Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/woSpkBdnWsxAoAB_NWW83rF7oG8.roa
File:                     woSpkBdnWsxAoAB_NWW83rF7oG8.roa (raw, json)
Hash identifier:          NjqIBXNW/WT7n91noiwSyeOKT1YeUKA1cAuWLXeYsmg=
Subject key identifier:   C2:84:A9:90:17:67:5A:CC:40:A0:00:7F:35:65:BC:DE:B1:7B:A0:6F
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       01980160F88968C1C14EA7874619DE5FC2A0
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/woSpkBdnWsxAoAB_NWW83rF7oG8.roa
Signing time:             Sun 13 Jul 2025 01:23:08 +0000
ROA not before:           Sun 13 Jul 2025 01:23:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        46.37.104.0/24 maxlen: 24
                          46.37.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:01:60:f8:89:68:c1:c1:4e:a7:87:46:19:de:5f:c2:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jul 13 01:23:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c284a99017675acc40a0007f3565bcdeb17ba06f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e9:9f:6d:12:c2:bb:30:c5:de:3e:82:38:e6:
                    f5:33:11:22:36:e2:fc:e4:c5:d0:a6:51:52:bf:62:
                    b1:09:19:f8:b8:2b:02:81:d0:7e:d1:de:0e:9c:65:
                    46:a7:b2:86:a6:29:54:22:50:41:dd:3c:29:80:2d:
                    a2:5b:cb:13:38:00:a6:64:4a:33:4f:5b:a9:fa:d6:
                    86:e0:43:b2:32:48:c8:54:93:e3:bc:e1:32:57:50:
                    85:3b:42:cf:2d:d1:e2:da:3d:ad:3d:bd:95:4e:be:
                    84:67:91:b7:4a:ef:7e:9c:c8:45:e6:6a:9a:d5:a1:
                    12:9d:f0:bd:55:e7:b3:d0:2f:b9:00:10:36:82:08:
                    4a:38:f9:7d:c1:02:7d:ce:3e:00:2b:10:92:56:e3:
                    16:f4:e6:59:04:69:47:1f:49:7a:ad:3b:17:f3:b1:
                    58:92:ef:2a:26:3d:d9:52:be:76:91:8a:a5:7d:78:
                    21:d1:10:28:70:44:2f:68:8f:34:04:09:b5:fb:3d:
                    46:c4:a4:19:a9:df:e7:53:9d:10:ff:c6:f8:6d:29:
                    5b:4e:19:ca:19:d2:29:f8:bd:d4:63:19:0d:b6:e0:
                    ca:ce:6e:4c:a4:0d:12:26:62:7f:d2:be:dc:73:34:
                    90:ef:d4:87:4f:69:f1:fe:ad:65:46:d4:88:57:b0:
                    9b:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:84:A9:90:17:67:5A:CC:40:A0:00:7F:35:65:BC:DE:B1:7B:A0:6F
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/woSpkBdnWsxAoAB_NWW83rF7oG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.104.0/24
                  46.37.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:7f:c9:ee:f7:1e:f5:73:97:1e:9b:89:98:9f:73:3f:a1:ba:
         25:ca:76:94:9b:89:93:c8:ac:9e:5d:c7:45:19:74:e8:07:ba:
         30:2d:29:2c:8e:72:d9:f3:df:79:88:09:38:54:4c:a7:43:f9:
         84:2e:df:55:8a:69:5d:8d:f9:7a:06:cd:7d:63:dc:2a:4f:ec:
         9e:5f:6e:ad:33:fd:04:5a:e7:f0:69:68:2a:69:9a:99:0c:d4:
         95:23:5c:2d:b3:36:23:6d:d4:23:82:23:21:dd:d2:24:8d:4a:
         78:c4:97:13:e6:4d:e3:8d:ab:3a:be:0f:1b:7f:67:60:01:2a:
         a0:39:fd:0d:e3:e8:1f:3a:ed:17:10:42:48:c6:4e:c9:4f:5e:
         06:87:29:a4:4b:55:35:c2:96:fb:50:ab:2d:a0:c8:b2:7f:66:
         08:26:00:72:a7:1f:b0:0c:5e:ea:05:24:f9:6a:d0:34:58:65:
         cf:95:3a:a9:56:a9:68:44:64:d0:79:4b:b5:02:5c:cf:93:2d:
         d1:53:a3:53:63:1f:c3:98:7b:4a:41:43:35:1d:09:53:80:2c:
         fa:b9:25:af:69:55:91:92:ac:6f:0a:7b:63:02:3e:fd:9b:bb:
         7d:fb:4b:37:43:e6:29:9b:ae:5f:9e:75:76:3a:2d:f8:e3:bd:
         b7:9f:45:aa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgBYPiJaMHBTqeHRhneX8KgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwNzEzMDEyMzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjg0YTk5MDE3Njc1YWNjNDBhMDAwN2YzNTY1YmNkZWIxN2JhMDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApumfbRLCuzDF3j6COOb1MxEiNuL8
5MXQplFSv2KxCRn4uCsCgdB+0d4OnGVGp7KGpilUIlBB3TwpgC2iW8sTOACmZEoz
T1up+taG4EOyMkjIVJPjvOEyV1CFO0LPLdHi2j2tPb2VTr6EZ5G3Su9+nMhF5mqa
1aESnfC9Veez0C+5ABA2gghKOPl9wQJ9zj4AKxCSVuMW9OZZBGlHH0l6rTsX87FY
ku8qJj3ZUr52kYqlfXgh0RAocEQvaI80BAm1+z1GxKQZqd/nU50Q/8b4bSlbThnK
GdIp+L3UYxkNtuDKzm5MpA0SJmJ/0r7cczSQ79SHT2nx/q1lRtSIV7CbVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMKEqZAXZ1rMQKAAfzVlvN6xe6BvMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvd29TcGtCZG5Xc3hBb0FCX05XVzgzckY3b0c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALiVoAwQA
LiV2MA0GCSqGSIb3DQEBCwUAA4IBAQB7f8nu9x71c5cem4mYn3M/obolynaUm4mT
yKyeXcdFGXToB7owLSksjnLZ8995iAk4VEynQ/mELt9Vimldjfl6Bs19Y9wqT+ye
X26tM/0EWufwaWgqaZqZDNSVI1wtszYjbdQjgiMh3dIkjUp4xJcT5k3jjas6vg8b
f2dgASqgOf0N4+gfOu0XEEJIxk7JT14GhymkS1U1wpb7UKstoMiyf2YIJgBypx+w
DF7qBST5atA0WGXPlTqpVqloRGTQeUu1AlzPky3RU6NTYx/DmHtKQUM1HQlTgCz6
uSWvaVWRkqxvCntjAj79m7t9+0s3Q+Ypm65fnnV2Oi344723n0Wq
-----END CERTIFICATE-----