Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/Kvwz7Otgc_2cfxtWv-qyiSeDnkI.roa
File:                     Kvwz7Otgc_2cfxtWv-qyiSeDnkI.roa (raw, json)
Hash identifier:          /Av0G+E+eRmfEHS46xLPNhTCJCoxta+3DzTycHIkaZ4=
Subject key identifier:   2A:FC:33:EC:EB:60:73:FD:9C:7F:1B:56:BF:EA:B2:89:27:83:9E:42
Certificate issuer:       /CN=fe3b0385260ac66f21c43f5ab78bac682e8ce54f
Certificate serial:       0194222027633ABA74E8829B093252987849
Authority key identifier: FE:3B:03:85:26:0A:C6:6F:21:C4:3F:5A:B7:8B:AC:68:2E:8C:E5:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_jsDhSYKxm8hxD9at4usaC6M5U8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/Kvwz7Otgc_2cfxtWv-qyiSeDnkI.roa
Signing time:             Wed 01 Jan 2025 13:48:39 +0000
ROA not before:           Wed 01 Jan 2025 13:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9121
IP address blocks:        37.140.208.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/_jsDhSYKxm8hxD9at4usaC6M5U8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/_jsDhSYKxm8hxD9at4usaC6M5U8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_jsDhSYKxm8hxD9at4usaC6M5U8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:27:63:3a:ba:74:e8:82:9b:09:32:52:98:78:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe3b0385260ac66f21c43f5ab78bac682e8ce54f
        Validity
            Not Before: Jan  1 13:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2afc33eceb6073fd9c7f1b56bfeab28927839e42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:6e:d5:01:c5:bd:be:a0:fe:bb:66:fd:0e:b6:
                    3a:f7:0e:8c:44:a6:52:d5:af:5f:ce:2a:b9:6a:45:
                    d8:bd:a8:b5:bc:43:b2:9a:3d:de:2c:c3:47:c1:35:
                    ba:42:2c:ef:57:df:a8:d4:d5:d2:6f:fd:11:67:cc:
                    1f:15:5d:e1:1e:80:16:e1:4c:17:fb:58:d0:63:b4:
                    56:5c:bf:8c:7f:82:b4:c7:a0:ca:eb:c3:37:bc:f4:
                    0a:fc:e2:2c:5f:03:c2:4c:36:de:59:0b:29:a0:b8:
                    8c:2c:9f:3b:31:9f:4c:81:28:7e:cb:98:b5:fc:ce:
                    e0:62:86:91:87:66:17:1e:11:df:95:e5:f9:c0:4a:
                    63:00:f0:46:ce:f8:14:5f:42:22:bf:8b:62:23:c4:
                    88:6f:e1:e9:ab:4e:ed:47:fe:65:39:62:6d:69:fc:
                    a5:f8:30:d4:29:50:54:d0:25:0e:b5:02:68:00:a0:
                    ae:13:82:ef:24:f1:94:f4:20:84:a3:96:36:24:37:
                    49:21:0a:55:0f:69:60:24:17:2a:db:3b:79:95:c6:
                    dd:a4:b8:b4:9f:66:ce:9f:ee:4f:c5:61:85:4e:78:
                    a1:dc:75:d1:9c:38:7b:23:e8:af:ed:18:3a:fa:02:
                    b6:c0:f9:bd:7a:29:c1:6c:37:39:d4:64:27:f2:ec:
                    59:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:FC:33:EC:EB:60:73:FD:9C:7F:1B:56:BF:EA:B2:89:27:83:9E:42
            X509v3 Authority Key Identifier:
                keyid:FE:3B:03:85:26:0A:C6:6F:21:C4:3F:5A:B7:8B:AC:68:2E:8C:E5:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_jsDhSYKxm8hxD9at4usaC6M5U8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/Kvwz7Otgc_2cfxtWv-qyiSeDnkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/_jsDhSYKxm8hxD9at4usaC6M5U8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.140.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:60:32:d7:77:3a:fe:3b:8b:57:93:a4:cb:51:36:b2:f0:86:
         6e:79:03:a1:03:87:fe:ef:d3:0d:42:20:21:1f:a4:be:ec:bd:
         80:02:c3:21:93:d9:04:60:c6:4a:7a:da:b0:6f:21:24:6f:21:
         99:2b:cf:38:3a:47:0b:1f:44:f3:3a:92:2a:5c:0d:40:9c:00:
         cf:ba:8f:47:18:34:5a:8b:88:b3:66:93:f9:92:9f:e3:da:5f:
         7c:e8:72:47:40:1a:e9:2b:ec:2c:ae:ed:64:84:9f:75:ca:46:
         55:86:e2:6d:6f:05:6c:99:0a:32:b0:f0:2c:e6:52:41:f0:93:
         9f:b3:45:a1:31:6d:29:38:0f:b5:a0:c5:11:39:5f:a6:00:b5:
         98:89:b6:a7:3f:21:dc:65:8f:e8:f7:81:da:92:71:fe:ac:b9:
         14:a7:8d:36:82:ee:7b:b3:3b:fe:84:de:10:35:17:b9:bf:11:
         8b:b0:81:41:51:c3:fa:6b:f7:a9:00:60:9a:90:2e:5b:34:c6:
         16:3a:10:c7:06:ae:75:43:a4:1b:0b:49:35:cc:44:59:7e:31:
         c5:00:41:76:07:fc:c8:f3:6f:50:75:59:97:f8:a7:e7:88:68:
         32:dc:2b:bc:da:86:36:8f:7b:23:a1:38:39:46:87:af:fb:90:
         79:f0:f7:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiICdjOrp06IKbCTJSmHhJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlM2IwMzg1MjYwYWM2NmYyMWM0M2Y1YWI3OGJhYzY4MmU4
Y2U1NGYwHhcNMjUwMTAxMTM0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWZjMzNlY2ViNjA3M2ZkOWM3ZjFiNTZiZmVhYjI4OTI3ODM5ZTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu27VAcW9vqD+u2b9DrY69w6MRKZS
1a9fziq5akXYvai1vEOymj3eLMNHwTW6QizvV9+o1NXSb/0RZ8wfFV3hHoAW4UwX
+1jQY7RWXL+Mf4K0x6DK68M3vPQK/OIsXwPCTDbeWQspoLiMLJ87MZ9MgSh+y5i1
/M7gYoaRh2YXHhHfleX5wEpjAPBGzvgUX0Iiv4tiI8SIb+Hpq07tR/5lOWJtafyl
+DDUKVBU0CUOtQJoAKCuE4LvJPGU9CCEo5Y2JDdJIQpVD2lgJBcq2zt5lcbdpLi0
n2bOn+5PxWGFTnih3HXRnDh7I+iv7Rg6+gK2wPm9einBbDc51GQn8uxZOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCr8M+zrYHP9nH8bVr/qsokng55CMB8GA1UdIwQY
MBaAFP47A4UmCsZvIcQ/WreLrGgujOVPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2pzRGhTWUt4bThoeEQ5YXQ0dXNhQzZNNVU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9hMmZmZDktNzQ1ZC00ZTdkLWIyYjIt
NzUwMzNmOGY3MjEwLzEvS3Z3ejdPdGdjXzJjZnh0V3YtcXlpU2VEbmtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9hMmZmZDktNzQ1ZC00ZTdkLWIyYjItNzUwMzNmOGY3MjEw
LzEvX2pzRGhTWUt4bThoeEQ5YXQ0dXNhQzZNNVU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJYzQMA0G
CSqGSIb3DQEBCwUAA4IBAQAdYDLXdzr+O4tXk6TLUTay8IZueQOhA4f+79MNQiAh
H6S+7L2AAsMhk9kEYMZKetqwbyEkbyGZK884OkcLH0TzOpIqXA1AnADPuo9HGDRa
i4izZpP5kp/j2l986HJHQBrpK+wsru1khJ91ykZVhuJtbwVsmQoysPAs5lJB8JOf
s0WhMW0pOA+1oMUROV+mALWYibanPyHcZY/o94HaknH+rLkUp402gu57szv+hN4Q
NRe5vxGLsIFBUcP6a/epAGCakC5bNMYWOhDHBq51Q6QbC0k1zERZfjHFAEF2B/zI
829QdVmX+KfniGgy3Cu82oY2j3sjoTg5Roev+5B58PcU
-----END CERTIFICATE-----