Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/FjL9taOKp0QUDy8DHlyiyYxJJo8.roa
File:                     FjL9taOKp0QUDy8DHlyiyYxJJo8.roa (raw, json)
Hash identifier:          KT2GTEVq5Me+0963HCuZSipbLBE2/rOTeydTWcPWLNk=
Subject key identifier:   16:32:FD:B5:A3:8A:A7:44:14:0F:2F:03:1E:5C:A2:C9:8C:49:26:8F
Certificate issuer:       /CN=37fb004e397ddf04e7d05f3643a036f21836ff10
Certificate serial:       018CC6B889FD829045BFB6405CC1BEF55C6F
Authority key identifier: 37:FB:00:4E:39:7D:DF:04:E7:D0:5F:36:43:A0:36:F2:18:36:FF:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/FjL9taOKp0QUDy8DHlyiyYxJJo8.roa
Signing time:             Mon 01 Jan 2024 20:30:31 +0000
ROA not before:           Mon 01 Jan 2024 20:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198171
IP address blocks:        185.102.76.0/22 maxlen: 22
                          2a00:ca80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:89:fd:82:90:45:bf:b6:40:5c:c1:be:f5:5c:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37fb004e397ddf04e7d05f3643a036f21836ff10
        Validity
            Not Before: Jan  1 20:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1632fdb5a38aa744140f2f031e5ca2c98c49268f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:39:15:82:4c:25:2d:c2:9b:ee:88:90:0b:d2:
                    b8:de:a0:01:70:74:18:a0:d7:68:40:77:33:3e:ba:
                    29:52:e4:f9:52:7f:f6:1c:58:0f:5b:c3:c5:9f:fa:
                    89:22:7b:00:19:f0:81:a6:b9:c1:80:1b:06:59:ef:
                    d3:37:de:9e:1d:8a:f5:9a:87:29:57:80:dd:26:0a:
                    c7:84:fc:4a:1b:ad:31:f8:b4:19:25:66:2b:37:91:
                    07:b0:57:72:2f:5c:7d:63:de:42:d9:fa:80:9c:0a:
                    ba:03:2d:33:45:0c:30:00:15:59:53:bf:5c:6e:4a:
                    af:e2:2b:4f:9a:6c:d1:8a:b1:26:3b:5d:51:b8:cf:
                    40:89:0b:2f:a2:1a:6d:0e:20:27:0a:c6:a1:20:69:
                    3c:a7:db:78:a8:da:8a:6f:5e:5a:7c:e2:e9:90:36:
                    17:c7:6b:77:17:39:4d:f6:8d:b0:6f:2a:81:67:b2:
                    c8:e6:f0:18:18:e9:98:30:7f:d5:21:48:a5:5c:ae:
                    e8:58:a4:b7:a6:5e:e5:62:af:c2:fe:14:58:c7:c6:
                    6d:b6:7c:ee:a9:57:1a:4a:64:fd:85:03:68:4e:fa:
                    88:97:eb:90:b5:ed:d4:a6:94:cc:87:7f:ec:f2:24:
                    fd:96:7e:63:4f:5f:6f:01:43:57:6e:80:e1:ea:d9:
                    38:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:32:FD:B5:A3:8A:A7:44:14:0F:2F:03:1E:5C:A2:C9:8C:49:26:8F
            X509v3 Authority Key Identifier:
                keyid:37:FB:00:4E:39:7D:DF:04:E7:D0:5F:36:43:A0:36:F2:18:36:FF:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/FjL9taOKp0QUDy8DHlyiyYxJJo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.76.0/22
                IPv6:
                  2a00:ca80::/32

    Signature Algorithm: sha256WithRSAEncryption
         86:7f:8e:da:98:f4:c8:d7:ab:4b:8d:a2:d5:9f:1f:73:3b:89:
         ce:8d:57:3c:54:65:d6:e3:57:45:50:40:e0:45:77:47:f1:8c:
         d9:12:e6:cb:73:ff:0e:c6:0c:b7:2d:8c:54:8b:64:30:92:33:
         02:07:7a:99:31:29:fb:a4:9d:12:c7:0f:9a:d9:51:c7:a2:8e:
         5d:cd:a7:3c:56:c7:c2:e9:80:ea:6d:55:4b:07:6a:2d:0b:a5:
         4c:c4:11:16:9c:df:9b:16:d8:ff:e8:fa:0d:9f:64:77:53:28:
         b5:18:da:53:ac:80:12:12:87:1a:75:62:59:a7:e9:52:fc:d7:
         76:74:9d:98:a6:2b:de:e8:3c:8a:5a:79:24:1c:32:c3:24:30:
         71:46:8c:53:68:96:5e:ad:88:38:e0:1e:a3:e1:26:ea:b9:16:
         fb:7d:38:da:53:dd:be:c6:35:1d:bb:c9:fb:d8:e4:92:ec:35:
         e1:6b:86:82:85:81:8f:e7:01:a7:06:83:20:e7:24:8b:ce:c7:
         d2:80:e1:2e:94:41:22:88:2b:9a:d4:12:24:db:de:77:3a:cc:
         83:69:73:98:a3:39:3d:e7:bb:2e:4f:75:45:be:0e:26:4b:fd:
         93:a5:ef:04:5f:65:67:48:b3:c0:63:fb:87:73:b7:a3:6b:21:
         e8:2d:44:73
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuIn9gpBFv7ZAXMG+9VxvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZmIwMDRlMzk3ZGRmMDRlN2QwNWYzNjQzYTAzNmYyMTgz
NmZmMTAwHhcNMjQwMTAxMjAzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjMyZmRiNWEzOGFhNzQ0MTQwZjJmMDMxZTVjYTJjOThjNDkyNjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszkVgkwlLcKb7oiQC9K43qABcHQY
oNdoQHczPropUuT5Un/2HFgPW8PFn/qJInsAGfCBprnBgBsGWe/TN96eHYr1mocp
V4DdJgrHhPxKG60x+LQZJWYrN5EHsFdyL1x9Y95C2fqAnAq6Ay0zRQwwABVZU79c
bkqv4itPmmzRirEmO11RuM9AiQsvohptDiAnCsahIGk8p9t4qNqKb15afOLpkDYX
x2t3FzlN9o2wbyqBZ7LI5vAYGOmYMH/VIUilXK7oWKS3pl7lYq/C/hRYx8Zttnzu
qVcaSmT9hQNoTvqIl+uQte3UppTMh3/s8iT9ln5jT19vAUNXboDh6tk4VQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBYy/bWjiqdEFA8vAx5cosmMSSaPMB8GA1UdIwQY
MBaAFDf7AE45fd8E59BfNkOgNvIYNv8QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTl9zQVRqbDkzd1RuMEY4MlE2QTI4aGcyX3hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS83NDIyOTktZjM0My00MzIxLWIzNTEt
YjUzYjY0Y2YwZDk1LzEvRmpMOXRhT0twMFFVRHk4REhseWl5WXhKSm84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS83NDIyOTktZjM0My00MzIxLWIzNTEtYjUzYjY0Y2YwZDk1
LzEvTl9zQVRqbDkzd1RuMEY4MlE2QTI4aGcyX3hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWZMMA0E
AgACMAcDBQAqAMqAMA0GCSqGSIb3DQEBCwUAA4IBAQCGf47amPTI16tLjaLVnx9z
O4nOjVc8VGXW41dFUEDgRXdH8YzZEubLc/8Oxgy3LYxUi2QwkjMCB3qZMSn7pJ0S
xw+a2VHHoo5dzac8VsfC6YDqbVVLB2otC6VMxBEWnN+bFtj/6PoNn2R3Uyi1GNpT
rIASEocadWJZp+lS/Nd2dJ2Ypive6DyKWnkkHDLDJDBxRoxTaJZerYg44B6j4Sbq
uRb7fTjaU92+xjUdu8n72OSS7DXha4aChYGP5wGnBoMg5ySLzsfSgOEulEEiiCua
1BIk2953OsyDaXOYozk957suT3VFvg4mS/2Tpe8EX2VnSLPAY/uHc7ejayHoLURz
-----END CERTIFICATE-----