Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/KW27n6S1v0MgxCxbh7E0buBfif8.roa
File:                     KW27n6S1v0MgxCxbh7E0buBfif8.roa (raw, json)
Hash identifier:          toMOgZfSEbU3csqRPx4QZ9cAdliSmxp8YH9UOfmQEwM=
Subject key identifier:   29:6D:BB:9F:A4:B5:BF:43:20:C4:2C:5B:87:B1:34:6E:E0:5F:89:FF
Certificate issuer:       /CN=c98b825f36e9cc330315c940de800cbabce3397b
Certificate serial:       01963929920F7E9B4DBB3DCE6095F34A2D6F
Authority key identifier: C9:8B:82:5F:36:E9:CC:33:03:15:C9:40:DE:80:0C:BA:BC:E3:39:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yYuCXzbpzDMDFclA3oAMurzjOXs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/KW27n6S1v0MgxCxbh7E0buBfif8.roa
Signing time:             Tue 15 Apr 2025 11:15:47 +0000
ROA not before:           Tue 15 Apr 2025 11:15:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        37.228.121.0/24 maxlen: 24
                          37.228.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/yYuCXzbpzDMDFclA3oAMurzjOXs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/yYuCXzbpzDMDFclA3oAMurzjOXs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yYuCXzbpzDMDFclA3oAMurzjOXs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 20:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:39:29:92:0f:7e:9b:4d:bb:3d:ce:60:95:f3:4a:2d:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c98b825f36e9cc330315c940de800cbabce3397b
        Validity
            Not Before: Apr 15 11:15:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=296dbb9fa4b5bf4320c42c5b87b1346ee05f89ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:9f:ac:46:f2:d4:57:de:03:b4:70:7d:66:62:
                    fa:7b:dd:0a:4b:d3:13:63:51:8f:be:f0:e9:a1:74:
                    d9:05:26:12:4b:d9:79:d6:1e:75:5f:87:4f:5f:ad:
                    fd:1e:46:78:e3:35:24:b3:d9:e6:e5:bd:02:d3:45:
                    89:00:0e:dd:08:0f:48:ed:20:56:37:4e:01:57:5d:
                    b3:10:59:ca:b8:e7:b1:f0:2c:22:cf:15:25:1e:0e:
                    19:70:10:ec:c0:7e:4e:52:ad:9a:40:c7:f8:7b:5d:
                    f7:c7:3a:fd:57:93:60:b8:09:00:08:01:21:f2:3a:
                    66:a9:ba:51:c7:ed:e6:34:00:73:7f:12:00:4f:a4:
                    43:a9:f5:1a:e3:7a:25:f3:a6:42:20:b8:76:75:5e:
                    26:82:7c:54:9e:77:58:2b:6c:ae:ad:cb:c9:f7:e9:
                    ee:14:c7:88:74:64:92:96:1c:1b:db:f1:1e:e0:35:
                    62:d8:a6:9f:a2:8b:10:79:5f:61:fb:86:2d:fb:92:
                    b4:f6:4c:3a:4f:2b:58:fc:53:19:67:2d:26:d3:f0:
                    83:df:33:5c:8a:61:00:f0:0a:81:5c:a8:84:11:c3:
                    e7:58:cf:79:4d:26:f8:d7:54:54:7e:95:1d:0e:d3:
                    71:c3:d0:a3:c6:e2:77:45:7d:2d:18:05:d0:b2:f7:
                    92:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:6D:BB:9F:A4:B5:BF:43:20:C4:2C:5B:87:B1:34:6E:E0:5F:89:FF
            X509v3 Authority Key Identifier:
                keyid:C9:8B:82:5F:36:E9:CC:33:03:15:C9:40:DE:80:0C:BA:BC:E3:39:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yYuCXzbpzDMDFclA3oAMurzjOXs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/KW27n6S1v0MgxCxbh7E0buBfif8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/yYuCXzbpzDMDFclA3oAMurzjOXs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.228.121.0/24
                  37.228.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:14:b1:b8:bd:3d:2b:b5:44:61:95:8d:ec:16:88:3b:57:1b:
         48:04:82:13:46:5a:e7:6d:2a:e4:2c:a6:9b:ca:9f:4c:8b:4c:
         d7:7f:d5:fa:79:1f:cf:05:eb:90:b0:07:76:fa:78:07:4b:ba:
         a5:e3:27:a6:26:92:44:8e:b6:cc:0d:ae:90:13:1e:d2:01:62:
         0c:6c:00:e3:af:e4:72:22:0b:ce:a2:73:12:95:17:43:55:f9:
         17:fd:c5:b6:5b:39:b8:92:90:3f:41:24:0f:26:67:2c:b9:9d:
         25:30:d4:5e:2f:a3:a8:76:a9:8d:77:1e:05:ea:13:2e:44:07:
         65:29:67:7a:19:51:29:ad:92:ba:2c:f8:ff:04:cc:68:19:34:
         bc:f3:8e:98:d5:49:f0:94:89:a1:d2:b1:c9:85:ef:e2:ac:7a:
         58:37:0d:d5:27:67:09:91:f0:ef:3c:0e:7d:9a:74:e7:2c:95:
         8b:7e:a5:6a:1d:fa:4d:77:2e:0c:21:ae:b7:ad:ce:06:d9:1b:
         ca:db:42:7e:82:9d:f0:1f:d8:ba:35:30:59:68:df:ba:b0:9e:
         c6:0f:a4:36:60:13:cb:5d:2c:fc:a0:64:05:23:0d:d1:70:f4:
         56:e7:ef:ef:15:e9:68:4f:93:55:e9:4f:4f:68:ac:f5:7d:ec:
         e9:76:59:4d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZY5KZIPfptNuz3OYJXzSi1vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5OGI4MjVmMzZlOWNjMzMwMzE1Yzk0MGRlODAwY2JhYmNl
MzM5N2IwHhcNMjUwNDE1MTExNTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTZkYmI5ZmE0YjViZjQzMjBjNDJjNWI4N2IxMzQ2ZWUwNWY4OWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxp+sRvLUV94DtHB9ZmL6e90KS9MT
Y1GPvvDpoXTZBSYSS9l51h51X4dPX639HkZ44zUks9nm5b0C00WJAA7dCA9I7SBW
N04BV12zEFnKuOex8CwizxUlHg4ZcBDswH5OUq2aQMf4e133xzr9V5NguAkACAEh
8jpmqbpRx+3mNABzfxIAT6RDqfUa43ol86ZCILh2dV4mgnxUnndYK2yurcvJ9+nu
FMeIdGSSlhwb2/Ee4DVi2KafoosQeV9h+4Yt+5K09kw6TytY/FMZZy0m0/CD3zNc
imEA8AqBXKiEEcPnWM95TSb411RUfpUdDtNxw9CjxuJ3RX0tGAXQsveSEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCltu5+ktb9DIMQsW4exNG7gX4n/MB8GA1UdIwQY
MBaAFMmLgl826cwzAxXJQN6ADLq84zl7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVl1Q1h6YnB6RE1ERmNsQTNvQU11cnpqT1hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9lYTM2MTQtZjA5MC00YTJiLTkzNTUt
Yjg5YTUxMWMzYmJkLzEvS1cyN242UzF2ME1neEN4Ymg3RTBidUJmaWY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9lYTM2MTQtZjA5MC00YTJiLTkzNTUtYjg5YTUxMWMzYmJk
LzEveVl1Q1h6YnB6RE1ERmNsQTNvQU11cnpqT1hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJeR5AwQA
JeR+MA0GCSqGSIb3DQEBCwUAA4IBAQCwFLG4vT0rtURhlY3sFog7VxtIBIITRlrn
bSrkLKabyp9Mi0zXf9X6eR/PBeuQsAd2+ngHS7ql4yemJpJEjrbMDa6QEx7SAWIM
bADjr+RyIgvOonMSlRdDVfkX/cW2Wzm4kpA/QSQPJmcsuZ0lMNReL6OodqmNdx4F
6hMuRAdlKWd6GVEprZK6LPj/BMxoGTS8846Y1UnwlImh0rHJhe/irHpYNw3VJ2cJ
kfDvPA59mnTnLJWLfqVqHfpNdy4MIa63rc4G2RvK20J+gp3wH9i6NTBZaN+6sJ7G
D6Q2YBPLXSz8oGQFIw3RcPRW5+/vFeloT5NV6U9PaKz1fezpdllN
-----END CERTIFICATE-----