Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/b-VhFar5Bob8wl8OUu2ZPN9DNEQ.roa
File:                     b-VhFar5Bob8wl8OUu2ZPN9DNEQ.roa (raw, json)
Hash identifier:          tvCO5UR2+v1lg6StGj4o6eWVSuPQeXT3DDeXMyH7vLo=
Subject key identifier:   6F:E5:61:15:AA:F9:06:86:FC:C2:5F:0E:52:ED:99:3C:DF:43:34:44
Certificate issuer:       /CN=3d3f87bb7f7874aa7e15cfec9bbf6aae3c9ce33a
Certificate serial:       019424B3933809A20ABC8A75B969934DC56F
Authority key identifier: 3D:3F:87:BB:7F:78:74:AA:7E:15:CF:EC:9B:BF:6A:AE:3C:9C:E3:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/b-VhFar5Bob8wl8OUu2ZPN9DNEQ.roa
Signing time:             Thu 02 Jan 2025 01:48:55 +0000
ROA not before:           Thu 02 Jan 2025 01:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57000
IP address blocks:        194.39.228.0/24 maxlen: 24
                          194.39.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 11:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:93:38:09:a2:0a:bc:8a:75:b9:69:93:4d:c5:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d3f87bb7f7874aa7e15cfec9bbf6aae3c9ce33a
        Validity
            Not Before: Jan  2 01:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fe56115aaf90686fcc25f0e52ed993cdf433444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:92:02:e7:ad:4f:3c:9b:6d:ff:2b:c3:f8:e6:
                    f0:98:51:f3:9e:f1:50:a6:dc:0c:33:cb:06:a3:01:
                    19:2b:b5:49:7f:d1:d8:0f:c2:77:b5:13:df:e2:18:
                    1f:71:18:e4:24:5d:ab:77:50:ff:bd:0b:22:cb:5e:
                    56:bc:fe:ef:f6:c5:0e:90:09:68:a2:c4:bf:ca:60:
                    3c:c3:49:f2:06:86:b1:75:d6:16:3e:71:8a:d6:05:
                    86:ad:db:01:a6:4c:4a:ad:bd:c7:4e:a5:b0:a2:fa:
                    88:68:d5:a9:6d:fb:d5:ba:7f:9f:8d:6e:84:f8:12:
                    53:56:b7:48:0c:f0:bd:e1:29:74:c4:1e:a0:cd:5c:
                    70:87:2b:ac:50:34:59:f2:e1:9e:03:e9:60:f0:f7:
                    79:14:6a:96:7b:b1:8f:bc:76:94:4c:07:98:3b:50:
                    79:60:bc:84:61:58:ac:ab:3b:21:69:f7:0b:20:39:
                    11:4d:9d:58:29:64:aa:8d:63:06:0c:b4:02:ef:aa:
                    12:79:45:84:c8:84:39:b7:51:af:3f:89:35:03:03:
                    7d:ba:0c:a7:13:a5:52:00:9c:b5:30:15:ba:37:a3:
                    dd:89:14:d9:34:bd:06:d5:64:2b:1b:2e:29:10:53:
                    fe:4e:75:f5:a5:da:93:df:a4:f5:c0:98:1c:aa:6e:
                    70:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:E5:61:15:AA:F9:06:86:FC:C2:5F:0E:52:ED:99:3C:DF:43:34:44
            X509v3 Authority Key Identifier:
                keyid:3D:3F:87:BB:7F:78:74:AA:7E:15:CF:EC:9B:BF:6A:AE:3C:9C:E3:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/b-VhFar5Bob8wl8OUu2ZPN9DNEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:94:a0:92:00:77:91:2e:89:e3:95:8e:68:2a:6b:c7:26:0a:
         0e:b3:07:f4:80:99:e6:ce:08:66:00:e8:0a:a8:e9:df:62:51:
         3b:05:8d:33:8a:e2:98:32:5f:a5:79:11:e1:ba:2a:4f:44:6d:
         4d:0b:f6:62:89:15:f3:da:d6:36:73:83:47:2d:fe:93:8f:fc:
         95:4e:42:5a:fc:b0:92:37:5f:18:f7:70:85:77:06:62:98:ce:
         6b:99:33:d1:1e:c4:a8:96:83:71:e6:90:b1:60:be:00:e0:04:
         99:fe:a2:a3:ad:aa:2c:8e:50:1f:84:ae:05:df:f9:5b:11:7b:
         c4:b6:5c:18:2c:27:7e:16:42:1d:32:98:d9:e2:b9:b3:51:e1:
         60:d4:04:0c:85:ea:f4:b5:51:56:a3:f0:fe:dd:32:d7:04:7a:
         35:d5:6b:e3:0a:17:1e:ee:d3:13:f4:b6:cb:d8:42:1f:21:1b:
         f5:89:86:93:60:3b:78:30:0e:d1:84:3a:e1:4a:de:8f:a6:8c:
         a3:90:c9:01:cc:3c:00:5b:ea:cb:c1:2f:05:61:6b:7a:5e:65:
         2e:ab:29:8c:96:c0:a8:b1:e4:08:bc:31:4e:ed:f8:2d:1a:1b:
         52:82:16:5e:37:09:a8:79:0b:30:01:c3:af:64:3a:a7:fd:7d:
         7b:65:87:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks5M4CaIKvIp1uWmTTcVvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkM2Y4N2JiN2Y3ODc0YWE3ZTE1Y2ZlYzliYmY2YWFlM2M5
Y2UzM2EwHhcNMjUwMTAyMDE0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmU1NjExNWFhZjkwNjg2ZmNjMjVmMGU1MmVkOTkzY2RmNDMzNDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5IC561PPJtt/yvD+ObwmFHznvFQ
ptwMM8sGowEZK7VJf9HYD8J3tRPf4hgfcRjkJF2rd1D/vQsiy15WvP7v9sUOkAlo
osS/ymA8w0nyBoaxddYWPnGK1gWGrdsBpkxKrb3HTqWwovqIaNWpbfvVun+fjW6E
+BJTVrdIDPC94Sl0xB6gzVxwhyusUDRZ8uGeA+lg8Pd5FGqWe7GPvHaUTAeYO1B5
YLyEYVisqzshafcLIDkRTZ1YKWSqjWMGDLQC76oSeUWEyIQ5t1GvP4k1AwN9ugyn
E6VSAJy1MBW6N6PdiRTZNL0G1WQrGy4pEFP+TnX1pdqT36T1wJgcqm5wqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/lYRWq+QaG/MJfDlLtmTzfQzREMB8GA1UdIwQY
MBaAFD0/h7t/eHSqfhXP7Ju/aq48nOM6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFQtSHUzOTRkS3AtRmNfc203OXFyanljNHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MTAxNWEtMTFiZS00NzFlLTk1OTIt
NjJiZTUzNDI1Njc2LzEvYi1WaEZhcjVCb2I4d2w4T1V1MlpQTjlETkVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MTAxNWEtMTFiZS00NzFlLTk1OTItNjJiZTUzNDI1Njc2
LzEvUFQtSHUzOTRkS3AtRmNfc203OXFyanljNHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwifkMA0G
CSqGSIb3DQEBCwUAA4IBAQB/lKCSAHeRLonjlY5oKmvHJgoOswf0gJnmzghmAOgK
qOnfYlE7BY0ziuKYMl+leRHhuipPRG1NC/ZiiRXz2tY2c4NHLf6Tj/yVTkJa/LCS
N18Y93CFdwZimM5rmTPRHsSoloNx5pCxYL4A4ASZ/qKjraosjlAfhK4F3/lbEXvE
tlwYLCd+FkIdMpjZ4rmzUeFg1AQMher0tVFWo/D+3TLXBHo11WvjChce7tMT9LbL
2EIfIRv1iYaTYDt4MA7RhDrhSt6PpoyjkMkBzDwAW+rLwS8FYWt6XmUuqymMlsCo
seQIvDFO7fgtGhtSghZeNwmoeQswAcOvZDqn/X17ZYcd
-----END CERTIFICATE-----