Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/fS7ilcusBx7RbV5l98s5It9Po4c.roa
File:                     fS7ilcusBx7RbV5l98s5It9Po4c.roa (raw, json)
Hash identifier:          +tzJ2xKk0Wh2nHt9C5QqjNQ/SNVB0Rw0vsX3jkZV7rE=
Subject key identifier:   7D:2E:E2:95:CB:AC:07:1E:D1:6D:5E:65:F7:CB:39:22:DF:4F:A3:87
Certificate issuer:       /CN=f32be982060a43734d0ad126ad46da2f395c9def
Certificate serial:       0194258F449F8913FE7BB960DE92A9E2AA15
Authority key identifier: F3:2B:E9:82:06:0A:43:73:4D:0A:D1:26:AD:46:DA:2F:39:5C:9D:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yvpggYKQ3NNCtEmrUbaLzlcne8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/fS7ilcusBx7RbV5l98s5It9Po4c.roa
Signing time:             Thu 02 Jan 2025 05:48:53 +0000
ROA not before:           Thu 02 Jan 2025 05:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59972
IP address blocks:        185.37.200.0/24 maxlen: 24
                          185.37.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/8yvpggYKQ3NNCtEmrUbaLzlcne8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/8yvpggYKQ3NNCtEmrUbaLzlcne8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yvpggYKQ3NNCtEmrUbaLzlcne8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:44:9f:89:13:fe:7b:b9:60:de:92:a9:e2:aa:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f32be982060a43734d0ad126ad46da2f395c9def
        Validity
            Not Before: Jan  2 05:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7d2ee295cbac071ed16d5e65f7cb3922df4fa387
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:dd:d5:06:21:43:86:73:95:5c:4c:aa:4f:29:
                    26:15:10:6c:3d:8e:b1:e9:6d:ce:f1:b6:d6:05:46:
                    0b:72:21:49:82:b3:5c:22:20:97:46:9c:05:1a:31:
                    6a:35:21:fa:8c:8f:d4:00:0f:e6:b9:23:30:94:bb:
                    1b:0e:a3:17:93:4a:ab:bc:21:a9:70:ff:71:dc:21:
                    0c:5c:92:72:ac:98:4a:f9:c5:11:5f:d6:f1:cc:3d:
                    57:a6:b2:7e:da:9e:d8:e8:cc:03:bf:91:ed:8f:17:
                    60:d6:5d:17:0e:7b:fc:25:01:0b:d7:e0:22:8d:9c:
                    97:03:8a:30:c0:85:5d:da:54:09:25:fa:70:d1:26:
                    71:d6:9f:11:49:56:33:98:a2:82:6b:61:81:de:8f:
                    9d:c2:9b:f3:78:84:4a:a9:9d:89:cd:46:81:14:53:
                    73:3f:47:02:d8:78:4e:cb:d9:41:c5:2f:6e:9a:98:
                    71:25:c0:bc:cf:32:26:92:fb:3a:50:99:c9:2f:b5:
                    57:08:d5:ac:ce:d3:a7:d8:37:33:6c:70:e0:0e:fc:
                    0d:29:81:8d:78:38:d4:a3:46:d7:9e:e4:bb:9d:a0:
                    c4:87:e6:e4:62:42:db:c4:d7:4f:51:2c:c1:8c:a8:
                    c2:e5:aa:33:6b:c0:a4:c9:91:f6:d6:48:ad:61:e8:
                    c3:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:2E:E2:95:CB:AC:07:1E:D1:6D:5E:65:F7:CB:39:22:DF:4F:A3:87
            X509v3 Authority Key Identifier:
                keyid:F3:2B:E9:82:06:0A:43:73:4D:0A:D1:26:AD:46:DA:2F:39:5C:9D:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yvpggYKQ3NNCtEmrUbaLzlcne8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/fS7ilcusBx7RbV5l98s5It9Po4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/8yvpggYKQ3NNCtEmrUbaLzlcne8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.200.0/24
                  185.37.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:bd:86:b8:b8:f9:88:68:72:3e:fe:16:b9:7e:42:0a:75:dc:
         7f:b4:68:1a:5c:90:ae:27:df:56:e6:34:d4:6a:52:cd:f1:00:
         67:81:51:98:a8:c4:b3:d1:5c:81:a1:92:a0:ff:19:f9:d4:b9:
         61:67:f1:36:3e:76:0b:57:23:e3:97:8c:18:a6:08:0b:4d:c0:
         45:75:aa:6b:0b:9d:3b:8e:7a:20:4e:f8:28:61:51:59:62:16:
         75:0a:67:1a:67:c3:28:ed:ad:98:75:03:d1:0b:ba:23:2e:3b:
         ae:7a:c2:05:fd:10:bb:c0:aa:9a:95:41:a4:92:0b:3d:fb:fc:
         d8:8c:6a:95:e3:d3:72:24:32:a7:11:53:a3:97:29:e1:10:bd:
         72:4d:6e:d2:23:e0:f3:63:d4:1c:35:32:b1:c5:57:97:42:38:
         4c:f8:9a:e4:4d:7e:fa:54:50:39:11:7d:55:a0:69:17:ce:8c:
         ea:47:f6:6a:04:bf:2e:c6:9c:ec:4a:a7:d2:5e:a8:6f:cf:d5:
         f9:13:ac:6d:cf:8e:04:9c:50:bc:1a:91:73:1a:28:4c:8e:b5:
         a7:2a:7f:93:92:7a:72:56:a9:f1:40:7d:83:3b:3d:7c:d6:e0:
         1c:d1:c4:a9:51:0e:8e:9e:ae:75:b3:61:94:34:17:31:e3:57:
         24:53:5f:13
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlj0SfiRP+e7lg3pKp4qoVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMmJlOTgyMDYwYTQzNzM0ZDBhZDEyNmFkNDZkYTJmMzk1
YzlkZWYwHhcNMjUwMTAyMDU0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDJlZTI5NWNiYWMwNzFlZDE2ZDVlNjVmN2NiMzkyMmRmNGZhMzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx93VBiFDhnOVXEyqTykmFRBsPY6x
6W3O8bbWBUYLciFJgrNcIiCXRpwFGjFqNSH6jI/UAA/muSMwlLsbDqMXk0qrvCGp
cP9x3CEMXJJyrJhK+cURX9bxzD1XprJ+2p7Y6MwDv5Htjxdg1l0XDnv8JQEL1+Ai
jZyXA4owwIVd2lQJJfpw0SZx1p8RSVYzmKKCa2GB3o+dwpvzeIRKqZ2JzUaBFFNz
P0cC2HhOy9lBxS9umphxJcC8zzImkvs6UJnJL7VXCNWsztOn2DczbHDgDvwNKYGN
eDjUo0bXnuS7naDEh+bkYkLbxNdPUSzBjKjC5aoza8CkyZH21kitYejD2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH0u4pXLrAce0W1eZffLOSLfT6OHMB8GA1UdIwQY
MBaAFPMr6YIGCkNzTQrRJq1G2i85XJ3vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHl2cGdnWUtRM05OQ3RFbXJVYmFMemxjbmU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9kYTNiMWQtN2FjZi00NTFmLWI2OGIt
OTliY2JlNmQ3ZjYzLzEvZlM3aWxjdXNCeDdSYlY1bDk4czVJdDlQbzRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9kYTNiMWQtN2FjZi00NTFmLWI2OGItOTliY2JlNmQ3ZjYz
LzEvOHl2cGdnWUtRM05OQ3RFbXJVYmFMemxjbmU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuSXIAwQA
uSXKMA0GCSqGSIb3DQEBCwUAA4IBAQCmvYa4uPmIaHI+/ha5fkIKddx/tGgaXJCu
J99W5jTUalLN8QBngVGYqMSz0VyBoZKg/xn51LlhZ/E2PnYLVyPjl4wYpggLTcBF
daprC507jnogTvgoYVFZYhZ1CmcaZ8Mo7a2YdQPRC7ojLjuuesIF/RC7wKqalUGk
kgs9+/zYjGqV49NyJDKnEVOjlynhEL1yTW7SI+DzY9QcNTKxxVeXQjhM+JrkTX76
VFA5EX1VoGkXzozqR/ZqBL8uxpzsSqfSXqhvz9X5E6xtz44EnFC8GpFzGihMjrWn
Kn+TknpyVqnxQH2DOz181uAc0cSpUQ6Onq51s2GUNBcx41ckU18T
-----END CERTIFICATE-----