Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/227d14-d751-4573-9919-fec8a80ed233/1/bEhBHj_5ND7DPkcxJc-eHtfnjVE.roa
File:                     bEhBHj_5ND7DPkcxJc-eHtfnjVE.roa (raw, json)
Hash identifier:          q7DP36VzuoeI79R3/z9nukbV52RDnraBhFmpjcuFOJ0=
Subject key identifier:   6C:48:41:1E:3F:F9:34:3E:C3:3E:47:31:25:CF:9E:1E:D7:E7:8D:51
Certificate issuer:       /CN=a23224c5017d34ecdc28d0cf36442d65bef9e0a0
Certificate serial:       019426D968898344C3DB6E40A0F6F1394EF3
Authority key identifier: A2:32:24:C5:01:7D:34:EC:DC:28:D0:CF:36:44:2D:65:BE:F9:E0:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ojIkxQF9NOzcKNDPNkQtZb754KA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/227d14-d751-4573-9919-fec8a80ed233/1/bEhBHj_5ND7DPkcxJc-eHtfnjVE.roa
Signing time:             Thu 02 Jan 2025 11:49:29 +0000
ROA not before:           Thu 02 Jan 2025 11:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199493
IP address blocks:        37.220.64.0/20 maxlen: 24
                          193.221.196.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/227d14-d751-4573-9919-fec8a80ed233/1/ojIkxQF9NOzcKNDPNkQtZb754KA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/227d14-d751-4573-9919-fec8a80ed233/1/ojIkxQF9NOzcKNDPNkQtZb754KA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ojIkxQF9NOzcKNDPNkQtZb754KA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:68:89:83:44:c3:db:6e:40:a0:f6:f1:39:4e:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a23224c5017d34ecdc28d0cf36442d65bef9e0a0
        Validity
            Not Before: Jan  2 11:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c48411e3ff9343ec33e473125cf9e1ed7e78d51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:89:ed:9b:a0:fc:68:34:5e:80:39:e5:c3:1f:
                    a3:c7:0e:9d:10:1c:d1:ea:05:78:c8:53:6f:ca:d5:
                    48:f7:66:2b:0c:77:16:9a:1d:26:c6:e1:2b:62:6c:
                    10:71:7a:75:ee:83:87:2b:a9:55:a9:8e:f2:fc:e6:
                    cc:66:ad:47:2c:71:06:46:f3:33:72:95:ac:d5:5c:
                    9c:ef:79:bb:9a:ed:67:40:bd:bd:6f:79:93:86:57:
                    b9:02:aa:13:bd:e7:20:fe:1d:dc:f4:56:c1:06:97:
                    6c:ad:53:ed:94:7b:4a:65:96:e2:d6:2e:58:32:4e:
                    2d:c4:51:9e:34:24:96:27:bd:ea:5b:dd:7f:af:6a:
                    e1:7e:8b:25:2e:5d:d8:56:ca:36:04:8a:60:18:ac:
                    ed:f0:53:b1:4b:a7:2f:44:b3:98:25:1b:e8:21:c1:
                    68:b4:3b:08:7d:1b:ff:dd:cd:63:0e:95:d9:ec:b3:
                    3f:43:e9:7b:96:2c:80:f2:40:d9:43:dc:00:f5:e8:
                    ca:11:11:86:6c:88:5b:aa:f7:40:74:4a:e6:0a:55:
                    b0:56:04:f1:7f:c7:22:1b:aa:25:4d:f9:65:22:3b:
                    20:29:b8:7f:64:b0:24:70:5d:8e:a5:a4:b3:8a:38:
                    58:59:93:66:b4:1c:25:c5:cf:c8:59:7b:33:35:2c:
                    e3:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:48:41:1E:3F:F9:34:3E:C3:3E:47:31:25:CF:9E:1E:D7:E7:8D:51
            X509v3 Authority Key Identifier:
                keyid:A2:32:24:C5:01:7D:34:EC:DC:28:D0:CF:36:44:2D:65:BE:F9:E0:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ojIkxQF9NOzcKNDPNkQtZb754KA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/227d14-d751-4573-9919-fec8a80ed233/1/bEhBHj_5ND7DPkcxJc-eHtfnjVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/227d14-d751-4573-9919-fec8a80ed233/1/ojIkxQF9NOzcKNDPNkQtZb754KA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.220.64.0/20
                  193.221.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:c8:f9:ca:a6:f7:96:81:a2:0a:60:05:54:8b:41:d8:61:dc:
         6d:8c:6d:7a:8a:81:8f:e3:c2:60:b6:fc:77:c9:77:a1:44:eb:
         a9:54:22:68:33:aa:45:d0:b3:08:17:78:0d:cb:18:17:88:36:
         9f:ed:23:c7:fa:1c:92:1f:25:d8:24:91:d1:2c:45:11:1a:dd:
         09:77:82:4e:49:f9:50:4e:77:a2:20:77:e9:8b:36:39:28:95:
         f2:96:e9:6d:58:73:42:b8:15:9a:51:3e:5b:7a:23:b2:a4:49:
         48:f3:81:0b:ea:da:64:66:98:3e:4c:29:73:78:3a:26:7d:20:
         5e:dc:88:6e:ff:c5:51:50:e3:3f:4f:bb:f3:9b:3c:d4:4e:1c:
         fe:bd:e7:ac:f1:60:4c:59:79:72:cc:89:b4:3d:ff:fc:b2:0a:
         de:95:5f:5c:b1:bf:01:34:ed:92:08:81:c3:7a:cd:e3:a5:e1:
         f2:ec:9d:4f:d8:f0:65:5c:83:10:35:b5:71:4d:0e:92:d0:7d:
         c6:64:18:db:16:52:9e:41:55:47:7c:5b:92:e7:f1:12:e9:2b:
         a4:4b:6a:34:f1:3f:d9:99:7e:c0:2e:e9:9c:1d:0b:b7:e4:4f:
         1f:34:0f:72:cc:c4:90:3e:73:e6:d5:63:37:6a:c4:d9:23:0b:
         9c:fb:f6:b0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQm2WiJg0TD225AoPbxOU7zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMzIyNGM1MDE3ZDM0ZWNkYzI4ZDBjZjM2NDQyZDY1YmVm
OWUwYTAwHhcNMjUwMTAyMTE0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzQ4NDExZTNmZjkzNDNlYzMzZTQ3MzEyNWNmOWUxZWQ3ZTc4ZDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Intm6D8aDRegDnlwx+jxw6dEBzR
6gV4yFNvytVI92YrDHcWmh0mxuErYmwQcXp17oOHK6lVqY7y/ObMZq1HLHEGRvMz
cpWs1Vyc73m7mu1nQL29b3mThle5AqoTvecg/h3c9FbBBpdsrVPtlHtKZZbi1i5Y
Mk4txFGeNCSWJ73qW91/r2rhfoslLl3YVso2BIpgGKzt8FOxS6cvRLOYJRvoIcFo
tDsIfRv/3c1jDpXZ7LM/Q+l7liyA8kDZQ9wA9ejKERGGbIhbqvdAdErmClWwVgTx
f8ciG6olTfllIjsgKbh/ZLAkcF2OpaSzijhYWZNmtBwlxc/IWXszNSzjQQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGxIQR4/+TQ+wz5HMSXPnh7X541RMB8GA1UdIwQY
MBaAFKIyJMUBfTTs3CjQzzZELWW++eCgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2pJa3hRRjlOT3pjS05EUE5rUXRaYjc1NEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi8yMjdkMTQtZDc1MS00NTczLTk5MTkt
ZmVjOGE4MGVkMjMzLzEvYkVoQkhqXzVORDdEUGtjeEpjLWVIdGZualZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi8yMjdkMTQtZDc1MS00NTczLTk5MTktZmVjOGE4MGVkMjMz
LzEvb2pJa3hRRjlOT3pjS05EUE5rUXRaYjc1NEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEJdxAAwQC
wd3EMA0GCSqGSIb3DQEBCwUAA4IBAQAryPnKpveWgaIKYAVUi0HYYdxtjG16ioGP
48Jgtvx3yXehROupVCJoM6pF0LMIF3gNyxgXiDaf7SPH+hySHyXYJJHRLEURGt0J
d4JOSflQTneiIHfpizY5KJXylultWHNCuBWaUT5beiOypElI84EL6tpkZpg+TClz
eDomfSBe3Ihu/8VRUOM/T7vzmzzUThz+vees8WBMWXlyzIm0Pf/8sgrelV9csb8B
NO2SCIHDes3jpeHy7J1P2PBlXIMQNbVxTQ6S0H3GZBjbFlKeQVVHfFuS5/ES6Suk
S2o08T/ZmX7ALumcHQu35E8fNA9yzMSQPnPm1WM3asTZIwuc+/aw
-----END CERTIFICATE-----