Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/_mV-RGY-pv2pFTbkkb6uI5Oje_I.roa
File:                     _mV-RGY-pv2pFTbkkb6uI5Oje_I.roa (raw, json)
Hash identifier:          p4eENjI/cwmo6qgfAyd3PHUV1z0BYeTGomC/74ioJaI=
Subject key identifier:   FE:65:7E:44:66:3E:A6:FD:A9:15:36:E4:91:BE:AE:23:93:A3:7B:F2
Certificate issuer:       /CN=3d3f87bb7f7874aa7e15cfec9bbf6aae3c9ce33a
Certificate serial:       019424B392DD4F42E10A1543308150EA6DF0
Authority key identifier: 3D:3F:87:BB:7F:78:74:AA:7E:15:CF:EC:9B:BF:6A:AE:3C:9C:E3:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/_mV-RGY-pv2pFTbkkb6uI5Oje_I.roa
Signing time:             Thu 02 Jan 2025 01:48:55 +0000
ROA not before:           Thu 02 Jan 2025 01:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        194.39.228.0/24 maxlen: 24
                          194.39.229.0/24 maxlen: 24
                          194.39.230.0/24 maxlen: 24
                          194.39.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:92:dd:4f:42:e1:0a:15:43:30:81:50:ea:6d:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d3f87bb7f7874aa7e15cfec9bbf6aae3c9ce33a
        Validity
            Not Before: Jan  2 01:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe657e44663ea6fda91536e491beae2393a37bf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:47:f4:95:da:83:63:5d:a1:8e:5a:0e:cb:2a:
                    b1:f5:e4:15:4d:ff:42:a4:af:cb:52:37:af:e4:18:
                    e8:07:47:1a:03:7c:17:b7:60:be:52:c8:a5:89:29:
                    e7:e0:1c:1d:52:cb:9b:4a:17:93:3d:4f:5c:87:4d:
                    a3:fc:b4:36:6d:6e:47:7c:16:9a:07:0a:26:2a:8f:
                    e2:f4:7e:4c:5f:bc:5b:3c:0d:78:ea:45:e7:6b:db:
                    05:54:2b:1d:dd:e7:8f:5e:f5:70:de:f7:47:25:1e:
                    29:bc:8b:64:80:53:b0:46:a4:22:c4:91:8e:4c:46:
                    11:9a:a4:c3:c3:82:fe:6e:40:ed:63:97:f9:c9:18:
                    57:6f:44:96:9a:4e:c8:b1:e1:9c:79:d4:29:d5:ad:
                    ff:e3:7b:8d:3c:67:98:19:20:66:cf:b3:52:bf:3c:
                    51:d7:f6:87:b7:ce:17:22:e0:ca:04:39:96:59:be:
                    2f:aa:03:5b:c7:75:0e:35:05:b1:d1:63:0b:7c:8e:
                    31:57:40:76:7c:08:b3:d5:c9:ef:39:7f:ee:a1:4a:
                    fc:9f:65:c5:18:1d:29:0b:ee:35:8f:0c:1f:79:f8:
                    3f:53:c2:78:b6:ba:4a:d0:40:40:53:de:b9:e8:06:
                    65:a1:f7:db:c2:7e:97:4d:ef:25:39:92:9e:ca:71:
                    47:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:65:7E:44:66:3E:A6:FD:A9:15:36:E4:91:BE:AE:23:93:A3:7B:F2
            X509v3 Authority Key Identifier:
                keyid:3D:3F:87:BB:7F:78:74:AA:7E:15:CF:EC:9B:BF:6A:AE:3C:9C:E3:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/_mV-RGY-pv2pFTbkkb6uI5Oje_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:e1:34:3b:51:ad:b6:69:5a:a2:1d:be:dd:bf:32:4c:8c:dd:
         44:68:71:5b:93:fa:bc:50:c9:84:71:0e:55:c1:6a:b2:82:09:
         3b:80:9f:df:fd:45:9f:75:b0:73:cc:2f:25:79:a3:89:50:f1:
         00:03:b6:03:3a:ad:0c:7d:a2:77:93:d4:65:29:34:1e:1f:90:
         7d:46:84:ca:93:ce:93:18:02:e3:73:9b:2d:f3:c9:36:ff:f4:
         c1:31:bf:0e:e3:b6:26:b4:ac:be:34:94:73:15:12:64:3b:06:
         a5:96:cf:bc:af:4e:61:aa:bd:d2:1e:69:f1:55:57:e2:1e:da:
         c8:90:3e:42:c1:fb:e8:ca:cf:df:44:a6:98:af:95:3d:31:45:
         02:d4:bb:2f:43:f0:c3:f5:dd:99:0f:b5:0b:4e:73:56:75:8e:
         b0:6a:c1:b1:14:1a:f1:ab:73:d1:7f:82:ea:93:e6:1d:4a:e7:
         87:c0:d8:c4:4e:e8:92:6b:28:e5:5d:fe:53:6f:23:07:da:85:
         fc:64:d5:a1:f8:6b:f0:4b:08:36:23:c7:9b:e3:d0:75:a1:25:
         d4:a9:e4:56:41:a4:57:f8:64:b3:51:76:01:e1:be:45:00:f8:
         ad:3b:6b:a4:16:59:5a:89:1f:8d:76:40:f0:91:09:35:b1:1c:
         b6:61:ee:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks5LdT0LhChVDMIFQ6m3wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkM2Y4N2JiN2Y3ODc0YWE3ZTE1Y2ZlYzliYmY2YWFlM2M5
Y2UzM2EwHhcNMjUwMTAyMDE0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTY1N2U0NDY2M2VhNmZkYTkxNTM2ZTQ5MWJlYWUyMzkzYTM3YmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0f0ldqDY12hjloOyyqx9eQVTf9C
pK/LUjev5BjoB0caA3wXt2C+UsiliSnn4BwdUsubSheTPU9ch02j/LQ2bW5HfBaa
BwomKo/i9H5MX7xbPA146kXna9sFVCsd3eePXvVw3vdHJR4pvItkgFOwRqQixJGO
TEYRmqTDw4L+bkDtY5f5yRhXb0SWmk7IseGcedQp1a3/43uNPGeYGSBmz7NSvzxR
1/aHt84XIuDKBDmWWb4vqgNbx3UONQWx0WMLfI4xV0B2fAiz1cnvOX/uoUr8n2XF
GB0pC+41jwwfefg/U8J4trpK0EBAU9656AZloffbwn6XTe8lOZKeynFH9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP5lfkRmPqb9qRU25JG+riOTo3vyMB8GA1UdIwQY
MBaAFD0/h7t/eHSqfhXP7Ju/aq48nOM6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFQtSHUzOTRkS3AtRmNfc203OXFyanljNHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MTAxNWEtMTFiZS00NzFlLTk1OTIt
NjJiZTUzNDI1Njc2LzEvX21WLVJHWS1wdjJwRlRia2tiNnVJNU9qZV9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MTAxNWEtMTFiZS00NzFlLTk1OTItNjJiZTUzNDI1Njc2
LzEvUFQtSHUzOTRkS3AtRmNfc203OXFyanljNHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwifkMA0G
CSqGSIb3DQEBCwUAA4IBAQCA4TQ7Ua22aVqiHb7dvzJMjN1EaHFbk/q8UMmEcQ5V
wWqyggk7gJ/f/UWfdbBzzC8leaOJUPEAA7YDOq0MfaJ3k9RlKTQeH5B9RoTKk86T
GALjc5st88k2//TBMb8O47YmtKy+NJRzFRJkOwalls+8r05hqr3SHmnxVVfiHtrI
kD5Cwfvoys/fRKaYr5U9MUUC1LsvQ/DD9d2ZD7ULTnNWdY6wasGxFBrxq3PRf4Lq
k+YdSueHwNjETuiSayjlXf5TbyMH2oX8ZNWh+GvwSwg2I8eb49B1oSXUqeRWQaRX
+GSzUXYB4b5FAPitO2ukFllaiR+NdkDwkQk1sRy2Ye5n
-----END CERTIFICATE-----