Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/def7ce-25d4-43c1-8eae-1a64cf21a604/1/NgTSw9rOBAfPS4MtjXGQZaPIG-w.roa
File:                     NgTSw9rOBAfPS4MtjXGQZaPIG-w.roa (raw, json)
Hash identifier:          QoJnVLn+HaHuElV9Eo+G6A/RqM+7xMdjsOKyAlPzJus=
Subject key identifier:   36:04:D2:C3:DA:CE:04:07:CF:4B:83:2D:8D:71:90:65:A3:C8:1B:EC
Certificate issuer:       /CN=10f7741cd1af2bb34c86c73ea3bd6c76d9968d0d
Certificate serial:       0194258F808CD64D5932BFA6799158D98EDD
Authority key identifier: 10:F7:74:1C:D1:AF:2B:B3:4C:86:C7:3E:A3:BD:6C:76:D9:96:8D:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EPd0HNGvK7NMhsc-o71sdtmWjQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/def7ce-25d4-43c1-8eae-1a64cf21a604/1/NgTSw9rOBAfPS4MtjXGQZaPIG-w.roa
Signing time:             Thu 02 Jan 2025 05:49:09 +0000
ROA not before:           Thu 02 Jan 2025 05:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51088
IP address blocks:        185.37.4.0/23 maxlen: 23
                          185.37.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/def7ce-25d4-43c1-8eae-1a64cf21a604/1/EPd0HNGvK7NMhsc-o71sdtmWjQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/def7ce-25d4-43c1-8eae-1a64cf21a604/1/EPd0HNGvK7NMhsc-o71sdtmWjQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EPd0HNGvK7NMhsc-o71sdtmWjQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:80:8c:d6:4d:59:32:bf:a6:79:91:58:d9:8e:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10f7741cd1af2bb34c86c73ea3bd6c76d9968d0d
        Validity
            Not Before: Jan  2 05:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3604d2c3dace0407cf4b832d8d719065a3c81bec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d2:77:c8:4f:59:c0:5f:e7:57:73:4d:5d:30:
                    96:31:3a:d7:44:d2:35:23:45:9c:07:5a:f3:08:f2:
                    17:8a:77:0f:75:db:ee:fd:2b:ed:2e:47:c9:24:b1:
                    f2:2c:3a:87:f2:73:2a:2b:99:00:01:8c:1e:03:24:
                    d5:fe:5f:b1:fc:39:59:d4:1c:db:2e:f9:67:27:a7:
                    97:80:ed:81:0e:8a:e7:45:02:40:72:c0:b0:03:c3:
                    c5:83:da:28:53:0e:ca:ac:3c:72:32:79:ba:c2:40:
                    f8:67:36:f0:e2:51:5d:a6:49:1c:07:d8:1b:59:8b:
                    0f:b6:e5:19:f8:25:98:bb:00:ef:ab:7c:ff:d9:cf:
                    ff:3e:06:b6:04:b5:fc:91:5b:9b:8c:53:07:36:ea:
                    32:ca:57:e7:2c:d6:ae:51:8d:49:d4:90:05:4a:31:
                    2b:5c:bb:91:74:cf:0b:56:87:68:37:6c:b2:cf:11:
                    14:9a:e8:96:86:2b:07:09:20:60:f9:24:a8:d3:ce:
                    0b:1b:6c:41:d3:09:1b:a0:16:09:6a:26:ca:5e:77:
                    ba:57:6e:5d:44:c0:8a:e7:c3:8c:8a:6c:e8:89:fa:
                    e5:84:0f:9d:db:12:46:9a:2e:e6:45:94:a8:7e:3f:
                    32:7c:e4:2c:5c:46:ae:c3:f1:6f:73:0e:c9:19:43:
                    0b:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:04:D2:C3:DA:CE:04:07:CF:4B:83:2D:8D:71:90:65:A3:C8:1B:EC
            X509v3 Authority Key Identifier:
                keyid:10:F7:74:1C:D1:AF:2B:B3:4C:86:C7:3E:A3:BD:6C:76:D9:96:8D:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EPd0HNGvK7NMhsc-o71sdtmWjQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/def7ce-25d4-43c1-8eae-1a64cf21a604/1/NgTSw9rOBAfPS4MtjXGQZaPIG-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/def7ce-25d4-43c1-8eae-1a64cf21a604/1/EPd0HNGvK7NMhsc-o71sdtmWjQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.4.0-185.37.6.255

    Signature Algorithm: sha256WithRSAEncryption
         3d:10:46:b5:7c:b5:24:0a:7b:e7:36:d3:15:8d:55:5e:67:d1:
         cd:89:31:dc:a6:f9:c9:88:b0:a3:30:9d:9f:13:3e:f8:1a:d9:
         56:5b:9a:21:04:6e:4e:10:9c:6d:1e:42:be:1b:39:23:39:4f:
         f1:46:9b:9c:48:92:0a:fc:8f:0b:c2:4f:4a:23:bf:f8:f3:be:
         08:b1:00:c2:1b:e6:2f:d2:50:a9:db:b2:f0:46:7d:51:3d:2f:
         07:a2:7c:b9:e6:3e:b7:8b:ed:28:8d:ee:91:ea:d4:98:02:57:
         fe:a3:96:86:c1:5a:a3:67:e6:89:1e:f0:fb:f3:a6:30:b8:f4:
         7c:9b:3f:99:a8:79:45:d3:c8:79:36:89:a4:14:1e:53:bc:d4:
         20:28:09:f4:24:40:b2:c1:ee:0d:bf:70:70:c8:0b:7e:18:23:
         be:18:ca:c9:f9:76:36:1b:ec:d5:ef:a3:5d:e9:5d:12:39:ef:
         5c:e5:50:a8:29:89:67:16:ec:ab:10:07:86:45:a4:fe:b7:73:
         24:4f:36:85:ff:82:bc:48:3c:49:fa:e7:c3:87:e1:cc:e6:05:
         dc:85:a5:db:61:c8:9e:d3:7f:6f:98:88:2d:56:a1:10:b2:c4:
         bb:20:a0:1f:f0:a2:ac:d2:23:64:f1:76:f3:10:8a:b4:77:34:
         84:55:8b:2f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQlj4CM1k1ZMr+meZFY2Y7dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwZjc3NDFjZDFhZjJiYjM0Yzg2YzczZWEzYmQ2Yzc2ZDk5
NjhkMGQwHhcNMjUwMTAyMDU0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjA0ZDJjM2RhY2UwNDA3Y2Y0YjgzMmQ4ZDcxOTA2NWEzYzgxYmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9J3yE9ZwF/nV3NNXTCWMTrXRNI1
I0WcB1rzCPIXincPddvu/SvtLkfJJLHyLDqH8nMqK5kAAYweAyTV/l+x/DlZ1Bzb
LvlnJ6eXgO2BDornRQJAcsCwA8PFg9ooUw7KrDxyMnm6wkD4Zzbw4lFdpkkcB9gb
WYsPtuUZ+CWYuwDvq3z/2c//Pga2BLX8kVubjFMHNuoyylfnLNauUY1J1JAFSjEr
XLuRdM8LVodoN2yyzxEUmuiWhisHCSBg+SSo084LG2xB0wkboBYJaibKXne6V25d
RMCK58OMimzoifrlhA+d2xJGmi7mRZSofj8yfOQsXEauw/Fvcw7JGUMLtwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDYE0sPazgQHz0uDLY1xkGWjyBvsMB8GA1UdIwQY
MBaAFBD3dBzRryuzTIbHPqO9bHbZlo0NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVBkMEhOR3ZLN05NaHNjLW83MXNkdG1XalEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9kZWY3Y2UtMjVkNC00M2MxLThlYWUt
MWE2NGNmMjFhNjA0LzEvTmdUU3c5ck9CQWZQUzRNdGpYR1FaYVBJRy13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9kZWY3Y2UtMjVkNC00M2MxLThlYWUtMWE2NGNmMjFhNjA0
LzEvRVBkMEhOR3ZLN05NaHNjLW83MXNkdG1XalEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAK5JQQD
BAC5JQYwDQYJKoZIhvcNAQELBQADggEBAD0QRrV8tSQKe+c20xWNVV5n0c2JMdym
+cmIsKMwnZ8TPvga2VZbmiEEbk4QnG0eQr4bOSM5T/FGm5xIkgr8jwvCT0ojv/jz
vgixAMIb5i/SUKnbsvBGfVE9LweifLnmPreL7SiN7pHq1JgCV/6jlobBWqNn5oke
8PvzpjC49HybP5moeUXTyHk2iaQUHlO81CAoCfQkQLLB7g2/cHDIC34YI74Yysn5
djYb7NXvo13pXRI571zlUKgpiWcW7KsQB4ZFpP63cyRPNoX/grxIPEn658OH4czm
BdyFpdthyJ7Tf2+YiC1WoRCyxLsgoB/woqzSI2TxdvMQirR3NIRViy8=
-----END CERTIFICATE-----