Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/oMPjavaF2NMe_eQ0TEItGtJtRRQ.roa
File:                     oMPjavaF2NMe_eQ0TEItGtJtRRQ.roa (raw, json)
Hash identifier:          u7vu8jOnyKY3Uja9S5/rum7Q0D9WDbQRXxdbjldi5nk=
Subject key identifier:   A0:C3:E3:6A:F6:85:D8:D3:1E:FD:E4:34:4C:42:2D:1A:D2:6D:45:14
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       018F6E58133FDF1828B065AC77CA6FB11194
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/oMPjavaF2NMe_eQ0TEItGtJtRRQ.roa
Signing time:             Sun 12 May 2024 19:46:56 +0000
ROA not before:           Sun 12 May 2024 19:46:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     152672
IP address blocks:        46.37.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 21:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:6e:58:13:3f:df:18:28:b0:65:ac:77:ca:6f:b1:11:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: May 12 19:46:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0c3e36af685d8d31efde4344c422d1ad26d4514
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:52:7e:4b:f8:6a:d5:14:dc:3e:3d:d0:fe:25:
                    06:5b:a2:1f:3a:be:c4:83:4a:0a:9d:85:28:34:77:
                    d4:58:be:ac:76:a4:70:f6:3d:e3:57:4d:85:ba:12:
                    02:19:93:b6:ed:98:c9:47:c7:48:3c:b8:0c:5e:29:
                    8f:f5:da:2a:78:9b:5c:fe:50:bf:04:62:94:bd:f3:
                    b7:e6:1a:e8:4a:3c:ab:81:f0:d5:7f:8b:47:31:2f:
                    32:72:94:52:e1:03:76:90:98:52:7f:49:3c:0d:49:
                    49:32:9d:da:57:60:ac:9b:2e:3f:63:35:f4:8e:28:
                    9d:3d:50:c3:ab:4f:58:0b:8d:d8:e7:11:95:ce:ce:
                    dd:d1:f1:f7:d3:01:a7:c8:fa:fe:10:25:fb:a1:4f:
                    07:05:36:fa:05:71:88:88:d0:db:46:fc:03:63:98:
                    1a:93:f9:6d:4b:d9:7c:5f:a4:54:e2:87:2e:59:fa:
                    0d:63:5a:71:a7:95:b9:c4:21:65:be:2a:cd:00:a3:
                    61:71:30:50:16:31:2d:c5:96:ed:1d:ed:df:30:62:
                    9d:ff:90:25:f4:c1:4d:a1:d0:ed:86:ab:40:83:72:
                    fb:03:40:22:8d:50:b4:ac:80:d7:d7:98:fa:9b:4a:
                    bf:d8:2b:53:97:d6:df:e8:09:b9:c5:27:f9:fe:08:
                    e3:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:C3:E3:6A:F6:85:D8:D3:1E:FD:E4:34:4C:42:2D:1A:D2:6D:45:14
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/oMPjavaF2NMe_eQ0TEItGtJtRRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:95:9f:c5:de:c6:a0:1c:fa:b2:d2:6c:81:18:52:76:e4:7f:
         a1:93:37:bb:02:87:d1:f6:dd:6f:0e:a1:7e:d8:24:e8:b1:4e:
         51:dc:ba:b9:45:6a:75:c2:5c:6b:e7:13:e4:3e:35:44:a5:a2:
         68:d8:ac:43:11:c5:19:44:a4:6a:88:e8:41:30:51:16:db:2c:
         af:3a:ca:77:2d:31:1b:7e:87:22:3b:40:16:35:f2:1b:15:5d:
         5f:47:35:b4:27:3d:76:e0:5c:5e:a1:7a:07:75:e6:cc:94:18:
         01:0f:9b:cc:99:a5:18:e8:42:18:fb:ba:52:c0:78:34:86:8e:
         62:30:64:a9:ed:0a:5f:12:27:31:e6:a3:11:25:3d:00:fd:01:
         c8:b7:68:c4:35:27:bd:9f:7d:d6:2a:e7:45:90:0c:4e:52:35:
         31:98:3f:2e:43:d7:f7:82:66:d7:40:d1:f0:cc:3d:41:44:5d:
         94:7e:4d:e1:e5:0a:c6:2f:da:64:c5:d0:ea:ce:39:50:7c:64:
         9f:23:d6:e9:71:f0:58:c8:ed:44:9a:69:25:ec:85:a3:fe:51:
         45:c0:99:f2:e0:69:85:ac:6c:31:3e:63:c8:3d:e1:de:18:ff:
         04:d6:ed:b1:d1:db:08:8b:a3:d7:52:c5:8a:74:ea:9f:98:a2:
         94:28:b2:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9uWBM/3xgosGWsd8pvsRGUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjQwNTEyMTk0NjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGMzZTM2YWY2ODVkOGQzMWVmZGU0MzQ0YzQyMmQxYWQyNmQ0NTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1J+S/hq1RTcPj3Q/iUGW6IfOr7E
g0oKnYUoNHfUWL6sdqRw9j3jV02FuhICGZO27ZjJR8dIPLgMXimP9doqeJtc/lC/
BGKUvfO35hroSjyrgfDVf4tHMS8ycpRS4QN2kJhSf0k8DUlJMp3aV2Csmy4/YzX0
jiidPVDDq09YC43Y5xGVzs7d0fH30wGnyPr+ECX7oU8HBTb6BXGIiNDbRvwDY5ga
k/ltS9l8X6RU4ocuWfoNY1pxp5W5xCFlvirNAKNhcTBQFjEtxZbtHe3fMGKd/5Al
9MFNodDthqtAg3L7A0AijVC0rIDX15j6m0q/2CtTl9bf6Am5xSf5/gjj5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKDD42r2hdjTHv3kNExCLRrSbUUUMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvb01QamF2YUYyTk1lX2VRMFRFSXRHdEp0UlJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVwMA0G
CSqGSIb3DQEBCwUAA4IBAQBLlZ/F3sagHPqy0myBGFJ25H+hkze7AofR9t1vDqF+
2CTosU5R3Lq5RWp1wlxr5xPkPjVEpaJo2KxDEcUZRKRqiOhBMFEW2yyvOsp3LTEb
fociO0AWNfIbFV1fRzW0Jz124FxeoXoHdebMlBgBD5vMmaUY6EIY+7pSwHg0ho5i
MGSp7QpfEicx5qMRJT0A/QHIt2jENSe9n33WKudFkAxOUjUxmD8uQ9f3gmbXQNHw
zD1BRF2Ufk3h5QrGL9pkxdDqzjlQfGSfI9bpcfBYyO1Emmkl7IWj/lFFwJny4GmF
rGwxPmPIPeHeGP8E1u2x0dsIi6PXUsWKdOqfmKKUKLIN
-----END CERTIFICATE-----