Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/6d854c-c513-4290-95d4-93f9aefeeb12/1/37DCbHhm2sTXZoKnRAO3SOggtQQ.roa
File:                     37DCbHhm2sTXZoKnRAO3SOggtQQ.roa (raw, json)
Hash identifier:          +uLJpv1JAEXe6w9bK9Js8rFmAHbw+aILnxdKvgw5Rzc=
Subject key identifier:   DF:B0:C2:6C:78:66:DA:C4:D7:66:82:A7:44:03:B7:48:E8:20:B5:04
Certificate issuer:       /CN=2bc27de0816f7e0b87a733dd3199089e537f261c
Certificate serial:       01942445865E8B2D23A3A603646500063DAA
Authority key identifier: 2B:C2:7D:E0:81:6F:7E:0B:87:A7:33:DD:31:99:08:9E:53:7F:26:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K8J94IFvfguHpzPdMZkInlN_Jhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/6d854c-c513-4290-95d4-93f9aefeeb12/1/37DCbHhm2sTXZoKnRAO3SOggtQQ.roa
Signing time:             Wed 01 Jan 2025 23:48:43 +0000
ROA not before:           Wed 01 Jan 2025 23:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201395
IP address blocks:        2001:678:740::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/6d854c-c513-4290-95d4-93f9aefeeb12/1/K8J94IFvfguHpzPdMZkInlN_Jhw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/6d854c-c513-4290-95d4-93f9aefeeb12/1/K8J94IFvfguHpzPdMZkInlN_Jhw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K8J94IFvfguHpzPdMZkInlN_Jhw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:86:5e:8b:2d:23:a3:a6:03:64:65:00:06:3d:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2bc27de0816f7e0b87a733dd3199089e537f261c
        Validity
            Not Before: Jan  1 23:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dfb0c26c7866dac4d76682a74403b748e820b504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:65:af:b4:d5:41:75:a8:9d:ad:c2:ea:7f:83:
                    a3:f4:75:a8:9b:f0:5e:08:41:07:85:89:19:e7:d0:
                    37:d6:1b:3b:f8:7b:3f:da:b9:11:2a:0b:21:ed:74:
                    10:70:60:4e:ce:43:20:82:85:07:6a:a4:d2:87:58:
                    63:56:16:9f:57:45:7d:b7:28:88:65:8f:9d:11:4f:
                    b5:6c:26:bc:c5:35:ca:d1:13:95:33:04:a5:c6:16:
                    1b:de:49:f9:e5:95:f1:65:5c:e8:0c:3a:84:a4:83:
                    89:cf:71:ed:ed:b3:97:fd:d2:d1:df:95:1c:d2:b2:
                    b0:64:72:32:4b:aa:22:c4:df:4a:0b:e9:21:9e:62:
                    e0:8c:7c:2d:64:73:bb:fa:14:92:fb:2d:9b:a7:c0:
                    f9:b6:83:58:50:3f:01:3d:88:41:0d:56:26:43:d7:
                    a1:24:12:a1:a3:92:12:25:64:8c:94:db:e8:04:d5:
                    0d:fa:55:9a:6b:4a:d2:ca:0b:d4:e1:4e:a1:b2:53:
                    38:9d:33:4c:4a:66:01:43:13:23:e5:1a:db:78:0d:
                    bb:cc:b9:11:a8:5a:85:23:0a:31:06:e0:dd:14:87:
                    76:63:79:83:f1:17:ce:86:56:ee:51:d3:47:2d:12:
                    f1:73:25:91:7d:c8:ab:ef:56:f8:16:51:3a:82:c1:
                    df:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:B0:C2:6C:78:66:DA:C4:D7:66:82:A7:44:03:B7:48:E8:20:B5:04
            X509v3 Authority Key Identifier:
                keyid:2B:C2:7D:E0:81:6F:7E:0B:87:A7:33:DD:31:99:08:9E:53:7F:26:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K8J94IFvfguHpzPdMZkInlN_Jhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/6d854c-c513-4290-95d4-93f9aefeeb12/1/37DCbHhm2sTXZoKnRAO3SOggtQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/6d854c-c513-4290-95d4-93f9aefeeb12/1/K8J94IFvfguHpzPdMZkInlN_Jhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:740::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:fd:62:3b:d1:9e:a0:e1:57:12:71:8f:45:c0:36:d2:87:52:
         d1:c1:d7:33:2b:c4:57:aa:3e:6d:d8:cb:d5:8b:34:e8:0d:f3:
         85:f9:80:d2:01:fb:3d:3d:51:fa:6b:bb:85:8e:64:b7:17:25:
         8b:ca:dc:25:4d:11:35:37:0d:28:66:91:53:b3:d6:ab:eb:5e:
         cd:0b:69:5a:0a:a5:a2:c4:35:24:77:da:dc:ff:24:32:b3:90:
         96:f8:ab:b1:39:b6:e6:37:d2:fe:2c:ff:58:90:f7:e9:f0:3e:
         d1:d5:32:94:49:a5:e9:77:e7:ad:49:67:33:5f:62:f8:7e:d9:
         c8:9f:6a:0b:62:bb:f1:6a:67:77:1e:40:51:1d:eb:4d:46:5e:
         5b:40:95:60:5a:b5:6b:54:8d:83:f5:5c:03:66:d9:df:54:1c:
         2f:f2:ff:c1:94:97:e7:72:07:54:69:74:66:24:fe:57:41:4e:
         bf:09:54:08:2e:09:cc:bd:b5:78:a4:f9:db:f8:87:bf:fb:95:
         30:83:67:48:3a:b3:02:c3:04:9e:18:7e:b5:e9:46:86:c0:36:
         31:30:3a:79:35:8a:37:f4:55:ef:0d:bc:71:ac:dd:17:a8:16:
         e9:84:d1:9b:2f:e9:87:15:c6:03:b0:49:1e:66:a2:62:67:3d:
         22:b7:57:6d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQkRYZeiy0jo6YDZGUABj2qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiYzI3ZGUwODE2ZjdlMGI4N2E3MzNkZDMxOTkwODllNTM3
ZjI2MWMwHhcNMjUwMTAxMjM0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmIwYzI2Yzc4NjZkYWM0ZDc2NjgyYTc0NDAzYjc0OGU4MjBiNTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWWvtNVBdaidrcLqf4Oj9HWom/Be
CEEHhYkZ59A31hs7+Hs/2rkRKgsh7XQQcGBOzkMggoUHaqTSh1hjVhafV0V9tyiI
ZY+dEU+1bCa8xTXK0ROVMwSlxhYb3kn55ZXxZVzoDDqEpIOJz3Ht7bOX/dLR35Uc
0rKwZHIyS6oixN9KC+khnmLgjHwtZHO7+hSS+y2bp8D5toNYUD8BPYhBDVYmQ9eh
JBKho5ISJWSMlNvoBNUN+lWaa0rSygvU4U6hslM4nTNMSmYBQxMj5RrbeA27zLkR
qFqFIwoxBuDdFId2Y3mD8RfOhlbuUdNHLRLxcyWRfcir71b4FlE6gsHfRQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN+wwmx4ZtrE12aCp0QDt0joILUEMB8GA1UdIwQY
MBaAFCvCfeCBb34Lh6cz3TGZCJ5TfyYcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzhKOTRJRnZmZ3VIcHpQZE1aa0lubE5fSmh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy82ZDg1NGMtYzUxMy00MjkwLTk1ZDQt
OTNmOWFlZmVlYjEyLzEvMzdEQ2JIaG0yc1RYWm9LblJBTzNTT2dndFFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy82ZDg1NGMtYzUxMy00MjkwLTk1ZDQtOTNmOWFlZmVlYjEy
LzEvSzhKOTRJRnZmZ3VIcHpQZE1aa0lubE5fSmh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAdA
MA0GCSqGSIb3DQEBCwUAA4IBAQAB/WI70Z6g4VcScY9FwDbSh1LRwdczK8RXqj5t
2MvVizToDfOF+YDSAfs9PVH6a7uFjmS3FyWLytwlTRE1Nw0oZpFTs9ar617NC2la
CqWixDUkd9rc/yQys5CW+KuxObbmN9L+LP9YkPfp8D7R1TKUSaXpd+etSWczX2L4
ftnIn2oLYrvxamd3HkBRHetNRl5bQJVgWrVrVI2D9VwDZtnfVBwv8v/BlJfncgdU
aXRmJP5XQU6/CVQILgnMvbV4pPnb+Ie/+5Uwg2dIOrMCwwSeGH616UaGwDYxMDp5
NYo39FXvDbxxrN0XqBbphNGbL+mHFcYDsEkeZqJiZz0it1dt
-----END CERTIFICATE-----