8mE9CeDpgMjScDrMhJ4WgvJMldlEykT+vy+lBJjBdk=
Subject key identifier:   56:73:D2:95:E7:8C:1D:3F:A3:10:36:49:BD:C8:FB:C2:CC:28:FA:E7
Certificate issuer:       /CN=3d3f87bb7f7874aa7e15cfec9bbf6aae3c9ce33a
Certificate serial:       0195C8827EEAD1DEF8D32EB1F0DB603D9A18
Authority key identifier: 3D:3F:87:BB:7F:78:74:AA:7E:15:CF:EC:9B:BF:6A:AE:3C:9C:E3:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/VnPSleeMHT-jEDZJvcj7wswo-uc.roa
Signing time:             Mon 24 Mar 2025 14:15:50 +0000
ROA not before:           Mon 24 Mar 2025 14:15:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211908
IP address blocks:        194.39.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:c8:82:7e:ea:d1:de:f8:d3:2e:b1:f0:db:60:3d:9a:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d3f87bb7f7874aa7e15cfec9bbf6aae3c9ce33a
        Validity
            Not Before: Mar 24 14:15:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5673d295e78c1d3fa3103649bdc8fbc2cc28fae7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:3f:ea:a9:26:02:ab:d7:6c:aa:40:22:5a:3c:
                    e2:0c:3f:7e:bc:26:40:1d:e8:cc:91:64:2c:07:8e:
                    80:7e:e1:22:44:65:5f:aa:24:ff:00:84:fa:65:a2:
                    75:ba:39:f3:e0:bc:43:58:f2:55:c0:4b:88:f5:59:
                    0d:9c:29:89:01:26:ef:dd:33:bf:8e:41:0c:fd:31:
                    c3:1d:d9:15:3a:16:28:e6:3d:89:f8:ef:9f:dd:f6:
                    5a:a7:8d:f2:32:49:3a:20:8c:e0:bd:c6:f6:a0:d7:
                    fc:74:ff:75:81:b1:6c:27:d6:2b:4c:f7:59:3c:b1:
                    44:94:6b:5e:6c:21:12:41:8f:53:5b:04:6c:9f:1d:
                    ae:01:70:b4:4c:e3:80:73:c9:ad:50:c6:ac:f0:be:
                    74:24:3b:b9:e3:7c:b6:e3:73:96:1c:94:13:fc:d2:
                    55:d4:80:38:29:69:63:9f:6c:9f:1c:1c:6a:d2:13:
                    bb:ff:ba:18:4f:13:03:3b:96:06:b5:ec:ea:75:9b:
                    4d:ae:a2:53:72:60:c2:7a:fd:b6:d7:3f:d9:16:c5:
                    32:92:aa:40:fc:82:17:ae:6e:4a:75:22:21:ac:38:
                    84:b4:ed:17:7f:3f:45:ab:28:49:e7:35:94:d4:67:
                    6a:77:2f:c8:ec:14:7a:c4:e4:87:33:de:4d:f8:db:
                    af:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:73:D2:95:E7:8C:1D:3F:A3:10:36:49:BD:C8:FB:C2:CC:28:FA:E7
            X509v3 Authority Key Identifier:
                keyid:3D:3F:87:BB:7F:78:74:AA:7E:15:CF:EC:9B:BF:6A:AE:3C:9C:E3:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/VnPSleeMHT-jEDZJvcj7wswo-uc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:e6:dc:5c:9b:e0:1e:6a:21:01:58:2d:55:13:34:49:a3:65:
         30:e7:93:cf:cb:09:5e:80:dc:56:b0:77:12:45:75:c2:b2:83:
         c8:d3:45:71:30:70:a7:a7:fc:fc:1a:67:ae:97:f1:c3:c2:f4:
         04:a9:71:ef:a2:4e:79:1d:9f:81:82:bb:a5:c2:0b:b9:75:fe:
         bd:43:22:b7:d3:f8:9e:ef:ee:05:b2:27:be:51:89:90:3e:ee:
         74:26:c9:51:cb:dd:87:8b:10:27:fd:25:88:f7:0c:35:1b:80:
         bf:fd:cc:0a:19:2a:37:bd:1d:24:ed:8f:d2:f7:b1:1f:ff:4b:
         68:e2:7f:c7:6b:43:19:a4:ed:d2:94:54:8a:92:af:da:bc:9f:
         5f:4e:af:c3:5b:e0:b0:cf:24:dd:a2:7a:45:bf:73:f6:c4:85:
         9b:ff:2a:e4:17:1f:bd:bb:7f:bc:38:18:b5:58:05:e3:89:e1:
         93:a6:37:95:8c:da:67:37:35:d9:df:1d:f9:59:f9:84:53:2d:
         da:2f:d3:d7:a4:78:a4:26:93:80:1a:53:4d:67:dc:83:58:05:
         e3:fd:ad:d7:47:cf:8b:54:13:35:64:c3:68:46:40:74:c0:95:
         da:aa:92:6b:eb:b9:c0:e0:ae:06:d2:e0:60:63:b0:af:73:3c:
         36:73:28:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXIgn7q0d740y6x8NtgPZoYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkM2Y4N2JiN2Y3ODc0YWE3ZTE1Y2ZlYzliYmY2YWFlM2M5
Y2UzM2EwHhcNMjUwMzI0MTQxNTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjczZDI5NWU3OGMxZDNmYTMxMDM2NDliZGM4ZmJjMmNjMjhmYWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2D/qqSYCq9dsqkAiWjziDD9+vCZA
HejMkWQsB46AfuEiRGVfqiT/AIT6ZaJ1ujnz4LxDWPJVwEuI9VkNnCmJASbv3TO/
jkEM/THDHdkVOhYo5j2J+O+f3fZap43yMkk6IIzgvcb2oNf8dP91gbFsJ9YrTPdZ
PLFElGtebCESQY9TWwRsnx2uAXC0TOOAc8mtUMas8L50JDu543y243OWHJQT/NJV
1IA4KWljn2yfHBxq0hO7/7oYTxMDO5YGtezqdZtNrqJTcmDCev221z/ZFsUykqpA
/IIXrm5KdSIhrDiEtO0Xfz9FqyhJ5zWU1Gdqdy/I7BR6xOSHM95N+NuvAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFZz0pXnjB0/oxA2Sb3I+8LMKPrnMB8GA1UdIwQY
MBaAFD0/h7t/eHSqfhXP7Ju/aq48nOM6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFQtSHUzOTRkS3AtRmNfc203OXFyanljNHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MTAxNWEtMTFiZS00NzFlLTk1OTIt
NjJiZTUzNDI1Njc2LzEvVm5QU2xlZU1IVC1qRURaSnZjajd3c3dvLXVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MTAxNWEtMTFiZS00NzFlLTk1OTItNjJiZTUzNDI1Njc2
LzEvUFQtSHUzOTRkS3AtRmNfc203OXFyanljNHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiflMA0G
CSqGSIb3DQEBCwUAA4IBAQB25txcm+AeaiEBWC1VEzRJo2Uw55PPywlegNxWsHcS
RXXCsoPI00VxMHCnp/z8Gmeul/HDwvQEqXHvok55HZ+Bgrulwgu5df69QyK30/ie
7+4Fsie+UYmQPu50JslRy92HixAn/SWI9ww1G4C//cwKGSo3vR0k7Y/S97Ef/0to
4n/Ha0MZpO3SlFSKkq/avJ9fTq/DW+CwzyTdonpFv3P2xIWb/yrkFx+9u3+8OBi1
WAXjieGTpjeVjNpnNzXZ3x35WfmEUy3aL9PXpHikJpOAGlNNZ9yDWAXj/a3XR8+L
VBM1ZMNoRkB0wJXaqpJr67nA4K4G0uBgY7Cvczw2cyiy
-----END CERTIFICATE-----