Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/nTWU5WV73x998fb6pecneWzKHj0.roa
File:                     nTWU5WV73x998fb6pecneWzKHj0.roa (raw, json)
Hash identifier:          m9Al1FOb5Ruq1WL/BIhpl9I/8AOLD6hHB+5Qi5PqY4A=
Subject key identifier:   9D:35:94:E5:65:7B:DF:1F:7D:F1:F6:FA:A5:E7:27:79:6C:CA:1E:3D
Certificate issuer:       /CN=37fb004e397ddf04e7d05f3643a036f21836ff10
Certificate serial:       019538262A65A4A43A6DE814DD1C0BB21578
Authority key identifier: 37:FB:00:4E:39:7D:DF:04:E7:D0:5F:36:43:A0:36:F2:18:36:FF:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/nTWU5WV73x998fb6pecneWzKHj0.roa
Signing time:             Mon 24 Feb 2025 13:29:40 +0000
ROA not before:           Mon 24 Feb 2025 13:29:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8648
IP address blocks:        185.102.20.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:38:26:2a:65:a4:a4:3a:6d:e8:14:dd:1c:0b:b2:15:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37fb004e397ddf04e7d05f3643a036f21836ff10
        Validity
            Not Before: Feb 24 13:29:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d3594e5657bdf1f7df1f6faa5e727796cca1e3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c9:77:dc:71:39:a6:24:aa:7d:d2:8e:16:f0:
                    ae:55:c4:1d:81:ab:fc:c4:76:72:a3:cb:29:2e:04:
                    59:a6:b4:6d:39:8b:1a:25:26:03:40:5b:bc:2c:fa:
                    aa:0a:73:37:e5:b1:ff:d4:4d:59:e5:43:ad:ab:ee:
                    c6:4a:f8:ba:eb:ef:b6:9f:22:90:f7:59:67:9e:96:
                    ba:1d:68:ba:16:60:4d:b8:da:71:66:83:98:e5:0f:
                    12:28:65:2c:09:34:c5:3b:ee:c7:10:f0:d7:73:e1:
                    84:c0:85:4e:6b:6b:f9:5b:d6:1c:81:60:e7:ec:a9:
                    2e:33:e2:86:ac:96:06:af:c9:9b:88:ea:64:6d:cf:
                    e6:b5:a4:28:dd:bc:31:3b:93:7b:4d:a6:0a:9f:e0:
                    17:66:20:d5:2f:4e:ce:9e:25:40:8f:5b:32:16:e1:
                    4a:44:3e:9a:ff:72:50:b5:2a:5a:11:1f:06:6c:0c:
                    b0:c2:00:57:ad:61:8e:03:3b:f3:46:14:08:07:c3:
                    b9:07:30:c9:34:04:c4:94:63:e1:59:a2:d1:62:1a:
                    66:8a:5d:d5:e9:22:3b:ff:db:72:63:43:08:19:50:
                    19:fc:02:6d:03:de:12:18:4a:74:40:54:7e:62:ae:
                    e6:7b:07:f0:6a:2a:a1:c6:75:fd:e1:e1:e4:11:b7:
                    9a:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:35:94:E5:65:7B:DF:1F:7D:F1:F6:FA:A5:E7:27:79:6C:CA:1E:3D
            X509v3 Authority Key Identifier:
                keyid:37:FB:00:4E:39:7D:DF:04:E7:D0:5F:36:43:A0:36:F2:18:36:FF:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/nTWU5WV73x998fb6pecneWzKHj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:4f:6e:da:4e:ec:e6:dc:a5:01:59:5d:62:3a:aa:8b:56:d2:
         b5:cb:97:e0:9f:eb:be:ff:6b:12:07:ff:30:62:74:a3:a2:31:
         d5:a2:27:93:2e:19:53:c1:b1:93:e3:e3:81:3e:2e:7f:36:3d:
         99:45:ef:96:8a:6a:79:44:05:3f:e6:28:53:72:40:c8:68:90:
         39:c8:e9:54:01:4d:4f:17:a3:52:3d:a5:b6:ff:f3:72:02:44:
         e0:fb:9b:1a:a4:b5:62:d5:bd:47:c0:8e:dc:b2:cc:8a:7c:e0:
         14:56:b1:9d:68:25:7f:57:16:41:27:f8:b3:15:d9:2f:4a:0a:
         27:60:46:5d:7c:48:28:02:7c:85:f9:a5:9c:23:7d:f9:fc:ab:
         7b:8a:96:09:87:ec:9e:5a:ea:fe:9d:94:bf:a1:e4:b4:52:82:
         66:65:b1:5b:81:e6:17:d0:94:6b:f5:f7:5d:23:1b:6c:a7:44:
         80:17:2d:ce:80:26:b2:e2:91:20:e8:6b:07:b3:c7:0c:87:97:
         4b:98:7a:d0:c5:b3:68:71:72:00:76:64:35:92:19:03:71:05:
         b3:d9:73:42:4d:85:9d:61:78:f3:9c:6e:59:ae:52:11:7e:f2:
         48:c8:7b:ff:ea:06:1c:a1:ad:47:4c:32:d7:bc:08:f7:d4:46:
         cc:5a:a8:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZU4JiplpKQ6begU3RwLshV4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZmIwMDRlMzk3ZGRmMDRlN2QwNWYzNjQzYTAzNmYyMTgz
NmZmMTAwHhcNMjUwMjI0MTMyOTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDM1OTRlNTY1N2JkZjFmN2RmMWY2ZmFhNWU3Mjc3OTZjY2ExZTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8l33HE5piSqfdKOFvCuVcQdgav8
xHZyo8spLgRZprRtOYsaJSYDQFu8LPqqCnM35bH/1E1Z5UOtq+7GSvi66++2nyKQ
91lnnpa6HWi6FmBNuNpxZoOY5Q8SKGUsCTTFO+7HEPDXc+GEwIVOa2v5W9YcgWDn
7KkuM+KGrJYGr8mbiOpkbc/mtaQo3bwxO5N7TaYKn+AXZiDVL07OniVAj1syFuFK
RD6a/3JQtSpaER8GbAywwgBXrWGOAzvzRhQIB8O5BzDJNATElGPhWaLRYhpmil3V
6SI7/9tyY0MIGVAZ/AJtA94SGEp0QFR+Yq7mewfwaiqhxnX94eHkEbeaFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ01lOVle98fffH2+qXnJ3lsyh49MB8GA1UdIwQY
MBaAFDf7AE45fd8E59BfNkOgNvIYNv8QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTl9zQVRqbDkzd1RuMEY4MlE2QTI4aGcyX3hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS83NDIyOTktZjM0My00MzIxLWIzNTEt
YjUzYjY0Y2YwZDk1LzEvblRXVTVXVjczeDk5OGZiNnBlY25lV3pLSGowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS83NDIyOTktZjM0My00MzIxLWIzNTEtYjUzYjY0Y2YwZDk1
LzEvTl9zQVRqbDkzd1RuMEY4MlE2QTI4aGcyX3hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWYUMA0G
CSqGSIb3DQEBCwUAA4IBAQAlT27aTuzm3KUBWV1iOqqLVtK1y5fgn+u+/2sSB/8w
YnSjojHVoieTLhlTwbGT4+OBPi5/Nj2ZRe+Wimp5RAU/5ihTckDIaJA5yOlUAU1P
F6NSPaW2//NyAkTg+5sapLVi1b1HwI7cssyKfOAUVrGdaCV/VxZBJ/izFdkvSgon
YEZdfEgoAnyF+aWcI335/Kt7ipYJh+yeWur+nZS/oeS0UoJmZbFbgeYX0JRr9fdd
Ixtsp0SAFy3OgCay4pEg6GsHs8cMh5dLmHrQxbNocXIAdmQ1khkDcQWz2XNCTYWd
YXjznG5ZrlIRfvJIyHv/6gYcoa1HTDLXvAj31EbMWqhy
-----END CERTIFICATE-----