Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/39i_ssSfnMGTtg4YPYKzH5iWpBg.roa
File:                     39i_ssSfnMGTtg4YPYKzH5iWpBg.roa (raw, json)
Hash identifier:          Wosjv0kh6GOd489g8tLpbbof7314STC/gj/KPvO7YR8=
Subject key identifier:   DF:D8:BF:B2:C4:9F:9C:C1:93:B6:0E:18:3D:82:B3:1F:98:96:A4:18
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       0194236A5E4691E986DD0B5645A9BBA8EE4F
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/39i_ssSfnMGTtg4YPYKzH5iWpBg.roa
Signing time:             Wed 01 Jan 2025 19:49:21 +0000
ROA not before:           Wed 01 Jan 2025 19:49:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3356
IP address blocks:        145.61.196.0/24 maxlen: 24
                          145.61.200.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:5e:46:91:e9:86:dd:0b:56:45:a9:bb:a8:ee:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  1 19:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dfd8bfb2c49f9cc193b60e183d82b31f9896a418
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:8b:00:92:64:ca:2c:d2:c9:69:9b:82:c3:37:
                    96:3c:2e:f5:ce:9b:7b:2c:96:a1:5f:af:ca:95:fc:
                    68:b5:51:a3:ab:61:98:2c:2f:71:d8:a9:9a:4d:c9:
                    c1:fa:8c:f7:41:13:39:bb:3c:d2:36:db:fe:99:97:
                    c6:51:2f:00:4d:20:5d:09:02:28:17:a3:cf:c7:03:
                    da:33:15:5c:36:3d:be:f1:66:66:48:e0:56:60:2d:
                    05:ac:bf:4b:f0:01:ed:65:37:47:b8:22:fa:a1:81:
                    cd:d8:32:00:83:ff:72:cd:42:52:61:8d:8e:7d:f4:
                    7c:7c:bd:67:34:89:54:80:a0:b4:c8:18:32:5e:b2:
                    34:b3:cf:33:7f:64:73:3c:e4:63:ed:76:79:c2:30:
                    a4:a9:d0:79:c8:5d:8e:7a:b8:2b:c4:9d:20:e6:86:
                    2b:8e:4e:78:83:bf:66:fd:55:6b:54:ac:3d:c7:87:
                    16:73:7b:d9:13:a6:a6:36:80:00:1f:56:be:50:42:
                    76:2a:dd:85:8d:3e:e0:6a:d7:88:78:ef:c8:7b:64:
                    af:bb:38:b7:4d:80:20:fe:06:dc:4b:ee:c7:ea:69:
                    43:ca:1e:e6:90:30:ba:3e:b8:e7:ca:16:42:d5:82:
                    0c:fc:21:64:5f:bd:f7:5b:16:f8:e2:03:03:86:37:
                    11:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:D8:BF:B2:C4:9F:9C:C1:93:B6:0E:18:3D:82:B3:1F:98:96:A4:18
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/39i_ssSfnMGTtg4YPYKzH5iWpBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.61.196.0/24
                  145.61.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:53:dd:51:9e:cd:dc:11:d7:15:5c:96:73:e0:76:83:c2:9d:
         49:dd:1d:f2:f5:24:c1:ad:e6:74:bb:fa:bf:8e:9d:c0:05:58:
         b5:7d:90:5d:24:16:d0:de:66:64:1e:55:12:ed:68:6e:b0:70:
         61:0b:cb:55:64:20:23:d7:a3:1c:32:1f:92:7d:0e:94:5d:04:
         86:d8:f1:f7:c1:b1:1e:21:27:80:89:41:82:e0:ec:25:c8:21:
         39:45:26:24:f7:a3:6d:e3:39:70:99:e1:1d:bd:ef:1e:ed:b0:
         88:62:da:15:b6:bb:7e:74:e7:7f:d6:ee:6e:53:98:89:f5:4a:
         1e:47:95:fb:cc:a3:cc:48:d9:fc:0f:14:ab:75:e2:42:18:b2:
         08:41:19:fd:d5:6e:41:30:55:d9:35:47:6d:cf:5e:3a:c3:32:
         52:40:39:a3:81:d3:60:3c:b1:80:9c:9e:d0:a4:4c:94:ba:31:
         c0:8e:82:16:d8:28:fd:05:2d:ec:7c:df:fe:d1:cc:90:4a:ba:
         31:0d:6f:3b:0e:3a:e7:9f:c4:9f:43:8c:2d:01:88:75:9a:04:
         42:88:9a:f3:19:21:4c:a4:b0:4b:e4:1c:38:03:8c:36:8d:1f:
         f9:0f:d9:36:9c:4a:5b:ba:85:31:6c:77:33:4a:7c:d2:91:4a:
         9e:b3:46:86
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjal5GkemG3QtWRam7qO5PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjUwMTAxMTk0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmQ4YmZiMmM0OWY5Y2MxOTNiNjBlMTgzZDgyYjMxZjk4OTZhNDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5YsAkmTKLNLJaZuCwzeWPC71zpt7
LJahX6/KlfxotVGjq2GYLC9x2KmaTcnB+oz3QRM5uzzSNtv+mZfGUS8ATSBdCQIo
F6PPxwPaMxVcNj2+8WZmSOBWYC0FrL9L8AHtZTdHuCL6oYHN2DIAg/9yzUJSYY2O
ffR8fL1nNIlUgKC0yBgyXrI0s88zf2RzPORj7XZ5wjCkqdB5yF2OergrxJ0g5oYr
jk54g79m/VVrVKw9x4cWc3vZE6amNoAAH1a+UEJ2Kt2FjT7gateIeO/Ie2Svuzi3
TYAg/gbcS+7H6mlDyh7mkDC6PrjnyhZC1YIM/CFkX733Wxb44gMDhjcRnwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN/Yv7LEn5zBk7YOGD2Csx+YlqQYMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvMzlpX3NzU2ZuTUdUdGc0WVBZS3pINWlXcEJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkT3EAwQC
kT3IMA0GCSqGSIb3DQEBCwUAA4IBAQAQU91Rns3cEdcVXJZz4HaDwp1J3R3y9STB
reZ0u/q/jp3ABVi1fZBdJBbQ3mZkHlUS7WhusHBhC8tVZCAj16McMh+SfQ6UXQSG
2PH3wbEeISeAiUGC4OwlyCE5RSYk96Nt4zlwmeEdve8e7bCIYtoVtrt+dOd/1u5u
U5iJ9UoeR5X7zKPMSNn8DxSrdeJCGLIIQRn91W5BMFXZNUdtz146wzJSQDmjgdNg
PLGAnJ7QpEyUujHAjoIW2Cj9BS3sfN/+0cyQSroxDW87Djrnn8SfQ4wtAYh1mgRC
iJrzGSFMpLBL5Bw4A4w2jR/5D9k2nEpbuoUxbHczSnzSkUqes0aG
-----END CERTIFICATE-----