Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/avUi3YjwZnz0yzUPnJu4Y8PDkW0.roa
File:                     avUi3YjwZnz0yzUPnJu4Y8PDkW0.roa (raw, json)
Hash identifier:          mWS6jEEzpU5C/mf65CgMVs1ygfIg+nXboKeBb7STrRk=
Subject key identifier:   6A:F5:22:DD:88:F0:66:7C:F4:CB:35:0F:9C:9B:B8:63:C3:C3:91:6D
Certificate issuer:       /CN=37fb004e397ddf04e7d05f3643a036f21836ff10
Certificate serial:       019420D60C99D2F93D75177C702E4C5948BD
Authority key identifier: 37:FB:00:4E:39:7D:DF:04:E7:D0:5F:36:43:A0:36:F2:18:36:FF:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/avUi3YjwZnz0yzUPnJu4Y8PDkW0.roa
Signing time:             Wed 01 Jan 2025 07:48:06 +0000
ROA not before:           Wed 01 Jan 2025 07:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206566
IP address blocks:        185.183.8.0/22 maxlen: 22
                          2a0a:ff80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:0c:99:d2:f9:3d:75:17:7c:70:2e:4c:59:48:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37fb004e397ddf04e7d05f3643a036f21836ff10
        Validity
            Not Before: Jan  1 07:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6af522dd88f0667cf4cb350f9c9bb863c3c3916d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:73:ae:ca:dc:cd:58:6f:1b:e5:26:d0:01:77:
                    e8:7a:54:55:ed:6b:ef:bd:98:c6:33:5e:f1:61:31:
                    21:d8:34:77:e5:50:bc:00:ca:a3:fb:1c:14:c3:74:
                    f0:1a:77:a9:93:89:66:39:a5:e0:7c:ee:c5:3a:3b:
                    6e:43:1e:b8:24:e8:ed:58:f7:64:83:c9:cc:8b:1c:
                    69:99:ae:23:3e:3f:ef:0d:8d:3e:6f:be:80:c7:fe:
                    f0:6a:91:56:12:94:f0:1f:23:e2:50:a2:8a:f0:e9:
                    fc:34:45:b5:79:bf:f2:17:5e:11:53:4c:e6:3c:b8:
                    ce:21:e4:70:33:8c:8b:0d:be:5d:3d:28:71:f5:17:
                    d1:e0:1f:c9:f7:ca:1e:71:f9:db:35:19:a6:eb:b3:
                    93:09:3c:eb:0f:06:89:dc:cd:e8:c2:b6:7b:a4:0c:
                    7a:c8:fc:69:99:45:d4:f1:46:28:7c:1e:fb:f5:6e:
                    53:a2:13:33:40:39:b2:73:0b:98:58:99:78:dd:f1:
                    03:aa:7b:f5:83:bb:ed:d8:65:a2:7d:89:31:2f:41:
                    79:1d:ab:c4:dd:77:61:5d:fa:34:e0:68:4a:98:65:
                    db:b2:96:be:04:68:84:6e:ca:8c:31:cd:2e:57:f5:
                    59:ae:0c:54:ac:87:04:04:b8:8d:ff:f6:e7:24:c9:
                    10:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:F5:22:DD:88:F0:66:7C:F4:CB:35:0F:9C:9B:B8:63:C3:C3:91:6D
            X509v3 Authority Key Identifier:
                keyid:37:FB:00:4E:39:7D:DF:04:E7:D0:5F:36:43:A0:36:F2:18:36:FF:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/avUi3YjwZnz0yzUPnJu4Y8PDkW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.183.8.0/22
                IPv6:
                  2a0a:ff80::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:e0:31:d4:da:ae:51:05:f0:87:7b:1d:04:2d:ca:02:39:37:
         15:16:1e:22:51:6a:a2:0b:84:02:b1:25:a2:82:e0:c3:0d:78:
         c7:83:25:42:e3:20:a2:f7:aa:66:43:6e:08:03:e2:81:4c:8f:
         65:0b:88:f1:4b:f5:87:03:0d:0a:ea:a0:6a:b7:e1:94:11:e4:
         b4:a9:f4:5f:6e:5b:cf:f7:af:13:7f:17:ca:a7:7d:b0:24:14:
         93:a8:10:2f:4f:af:00:05:e4:6d:bf:bb:38:be:c1:48:c3:a8:
         2a:7a:d9:90:17:f4:05:04:13:8c:4b:f1:08:8e:06:83:c1:47:
         86:e4:31:03:06:ae:2d:47:f7:49:e1:9d:4e:eb:e7:1d:1a:4a:
         6b:8c:1a:77:59:fe:42:aa:21:7e:81:58:03:e7:11:15:ea:9c:
         0f:f0:61:25:4b:18:b9:b8:6b:ef:f8:8b:88:90:8d:05:e1:3f:
         00:bc:e2:81:9d:ef:36:0e:6f:a6:93:3d:fc:39:5f:f3:b3:78:
         87:0f:0c:97:5f:b8:98:b9:8b:ee:d1:47:2b:36:cb:d1:d4:79:
         e3:c9:4f:20:68:0a:37:15:0b:16:f1:ad:61:5d:3f:7b:3e:bb:
         c3:8e:b7:38:f9:d2:c5:53:01:d6:2c:81:2b:f2:b0:d9:71:89:
         c0:e4:f6:6d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQg1gyZ0vk9dRd8cC5MWUi9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZmIwMDRlMzk3ZGRmMDRlN2QwNWYzNjQzYTAzNmYyMTgz
NmZmMTAwHhcNMjUwMTAxMDc0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWY1MjJkZDg4ZjA2NjdjZjRjYjM1MGY5YzliYjg2M2MzYzM5MTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA63OuytzNWG8b5SbQAXfoelRV7Wvv
vZjGM17xYTEh2DR35VC8AMqj+xwUw3TwGnepk4lmOaXgfO7FOjtuQx64JOjtWPdk
g8nMixxpma4jPj/vDY0+b76Ax/7wapFWEpTwHyPiUKKK8On8NEW1eb/yF14RU0zm
PLjOIeRwM4yLDb5dPShx9RfR4B/J98oecfnbNRmm67OTCTzrDwaJ3M3owrZ7pAx6
yPxpmUXU8UYofB779W5TohMzQDmycwuYWJl43fEDqnv1g7vt2GWifYkxL0F5HavE
3XdhXfo04GhKmGXbspa+BGiEbsqMMc0uV/VZrgxUrIcEBLiN//bnJMkQkQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGr1It2I8GZ89Ms1D5ybuGPDw5FtMB8GA1UdIwQY
MBaAFDf7AE45fd8E59BfNkOgNvIYNv8QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTl9zQVRqbDkzd1RuMEY4MlE2QTI4aGcyX3hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS83NDIyOTktZjM0My00MzIxLWIzNTEt
YjUzYjY0Y2YwZDk1LzEvYXZVaTNZandabnoweXpVUG5KdTRZOFBEa1cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS83NDIyOTktZjM0My00MzIxLWIzNTEtYjUzYjY0Y2YwZDk1
LzEvTl9zQVRqbDkzd1RuMEY4MlE2QTI4aGcyX3hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubcIMA0E
AgACMAcDBQAqCv+AMA0GCSqGSIb3DQEBCwUAA4IBAQBv4DHU2q5RBfCHex0ELcoC
OTcVFh4iUWqiC4QCsSWiguDDDXjHgyVC4yCi96pmQ24IA+KBTI9lC4jxS/WHAw0K
6qBqt+GUEeS0qfRfblvP968TfxfKp32wJBSTqBAvT68ABeRtv7s4vsFIw6gqetmQ
F/QFBBOMS/EIjgaDwUeG5DEDBq4tR/dJ4Z1O6+cdGkprjBp3Wf5CqiF+gVgD5xEV
6pwP8GElSxi5uGvv+IuIkI0F4T8AvOKBne82Dm+mkz38OV/zs3iHDwyXX7iYuYvu
0UcrNsvR1HnjyU8gaAo3FQsW8a1hXT97PrvDjrc4+dLFUwHWLIEr8rDZcYnA5PZt
-----END CERTIFICATE-----