Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/8cf2a6-4529-43d9-b782-36e85abe52ff/1/rAVoUvT6eIAoJ9DaPocwQDvvkoc.roa
File:                     rAVoUvT6eIAoJ9DaPocwQDvvkoc.roa (raw, json)
Hash identifier:          1BFZOwvrkIRFql6imBqxsdk52Ly1yvo/6JadLNNcDZs=
Subject key identifier:   AC:05:68:52:F4:FA:78:80:28:27:D0:DA:3E:87:30:40:3B:EF:92:87
Certificate issuer:       /CN=3533d439035ccdc5f0c39d1b3fb16195b555fca3
Certificate serial:       019424451A4241993B43F6310691BD95EA05
Authority key identifier: 35:33:D4:39:03:5C:CD:C5:F0:C3:9D:1B:3F:B1:61:95:B5:55:FC:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NTPUOQNczcXww50bP7FhlbVV_KM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/8cf2a6-4529-43d9-b782-36e85abe52ff/1/rAVoUvT6eIAoJ9DaPocwQDvvkoc.roa
Signing time:             Wed 01 Jan 2025 23:48:15 +0000
ROA not before:           Wed 01 Jan 2025 23:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201995
IP address blocks:        185.63.84.0/24 maxlen: 24
                          2a06:4300::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/8cf2a6-4529-43d9-b782-36e85abe52ff/1/NTPUOQNczcXww50bP7FhlbVV_KM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/8cf2a6-4529-43d9-b782-36e85abe52ff/1/NTPUOQNczcXww50bP7FhlbVV_KM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NTPUOQNczcXww50bP7FhlbVV_KM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:1a:42:41:99:3b:43:f6:31:06:91:bd:95:ea:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3533d439035ccdc5f0c39d1b3fb16195b555fca3
        Validity
            Not Before: Jan  1 23:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac056852f4fa78802827d0da3e8730403bef9287
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:58:4b:b9:36:a1:7c:cd:0e:ae:e4:ff:fb:51:
                    37:92:fe:4e:25:9d:07:ea:2b:1a:1b:3b:66:09:89:
                    f2:a6:be:d3:d6:3c:f5:05:c5:0a:09:3a:99:bd:fb:
                    22:18:b3:57:2b:78:c3:85:45:a7:08:fa:7e:12:9e:
                    01:64:f1:89:74:bf:f4:c6:b3:5d:c8:95:6e:6a:75:
                    3c:92:cd:79:d6:bc:77:66:9b:b8:53:63:9e:20:b2:
                    92:31:f5:2a:ac:f2:a7:dd:69:3d:31:82:67:d5:7e:
                    ac:f0:34:2f:2a:2c:7f:8e:4a:b9:90:78:0c:49:83:
                    9f:6a:4b:36:3d:ec:c7:fa:44:2f:3e:a4:fe:50:7f:
                    be:dc:35:df:1c:da:7c:52:d3:22:92:d7:02:f0:93:
                    99:ec:3a:21:f1:64:c8:76:f0:a3:53:a4:8b:2a:04:
                    fe:a3:99:8c:2e:5f:b2:ff:ac:e7:aa:07:a8:c7:ee:
                    de:b6:87:71:e3:12:10:46:c8:20:e9:b3:f7:f8:54:
                    09:58:d8:83:1f:eb:8e:11:03:1e:ac:ee:3c:bd:c1:
                    de:68:c8:8a:93:d2:6e:ff:27:80:68:d4:3f:58:0a:
                    74:de:89:e8:df:a1:1e:cf:a3:de:7e:12:f3:a1:a2:
                    d1:00:b3:56:c8:fd:7f:7b:9a:47:f9:90:82:e2:38:
                    40:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:05:68:52:F4:FA:78:80:28:27:D0:DA:3E:87:30:40:3B:EF:92:87
            X509v3 Authority Key Identifier:
                keyid:35:33:D4:39:03:5C:CD:C5:F0:C3:9D:1B:3F:B1:61:95:B5:55:FC:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NTPUOQNczcXww50bP7FhlbVV_KM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/8cf2a6-4529-43d9-b782-36e85abe52ff/1/rAVoUvT6eIAoJ9DaPocwQDvvkoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/8cf2a6-4529-43d9-b782-36e85abe52ff/1/NTPUOQNczcXww50bP7FhlbVV_KM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.63.84.0/24
                IPv6:
                  2a06:4300::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:48:a4:6f:b5:1c:9c:b4:fe:30:2d:0f:da:10:ba:24:a9:38:
         75:c2:ea:5f:0a:33:ce:68:1f:36:ff:0f:72:06:85:63:46:d3:
         13:8c:b5:cc:0c:23:a7:9d:7e:b3:08:15:ab:ce:fd:b7:cd:ec:
         30:48:0e:33:5b:0c:34:11:48:04:20:cc:e5:90:d3:ce:4e:e2:
         93:9a:3e:a8:60:cf:6c:ae:48:6a:f2:45:c8:1b:77:93:c0:76:
         c5:87:5a:d7:31:b6:a4:fb:cd:4c:21:71:75:55:68:82:e7:e1:
         31:0e:cd:a6:53:d6:74:1e:06:e7:41:9f:2b:18:76:8b:f9:9a:
         8f:ac:98:39:1e:6d:35:2b:ae:d6:58:5a:f7:58:6c:76:e3:4c:
         33:30:76:44:fe:63:90:a0:1e:16:78:21:eb:14:fa:9b:6d:2c:
         8b:ed:7a:90:62:9b:d7:96:99:01:06:66:74:8d:0f:c2:f6:2c:
         cd:f0:96:9b:8e:ab:5c:ae:d8:64:e9:5c:bc:22:52:ca:ca:82:
         c5:27:2c:d5:1c:6e:48:0f:c8:a0:cf:32:6b:51:33:a8:d5:5a:
         72:75:4f:be:18:dd:ae:2b:47:2c:20:a8:4e:08:90:8b:d9:53:
         66:f7:da:72:bd:02:fd:9b:20:93:ce:88:d3:f9:cb:0a:02:5b:
         90:38:38:13
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkRRpCQZk7Q/YxBpG9leoFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MzNkNDM5MDM1Y2NkYzVmMGMzOWQxYjNmYjE2MTk1YjU1
NWZjYTMwHhcNMjUwMTAxMjM0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzA1Njg1MmY0ZmE3ODgwMjgyN2QwZGEzZTg3MzA0MDNiZWY5Mjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1hLuTahfM0OruT/+1E3kv5OJZ0H
6isaGztmCYnypr7T1jz1BcUKCTqZvfsiGLNXK3jDhUWnCPp+Ep4BZPGJdL/0xrNd
yJVuanU8ks151rx3Zpu4U2OeILKSMfUqrPKn3Wk9MYJn1X6s8DQvKix/jkq5kHgM
SYOfaks2PezH+kQvPqT+UH++3DXfHNp8UtMiktcC8JOZ7Doh8WTIdvCjU6SLKgT+
o5mMLl+y/6znqgeox+7etodx4xIQRsgg6bP3+FQJWNiDH+uOEQMerO48vcHeaMiK
k9Ju/yeAaNQ/WAp03ono36Eez6PefhLzoaLRALNWyP1/e5pH+ZCC4jhAzQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKwFaFL0+niAKCfQ2j6HMEA775KHMB8GA1UdIwQY
MBaAFDUz1DkDXM3F8MOdGz+xYZW1VfyjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlRQVU9RTmN6Y1h3dzUwYlA3RmhsYlZWX0tNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy84Y2YyYTYtNDUyOS00M2Q5LWI3ODIt
MzZlODVhYmU1MmZmLzEvckFWb1V2VDZlSUFvSjlEYVBvY3dRRHZ2a29jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy84Y2YyYTYtNDUyOS00M2Q5LWI3ODItMzZlODVhYmU1MmZm
LzEvTlRQVU9RTmN6Y1h3dzUwYlA3RmhsYlZWX0tNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuT9UMA0E
AgACMAcDBQAqBkMAMA0GCSqGSIb3DQEBCwUAA4IBAQCdSKRvtRyctP4wLQ/aELok
qTh1wupfCjPOaB82/w9yBoVjRtMTjLXMDCOnnX6zCBWrzv23zewwSA4zWww0EUgE
IMzlkNPOTuKTmj6oYM9srkhq8kXIG3eTwHbFh1rXMbak+81MIXF1VWiC5+ExDs2m
U9Z0HgbnQZ8rGHaL+ZqPrJg5Hm01K67WWFr3WGx240wzMHZE/mOQoB4WeCHrFPqb
bSyL7XqQYpvXlpkBBmZ0jQ/C9izN8Jabjqtcrthk6Vy8IlLKyoLFJyzVHG5ID8ig
zzJrUTOo1VpydU++GN2uK0csIKhOCJCL2VNm99pyvQL9myCTzojT+csKAluQODgT
-----END CERTIFICATE-----