Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/l37ZJamSctxx7kF0FYpCqP3Mnk8.roa
File:                     l37ZJamSctxx7kF0FYpCqP3Mnk8.roa (raw, json)
Hash identifier:          HcowijRopcaQs1/97qsmX2bxVAipzJth/SYgvD9ffJ8=
Subject key identifier:   97:7E:D9:25:A9:92:72:DC:71:EE:41:74:15:8A:42:A8:FD:CC:9E:4F
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       0193220C462BB8C847DC443CCD75B1EC7ABB
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/l37ZJamSctxx7kF0FYpCqP3Mnk8.roa
Signing time:             Tue 12 Nov 2024 20:24:09 +0000
ROA not before:           Tue 12 Nov 2024 20:24:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61172
IP address blocks:        46.20.99.0/24 maxlen: 24
                          46.20.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:22:0c:46:2b:b8:c8:47:dc:44:3c:cd:75:b1:ec:7a:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Nov 12 20:24:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=977ed925a99272dc71ee4174158a42a8fdcc9e4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:46:4b:58:04:ff:e4:a7:4f:b8:13:81:44:75:
                    5d:6d:b6:cb:ab:5c:25:73:31:87:3a:97:69:d8:9b:
                    6e:81:67:d4:9b:58:4b:5d:0c:36:9b:af:d0:16:b5:
                    8a:4e:95:0b:e4:cc:fc:f9:0c:cc:ba:a3:5a:58:8e:
                    20:e6:31:be:27:3d:1d:8c:4a:cc:56:e6:d4:cb:cd:
                    3e:36:c5:31:06:f0:dd:3d:a1:c0:9c:5b:1c:06:da:
                    81:27:3d:3d:d4:71:0f:ba:8e:57:8e:0a:27:a6:54:
                    f6:b6:8f:50:06:c5:74:8f:0f:f4:2c:78:45:15:5c:
                    5e:22:e4:1e:82:45:d7:6c:93:92:73:ff:7b:3e:d5:
                    8a:0a:4a:69:b8:6a:0f:71:2b:a8:42:9a:08:95:59:
                    37:9c:9c:7c:d9:9c:58:79:ae:42:cf:e7:df:76:e6:
                    3e:20:16:d0:66:3b:5c:6a:ff:ca:58:99:1f:da:37:
                    78:11:36:a8:60:d9:38:ca:75:93:0d:13:59:7c:5a:
                    60:62:e4:3b:0c:d9:05:b0:ef:a6:7a:7c:b8:5b:26:
                    fa:48:2f:4a:62:e1:a2:20:4f:71:ef:e0:dd:76:d9:
                    e0:9b:98:4b:60:88:cb:e6:84:50:62:57:89:3f:ec:
                    76:7c:46:76:c5:26:d0:c6:26:94:70:26:fd:b1:c8:
                    19:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:7E:D9:25:A9:92:72:DC:71:EE:41:74:15:8A:42:A8:FD:CC:9E:4F
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/l37ZJamSctxx7kF0FYpCqP3Mnk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.99.0/24
                  46.20.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:29:d3:e8:27:18:fd:79:5e:28:d4:d3:d7:26:4d:5c:76:4d:
         48:e3:8b:38:3c:df:10:d5:68:16:d4:74:e4:f6:80:f6:83:d6:
         34:85:41:6a:99:57:59:76:a5:20:d6:ff:5d:da:b1:70:c4:c2:
         9f:ba:6f:78:9b:1d:6d:9e:af:73:ae:b4:68:ea:62:eb:21:1d:
         99:d9:08:87:ea:4b:21:f1:53:e6:92:91:53:e5:c2:7b:1a:c9:
         0f:65:18:0e:33:f9:67:1c:f8:32:93:96:33:46:73:4c:3b:c7:
         23:e4:37:35:8b:0e:54:45:ef:25:70:69:82:fa:dc:ea:6f:57:
         12:ed:ec:ce:ea:34:5a:8b:b1:dd:62:34:01:74:da:82:ea:27:
         41:97:ab:2e:51:cd:57:65:1b:ff:8a:80:10:f1:2e:eb:81:b3:
         dc:e4:13:5c:89:46:f3:16:dc:d2:42:52:6e:9b:5c:1d:4a:b4:
         1a:78:d8:12:42:65:48:6a:c5:f3:0a:07:62:9b:01:15:e0:34:
         8c:61:2a:58:18:12:29:e7:dd:da:c1:f1:7b:d3:aa:e1:36:75:
         2a:ae:2b:d5:88:85:87:29:c8:8f:df:6e:28:dc:ba:17:cb:56:
         fa:2e:12:45:96:42:38:15:b1:22:18:2d:7b:b0:d6:33:02:88:
         dc:7b:4b:35
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZMiDEYruMhH3EQ8zXWx7Hq7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjQxMTEyMjAyNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzdlZDkyNWE5OTI3MmRjNzFlZTQxNzQxNThhNDJhOGZkY2M5ZTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EZLWAT/5KdPuBOBRHVdbbbLq1wl
czGHOpdp2JtugWfUm1hLXQw2m6/QFrWKTpUL5Mz8+QzMuqNaWI4g5jG+Jz0djErM
VubUy80+NsUxBvDdPaHAnFscBtqBJz091HEPuo5XjgonplT2to9QBsV0jw/0LHhF
FVxeIuQegkXXbJOSc/97PtWKCkppuGoPcSuoQpoIlVk3nJx82ZxYea5Cz+ffduY+
IBbQZjtcav/KWJkf2jd4ETaoYNk4ynWTDRNZfFpgYuQ7DNkFsO+meny4Wyb6SC9K
YuGiIE9x7+Dddtngm5hLYIjL5oRQYleJP+x2fEZ2xSbQxiaUcCb9scgZyQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJd+2SWpknLcce5BdBWKQqj9zJ5PMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvbDM3WkphbVNjdHh4N2tGMEZZcENxUDNNbms4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALhRjAwQA
LhRrMA0GCSqGSIb3DQEBCwUAA4IBAQBTKdPoJxj9eV4o1NPXJk1cdk1I44s4PN8Q
1WgW1HTk9oD2g9Y0hUFqmVdZdqUg1v9d2rFwxMKfum94mx1tnq9zrrRo6mLrIR2Z
2QiH6ksh8VPmkpFT5cJ7GskPZRgOM/lnHPgyk5YzRnNMO8cj5Dc1iw5URe8lcGmC
+tzqb1cS7ezO6jRai7HdYjQBdNqC6idBl6suUc1XZRv/ioAQ8S7rgbPc5BNciUbz
FtzSQlJum1wdSrQaeNgSQmVIasXzCgdimwEV4DSMYSpYGBIp593awfF706rhNnUq
rivViIWHKciP324o3LoXy1b6LhJFlkI4FbEiGC17sNYzAojce0s1
-----END CERTIFICATE-----