Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/6sN27eMuzDxdB1DRiTYQIlOPoKo.roa
File:                     6sN27eMuzDxdB1DRiTYQIlOPoKo.roa (raw, json)
Hash identifier:          98iF4YFmTOv7hhV6ZmmIjbvbOtMR3MzPKlVto1h+HfY=
Subject key identifier:   EA:C3:76:ED:E3:2E:CC:3C:5D:07:50:D1:89:36:10:22:53:8F:A0:AA
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       018ED29E817E2C0C26B027309BA5911B1B0B
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/6sN27eMuzDxdB1DRiTYQIlOPoKo.roa
Signing time:             Fri 12 Apr 2024 14:03:06 +0000
ROA not before:           Fri 12 Apr 2024 14:03:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59432
IP address blocks:        46.37.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d2:9e:81:7e:2c:0c:26:b0:27:30:9b:a5:91:1b:1b:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Apr 12 14:03:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eac376ede32ecc3c5d0750d189361022538fa0aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d8:1c:34:50:97:98:32:52:97:c2:60:83:2c:
                    35:18:62:59:9d:3c:fe:16:fb:62:e5:0c:ff:07:08:
                    d8:50:e3:c0:80:10:bf:c3:05:50:0a:ed:43:6f:f3:
                    22:8f:44:56:ef:84:a7:9a:90:19:86:13:d8:72:3d:
                    5c:f1:08:33:17:8c:29:d8:43:a0:26:fa:7f:f5:1f:
                    2d:15:ee:e6:26:6b:c9:b6:e0:20:44:95:15:4f:ad:
                    81:80:17:6d:e9:a1:06:8e:ca:66:0b:50:06:ce:b3:
                    72:45:56:14:d8:4c:c5:45:7b:eb:45:19:69:b4:95:
                    3d:32:0b:c9:a0:14:26:7e:15:0f:03:a9:c0:ce:93:
                    37:d5:1c:68:e1:19:7d:27:ee:f2:52:5b:b3:bd:70:
                    35:b3:8f:65:36:e4:0f:25:b7:b8:41:70:73:d6:4c:
                    64:cf:8c:8e:3c:24:80:07:fc:04:dd:af:0f:a4:c5:
                    86:34:9c:ba:38:04:e1:5d:20:08:0d:fc:7b:7b:67:
                    41:32:c5:c2:a6:16:a5:21:2f:4a:70:09:a2:cc:69:
                    e5:22:5c:88:bf:a4:0d:d1:12:45:f4:a0:49:0c:3d:
                    e0:1d:11:83:05:ce:26:54:81:5e:25:f1:f2:6c:7a:
                    2a:98:12:c1:fd:14:ee:57:c3:f0:fd:27:f3:00:01:
                    51:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:C3:76:ED:E3:2E:CC:3C:5D:07:50:D1:89:36:10:22:53:8F:A0:AA
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/6sN27eMuzDxdB1DRiTYQIlOPoKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:73:76:17:9b:7d:24:62:8f:e1:41:8a:c3:03:93:ea:3b:65:
         7f:1b:2b:67:96:8e:52:5a:e8:13:54:32:ac:b3:90:64:1a:dc:
         46:91:df:f8:1b:50:b5:c5:1a:0d:1b:88:83:d7:f2:17:50:42:
         8b:c4:40:d4:1c:8e:05:16:2e:2d:02:09:99:c0:10:fc:49:3c:
         71:c8:10:08:c7:09:77:06:e6:1f:d1:0c:8d:82:f2:6e:b1:dc:
         20:a3:3a:96:e8:01:1c:81:3f:1c:68:17:f6:63:53:e8:06:b1:
         b0:5f:24:d1:a1:13:27:ef:99:86:a9:87:ec:66:74:bf:39:ca:
         30:af:7c:1b:9d:82:66:8f:62:36:0c:e8:62:18:16:7a:af:d2:
         8f:14:eb:a7:b1:9b:9e:4b:7a:58:aa:c8:15:3a:73:5a:8c:9c:
         92:c3:35:97:14:07:21:7e:fe:f5:17:08:8b:21:13:9c:37:f0:
         98:d1:a3:ae:f4:e1:a0:72:7c:6b:b7:a0:f0:c9:d2:82:00:2f:
         d8:60:3d:8d:9e:d1:72:a1:20:e3:1f:fc:28:13:da:3f:6e:73:
         9e:21:31:eb:d3:11:86:07:0d:5d:9f:91:11:e0:e3:1a:e2:fe:
         9b:a6:2a:bf:55:31:5b:9f:20:7d:08:cf:2a:66:29:3c:b4:9c:
         ad:50:dc:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7SnoF+LAwmsCcwm6WRGxsLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjQwNDEyMTQwMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWMzNzZlZGUzMmVjYzNjNWQwNzUwZDE4OTM2MTAyMjUzOGZhMGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9gcNFCXmDJSl8Jggyw1GGJZnTz+
Fvti5Qz/BwjYUOPAgBC/wwVQCu1Db/Mij0RW74SnmpAZhhPYcj1c8QgzF4wp2EOg
Jvp/9R8tFe7mJmvJtuAgRJUVT62BgBdt6aEGjspmC1AGzrNyRVYU2EzFRXvrRRlp
tJU9MgvJoBQmfhUPA6nAzpM31Rxo4Rl9J+7yUluzvXA1s49lNuQPJbe4QXBz1kxk
z4yOPCSAB/wE3a8PpMWGNJy6OAThXSAIDfx7e2dBMsXCphalIS9KcAmizGnlIlyI
v6QN0RJF9KBJDD3gHRGDBc4mVIFeJfHybHoqmBLB/RTuV8Pw/SfzAAFRRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOrDdu3jLsw8XQdQ0Yk2ECJTj6CqMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvNnNOMjdlTXV6RHhkQjFEUmlUWVFJbE9Qb0tvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiV9MA0G
CSqGSIb3DQEBCwUAA4IBAQAmc3YXm30kYo/hQYrDA5PqO2V/Gytnlo5SWugTVDKs
s5BkGtxGkd/4G1C1xRoNG4iD1/IXUEKLxEDUHI4FFi4tAgmZwBD8STxxyBAIxwl3
BuYf0QyNgvJusdwgozqW6AEcgT8caBf2Y1PoBrGwXyTRoRMn75mGqYfsZnS/Ocow
r3wbnYJmj2I2DOhiGBZ6r9KPFOunsZueS3pYqsgVOnNajJySwzWXFAchfv71FwiL
IROcN/CY0aOu9OGgcnxrt6DwydKCAC/YYD2NntFyoSDjH/woE9o/bnOeITHr0xGG
Bw1dn5ER4OMa4v6bpiq/VTFbnyB9CM8qZik8tJytUNxh
-----END CERTIFICATE-----