Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/3-Pz_ACqotf_1pTiM38rfDDW65c.roa
File:                     3-Pz_ACqotf_1pTiM38rfDDW65c.roa (raw, json)
Hash identifier:          +6mxaP3CNTwVlIYMhWG+20r4HZR/llgs3lm8STPmGs0=
Subject key identifier:   DF:E3:F3:FC:00:AA:A2:D7:FF:D6:94:E2:33:7F:2B:7C:30:D6:EB:97
Certificate issuer:       /CN=37fb004e397ddf04e7d05f3643a036f21836ff10
Certificate serial:       019420D6095B36901721906E8E6ED838B555
Authority key identifier: 37:FB:00:4E:39:7D:DF:04:E7:D0:5F:36:43:A0:36:F2:18:36:FF:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/3-Pz_ACqotf_1pTiM38rfDDW65c.roa
Signing time:             Wed 01 Jan 2025 07:48:05 +0000
ROA not before:           Wed 01 Jan 2025 07:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        185.102.76.0/22 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:09:5b:36:90:17:21:90:6e:8e:6e:d8:38:b5:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37fb004e397ddf04e7d05f3643a036f21836ff10
        Validity
            Not Before: Jan  1 07:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dfe3f3fc00aaa2d7ffd694e2337f2b7c30d6eb97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:d3:18:6b:81:11:a8:d3:d1:d3:a1:05:ef:fa:
                    0c:95:99:4e:d2:73:4f:4f:06:15:ec:21:e5:37:59:
                    40:3d:03:2b:bc:8e:ee:6d:7d:84:ad:b4:a4:70:ea:
                    81:35:f1:59:09:79:44:82:cd:2e:91:49:f4:1d:a3:
                    17:e6:46:02:22:5a:eb:66:d0:13:ff:cb:6e:1d:26:
                    9b:97:5f:0e:6f:cb:cb:26:fe:de:ee:ec:a0:45:7d:
                    b1:da:ea:77:c1:fa:06:fd:95:a9:e1:01:fa:11:34:
                    b0:55:20:b7:de:3e:39:cf:01:88:25:53:8c:3d:44:
                    2c:38:b5:83:b0:2b:9c:09:ea:67:0e:9e:a1:d6:9e:
                    e1:8f:81:bd:af:e1:d7:d1:60:90:4d:b4:2e:d4:ac:
                    e8:7d:01:bd:76:b8:5a:52:da:26:aa:61:22:81:f7:
                    6f:04:23:2e:f3:e1:35:52:d8:4d:e5:a3:82:d8:73:
                    10:f2:85:9a:00:93:00:f6:f4:c7:89:ea:51:0b:d8:
                    cf:aa:97:f4:bb:a7:09:10:49:0d:e5:22:8a:f6:bb:
                    8f:f2:6d:bb:6c:d7:d9:19:a9:df:55:06:96:11:6e:
                    df:e7:4d:05:df:7b:ed:6b:46:bc:84:11:0a:67:2a:
                    42:5b:31:50:e0:f8:f9:0a:09:36:48:c0:09:98:ca:
                    69:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:E3:F3:FC:00:AA:A2:D7:FF:D6:94:E2:33:7F:2B:7C:30:D6:EB:97
            X509v3 Authority Key Identifier:
                keyid:37:FB:00:4E:39:7D:DF:04:E7:D0:5F:36:43:A0:36:F2:18:36:FF:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/3-Pz_ACqotf_1pTiM38rfDDW65c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:7c:ce:2a:10:d8:6f:49:84:72:24:c1:82:7c:68:cb:52:68:
         5c:d3:bb:04:45:8f:2c:5e:99:12:27:92:09:83:3d:16:16:63:
         4e:e6:d0:25:10:02:83:1f:b7:f1:85:88:e7:0e:ba:40:aa:b7:
         03:e5:ff:b7:38:f8:16:6c:54:e8:7c:1d:aa:bb:5b:c9:8f:e7:
         f4:54:5e:7e:ba:f9:b5:ef:1c:21:3b:0e:50:84:15:47:7c:b2:
         aa:92:52:93:3e:41:55:11:55:f4:11:be:29:26:5d:6d:c3:3e:
         0b:00:a2:be:1c:76:4f:cf:fa:57:35:a6:d1:67:46:23:37:1b:
         7f:ec:1e:53:9c:d8:b9:75:a1:88:4e:ea:8f:9e:ca:5d:3b:b8:
         3c:61:9a:da:94:f8:01:53:94:e8:aa:29:29:5d:73:af:1e:64:
         ed:39:91:74:10:7a:b4:db:30:98:a2:ad:bb:0e:ae:00:64:24:
         10:89:f8:36:16:57:6d:5f:23:a7:53:2c:74:b8:b6:a2:0b:19:
         6d:2c:8b:24:70:d8:51:9b:5f:25:fe:9a:2f:ef:e5:ef:e4:1d:
         bd:e6:9a:63:61:44:9c:30:59:83:b0:49:a0:15:33:cf:0b:29:
         f8:8b:63:78:ae:0c:43:cd:d5:b9:22:5f:38:07:70:ec:0a:4c:
         9d:d5:b3:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1glbNpAXIZBujm7YOLVVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZmIwMDRlMzk3ZGRmMDRlN2QwNWYzNjQzYTAzNmYyMTgz
NmZmMTAwHhcNMjUwMTAxMDc0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmUzZjNmYzAwYWFhMmQ3ZmZkNjk0ZTIzMzdmMmI3YzMwZDZlYjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNMYa4ERqNPR06EF7/oMlZlO0nNP
TwYV7CHlN1lAPQMrvI7ubX2ErbSkcOqBNfFZCXlEgs0ukUn0HaMX5kYCIlrrZtAT
/8tuHSabl18Ob8vLJv7e7uygRX2x2up3wfoG/ZWp4QH6ETSwVSC33j45zwGIJVOM
PUQsOLWDsCucCepnDp6h1p7hj4G9r+HX0WCQTbQu1KzofQG9drhaUtomqmEigfdv
BCMu8+E1UthN5aOC2HMQ8oWaAJMA9vTHiepRC9jPqpf0u6cJEEkN5SKK9ruP8m27
bNfZGanfVQaWEW7f500F33vta0a8hBEKZypCWzFQ4Pj5Cgk2SMAJmMppZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/j8/wAqqLX/9aU4jN/K3ww1uuXMB8GA1UdIwQY
MBaAFDf7AE45fd8E59BfNkOgNvIYNv8QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTl9zQVRqbDkzd1RuMEY4MlE2QTI4aGcyX3hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS83NDIyOTktZjM0My00MzIxLWIzNTEt
YjUzYjY0Y2YwZDk1LzEvMy1Qel9BQ3FvdGZfMXBUaU0zOHJmRERXNjVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS83NDIyOTktZjM0My00MzIxLWIzNTEtYjUzYjY0Y2YwZDk1
LzEvTl9zQVRqbDkzd1RuMEY4MlE2QTI4aGcyX3hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWZMMA0G
CSqGSIb3DQEBCwUAA4IBAQA8fM4qENhvSYRyJMGCfGjLUmhc07sERY8sXpkSJ5IJ
gz0WFmNO5tAlEAKDH7fxhYjnDrpAqrcD5f+3OPgWbFTofB2qu1vJj+f0VF5+uvm1
7xwhOw5QhBVHfLKqklKTPkFVEVX0Eb4pJl1twz4LAKK+HHZPz/pXNabRZ0YjNxt/
7B5TnNi5daGITuqPnspdO7g8YZralPgBU5ToqikpXXOvHmTtOZF0EHq02zCYoq27
Dq4AZCQQifg2FldtXyOnUyx0uLaiCxltLIskcNhRm18l/pov7+Xv5B295ppjYUSc
MFmDsEmgFTPPCyn4i2N4rgxDzdW5Il84B3DsCkyd1bOw
-----END CERTIFICATE-----