Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/IdL8R-kNjIfqMn0goyW2PAEPFos.roa
File:                     IdL8R-kNjIfqMn0goyW2PAEPFos.roa (raw, json)
Hash identifier:          Gu3edWp38AtswV6DfZwhSvqsh6iORDo7/Ja/VXQf8YY=
Subject key identifier:   21:D2:FC:47:E9:0D:8C:87:EA:32:7D:20:A3:25:B6:3C:01:0F:16:8B
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       018F2689981F138CFBD9681916AD9802972A
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/IdL8R-kNjIfqMn0goyW2PAEPFos.roa
Signing time:             Sun 28 Apr 2024 21:08:22 +0000
ROA not before:           Sun 28 Apr 2024 21:08:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215027
IP address blocks:        46.37.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:26:89:98:1f:13:8c:fb:d9:68:19:16:ad:98:02:97:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Apr 28 21:08:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21d2fc47e90d8c87ea327d20a325b63c010f168b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:e4:51:00:6b:eb:3b:de:ce:45:45:92:9a:41:
                    be:ce:ef:7c:40:4b:ce:e3:9b:4f:be:ce:0d:41:f2:
                    7a:0f:44:a6:11:a7:43:2e:88:92:ca:77:0e:c1:c0:
                    a6:81:e3:ec:1c:7a:d1:74:be:24:e6:47:20:ab:e1:
                    70:6c:b7:4c:73:4d:a4:44:26:eb:04:01:c8:f4:7e:
                    c2:17:58:ff:de:c2:e0:37:4e:d8:56:3b:9c:b0:39:
                    9f:e6:5a:8c:7e:be:bb:59:f8:82:e1:da:1d:1b:b5:
                    71:ab:d4:af:41:97:1f:27:01:c7:6c:b7:4a:2b:0c:
                    ea:83:ba:48:2e:b6:36:6d:a5:2d:9f:93:37:57:8f:
                    3f:6d:84:ec:be:9e:30:dc:75:c6:ab:f3:3b:73:f3:
                    eb:63:86:14:c7:f6:37:0d:63:1a:cf:25:8a:5f:37:
                    c6:67:99:90:43:b9:c7:75:67:91:ff:66:05:40:8d:
                    cc:e9:85:0f:43:14:30:5c:45:cf:bc:61:8e:b5:8e:
                    a3:6f:23:c3:f4:b4:e6:57:18:54:7d:2c:ac:c9:d1:
                    98:e4:4a:a1:d3:30:cf:d3:22:76:48:f8:e7:9f:b2:
                    d4:4c:37:78:41:da:f1:ca:73:b4:00:2b:45:00:62:
                    1b:68:e9:0a:42:fe:ab:e5:d9:d6:c0:8b:b5:cf:72:
                    81:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:D2:FC:47:E9:0D:8C:87:EA:32:7D:20:A3:25:B6:3C:01:0F:16:8B
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/IdL8R-kNjIfqMn0goyW2PAEPFos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:a1:3a:7e:93:db:91:2a:79:b5:5d:66:0e:4b:64:af:46:8c:
         27:d9:3b:8d:27:36:41:78:c3:6c:ea:c2:d6:25:ca:81:15:a4:
         c8:99:33:4c:c7:4c:30:65:c2:e3:dc:e2:a6:0c:b4:ee:59:d2:
         71:ce:4c:00:93:99:17:02:50:1d:0c:93:96:8e:9f:fe:36:b8:
         34:6f:ae:86:a0:70:80:3b:6e:09:7f:b9:5b:2c:b2:35:33:8a:
         d3:01:b9:46:78:16:10:f9:75:5c:07:6f:7e:f1:12:9a:fc:21:
         d7:ed:23:55:71:14:7a:f3:bb:4b:26:8f:69:cc:90:6a:a5:16:
         ae:35:06:44:95:cf:ec:91:02:06:2d:a0:9e:89:6f:2c:82:41:
         ee:43:b5:99:a4:6d:c2:93:4d:f5:96:b3:ff:f4:e2:02:ab:b4:
         9b:97:71:df:22:3e:e4:57:08:f3:c2:82:15:ee:bc:dd:ac:97:
         f6:01:6a:f8:56:0a:ca:d9:ca:68:57:bb:86:32:07:46:17:01:
         c6:65:2e:0b:74:5b:f6:3d:8d:e6:27:c1:6f:71:df:29:5d:2c:
         d8:bf:0d:b0:d7:69:d6:e5:04:b3:cc:92:91:29:25:b0:9d:ac:
         9c:b4:a6:bf:20:61:1f:9a:9f:84:e0:fe:d6:03:0b:17:6d:35:
         e9:5d:ec:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8miZgfE4z72WgZFq2YApcqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjQwNDI4MjEwODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWQyZmM0N2U5MGQ4Yzg3ZWEzMjdkMjBhMzI1YjYzYzAxMGYxNjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+RRAGvrO97ORUWSmkG+zu98QEvO
45tPvs4NQfJ6D0SmEadDLoiSyncOwcCmgePsHHrRdL4k5kcgq+FwbLdMc02kRCbr
BAHI9H7CF1j/3sLgN07YVjucsDmf5lqMfr67WfiC4dodG7Vxq9SvQZcfJwHHbLdK
Kwzqg7pILrY2baUtn5M3V48/bYTsvp4w3HXGq/M7c/PrY4YUx/Y3DWMazyWKXzfG
Z5mQQ7nHdWeR/2YFQI3M6YUPQxQwXEXPvGGOtY6jbyPD9LTmVxhUfSysydGY5Eqh
0zDP0yJ2SPjnn7LUTDd4QdrxynO0ACtFAGIbaOkKQv6r5dnWwIu1z3KB3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCHS/EfpDYyH6jJ9IKMltjwBDxaLMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvSWRMOFIta05qSWZxTW4wZ295VzJQQUVQRm9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVzMA0G
CSqGSIb3DQEBCwUAA4IBAQC0oTp+k9uRKnm1XWYOS2SvRown2TuNJzZBeMNs6sLW
JcqBFaTImTNMx0wwZcLj3OKmDLTuWdJxzkwAk5kXAlAdDJOWjp/+Nrg0b66GoHCA
O24Jf7lbLLI1M4rTAblGeBYQ+XVcB29+8RKa/CHX7SNVcRR687tLJo9pzJBqpRau
NQZElc/skQIGLaCeiW8sgkHuQ7WZpG3Ck031lrP/9OICq7Sbl3HfIj7kVwjzwoIV
7rzdrJf2AWr4VgrK2cpoV7uGMgdGFwHGZS4LdFv2PY3mJ8Fvcd8pXSzYvw2w12nW
5QSzzJKRKSWwnayctKa/IGEfmp+E4P7WAwsXbTXpXeyB
-----END CERTIFICATE-----