Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3f8107-fc15-4c71-81d4-5238b03545ca/1/3DzbyqDSlAgUheApZvBjqLXWIDI.roa
File:                     3DzbyqDSlAgUheApZvBjqLXWIDI.roa (raw, json)
Hash identifier:          ksLtoRRJNxkrugWQ3bOjZmaawmXdMPoPOS2aZJDthys=
Subject key identifier:   DC:3C:DB:CA:A0:D2:94:08:14:85:E0:29:66:F0:63:A8:B5:D6:20:32
Certificate issuer:       /CN=69854a57ab0d8a3c922c8f6a79aa8fe8a6a2c09e
Certificate serial:       018CC6B7F64BA0358080229C39BDF3A59E0A
Authority key identifier: 69:85:4A:57:AB:0D:8A:3C:92:2C:8F:6A:79:AA:8F:E8:A6:A2:C0:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aYVKV6sNijySLI9qeaqP6KaiwJ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3f8107-fc15-4c71-81d4-5238b03545ca/1/3DzbyqDSlAgUheApZvBjqLXWIDI.roa
Signing time:             Mon 01 Jan 2024 20:29:54 +0000
ROA not before:           Mon 01 Jan 2024 20:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203836
IP address blocks:        194.34.201.0/24 maxlen: 24
                          194.34.202.0/24 maxlen: 24
                          194.34.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3f8107-fc15-4c71-81d4-5238b03545ca/1/aYVKV6sNijySLI9qeaqP6KaiwJ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3f8107-fc15-4c71-81d4-5238b03545ca/1/aYVKV6sNijySLI9qeaqP6KaiwJ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aYVKV6sNijySLI9qeaqP6KaiwJ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 04:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:f6:4b:a0:35:80:80:22:9c:39:bd:f3:a5:9e:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69854a57ab0d8a3c922c8f6a79aa8fe8a6a2c09e
        Validity
            Not Before: Jan  1 20:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc3cdbcaa0d294081485e02966f063a8b5d62032
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:76:bf:c9:86:f4:9a:fe:c0:54:e8:c7:62:e4:
                    76:2e:c9:8d:c4:08:98:7c:eb:2a:85:88:4e:c5:e4:
                    ec:9f:e3:cc:7f:12:d3:09:96:22:5e:a6:3b:6b:90:
                    02:51:b1:db:41:35:62:98:69:5f:ce:e3:91:35:db:
                    43:58:b5:ae:1e:b8:d3:fc:c7:f6:fb:47:3a:f1:7e:
                    7d:ab:26:8f:fd:5c:27:4c:ee:d1:2f:67:30:ab:4b:
                    eb:5f:33:c3:0d:dc:59:ee:6b:fd:14:35:22:32:6b:
                    42:67:fe:92:ec:45:3f:f4:29:59:00:f8:9e:9a:ee:
                    01:3c:c4:d1:0d:03:5b:7b:dd:91:95:ea:03:d1:c8:
                    60:3d:8b:f8:64:3f:74:24:f1:ca:83:8d:7c:8f:5b:
                    ef:23:d7:84:a1:34:32:74:e0:7c:14:11:fb:fa:53:
                    2c:d3:54:5f:34:a6:ad:cc:ea:13:be:13:bb:1b:14:
                    2d:4b:38:10:68:4c:27:cf:74:0c:01:0f:07:23:0d:
                    92:f3:92:e0:d5:d4:2e:f2:36:f0:98:c8:5c:e4:13:
                    10:79:f6:53:98:4f:eb:7e:32:fb:ac:98:2f:10:23:
                    9f:40:44:a9:17:d1:22:00:dd:00:47:6d:42:5c:96:
                    c0:e7:38:8b:a8:55:ae:16:60:ac:47:25:72:10:82:
                    28:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:3C:DB:CA:A0:D2:94:08:14:85:E0:29:66:F0:63:A8:B5:D6:20:32
            X509v3 Authority Key Identifier:
                keyid:69:85:4A:57:AB:0D:8A:3C:92:2C:8F:6A:79:AA:8F:E8:A6:A2:C0:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aYVKV6sNijySLI9qeaqP6KaiwJ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3f8107-fc15-4c71-81d4-5238b03545ca/1/3DzbyqDSlAgUheApZvBjqLXWIDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3f8107-fc15-4c71-81d4-5238b03545ca/1/aYVKV6sNijySLI9qeaqP6KaiwJ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.200.0-194.34.202.255

    Signature Algorithm: sha256WithRSAEncryption
         af:4b:60:2f:bb:74:8f:99:09:85:a0:6f:5e:11:e7:ee:53:ce:
         18:58:15:f3:f6:50:c2:5f:9c:80:c0:ee:08:27:74:2b:81:47:
         a6:7c:7e:b0:a1:13:67:fd:77:2f:2d:e1:06:2b:a8:f5:1b:65:
         d2:5f:26:9e:0f:31:91:e5:d6:f9:d4:eb:50:41:1c:f0:ad:40:
         54:a1:03:29:4a:de:d9:48:43:dd:a9:cf:cc:a0:67:4b:12:64:
         0d:38:60:42:39:0c:08:3d:3d:5b:16:c2:0f:72:0a:cc:81:4e:
         0d:f5:56:6b:ac:0b:41:e7:08:b1:f1:ef:8f:c2:7a:b5:8a:0b:
         42:e1:72:16:0d:bc:7a:0d:0c:17:41:75:a1:2e:b9:2d:e5:db:
         72:e7:32:f9:3f:dc:5f:5e:34:ad:ea:e8:79:d7:19:50:71:19:
         63:86:6c:75:9a:9c:7c:12:1b:4d:92:b7:41:f5:ab:ed:d9:64:
         de:19:fd:7b:91:1b:cd:d6:9e:2d:e4:ec:0b:8a:8a:2f:13:45:
         95:5e:c0:34:6b:c5:e1:95:c2:de:42:b6:b8:60:18:13:e2:99:
         f4:46:a2:3a:8d:ba:70:72:0e:c8:a5:11:21:b2:14:d0:b6:02:
         ae:6e:c1:ab:b7:dc:3d:01:d8:b6:76:e5:b4:56:1b:83:5c:b3:
         78:5b:d3:9c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGt/ZLoDWAgCKcOb3zpZ4KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ODU0YTU3YWIwZDhhM2M5MjJjOGY2YTc5YWE4ZmU4YTZh
MmMwOWUwHhcNMjQwMTAxMjAyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzNjZGJjYWEwZDI5NDA4MTQ4NWUwMjk2NmYwNjNhOGI1ZDYyMDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwna/yYb0mv7AVOjHYuR2LsmNxAiY
fOsqhYhOxeTsn+PMfxLTCZYiXqY7a5ACUbHbQTVimGlfzuORNdtDWLWuHrjT/Mf2
+0c68X59qyaP/VwnTO7RL2cwq0vrXzPDDdxZ7mv9FDUiMmtCZ/6S7EU/9ClZAPie
mu4BPMTRDQNbe92RleoD0chgPYv4ZD90JPHKg418j1vvI9eEoTQydOB8FBH7+lMs
01RfNKatzOoTvhO7GxQtSzgQaEwnz3QMAQ8HIw2S85Lg1dQu8jbwmMhc5BMQefZT
mE/rfjL7rJgvECOfQESpF9EiAN0AR21CXJbA5ziLqFWuFmCsRyVyEIIooQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNw828qg0pQIFIXgKWbwY6i11iAyMB8GA1UdIwQY
MBaAFGmFSlerDYo8kiyPanmqj+imosCeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVlWS1Y2c05panlTTEk5cWVhcVA2S2Fpd0o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZjgxMDctZmMxNS00YzcxLTgxZDQt
NTIzOGIwMzU0NWNhLzEvM0R6YnlxRFNsQWdVaGVBcFp2QmpxTFhXSURJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZjgxMDctZmMxNS00YzcxLTgxZDQtNTIzOGIwMzU0NWNh
LzEvYVlWS1Y2c05panlTTEk5cWVhcVA2S2Fpd0o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAPCIsgD
BADCIsowDQYJKoZIhvcNAQELBQADggEBAK9LYC+7dI+ZCYWgb14R5+5TzhhYFfP2
UMJfnIDA7ggndCuBR6Z8frChE2f9dy8t4QYrqPUbZdJfJp4PMZHl1vnU61BBHPCt
QFShAylK3tlIQ92pz8ygZ0sSZA04YEI5DAg9PVsWwg9yCsyBTg31VmusC0HnCLHx
74/CerWKC0LhchYNvHoNDBdBdaEuuS3l23LnMvk/3F9eNK3q6HnXGVBxGWOGbHWa
nHwSG02St0H1q+3ZZN4Z/XuRG83Wni3k7AuKii8TRZVewDRrxeGVwt5CtrhgGBPi
mfRGojqNunByDsilESGyFNC2Aq5uwau33D0B2LZ25bRWG4Ncs3hb05w=
-----END CERTIFICATE-----