Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/020d47-2cc0-436b-b9f9-b73bfccb4e08/1/zQEfbksVhhA2S7Y-4p6fScJooW4.roa
File:                     zQEfbksVhhA2S7Y-4p6fScJooW4.roa (raw, json)
Hash identifier:          wml6Lhyvjtk0nrkWUQQ2ofJbLrbKj1m4u8FJSWuGbD4=
Subject key identifier:   CD:01:1F:6E:4B:15:86:10:36:4B:B6:3E:E2:9E:9F:49:C2:68:A1:6E
Certificate issuer:       /CN=37dee6acbc782b8c7696a40b28e80339619d0f1b
Certificate serial:       0194228D7C808759929950C05280E094A6C9
Authority key identifier: 37:DE:E6:AC:BC:78:2B:8C:76:96:A4:0B:28:E8:03:39:61:9D:0F:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N97mrLx4K4x2lqQLKOgDOWGdDxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/020d47-2cc0-436b-b9f9-b73bfccb4e08/1/zQEfbksVhhA2S7Y-4p6fScJooW4.roa
Signing time:             Wed 01 Jan 2025 15:48:05 +0000
ROA not before:           Wed 01 Jan 2025 15:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49173
IP address blocks:        37.26.252.0/22 maxlen: 24
                          185.6.32.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/020d47-2cc0-436b-b9f9-b73bfccb4e08/1/N97mrLx4K4x2lqQLKOgDOWGdDxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/020d47-2cc0-436b-b9f9-b73bfccb4e08/1/N97mrLx4K4x2lqQLKOgDOWGdDxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N97mrLx4K4x2lqQLKOgDOWGdDxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Mar 2025 14:41:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:7c:80:87:59:92:99:50:c0:52:80:e0:94:a6:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37dee6acbc782b8c7696a40b28e80339619d0f1b
        Validity
            Not Before: Jan  1 15:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd011f6e4b158610364bb63ee29e9f49c268a16e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e0:64:ef:0a:00:af:11:85:6c:68:79:8b:ba:
                    f5:50:ea:12:f4:d3:72:3f:7c:90:45:0a:bb:95:d9:
                    a7:c4:8b:c6:9b:c1:13:c8:4c:70:99:86:2c:6e:4a:
                    13:a1:31:fc:19:f4:01:1f:8e:0d:36:2e:d2:02:86:
                    0e:6e:e3:2c:be:09:16:16:64:65:d9:ef:b1:92:d7:
                    f5:1e:58:ea:c8:45:2d:50:a5:e0:b2:ad:1c:b3:c6:
                    e5:89:e2:81:73:07:a6:b4:d2:eb:b1:72:21:a9:09:
                    67:f6:cc:80:44:fc:bb:ea:36:66:63:09:c6:4a:2a:
                    ea:a6:2a:17:34:51:55:eb:33:d1:0a:e4:bd:63:e4:
                    c3:aa:fb:17:f7:cb:5f:2d:47:1e:cf:68:82:c2:80:
                    d3:24:c7:ce:ab:a3:c4:b3:48:89:b7:36:fd:e4:20:
                    90:2e:02:2c:d2:c0:ad:5a:85:5d:1e:7a:64:61:9e:
                    d8:d3:b5:8f:1a:dc:4f:df:06:a9:5d:e7:bd:81:de:
                    1a:9c:11:62:dd:bd:a7:5a:8a:1e:a7:9d:9c:40:b9:
                    51:b3:c7:b2:0c:5f:09:d8:58:1e:4c:bd:6d:ed:66:
                    38:75:d2:4e:1f:01:48:45:85:38:bd:93:18:36:dd:
                    50:50:00:ec:56:ad:47:53:b5:be:bb:8e:60:5f:92:
                    7a:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:01:1F:6E:4B:15:86:10:36:4B:B6:3E:E2:9E:9F:49:C2:68:A1:6E
            X509v3 Authority Key Identifier:
                keyid:37:DE:E6:AC:BC:78:2B:8C:76:96:A4:0B:28:E8:03:39:61:9D:0F:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N97mrLx4K4x2lqQLKOgDOWGdDxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/020d47-2cc0-436b-b9f9-b73bfccb4e08/1/zQEfbksVhhA2S7Y-4p6fScJooW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/020d47-2cc0-436b-b9f9-b73bfccb4e08/1/N97mrLx4K4x2lqQLKOgDOWGdDxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.26.252.0/22
                  185.6.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:d1:99:58:4a:ce:91:3a:f9:b5:c9:8f:8b:12:da:db:48:41:
         15:3a:b4:e2:d3:05:d0:99:fa:31:1a:19:02:4b:96:5c:ba:b0:
         3d:7e:07:d8:63:57:6e:73:2a:78:87:4f:65:35:57:0b:b8:f9:
         96:6a:dd:1a:b9:d3:0f:0b:c0:8c:e1:83:5f:b5:77:94:83:87:
         59:fb:61:c9:00:e9:4a:98:ac:f8:2c:4f:b1:a5:18:aa:1a:d7:
         4c:1f:38:e5:78:21:c8:d5:1f:01:96:55:48:2b:fa:c5:e5:56:
         fc:32:f8:95:ff:d5:f0:f9:71:2c:93:6b:c1:dd:67:33:b7:78:
         58:59:a4:cc:a9:d9:01:8b:de:52:d5:a7:93:ab:c8:89:1d:38:
         99:da:44:62:47:66:51:b0:52:44:43:40:11:0c:a3:3d:60:3c:
         6e:49:9e:06:07:43:a6:f2:1f:ef:aa:2d:5d:18:7b:45:18:c6:
         f3:3c:57:a5:cb:ba:dd:58:1e:25:fb:8a:88:53:03:c8:a6:35:
         a0:2e:71:44:bb:f2:04:38:0b:73:e8:8f:e4:40:3e:ae:f2:30:
         0e:ec:0b:7e:9f:14:0d:e4:a8:65:0e:52:29:56:24:67:4b:6d:
         b0:8a:a2:93:b3:52:83:58:8c:8d:5d:bd:c0:37:8d:fe:9f:8f:
         f9:52:ec:71
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijXyAh1mSmVDAUoDglKbJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZGVlNmFjYmM3ODJiOGM3Njk2YTQwYjI4ZTgwMzM5NjE5
ZDBmMWIwHhcNMjUwMTAxMTU0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDAxMWY2ZTRiMTU4NjEwMzY0YmI2M2VlMjllOWY0OWMyNjhhMTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOBk7woArxGFbGh5i7r1UOoS9NNy
P3yQRQq7ldmnxIvGm8ETyExwmYYsbkoToTH8GfQBH44NNi7SAoYObuMsvgkWFmRl
2e+xktf1HljqyEUtUKXgsq0cs8blieKBcwemtNLrsXIhqQln9syARPy76jZmYwnG
SirqpioXNFFV6zPRCuS9Y+TDqvsX98tfLUcez2iCwoDTJMfOq6PEs0iJtzb95CCQ
LgIs0sCtWoVdHnpkYZ7Y07WPGtxP3wapXee9gd4anBFi3b2nWooep52cQLlRs8ey
DF8J2FgeTL1t7WY4ddJOHwFIRYU4vZMYNt1QUADsVq1HU7W+u45gX5J6+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM0BH25LFYYQNku2PuKen0nCaKFuMB8GA1UdIwQY
MBaAFDfe5qy8eCuMdpakCyjoAzlhnQ8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjk3bXJMeDRLNHgybHFRTEtPZ0RPV0dkRHhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8wMjBkNDctMmNjMC00MzZiLWI5Zjkt
YjczYmZjY2I0ZTA4LzEvelFFZmJrc1ZoaEEyUzdZLTRwNmZTY0pvb1c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8wMjBkNDctMmNjMC00MzZiLWI5ZjktYjczYmZjY2I0ZTA4
LzEvTjk3bXJMeDRLNHgybHFRTEtPZ0RPV0dkRHhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCJRr8AwQC
uQYgMA0GCSqGSIb3DQEBCwUAA4IBAQBD0ZlYSs6ROvm1yY+LEtrbSEEVOrTi0wXQ
mfoxGhkCS5ZcurA9fgfYY1ducyp4h09lNVcLuPmWat0audMPC8CM4YNftXeUg4dZ
+2HJAOlKmKz4LE+xpRiqGtdMHzjleCHI1R8BllVIK/rF5Vb8MviV/9Xw+XEsk2vB
3Wczt3hYWaTMqdkBi95S1aeTq8iJHTiZ2kRiR2ZRsFJEQ0ARDKM9YDxuSZ4GB0Om
8h/vqi1dGHtFGMbzPFely7rdWB4l+4qIUwPIpjWgLnFEu/IEOAtz6I/kQD6u8jAO
7At+nxQN5KhlDlIpViRnS22wiqKTs1KDWIyNXb3AN43+n4/5Uuxx
-----END CERTIFICATE-----