Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/672974-72b1-44fd-826a-1e292c0e95f1/1/N37-Mmv7U6SvhowSECb6V1SPSrI.roa
File:                     N37-Mmv7U6SvhowSECb6V1SPSrI.roa (raw, json)
Hash identifier:          Oe7W6VxO7oCwiXiRGXUuxO3XTtNRAfTlJ0uyj0AmKV8=
Subject key identifier:   37:7E:FE:32:6B:FB:53:A4:AF:86:8C:12:10:26:FA:57:54:8F:4A:B2
Certificate issuer:       /CN=fca1e4487cf8d4a2d961dd622f3e7501bdc24829
Certificate serial:       019A3ACDE3EA5D70C4A9B35D1A8994573D26
Authority key identifier: FC:A1:E4:48:7C:F8:D4:A2:D9:61:DD:62:2F:3E:75:01:BD:C2:48:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_KHkSHz41KLZYd1iLz51Ab3CSCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/672974-72b1-44fd-826a-1e292c0e95f1/1/N37-Mmv7U6SvhowSECb6V1SPSrI.roa
Signing time:             Fri 31 Oct 2025 15:06:03 +0000
ROA not before:           Fri 31 Oct 2025 15:06:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213636
IP address blocks:        92.42.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/672974-72b1-44fd-826a-1e292c0e95f1/1/_KHkSHz41KLZYd1iLz51Ab3CSCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/672974-72b1-44fd-826a-1e292c0e95f1/1/_KHkSHz41KLZYd1iLz51Ab3CSCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_KHkSHz41KLZYd1iLz51Ab3CSCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:3a:cd:e3:ea:5d:70:c4:a9:b3:5d:1a:89:94:57:3d:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fca1e4487cf8d4a2d961dd622f3e7501bdc24829
        Validity
            Not Before: Oct 31 15:06:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=377efe326bfb53a4af868c121026fa57548f4ab2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3a:3a:c4:c8:74:da:80:69:91:89:84:e3:9e:
                    80:98:15:7c:35:06:70:b5:c5:93:12:80:f2:d8:1a:
                    a0:90:e0:c8:97:08:8e:b2:f4:54:22:28:33:a1:4d:
                    a8:ad:7a:9d:ba:48:64:8b:22:18:06:4e:37:f3:27:
                    8b:fe:2e:ce:9f:4d:97:c1:c4:63:5d:36:c2:24:6d:
                    fc:ce:fb:93:24:0c:d3:21:8f:bb:a4:c5:d4:c8:59:
                    49:8f:ab:9c:50:b1:b0:23:1b:7f:21:7d:dd:ff:44:
                    db:d2:0e:6b:8d:c4:61:5a:f1:1d:27:21:b1:7c:db:
                    84:ac:6d:5f:ac:88:4e:7c:d8:d3:3e:28:f7:7a:0e:
                    28:f8:8b:fd:a5:04:40:13:03:19:b8:74:23:cd:32:
                    09:c0:8d:48:30:35:1b:7e:68:3f:b1:bf:6a:bb:32:
                    6d:4b:1a:ed:40:57:ff:3e:3f:21:82:31:82:67:e1:
                    a5:0e:2a:40:88:f5:ae:9c:69:60:73:fc:02:18:18:
                    6d:97:9b:df:87:e4:2a:3d:60:7f:95:14:ec:c3:a4:
                    57:30:6a:84:ab:52:7d:24:61:8f:97:23:a7:b2:a7:
                    d5:e2:22:b4:a6:1f:f7:d5:51:78:98:8c:6b:ba:db:
                    a6:90:0f:04:87:25:83:d7:93:4d:28:05:55:c5:cc:
                    7a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:7E:FE:32:6B:FB:53:A4:AF:86:8C:12:10:26:FA:57:54:8F:4A:B2
            X509v3 Authority Key Identifier:
                keyid:FC:A1:E4:48:7C:F8:D4:A2:D9:61:DD:62:2F:3E:75:01:BD:C2:48:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_KHkSHz41KLZYd1iLz51Ab3CSCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/672974-72b1-44fd-826a-1e292c0e95f1/1/N37-Mmv7U6SvhowSECb6V1SPSrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/672974-72b1-44fd-826a-1e292c0e95f1/1/_KHkSHz41KLZYd1iLz51Ab3CSCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:12:f2:b4:f3:98:c0:f9:cb:af:78:c2:84:33:eb:b7:c7:13:
         8b:f3:8c:ea:8e:55:31:ed:25:aa:90:3e:b9:fe:ee:d8:d0:4b:
         09:35:42:73:2b:c3:71:68:ac:45:91:7d:15:cd:d7:84:59:16:
         a5:c7:2a:2e:bc:a1:27:27:a7:bd:eb:ce:33:12:7f:e1:00:06:
         2e:32:c2:ee:85:35:2b:f3:00:43:cf:9c:7d:23:4f:60:5a:d6:
         98:98:0c:56:d6:c7:b8:bb:f9:25:67:12:72:9c:bd:39:58:0f:
         53:42:eb:24:8d:4b:73:e8:d0:6f:e5:24:63:d1:b4:54:4f:0b:
         d6:1f:06:83:4b:09:83:fb:ed:0c:2b:7d:01:c7:cc:c7:fe:6b:
         e6:b8:2d:d8:c0:d3:67:a8:16:f5:d3:b1:26:61:ad:6a:6a:57:
         77:71:ee:3c:2c:13:86:38:1d:26:8e:f7:3a:d8:99:0c:8a:35:
         ff:0b:f5:93:ae:2d:54:5b:37:67:fe:b8:fe:c9:0f:38:f3:0c:
         7e:ba:e2:1b:f0:70:d4:08:d0:06:f2:c9:05:bf:41:4a:ad:5d:
         d2:65:99:bf:a4:1b:2c:43:72:77:0d:fa:44:9a:39:f6:2b:eb:
         9b:a0:dd:0b:49:2d:f1:d6:a8:9b:e2:9a:90:d3:88:fd:8c:d2:
         96:c0:56:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo6zePqXXDEqbNdGomUVz0mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYTFlNDQ4N2NmOGQ0YTJkOTYxZGQ2MjJmM2U3NTAxYmRj
MjQ4MjkwHhcNMjUxMDMxMTUwNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzdlZmUzMjZiZmI1M2E0YWY4NjhjMTIxMDI2ZmE1NzU0OGY0YWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDo6xMh02oBpkYmE456AmBV8NQZw
tcWTEoDy2BqgkODIlwiOsvRUIigzoU2orXqdukhkiyIYBk438yeL/i7On02XwcRj
XTbCJG38zvuTJAzTIY+7pMXUyFlJj6ucULGwIxt/IX3d/0Tb0g5rjcRhWvEdJyGx
fNuErG1frIhOfNjTPij3eg4o+Iv9pQRAEwMZuHQjzTIJwI1IMDUbfmg/sb9quzJt
SxrtQFf/Pj8hgjGCZ+GlDipAiPWunGlgc/wCGBhtl5vfh+QqPWB/lRTsw6RXMGqE
q1J9JGGPlyOnsqfV4iK0ph/31VF4mIxrutumkA8EhyWD15NNKAVVxcx64wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDd+/jJr+1Okr4aMEhAm+ldUj0qyMB8GA1UdIwQY
MBaAFPyh5Eh8+NSi2WHdYi8+dQG9wkgpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0tIa1NIejQxS0xaWWQxaUx6NTFBYjNDU0NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS82NzI5NzQtNzJiMS00NGZkLTgyNmEt
MWUyOTJjMGU5NWYxLzEvTjM3LU1tdjdVNlN2aG93U0VDYjZWMVNQU3JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS82NzI5NzQtNzJiMS00NGZkLTgyNmEtMWUyOTJjMGU5NWYx
LzEvX0tIa1NIejQxS0xaWWQxaUx6NTFBYjNDU0NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCrKMA0G
CSqGSIb3DQEBCwUAA4IBAQC6EvK085jA+cuveMKEM+u3xxOL84zqjlUx7SWqkD65
/u7Y0EsJNUJzK8NxaKxFkX0VzdeEWRalxyouvKEnJ6e9684zEn/hAAYuMsLuhTUr
8wBDz5x9I09gWtaYmAxW1se4u/klZxJynL05WA9TQuskjUtz6NBv5SRj0bRUTwvW
HwaDSwmD++0MK30Bx8zH/mvmuC3YwNNnqBb107EmYa1qald3ce48LBOGOB0mjvc6
2JkMijX/C/WTri1UWzdn/rj+yQ848wx+uuIb8HDUCNAG8skFv0FKrV3SZZm/pBss
Q3J3DfpEmjn2K+uboN0LSS3x1qib4pqQ04j9jNKWwFa/
-----END CERTIFICATE-----