Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/1336c7-a33f-4ec6-82d7-f44166bb2db0/1/t0FWDnJPs6XvZokHfTcCnjKRaeE.roa
File:                     t0FWDnJPs6XvZokHfTcCnjKRaeE.roa (raw, json)
Hash identifier:          Aou1i/O3zguK2P9WdtUpbw8G9iRuYff1/7SNrw+Pohw=
Subject key identifier:   B7:41:56:0E:72:4F:B3:A5:EF:66:89:07:7D:37:02:9E:32:91:69:E1
Certificate issuer:       /CN=37fbdf2f5f855e5e1ca48e77c3bdd33bd47b4438
Certificate serial:       019423D75615E6E26B0316AC9C45DAE341FC
Authority key identifier: 37:FB:DF:2F:5F:85:5E:5E:1C:A4:8E:77:C3:BD:D3:3B:D4:7B:44:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N_vfL1-FXl4cpI53w73TO9R7RDg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/1336c7-a33f-4ec6-82d7-f44166bb2db0/1/t0FWDnJPs6XvZokHfTcCnjKRaeE.roa
Signing time:             Wed 01 Jan 2025 21:48:22 +0000
ROA not before:           Wed 01 Jan 2025 21:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54145
IP address blocks:        193.151.172.0/22 maxlen: 22
                          206.190.220.0/22 maxlen: 24
                          2a0d:e8c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/1336c7-a33f-4ec6-82d7-f44166bb2db0/1/N_vfL1-FXl4cpI53w73TO9R7RDg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/1336c7-a33f-4ec6-82d7-f44166bb2db0/1/N_vfL1-FXl4cpI53w73TO9R7RDg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N_vfL1-FXl4cpI53w73TO9R7RDg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:56:15:e6:e2:6b:03:16:ac:9c:45:da:e3:41:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37fbdf2f5f855e5e1ca48e77c3bdd33bd47b4438
        Validity
            Not Before: Jan  1 21:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b741560e724fb3a5ef6689077d37029e329169e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:59:4d:27:b6:e1:96:20:74:6c:cc:5d:25:86:
                    c3:ea:fe:a7:b6:7b:a2:75:17:e9:52:f1:0d:c1:f9:
                    fc:6f:bb:9d:91:08:10:ca:57:77:d3:2a:d4:70:89:
                    d0:08:08:99:70:00:8e:fb:1a:7a:59:33:23:5c:71:
                    80:bc:15:a1:22:be:ec:b4:4f:29:11:20:90:d1:2a:
                    8e:c2:6d:08:02:40:fc:df:ec:cb:b7:03:1a:84:dd:
                    2e:4a:e0:ba:29:48:d7:6e:30:21:c9:d6:c7:68:93:
                    5a:2e:d2:84:45:84:10:3c:ac:79:df:b3:6f:90:39:
                    23:4f:b0:75:04:1e:73:1e:04:05:5b:d9:a9:87:71:
                    aa:89:a2:9a:6d:32:e9:4f:06:c8:b2:78:68:92:49:
                    e0:b4:91:2d:32:30:36:61:5f:e2:bf:5b:5f:d9:45:
                    ff:18:a6:7f:d3:27:30:1b:1e:c7:c3:87:52:51:41:
                    58:c6:77:51:8a:53:1c:6e:b4:5c:50:c3:b5:77:a6:
                    10:e0:15:03:ef:87:a3:19:b4:a5:e7:c9:74:66:68:
                    af:0b:3d:07:23:2e:7f:f1:a9:83:cd:fd:9a:78:76:
                    6f:a0:e4:29:59:44:90:a6:95:f5:02:d9:e9:fa:71:
                    00:59:93:34:86:77:78:73:92:b0:39:34:a9:45:9f:
                    16:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:41:56:0E:72:4F:B3:A5:EF:66:89:07:7D:37:02:9E:32:91:69:E1
            X509v3 Authority Key Identifier:
                keyid:37:FB:DF:2F:5F:85:5E:5E:1C:A4:8E:77:C3:BD:D3:3B:D4:7B:44:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N_vfL1-FXl4cpI53w73TO9R7RDg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/1336c7-a33f-4ec6-82d7-f44166bb2db0/1/t0FWDnJPs6XvZokHfTcCnjKRaeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/1336c7-a33f-4ec6-82d7-f44166bb2db0/1/N_vfL1-FXl4cpI53w73TO9R7RDg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.172.0/22
                  206.190.220.0/22
                IPv6:
                  2a0d:e8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:dc:46:a9:dc:50:43:b2:62:32:d0:28:24:61:92:a4:76:77:
         2b:79:20:ac:38:b7:90:9e:82:5b:5e:b9:a5:35:ce:ab:74:46:
         f2:00:a2:4b:bc:a6:ca:e5:c6:12:2d:f6:be:50:e8:f3:6d:ea:
         95:66:76:5e:a0:4a:f3:4f:0d:d5:2e:bc:14:d6:1a:63:3b:99:
         c9:4f:46:0a:c7:74:f7:7d:2e:8d:d6:0e:0e:9a:7e:52:a9:a9:
         75:2e:cf:8a:25:d7:19:f3:7b:3f:84:a2:3c:b2:b6:31:a3:db:
         3a:9a:6c:74:0a:48:c9:4a:ae:bd:99:19:6b:8e:a2:57:b9:f2:
         e5:31:12:c1:46:be:6d:a5:16:88:3b:fa:70:e9:a0:14:9d:81:
         63:dc:4f:fe:4d:94:b1:51:84:2c:78:1f:68:51:02:64:b3:8e:
         44:82:cc:11:1a:d8:f8:2a:4a:20:c5:10:5e:19:5d:06:5a:01:
         34:2d:92:bb:5f:b4:b6:09:ad:b3:a4:7c:97:c8:cb:41:fd:b9:
         98:6f:7e:0b:c7:0d:e6:c4:c9:21:ec:82:3e:f4:60:f9:8a:7c:
         2c:96:e0:ec:9c:14:4c:f9:cc:fb:7a:b8:d4:0b:34:23:06:72:
         11:72:7b:cb:53:26:72:73:e1:09:7e:6d:a7:99:33:3d:b9:40:
         6a:ce:65:13
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQj11YV5uJrAxasnEXa40H8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZmJkZjJmNWY4NTVlNWUxY2E0OGU3N2MzYmRkMzNiZDQ3
YjQ0MzgwHhcNMjUwMTAxMjE0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzQxNTYwZTcyNGZiM2E1ZWY2Njg5MDc3ZDM3MDI5ZTMyOTE2OWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVlNJ7bhliB0bMxdJYbD6v6ntnui
dRfpUvENwfn8b7udkQgQyld30yrUcInQCAiZcACO+xp6WTMjXHGAvBWhIr7stE8p
ESCQ0SqOwm0IAkD83+zLtwMahN0uSuC6KUjXbjAhydbHaJNaLtKERYQQPKx537Nv
kDkjT7B1BB5zHgQFW9mph3GqiaKabTLpTwbIsnhokkngtJEtMjA2YV/iv1tf2UX/
GKZ/0ycwGx7Hw4dSUUFYxndRilMcbrRcUMO1d6YQ4BUD74ejGbSl58l0ZmivCz0H
Iy5/8amDzf2aeHZvoOQpWUSQppX1Atnp+nEAWZM0hnd4c5KwOTSpRZ8WjwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLdBVg5yT7Ol72aJB303Ap4ykWnhMB8GA1UdIwQY
MBaAFDf73y9fhV5eHKSOd8O90zvUe0Q4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTl92ZkwxLUZYbDRjcEk1M3c3M1RPOVI3UkRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8xMzM2YzctYTMzZi00ZWM2LTgyZDct
ZjQ0MTY2YmIyZGIwLzEvdDBGV0RuSlBzNlh2Wm9rSGZUY0NuaktSYWVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8xMzM2YzctYTMzZi00ZWM2LTgyZDctZjQ0MTY2YmIyZGIw
LzEvTl92ZkwxLUZYbDRjcEk1M3c3M1RPOVI3UkRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCwZesAwQC
zr7cMA0EAgACMAcDBQMqDejAMA0GCSqGSIb3DQEBCwUAA4IBAQBG3Eap3FBDsmIy
0CgkYZKkdncreSCsOLeQnoJbXrmlNc6rdEbyAKJLvKbK5cYSLfa+UOjzbeqVZnZe
oErzTw3VLrwU1hpjO5nJT0YKx3T3fS6N1g4Omn5Sqal1Ls+KJdcZ83s/hKI8srYx
o9s6mmx0CkjJSq69mRlrjqJXufLlMRLBRr5tpRaIO/pw6aAUnYFj3E/+TZSxUYQs
eB9oUQJks45EgswRGtj4KkogxRBeGV0GWgE0LZK7X7S2Ca2zpHyXyMtB/bmYb34L
xw3mxMkh7II+9GD5inwsluDsnBRM+cz7erjUCzQjBnIRcnvLUyZyc+EJfm2nmTM9
uUBqzmUT
-----END CERTIFICATE-----