Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/SGQ_4o9QOoy-NtVhit8CqwBvuf4.roa
File:                     SGQ_4o9QOoy-NtVhit8CqwBvuf4.roa (raw, json)
Hash identifier:          zjfCVm0TlK0sfzcDID6CbAL+dGkznXAXHpBCzS39Alg=
Subject key identifier:   48:64:3F:E2:8F:50:3A:8C:BE:36:D5:61:8A:DF:02:AB:00:6F:B9:FE
Certificate issuer:       /CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Certificate serial:       018E37B7EF67187BD05F90A3677885E7D41F
Authority key identifier: D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/SGQ_4o9QOoy-NtVhit8CqwBvuf4.roa
Signing time:             Wed 13 Mar 2024 12:09:45 +0000
ROA not before:           Wed 13 Mar 2024 12:09:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200370
IP address blocks:        46.36.97.0/24 maxlen: 24
                          46.36.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:37:b7:ef:67:18:7b:d0:5f:90:a3:67:78:85:e7:d4:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
        Validity
            Not Before: Mar 13 12:09:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48643fe28f503a8cbe36d5618adf02ab006fb9fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:48:b6:c4:4d:73:23:bd:56:3c:30:bc:a3:1f:
                    28:fb:a6:9c:71:5d:08:dc:8b:e5:4e:f2:bc:a5:a2:
                    2c:d5:df:91:af:14:04:c1:32:35:ae:c5:04:0a:90:
                    fb:20:bf:d0:b8:53:2d:71:66:5e:b3:f0:d3:f0:c0:
                    96:23:8c:7e:93:70:23:da:41:d0:47:94:55:95:c2:
                    b7:7e:11:54:11:a3:86:64:4c:5d:49:bf:3a:88:6c:
                    98:61:5d:c7:fd:39:16:3e:c3:65:3d:3a:ce:7d:ac:
                    89:b8:b1:5d:a1:7b:28:b5:4a:82:f9:34:ad:f3:e0:
                    f4:f0:f1:2d:7a:a6:f5:8c:18:54:6c:06:32:06:58:
                    2d:f2:98:67:c6:9a:95:f1:a8:6c:a7:93:15:d9:14:
                    92:9f:5f:60:7c:cf:8d:83:d3:e7:5f:87:56:65:30:
                    a3:14:88:e0:42:3f:6e:81:22:12:4b:c3:bf:99:fb:
                    fa:d7:db:ea:5d:e0:87:5c:a1:b1:ee:a0:3a:98:44:
                    a6:aa:a5:39:5b:b5:6f:31:a8:6c:36:b5:a1:ab:23:
                    61:94:4a:11:43:41:ec:af:cf:64:78:99:22:00:56:
                    e8:a3:c8:7a:86:cc:9c:72:6c:88:36:7d:f4:93:e1:
                    28:a5:ef:dd:a1:1f:3f:1a:96:80:32:38:15:ed:ec:
                    1c:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:64:3F:E2:8F:50:3A:8C:BE:36:D5:61:8A:DF:02:AB:00:6F:B9:FE
            X509v3 Authority Key Identifier:
                keyid:D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/SGQ_4o9QOoy-NtVhit8CqwBvuf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.36.97.0/24
                  46.36.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:dc:71:23:0c:28:c2:4d:e9:63:ab:17:b7:94:22:80:3e:2e:
         3a:5d:26:be:ac:fe:76:93:9c:c4:49:c0:84:62:1e:d6:30:c7:
         16:f6:46:cc:a8:80:87:20:b9:30:6c:b1:e6:2e:dd:3b:0b:c5:
         50:d9:2a:dc:8c:42:74:37:e2:df:36:2c:3c:3c:46:ce:05:13:
         26:6a:79:cb:a1:41:f0:d1:9f:1f:58:7f:69:e1:be:22:b1:74:
         95:63:32:e4:df:8a:ba:ad:a3:c3:e2:ab:e2:a0:bf:5a:b1:c9:
         72:1d:35:c1:27:9d:ae:a7:6b:4e:4f:7b:c9:f0:0a:41:40:20:
         62:4e:6e:85:93:f7:81:b1:d4:9a:48:f0:75:bb:d5:81:87:04:
         15:57:c8:69:e1:a7:76:e4:26:6f:38:f7:49:c5:f9:e4:60:d2:
         84:d5:7a:d7:dd:13:c1:24:4e:14:c3:92:75:f4:c8:a9:76:6c:
         50:56:b9:4e:1d:df:2b:ef:d3:16:2f:cb:c9:ee:ae:6b:fe:3e:
         aa:a4:94:39:20:6e:de:46:08:e3:53:5e:da:80:c8:61:e2:a5:
         5d:c6:d4:ce:f2:73:ad:9d:30:50:7b:2b:c7:7a:21:b5:5e:a1:
         35:05:93:49:61:a2:40:6d:6c:ac:3b:0f:51:bb:a0:ec:5b:44:
         86:25:bc:7f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY43t+9nGHvQX5CjZ3iF59QfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDY2MmRjYzZmZTNiODFlZjNkZTJmY2EzY2ZjZWRjMTFl
YmFhNDMwHhcNMjQwMzEzMTIwOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODY0M2ZlMjhmNTAzYThjYmUzNmQ1NjE4YWRmMDJhYjAwNmZiOWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEi2xE1zI71WPDC8ox8o+6accV0I
3IvlTvK8paIs1d+RrxQEwTI1rsUECpD7IL/QuFMtcWZes/DT8MCWI4x+k3Aj2kHQ
R5RVlcK3fhFUEaOGZExdSb86iGyYYV3H/TkWPsNlPTrOfayJuLFdoXsotUqC+TSt
8+D08PEteqb1jBhUbAYyBlgt8phnxpqV8ahsp5MV2RSSn19gfM+Ng9PnX4dWZTCj
FIjgQj9ugSISS8O/mfv619vqXeCHXKGx7qA6mESmqqU5W7VvMahsNrWhqyNhlEoR
Q0Hsr89keJkiAFboo8h6hsyccmyINn30k+Eope/doR8/GpaAMjgV7ewc6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEhkP+KPUDqMvjbVYYrfAqsAb7n+MB8GA1UdIwQY
MBaAFNjWYtzG/juB7z3i/KPPztwR66pDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1Yjct
Nzg1ZTU4ODM2NDRkLzEvU0dRXzRvOVFPb3ktTnRWaGl0OENxd0J2dWY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1YjctNzg1ZTU4ODM2NDRk
LzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALiRhAwQA
LiRqMA0GCSqGSIb3DQEBCwUAA4IBAQCO3HEjDCjCTeljqxe3lCKAPi46XSa+rP52
k5zEScCEYh7WMMcW9kbMqICHILkwbLHmLt07C8VQ2SrcjEJ0N+LfNiw8PEbOBRMm
annLoUHw0Z8fWH9p4b4isXSVYzLk34q6raPD4qvioL9asclyHTXBJ52up2tOT3vJ
8ApBQCBiTm6Fk/eBsdSaSPB1u9WBhwQVV8hp4ad25CZvOPdJxfnkYNKE1XrX3RPB
JE4Uw5J19MipdmxQVrlOHd8r79MWL8vJ7q5r/j6qpJQ5IG7eRgjjU17agMhh4qVd
xtTO8nOtnTBQeyvHeiG1XqE1BZNJYaJAbWysOw9Ru6DsW0SGJbx/
-----END CERTIFICATE-----