Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/uqIp0R_dvDEsqpriRwcj3sItHGw.roa
File:                     uqIp0R_dvDEsqpriRwcj3sItHGw.roa (raw, json)
Hash identifier:          0M8ijVLRqjXM3pBRfR1epwx7A0hp1U4azXVWoA9LspU=
Subject key identifier:   BA:A2:29:D1:1F:DD:BC:31:2C:AA:9A:E2:47:07:23:DE:C2:2D:1C:6C
Certificate issuer:       /CN=14bee0ebd06b4b812f9e13716e25f1c3c3d14cc6
Certificate serial:       01942825CFFBDF6D0FB81B101084C1D2F07F
Authority key identifier: 14:BE:E0:EB:D0:6B:4B:81:2F:9E:13:71:6E:25:F1:C3:C3:D1:4C:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FL7g69BrS4EvnhNxbiXxw8PRTMY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/uqIp0R_dvDEsqpriRwcj3sItHGw.roa
Signing time:             Thu 02 Jan 2025 17:52:34 +0000
ROA not before:           Thu 02 Jan 2025 17:52:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3758
IP address blocks:        37.0.10.0/23 maxlen: 24
                          85.202.168.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/FL7g69BrS4EvnhNxbiXxw8PRTMY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/FL7g69BrS4EvnhNxbiXxw8PRTMY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FL7g69BrS4EvnhNxbiXxw8PRTMY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:cf:fb:df:6d:0f:b8:1b:10:10:84:c1:d2:f0:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14bee0ebd06b4b812f9e13716e25f1c3c3d14cc6
        Validity
            Not Before: Jan  2 17:52:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=baa229d11fddbc312caa9ae2470723dec22d1c6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:66:f8:8a:d8:9d:8a:7d:87:77:8a:ba:75:0e:
                    40:5d:00:bc:3d:6b:4f:5b:83:6d:bb:e1:37:e6:c8:
                    e4:4a:70:4a:8c:a0:7a:c3:c9:5f:c6:65:c6:7f:91:
                    fe:ef:a6:2d:68:a6:cb:1f:b7:fd:aa:48:cf:14:e7:
                    30:05:4f:e9:75:1d:08:5d:d3:95:82:df:91:84:96:
                    e6:34:f9:b2:c9:56:c4:11:16:10:f6:b3:d4:92:0a:
                    a3:ef:a2:03:cd:5c:c2:c5:86:f8:06:77:7c:7e:41:
                    35:2c:a1:41:42:19:cc:f6:77:ff:0a:8c:f6:9d:81:
                    c4:8e:91:64:63:e4:8c:ac:80:6c:af:e2:59:10:c6:
                    b2:a3:9e:d0:90:9b:58:38:97:c8:b7:27:d7:48:18:
                    a8:75:a3:df:cd:cc:45:c6:e2:37:4c:8f:0e:7b:83:
                    fc:27:8a:74:a7:d5:00:73:83:a7:5f:4f:2c:68:78:
                    23:8f:05:42:eb:f0:0f:64:8c:ac:5d:f0:87:da:d3:
                    4e:2d:3d:ad:b2:09:83:1b:6e:69:d7:83:2d:6d:e8:
                    f1:27:ef:e3:a2:af:26:f4:9e:90:67:23:c4:e6:c8:
                    cd:b0:e1:88:e1:59:f0:f6:9e:d3:fa:f3:56:85:e1:
                    6e:db:6c:03:16:8c:42:8c:ba:0a:9d:4e:09:6e:ba:
                    7c:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:A2:29:D1:1F:DD:BC:31:2C:AA:9A:E2:47:07:23:DE:C2:2D:1C:6C
            X509v3 Authority Key Identifier:
                keyid:14:BE:E0:EB:D0:6B:4B:81:2F:9E:13:71:6E:25:F1:C3:C3:D1:4C:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FL7g69BrS4EvnhNxbiXxw8PRTMY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/uqIp0R_dvDEsqpriRwcj3sItHGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/FL7g69BrS4EvnhNxbiXxw8PRTMY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.0.10.0/23
                  85.202.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:01:55:b8:bf:4e:b7:8b:c4:c7:80:ac:9c:c0:8e:5a:0e:03:
         32:bf:1f:1f:5a:47:e0:ad:1e:73:7f:10:a9:34:6c:ab:c9:2c:
         bb:fc:f7:ae:95:38:4d:80:59:57:d6:45:17:89:f1:a9:89:ac:
         9d:6c:dc:bb:8c:55:7d:29:2f:1d:53:4c:88:ac:82:aa:e6:ba:
         21:27:c2:af:83:9f:68:7a:2a:5f:cb:31:fb:c5:ad:93:61:af:
         c2:29:88:d0:7b:26:3e:da:85:80:5c:7a:da:9c:31:79:50:bc:
         2b:e1:95:01:54:5f:53:5d:27:de:c5:30:e3:7c:87:bd:ab:7f:
         b3:5d:10:1b:28:56:5e:6f:b3:f1:11:b9:ac:c5:81:41:0a:bc:
         5a:00:a3:c1:c8:03:16:64:52:2f:bf:93:52:8c:df:88:26:84:
         4c:b1:80:89:63:d5:da:8d:3d:d0:af:f3:d6:35:d5:62:92:80:
         a6:30:c7:47:ee:09:30:ec:90:d3:11:b7:99:92:a5:16:93:cf:
         bc:80:ec:ad:94:a5:60:bc:4a:c4:a8:e6:c8:c4:a8:27:5d:5b:
         e5:c1:14:c3:42:47:ae:0e:86:5a:2e:17:38:4f:b3:51:c0:91:
         33:3c:25:60:fa:ab:b9:4d:d8:ef:40:5f:4b:26:c9:52:6f:91:
         2e:80:d0:fd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJc/7320PuBsQEITB0vB/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0YmVlMGViZDA2YjRiODEyZjllMTM3MTZlMjVmMWMzYzNk
MTRjYzYwHhcNMjUwMTAyMTc1MjM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWEyMjlkMTFmZGRiYzMxMmNhYTlhZTI0NzA3MjNkZWMyMmQxYzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWb4itidin2Hd4q6dQ5AXQC8PWtP
W4Ntu+E35sjkSnBKjKB6w8lfxmXGf5H+76YtaKbLH7f9qkjPFOcwBU/pdR0IXdOV
gt+RhJbmNPmyyVbEERYQ9rPUkgqj76IDzVzCxYb4Bnd8fkE1LKFBQhnM9nf/Coz2
nYHEjpFkY+SMrIBsr+JZEMayo57QkJtYOJfItyfXSBiodaPfzcxFxuI3TI8Oe4P8
J4p0p9UAc4OnX08saHgjjwVC6/APZIysXfCH2tNOLT2tsgmDG25p14MtbejxJ+/j
oq8m9J6QZyPE5sjNsOGI4Vnw9p7T+vNWheFu22wDFoxCjLoKnU4Jbrp8RwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLqiKdEf3bwxLKqa4kcHI97CLRxsMB8GA1UdIwQY
MBaAFBS+4OvQa0uBL54TcW4l8cPD0UzGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkw3ZzY5QnJTNEV2bmhOeGJpWHh3OFBSVE1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8xNjFjM2YtYjgzZC00NWIxLWFhOGUt
ZDFiYjZiNGRkNzAxLzEvdXFJcDBSX2R2REVzcXByaVJ3Y2ozc0l0SEd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8xNjFjM2YtYjgzZC00NWIxLWFhOGUtZDFiYjZiNGRkNzAx
LzEvRkw3ZzY5QnJTNEV2bmhOeGJpWHh3OFBSVE1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBJQAKAwQC
VcqoMA0GCSqGSIb3DQEBCwUAA4IBAQCKAVW4v063i8THgKycwI5aDgMyvx8fWkfg
rR5zfxCpNGyrySy7/PeulThNgFlX1kUXifGpiaydbNy7jFV9KS8dU0yIrIKq5roh
J8Kvg59oeipfyzH7xa2TYa/CKYjQeyY+2oWAXHranDF5ULwr4ZUBVF9TXSfexTDj
fIe9q3+zXRAbKFZeb7PxEbmsxYFBCrxaAKPByAMWZFIvv5NSjN+IJoRMsYCJY9Xa
jT3Qr/PWNdVikoCmMMdH7gkw7JDTEbeZkqUWk8+8gOytlKVgvErEqObIxKgnXVvl
wRTDQkeuDoZaLhc4T7NRwJEzPCVg+qu5TdjvQF9LJslSb5EugND9
-----END CERTIFICATE-----