Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/Z8V3bUVFVrj4WBbfnShyWJdIBSM.roa
File:                     Z8V3bUVFVrj4WBbfnShyWJdIBSM.roa (raw, json)
Hash identifier:          6i7VUxj1PPr1MRhiqcCj5yeA7wDwGyA30/+OinHZmmI=
Subject key identifier:   67:C5:77:6D:45:45:56:B8:F8:58:16:DF:9D:28:72:58:97:48:05:23
Certificate issuer:       /CN=3d3f87bb7f7874aa7e15cfec9bbf6aae3c9ce33a
Certificate serial:       018FA09444ED14DECB1D34EE416863E7B0EC
Authority key identifier: 3D:3F:87:BB:7F:78:74:AA:7E:15:CF:EC:9B:BF:6A:AE:3C:9C:E3:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/Z8V3bUVFVrj4WBbfnShyWJdIBSM.roa
Signing time:             Wed 22 May 2024 13:53:42 +0000
ROA not before:           Wed 22 May 2024 13:53:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59422
IP address blocks:        194.39.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a0:94:44:ed:14:de:cb:1d:34:ee:41:68:63:e7:b0:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d3f87bb7f7874aa7e15cfec9bbf6aae3c9ce33a
        Validity
            Not Before: May 22 13:53:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67c5776d454556b8f85816df9d28725897480523
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:16:82:8a:ea:48:35:01:89:f2:3d:b5:01:95:
                    04:51:9e:3a:88:43:47:2b:0f:29:22:27:e6:fa:14:
                    69:0f:26:2a:af:93:ea:ed:d5:6d:58:10:c3:c5:e5:
                    1f:26:db:ef:35:10:7f:68:5e:44:5d:10:3f:71:16:
                    6e:0e:13:2d:3b:1f:3d:70:10:32:40:93:ca:cf:05:
                    49:0e:f3:94:90:a4:4b:c2:5c:c8:23:09:db:ea:46:
                    9e:a9:41:60:40:db:eb:9c:0e:fe:e9:8f:c5:c2:48:
                    01:22:e1:54:36:b2:4e:b0:fb:df:cd:32:b0:da:73:
                    c5:d7:92:c9:15:71:6f:0b:87:53:53:f5:5b:8c:5d:
                    5f:80:47:8c:b7:19:4a:79:35:bd:86:fa:86:70:1b:
                    89:28:3d:7c:64:b6:56:09:88:33:cd:77:70:1d:6e:
                    60:c5:70:23:4c:09:e8:0e:bb:56:78:c2:8d:4b:15:
                    a2:49:c3:47:ea:0b:fe:73:7b:38:97:be:2f:50:a6:
                    23:08:a5:fb:0d:95:17:06:82:fb:83:f9:7f:a5:50:
                    f1:8e:84:6b:7d:10:66:62:27:28:55:44:e2:32:c3:
                    2c:5f:fa:fd:00:7b:dc:85:ee:ca:d4:f6:8e:f0:f8:
                    56:39:10:f9:bd:8e:58:ca:d1:36:1e:93:4b:86:28:
                    0c:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:C5:77:6D:45:45:56:B8:F8:58:16:DF:9D:28:72:58:97:48:05:23
            X509v3 Authority Key Identifier:
                keyid:3D:3F:87:BB:7F:78:74:AA:7E:15:CF:EC:9B:BF:6A:AE:3C:9C:E3:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/Z8V3bUVFVrj4WBbfnShyWJdIBSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:f3:39:41:fc:18:5e:8f:d4:20:bb:9c:cb:e7:21:c4:56:19:
         e8:f1:b5:4e:b9:2a:9e:be:1c:9d:5c:0d:27:d5:f4:77:6f:07:
         86:62:aa:0d:db:48:be:32:96:12:d5:1e:14:e9:92:e1:25:fe:
         d2:f9:d6:15:bc:02:33:81:aa:c9:b1:1a:4d:d4:82:0e:32:d4:
         1a:a1:e1:ad:e9:74:05:7e:39:b9:c2:56:bd:fd:6f:3e:92:db:
         4a:05:92:32:7b:dd:d6:14:c7:d8:86:93:15:5a:a6:1b:03:4c:
         94:21:d8:d1:da:52:d2:7b:01:7e:1c:7f:ab:2c:df:79:7e:07:
         6b:a2:09:93:56:ef:e8:fe:a0:94:10:8c:87:2c:83:6e:77:a3:
         6c:c9:f0:c6:08:b1:8e:33:56:11:3d:d8:fe:14:ec:da:6e:d0:
         50:09:c1:bc:ba:4d:58:aa:43:94:1c:29:81:e4:75:e9:a6:7b:
         7e:88:c7:35:1f:c8:e1:a5:c6:7e:da:48:91:38:c3:82:4d:90:
         ef:42:e0:93:3d:02:20:f3:11:a1:07:d5:cd:e9:09:de:e2:b8:
         d5:93:67:fa:9e:25:d6:59:c3:72:5f:a9:d8:a5:11:0a:4c:0f:
         71:45:db:40:80:1f:23:81:bd:8a:9d:a8:e8:17:fd:1f:49:06:
         9a:dc:58:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+glETtFN7LHTTuQWhj57DsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkM2Y4N2JiN2Y3ODc0YWE3ZTE1Y2ZlYzliYmY2YWFlM2M5
Y2UzM2EwHhcNMjQwNTIyMTM1MzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2M1Nzc2ZDQ1NDU1NmI4Zjg1ODE2ZGY5ZDI4NzI1ODk3NDgwNTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBaCiupINQGJ8j21AZUEUZ46iENH
Kw8pIifm+hRpDyYqr5Pq7dVtWBDDxeUfJtvvNRB/aF5EXRA/cRZuDhMtOx89cBAy
QJPKzwVJDvOUkKRLwlzIIwnb6kaeqUFgQNvrnA7+6Y/FwkgBIuFUNrJOsPvfzTKw
2nPF15LJFXFvC4dTU/VbjF1fgEeMtxlKeTW9hvqGcBuJKD18ZLZWCYgzzXdwHW5g
xXAjTAnoDrtWeMKNSxWiScNH6gv+c3s4l74vUKYjCKX7DZUXBoL7g/l/pVDxjoRr
fRBmYicoVUTiMsMsX/r9AHvche7K1PaO8PhWORD5vY5YytE2HpNLhigM0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGfFd21FRVa4+FgW350ocliXSAUjMB8GA1UdIwQY
MBaAFD0/h7t/eHSqfhXP7Ju/aq48nOM6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFQtSHUzOTRkS3AtRmNfc203OXFyanljNHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MTAxNWEtMTFiZS00NzFlLTk1OTIt
NjJiZTUzNDI1Njc2LzEvWjhWM2JVVkZWcmo0V0JiZm5TaHlXSmRJQlNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MTAxNWEtMTFiZS00NzFlLTk1OTItNjJiZTUzNDI1Njc2
LzEvUFQtSHUzOTRkS3AtRmNfc203OXFyanljNHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwifmMA0G
CSqGSIb3DQEBCwUAA4IBAQCA8zlB/Bhej9Qgu5zL5yHEVhno8bVOuSqevhydXA0n
1fR3bweGYqoN20i+MpYS1R4U6ZLhJf7S+dYVvAIzgarJsRpN1IIOMtQaoeGt6XQF
fjm5wla9/W8+kttKBZIye93WFMfYhpMVWqYbA0yUIdjR2lLSewF+HH+rLN95fgdr
ogmTVu/o/qCUEIyHLINud6NsyfDGCLGOM1YRPdj+FOzabtBQCcG8uk1YqkOUHCmB
5HXppnt+iMc1H8jhpcZ+2kiROMOCTZDvQuCTPQIg8xGhB9XN6Qne4rjVk2f6niXW
WcNyX6nYpREKTA9xRdtAgB8jgb2KnajoF/0fSQaa3FgY
-----END CERTIFICATE-----