Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ba2f3d-6bd2-4f32-81af-c287670cce51/1/j37XoMC3UG0E_oUwTDht88JJrh8.roa
File:                     j37XoMC3UG0E_oUwTDht88JJrh8.roa (raw, json)
Hash identifier:          cqy63HfmTCUoUdF/JZjPLrFzuSfjpRSNk0rinu9lqNQ=
Subject key identifier:   8F:7E:D7:A0:C0:B7:50:6D:04:FE:85:30:4C:38:6D:F3:C2:49:AE:1F
Certificate issuer:       /CN=42a6e640198013de12a251f086030cd78c732516
Certificate serial:       0194244499EF42A455119FF62D77505028C2
Authority key identifier: 42:A6:E6:40:19:80:13:DE:12:A2:51:F0:86:03:0C:D7:8C:73:25:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QqbmQBmAE94SolHwhgMM14xzJRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/ba2f3d-6bd2-4f32-81af-c287670cce51/1/j37XoMC3UG0E_oUwTDht88JJrh8.roa
Signing time:             Wed 01 Jan 2025 23:47:43 +0000
ROA not before:           Wed 01 Jan 2025 23:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20672
IP address blocks:        185.14.180.0/22 maxlen: 24
                          2a03:b6c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/ba2f3d-6bd2-4f32-81af-c287670cce51/1/QqbmQBmAE94SolHwhgMM14xzJRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/ba2f3d-6bd2-4f32-81af-c287670cce51/1/QqbmQBmAE94SolHwhgMM14xzJRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QqbmQBmAE94SolHwhgMM14xzJRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:99:ef:42:a4:55:11:9f:f6:2d:77:50:50:28:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42a6e640198013de12a251f086030cd78c732516
        Validity
            Not Before: Jan  1 23:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f7ed7a0c0b7506d04fe85304c386df3c249ae1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:2a:cf:81:c8:b6:b4:6a:a2:4b:15:a9:25:5f:
                    02:a0:58:ed:db:e4:a1:ea:f2:99:78:dd:4c:66:a0:
                    bd:42:7e:1a:28:44:82:e1:30:fa:37:73:1d:f5:7e:
                    94:04:64:8b:10:c6:30:14:2c:5f:cd:e4:d2:e1:d0:
                    ee:d6:a1:84:10:ef:47:83:5d:a7:34:4b:a4:e3:81:
                    01:0e:56:64:2d:8e:39:80:4a:1e:56:98:c9:50:61:
                    8b:b7:dd:de:32:fc:13:4a:c6:7a:ef:d6:32:46:72:
                    5e:83:a2:c2:bd:71:45:2f:df:a8:f1:ee:e0:74:fe:
                    77:bf:c0:ad:1e:ab:61:29:d0:d0:10:c6:76:93:30:
                    b6:37:b9:f8:fd:53:34:04:5f:6b:d1:fd:86:cb:d6:
                    6b:a8:49:b2:ac:b9:69:69:36:57:dc:e2:2f:d0:72:
                    b0:b7:17:f4:d7:19:3b:01:ca:99:e4:95:11:16:a5:
                    ca:62:8c:67:8d:61:c7:c6:24:fd:ce:30:29:ee:5f:
                    f9:dd:cd:bd:8c:e1:7a:21:82:0e:45:92:b2:c8:b3:
                    c0:3b:d9:87:e5:f6:03:36:76:b9:2e:18:a9:e9:49:
                    70:91:e1:5b:94:54:a1:fc:50:61:e2:12:3e:61:dd:
                    16:8a:21:19:8a:56:70:e9:44:68:7d:30:e6:19:14:
                    74:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:7E:D7:A0:C0:B7:50:6D:04:FE:85:30:4C:38:6D:F3:C2:49:AE:1F
            X509v3 Authority Key Identifier:
                keyid:42:A6:E6:40:19:80:13:DE:12:A2:51:F0:86:03:0C:D7:8C:73:25:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QqbmQBmAE94SolHwhgMM14xzJRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ba2f3d-6bd2-4f32-81af-c287670cce51/1/j37XoMC3UG0E_oUwTDht88JJrh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ba2f3d-6bd2-4f32-81af-c287670cce51/1/QqbmQBmAE94SolHwhgMM14xzJRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.180.0/22
                IPv6:
                  2a03:b6c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:2f:cb:65:b3:4c:5b:19:d2:d6:56:e6:1f:37:6e:6f:ed:df:
         ff:9e:93:f0:c5:b7:36:36:13:a3:54:61:44:12:8e:94:af:9a:
         3c:e3:40:46:b0:3d:4e:37:d9:ba:bb:6d:8b:d1:51:77:b1:ee:
         09:7b:c0:cd:95:de:53:b9:e0:06:c6:9f:ee:d5:a7:7d:01:11:
         b4:0d:e0:1d:68:d8:37:b1:70:3b:cc:33:d5:54:64:f4:da:f5:
         3c:c4:ec:c9:80:ca:97:be:06:a8:2b:96:60:0e:87:4a:c2:dc:
         b9:9e:64:df:12:16:c3:cc:c4:a4:2f:32:2c:37:db:f0:1f:1b:
         81:59:b5:d0:e6:19:04:ca:a2:4d:61:ba:28:b3:38:f5:0b:33:
         e4:80:91:fa:1c:50:81:9b:d7:54:7f:a4:81:f7:d5:60:4a:55:
         5e:73:76:1d:e0:e5:eb:5e:aa:42:68:9f:25:40:c5:67:11:bc:
         05:a3:4e:f8:4f:1a:b6:ac:6e:e2:cd:63:96:0b:1e:9d:8c:9a:
         e8:44:ed:83:d1:a7:78:b4:d1:f9:61:67:e8:a8:3b:11:5a:0a:
         df:93:43:a1:90:d7:38:f1:a5:84:25:dd:2a:a8:79:be:dd:91:
         65:1c:f8:ad:27:85:07:21:57:43:bc:f9:1a:5a:85:61:4d:34:
         bf:9c:98:b7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkRJnvQqRVEZ/2LXdQUCjCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyYTZlNjQwMTk4MDEzZGUxMmEyNTFmMDg2MDMwY2Q3OGM3
MzI1MTYwHhcNMjUwMTAxMjM0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjdlZDdhMGMwYjc1MDZkMDRmZTg1MzA0YzM4NmRmM2MyNDlhZTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3irPgci2tGqiSxWpJV8CoFjt2+Sh
6vKZeN1MZqC9Qn4aKESC4TD6N3Md9X6UBGSLEMYwFCxfzeTS4dDu1qGEEO9Hg12n
NEuk44EBDlZkLY45gEoeVpjJUGGLt93eMvwTSsZ679YyRnJeg6LCvXFFL9+o8e7g
dP53v8CtHqthKdDQEMZ2kzC2N7n4/VM0BF9r0f2Gy9ZrqEmyrLlpaTZX3OIv0HKw
txf01xk7AcqZ5JURFqXKYoxnjWHHxiT9zjAp7l/53c29jOF6IYIORZKyyLPAO9mH
5fYDNna5Lhip6UlwkeFblFSh/FBh4hI+Yd0WiiEZilZw6URofTDmGRR0ywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI9+16DAt1BtBP6FMEw4bfPCSa4fMB8GA1UdIwQY
MBaAFEKm5kAZgBPeEqJR8IYDDNeMcyUWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXFibVFCbUFFOTRTb2xId2hnTU0xNHh6SlJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9iYTJmM2QtNmJkMi00ZjMyLTgxYWYt
YzI4NzY3MGNjZTUxLzEvajM3WG9NQzNVRzBFX29Vd1REaHQ4OEpKcmg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9iYTJmM2QtNmJkMi00ZjMyLTgxYWYtYzI4NzY3MGNjZTUx
LzEvUXFibVFCbUFFOTRTb2xId2hnTU0xNHh6SlJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQ60MA0E
AgACMAcDBQAqA7bAMA0GCSqGSIb3DQEBCwUAA4IBAQBTL8tls0xbGdLWVuYfN25v
7d//npPwxbc2NhOjVGFEEo6Ur5o840BGsD1ON9m6u22L0VF3se4Je8DNld5TueAG
xp/u1ad9ARG0DeAdaNg3sXA7zDPVVGT02vU8xOzJgMqXvgaoK5ZgDodKwty5nmTf
EhbDzMSkLzIsN9vwHxuBWbXQ5hkEyqJNYbooszj1CzPkgJH6HFCBm9dUf6SB99Vg
SlVec3Yd4OXrXqpCaJ8lQMVnEbwFo074Txq2rG7izWOWCx6djJroRO2D0ad4tNH5
YWfoqDsRWgrfk0OhkNc48aWEJd0qqHm+3ZFlHPitJ4UHIVdDvPkaWoVhTTS/nJi3
-----END CERTIFICATE-----