Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/b1c31a-fc39-4160-b1da-8373a6a411bf/1/DWNtN1UdTBREYyaanUpXB_FD8t4.roa
File:                     DWNtN1UdTBREYyaanUpXB_FD8t4.roa (raw, json)
Hash identifier:          xHaaIDZ06J/70dT/JEm/SEDUNciR+mQ5wcEXZY/Pc2k=
Subject key identifier:   0D:63:6D:37:55:1D:4C:14:44:63:26:9A:9D:4A:57:07:F1:43:F2:DE
Certificate issuer:       /CN=37493000b9a704531da1a1766be538271ee0ccc9
Certificate serial:       0198A7D7F473894A0DB647E7104314A4BE52
Authority key identifier: 37:49:30:00:B9:A7:04:53:1D:A1:A1:76:6B:E5:38:27:1E:E0:CC:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N0kwALmnBFMdoaF2a-U4Jx7gzMk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/b1c31a-fc39-4160-b1da-8373a6a411bf/1/DWNtN1UdTBREYyaanUpXB_FD8t4.roa
Signing time:             Thu 14 Aug 2025 09:10:04 +0000
ROA not before:           Thu 14 Aug 2025 09:10:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48996
IP address blocks:        37.44.224.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/b1c31a-fc39-4160-b1da-8373a6a411bf/1/N0kwALmnBFMdoaF2a-U4Jx7gzMk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/b1c31a-fc39-4160-b1da-8373a6a411bf/1/N0kwALmnBFMdoaF2a-U4Jx7gzMk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N0kwALmnBFMdoaF2a-U4Jx7gzMk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a7:d7:f4:73:89:4a:0d:b6:47:e7:10:43:14:a4:be:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37493000b9a704531da1a1766be538271ee0ccc9
        Validity
            Not Before: Aug 14 09:10:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d636d37551d4c144463269a9d4a5707f143f2de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:3e:ef:65:04:55:4f:a9:25:28:42:f7:01:61:
                    53:8a:ab:da:93:be:0e:ce:08:77:00:df:8d:9f:a4:
                    8a:7f:6a:03:04:55:00:42:11:4b:36:f3:fc:bf:7c:
                    63:87:06:28:73:3a:11:a2:1c:14:dc:6d:56:fa:16:
                    19:58:66:c5:2a:8e:1a:eb:92:65:9c:c8:f6:04:d4:
                    1f:ce:b2:c9:ac:57:ca:50:27:51:22:97:77:89:31:
                    84:cd:f6:b6:65:0d:50:ab:e4:ef:26:e8:ff:ce:a5:
                    41:8f:12:0e:61:60:aa:6f:91:e6:fb:85:70:4b:29:
                    95:b5:d2:12:03:a3:64:ca:21:c7:72:8d:0d:99:82:
                    0d:5d:d5:66:92:0f:c1:9d:4f:74:fa:cc:d4:4d:de:
                    b9:e6:61:66:cb:89:62:01:8d:e6:a4:2e:35:d7:0b:
                    ec:0f:7e:9c:e7:36:e0:4d:28:d1:e3:f0:df:27:18:
                    44:af:aa:ef:56:09:d8:27:4a:7c:cc:0d:73:2e:38:
                    5b:ad:e2:96:cc:3e:69:eb:df:e2:db:d9:27:26:79:
                    7c:4d:86:f6:5b:6d:03:4c:1e:c8:18:6e:3e:5d:7f:
                    c9:0c:73:70:b5:c2:92:a1:4a:f3:9c:4d:ea:86:25:
                    08:db:7e:bf:f9:ef:08:0b:a2:65:be:4d:5b:27:87:
                    89:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:63:6D:37:55:1D:4C:14:44:63:26:9A:9D:4A:57:07:F1:43:F2:DE
            X509v3 Authority Key Identifier:
                keyid:37:49:30:00:B9:A7:04:53:1D:A1:A1:76:6B:E5:38:27:1E:E0:CC:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N0kwALmnBFMdoaF2a-U4Jx7gzMk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/b1c31a-fc39-4160-b1da-8373a6a411bf/1/DWNtN1UdTBREYyaanUpXB_FD8t4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/b1c31a-fc39-4160-b1da-8373a6a411bf/1/N0kwALmnBFMdoaF2a-U4Jx7gzMk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.44.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:6a:0a:53:32:50:cc:08:4e:ae:bd:19:74:41:32:77:c5:be:
         6c:69:0e:f4:6c:b6:e7:fb:1d:c9:c4:6c:02:b3:51:73:37:df:
         14:cd:4e:2e:54:f9:7d:2d:1d:08:28:97:dc:3f:7f:cc:f8:d5:
         73:7b:5b:11:ef:56:57:ba:5e:da:62:98:fe:d1:54:e4:5f:af:
         24:33:9e:46:43:80:b6:e6:0b:10:69:00:44:ad:3c:2b:ea:15:
         3f:08:81:cf:f5:ef:9b:da:e4:df:46:3b:cc:68:b7:f2:88:f5:
         da:5f:07:3d:39:7c:0d:d0:f7:7a:10:63:40:2d:8e:77:33:45:
         9d:55:2a:b5:21:1a:83:7f:87:2e:a8:3f:03:03:1c:41:f8:1a:
         59:a5:96:a4:37:df:75:de:72:04:c3:fc:09:87:94:da:81:0d:
         18:60:77:13:35:77:97:a9:7f:a6:aa:0e:d8:95:d7:8f:ec:4e:
         cd:b0:d0:7b:26:4a:e0:d3:2b:8f:57:aa:26:81:fa:f9:40:c3:
         cb:15:4c:53:a3:55:cc:01:92:30:bb:e3:4b:0e:1e:bc:b9:c0:
         7c:95:b4:2f:64:9f:4d:3e:7a:5a:68:c4:74:d2:38:58:ed:3c:
         72:d2:96:c3:1c:fe:e6:3d:09:71:28:11:35:d8:4c:21:7c:b7:
         4b:14:97:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZin1/RziUoNtkfnEEMUpL5SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NDkzMDAwYjlhNzA0NTMxZGExYTE3NjZiZTUzODI3MWVl
MGNjYzkwHhcNMjUwODE0MDkxMDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDYzNmQzNzU1MWQ0YzE0NDQ2MzI2OWE5ZDRhNTcwN2YxNDNmMmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4j7vZQRVT6klKEL3AWFTiqvak74O
zgh3AN+Nn6SKf2oDBFUAQhFLNvP8v3xjhwYoczoRohwU3G1W+hYZWGbFKo4a65Jl
nMj2BNQfzrLJrFfKUCdRIpd3iTGEzfa2ZQ1Qq+TvJuj/zqVBjxIOYWCqb5Hm+4Vw
SymVtdISA6NkyiHHco0NmYINXdVmkg/BnU90+szUTd655mFmy4liAY3mpC411wvs
D36c5zbgTSjR4/DfJxhEr6rvVgnYJ0p8zA1zLjhbreKWzD5p69/i29knJnl8TYb2
W20DTB7IGG4+XX/JDHNwtcKSoUrznE3qhiUI236/+e8IC6Jlvk1bJ4eJwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1jbTdVHUwURGMmmp1KVwfxQ/LeMB8GA1UdIwQY
MBaAFDdJMAC5pwRTHaGhdmvlOCce4MzJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjBrd0FMbW5CRk1kb2FGMmEtVTRKeDdnek1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9iMWMzMWEtZmMzOS00MTYwLWIxZGEt
ODM3M2E2YTQxMWJmLzEvRFdOdE4xVWRUQlJFWXlhYW5VcFhCX0ZEOHQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9iMWMzMWEtZmMzOS00MTYwLWIxZGEtODM3M2E2YTQxMWJm
LzEvTjBrd0FMbW5CRk1kb2FGMmEtVTRKeDdnek1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJSzgMA0G
CSqGSIb3DQEBCwUAA4IBAQCVagpTMlDMCE6uvRl0QTJ3xb5saQ70bLbn+x3JxGwC
s1FzN98UzU4uVPl9LR0IKJfcP3/M+NVze1sR71ZXul7aYpj+0VTkX68kM55GQ4C2
5gsQaQBErTwr6hU/CIHP9e+b2uTfRjvMaLfyiPXaXwc9OXwN0Pd6EGNALY53M0Wd
VSq1IRqDf4cuqD8DAxxB+BpZpZakN9913nIEw/wJh5TagQ0YYHcTNXeXqX+mqg7Y
ldeP7E7NsNB7Jkrg0yuPV6omgfr5QMPLFUxTo1XMAZIwu+NLDh68ucB8lbQvZJ9N
PnpaaMR00jhY7Txy0pbDHP7mPQlxKBE12EwhfLdLFJfC
-----END CERTIFICATE-----