Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/9eRLttLKX9aaoX3cBUiU1_4oq2s.roa
File:                     9eRLttLKX9aaoX3cBUiU1_4oq2s.roa (raw, json)
Hash identifier:          rJLnY8IeXYDtDtuW5/p5kSMdT/VgapfsGeJbjzQoOZk=
Subject key identifier:   F5:E4:4B:B6:D2:CA:5F:D6:9A:A1:7D:DC:05:48:94:D7:FE:28:AB:6B
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       018CC348B6241FA78B178ED7F9ED537783D5
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/9eRLttLKX9aaoX3cBUiU1_4oq2s.roa
Signing time:             Mon 01 Jan 2024 04:29:31 +0000
ROA not before:           Mon 01 Jan 2024 04:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8100
IP address blocks:        46.37.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b6:24:1f:a7:8b:17:8e:d7:f9:ed:53:77:83:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  1 04:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5e44bb6d2ca5fd69aa17ddc054894d7fe28ab6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:eb:fa:91:cd:59:02:b6:62:b2:56:71:59:b5:
                    aa:25:96:97:04:12:d2:70:d8:83:d7:ec:e9:f7:ba:
                    a7:55:6e:66:40:09:05:2c:61:5c:04:e7:9e:b7:ff:
                    83:a4:2f:cc:61:bb:20:b9:45:72:57:e6:2a:b2:8e:
                    5b:3e:b2:27:0c:e7:a5:8d:70:b1:26:6c:92:8f:c0:
                    57:76:3e:ab:83:b6:23:3d:06:b2:3d:f2:e1:7e:aa:
                    19:90:15:4a:4d:16:d3:ad:0c:61:bb:d6:03:e4:04:
                    b8:99:9c:9c:52:62:dd:6c:7e:6b:c2:11:8a:14:06:
                    d8:30:00:85:c2:14:63:4a:27:11:aa:41:c6:d4:be:
                    52:66:5a:59:19:07:b6:4d:ab:8e:08:11:23:8c:3b:
                    82:93:d4:db:4b:0e:8e:55:5b:2d:c9:c0:91:a9:d6:
                    78:a3:2e:72:d1:c4:bd:54:c3:15:be:56:0d:74:13:
                    35:4f:1b:ae:51:f5:98:f6:54:b7:62:a2:52:ce:96:
                    8e:57:7a:83:c8:7d:ea:aa:c7:9a:3b:83:e7:4b:22:
                    cb:27:e9:35:6d:a2:35:77:56:ae:5d:e9:2c:87:53:
                    69:db:3f:aa:7e:7c:e2:f2:d7:d8:e1:8c:d6:c1:e1:
                    56:fe:ef:26:a3:39:ff:23:f3:8a:90:48:88:cd:ba:
                    5d:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:E4:4B:B6:D2:CA:5F:D6:9A:A1:7D:DC:05:48:94:D7:FE:28:AB:6B
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/9eRLttLKX9aaoX3cBUiU1_4oq2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:d4:19:2d:5d:e2:ef:f8:95:8a:78:01:13:c6:8a:0e:46:69:
         bd:5f:6d:fb:4a:cd:5a:98:f2:cb:ce:83:e7:3b:58:a9:ef:53:
         1f:70:8a:62:02:78:9c:e0:a1:8c:e7:c6:31:5b:11:46:2d:bb:
         78:ee:4a:e6:31:91:57:ce:b6:64:2f:41:4e:90:e4:29:06:7c:
         04:b9:58:f1:91:1d:8b:64:fe:ca:4f:50:b7:be:68:6b:3d:81:
         0f:ff:ef:da:26:2e:09:bf:80:5b:0b:a3:f9:0f:b9:df:e2:b5:
         ad:60:3a:ec:c1:f3:fe:82:0a:f7:0c:ab:83:f4:26:2b:53:28:
         59:58:a7:9e:f4:5d:b0:19:b2:36:60:32:1f:35:b9:a0:c1:89:
         48:6b:3c:b4:ec:0c:ff:a0:46:e5:6a:0a:3c:5c:0f:94:38:56:
         5a:da:85:fe:f1:97:c6:fd:23:11:b8:df:01:04:ca:4e:5f:23:
         33:8d:2a:44:32:49:cf:87:ad:d0:99:3e:92:f9:aa:68:70:9f:
         88:bb:ec:2a:d6:71:3c:9e:0b:7d:15:ba:10:fb:56:21:e2:b7:
         df:c0:55:f4:26:ff:b0:35:62:9b:4d:62:79:17:b2:db:21:a5:
         1f:ef:c7:9d:2e:8a:6d:aa:37:25:ae:ac:0c:bb:21:51:f2:69:
         06:ef:77:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSLYkH6eLF47X+e1Td4PVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjQwMTAxMDQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWU0NGJiNmQyY2E1ZmQ2OWFhMTdkZGMwNTQ4OTRkN2ZlMjhhYjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoev6kc1ZArZislZxWbWqJZaXBBLS
cNiD1+zp97qnVW5mQAkFLGFcBOeet/+DpC/MYbsguUVyV+Yqso5bPrInDOeljXCx
JmySj8BXdj6rg7YjPQayPfLhfqoZkBVKTRbTrQxhu9YD5AS4mZycUmLdbH5rwhGK
FAbYMACFwhRjSicRqkHG1L5SZlpZGQe2TauOCBEjjDuCk9TbSw6OVVstycCRqdZ4
oy5y0cS9VMMVvlYNdBM1TxuuUfWY9lS3YqJSzpaOV3qDyH3qqseaO4PnSyLLJ+k1
baI1d1auXeksh1Np2z+qfnzi8tfY4YzWweFW/u8mozn/I/OKkEiIzbpdjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPXkS7bSyl/WmqF93AVIlNf+KKtrMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvOWVSTHR0TEtYOWFhb1gzY0JVaVUxXzRvcTJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVgMA0G
CSqGSIb3DQEBCwUAA4IBAQBh1BktXeLv+JWKeAETxooORmm9X237Ss1amPLLzoPn
O1ip71MfcIpiAnic4KGM58YxWxFGLbt47krmMZFXzrZkL0FOkOQpBnwEuVjxkR2L
ZP7KT1C3vmhrPYEP/+/aJi4Jv4BbC6P5D7nf4rWtYDrswfP+ggr3DKuD9CYrUyhZ
WKee9F2wGbI2YDIfNbmgwYlIazy07Az/oEblago8XA+UOFZa2oX+8ZfG/SMRuN8B
BMpOXyMzjSpEMknPh63QmT6S+apocJ+Iu+wq1nE8ngt9FboQ+1Yh4rffwFX0Jv+w
NWKbTWJ5F7LbIaUf78edLoptqjclrqwMuyFR8mkG73et
-----END CERTIFICATE-----