Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/g-v6DDuss9rksfc24s6W710G1LI.roa
File:                     g-v6DDuss9rksfc24s6W710G1LI.roa (raw, json)
Hash identifier:          K/YDaCC/IQvSAb/B3stTC5jtYkenfJpOL0TXXg+Iap4=
Subject key identifier:   83:EB:FA:0C:3B:AC:B3:DA:E4:B1:F7:36:E2:CE:96:EF:5D:06:D4:B2
Certificate issuer:       /CN=3d3f87bb7f7874aa7e15cfec9bbf6aae3c9ce33a
Certificate serial:       018E60B3E0F1E7925CA6252ACBF16754DF9D
Authority key identifier: 3D:3F:87:BB:7F:78:74:AA:7E:15:CF:EC:9B:BF:6A:AE:3C:9C:E3:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/g-v6DDuss9rksfc24s6W710G1LI.roa
Signing time:             Thu 21 Mar 2024 11:09:44 +0000
ROA not before:           Thu 21 Mar 2024 11:09:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57000
IP address blocks:        194.39.228.0/24 maxlen: 24
                          194.39.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:60:b3:e0:f1:e7:92:5c:a6:25:2a:cb:f1:67:54:df:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d3f87bb7f7874aa7e15cfec9bbf6aae3c9ce33a
        Validity
            Not Before: Mar 21 11:09:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83ebfa0c3bacb3dae4b1f736e2ce96ef5d06d4b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:b4:27:16:49:83:02:dc:33:88:62:20:8d:6c:
                    17:49:5b:7a:f0:41:17:8e:b5:04:20:f9:7f:63:d2:
                    2b:de:c3:14:f5:94:35:4f:62:bf:30:f5:60:9d:2c:
                    c3:f9:44:bd:a3:e7:14:16:d1:56:38:67:bc:0c:e8:
                    f8:ae:93:ac:10:77:2f:77:3c:b7:8c:ed:08:ae:9a:
                    fe:a2:07:1b:41:67:0e:de:a7:e8:d2:e7:48:e8:5a:
                    cc:28:41:b9:f8:98:90:d2:72:cf:e6:7e:43:25:25:
                    86:7d:92:bb:76:80:54:f5:af:7a:b9:0f:ca:5b:5c:
                    aa:9c:83:be:a9:03:28:b9:a3:66:9c:de:a6:a9:0b:
                    2a:c5:de:87:17:a9:9c:63:01:28:6e:64:e9:de:d5:
                    22:46:97:49:d0:b1:80:18:67:33:79:82:ea:36:e7:
                    d2:ff:59:39:a1:b4:8f:39:8f:9a:e3:d0:e7:2c:29:
                    91:56:30:11:62:83:b2:68:85:3e:ef:89:8e:87:c8:
                    e9:6f:78:58:8f:5b:62:ae:c1:ed:ab:1e:99:37:0e:
                    2b:6c:42:a2:2e:60:e0:3b:a9:49:27:09:2f:d6:ee:
                    0a:cc:20:50:df:11:17:34:80:55:52:c9:fb:c4:0d:
                    39:b6:e6:23:7c:ff:4d:c4:e2:6c:42:ab:e1:4c:50:
                    5b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:EB:FA:0C:3B:AC:B3:DA:E4:B1:F7:36:E2:CE:96:EF:5D:06:D4:B2
            X509v3 Authority Key Identifier:
                keyid:3D:3F:87:BB:7F:78:74:AA:7E:15:CF:EC:9B:BF:6A:AE:3C:9C:E3:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/g-v6DDuss9rksfc24s6W710G1LI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:e4:69:be:9e:1f:24:79:4c:d6:17:b1:bd:0a:9f:23:a4:db:
         11:06:65:1b:44:fa:b2:ec:20:1d:ad:5f:fe:af:ca:2d:4a:9f:
         f4:c8:4d:f3:2b:57:52:39:b0:c4:70:07:02:b4:cd:35:1c:e7:
         9e:2c:57:23:73:96:8d:7b:9b:b4:b8:82:78:e2:df:30:10:8d:
         0b:c2:44:e8:86:cd:09:c9:61:96:da:d1:9d:f7:5f:98:9e:8b:
         18:1d:bf:00:9f:8d:d7:46:b6:30:e2:45:1e:cc:63:46:c9:5d:
         e9:0f:ee:10:a8:52:99:07:b7:1d:52:12:f7:fa:8f:8f:16:d8:
         15:2a:42:0a:45:b4:30:f1:87:b8:97:32:36:82:c5:58:14:26:
         23:df:ab:94:43:bb:ec:b9:85:4d:ba:70:3f:49:bf:6c:bc:cc:
         9e:75:c0:cf:08:e2:8f:50:89:7f:9f:6a:cf:49:72:48:84:39:
         7d:f8:86:81:b8:e7:c5:13:5c:1f:d3:02:d2:2f:f3:da:14:7b:
         84:e1:d4:b4:22:d0:5d:2c:15:b2:a1:2b:fd:42:67:af:58:00:
         f2:19:53:2d:55:f3:b8:0f:d6:3b:73:de:99:f5:78:95:ee:15:
         a9:9b:38:09:11:1c:8a:e3:f1:43:d7:57:3d:a6:81:c7:7d:ca:
         07:0d:b4:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5gs+Dx55JcpiUqy/FnVN+dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkM2Y4N2JiN2Y3ODc0YWE3ZTE1Y2ZlYzliYmY2YWFlM2M5
Y2UzM2EwHhcNMjQwMzIxMTEwOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2ViZmEwYzNiYWNiM2RhZTRiMWY3MzZlMmNlOTZlZjVkMDZkNGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7QnFkmDAtwziGIgjWwXSVt68EEX
jrUEIPl/Y9Ir3sMU9ZQ1T2K/MPVgnSzD+US9o+cUFtFWOGe8DOj4rpOsEHcvdzy3
jO0Irpr+ogcbQWcO3qfo0udI6FrMKEG5+JiQ0nLP5n5DJSWGfZK7doBU9a96uQ/K
W1yqnIO+qQMouaNmnN6mqQsqxd6HF6mcYwEobmTp3tUiRpdJ0LGAGGczeYLqNufS
/1k5obSPOY+a49DnLCmRVjARYoOyaIU+74mOh8jpb3hYj1tirsHtqx6ZNw4rbEKi
LmDgO6lJJwkv1u4KzCBQ3xEXNIBVUsn7xA05tuYjfP9NxOJsQqvhTFBbOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIPr+gw7rLPa5LH3NuLOlu9dBtSyMB8GA1UdIwQY
MBaAFD0/h7t/eHSqfhXP7Ju/aq48nOM6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFQtSHUzOTRkS3AtRmNfc203OXFyanljNHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MTAxNWEtMTFiZS00NzFlLTk1OTIt
NjJiZTUzNDI1Njc2LzEvZy12NkREdXNzOXJrc2ZjMjRzNlc3MTBHMUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MTAxNWEtMTFiZS00NzFlLTk1OTItNjJiZTUzNDI1Njc2
LzEvUFQtSHUzOTRkS3AtRmNfc203OXFyanljNHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwifkMA0G
CSqGSIb3DQEBCwUAA4IBAQBg5Gm+nh8keUzWF7G9Cp8jpNsRBmUbRPqy7CAdrV/+
r8otSp/0yE3zK1dSObDEcAcCtM01HOeeLFcjc5aNe5u0uIJ44t8wEI0LwkTohs0J
yWGW2tGd91+YnosYHb8An43XRrYw4kUezGNGyV3pD+4QqFKZB7cdUhL3+o+PFtgV
KkIKRbQw8Ye4lzI2gsVYFCYj36uUQ7vsuYVNunA/Sb9svMyedcDPCOKPUIl/n2rP
SXJIhDl9+IaBuOfFE1wf0wLSL/PaFHuE4dS0ItBdLBWyoSv9QmevWADyGVMtVfO4
D9Y7c96Z9XiV7hWpmzgJERyK4/FD11c9poHHfcoHDbTS
-----END CERTIFICATE-----