Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/cd6478-cef6-4a70-b488-b2129fb4ca5a/1/m7Mr37sdaBmc_Av9_sBguWgBYqU.roa
File:                     m7Mr37sdaBmc_Av9_sBguWgBYqU.roa (raw, json)
Hash identifier:          P0gLOSKo7l96cc32PLwprdrpO7FH0A03b/BSroXxYe8=
Subject key identifier:   9B:B3:2B:DF:BB:1D:68:19:9C:FC:0B:FD:FE:C0:60:B9:68:01:62:A5
Certificate issuer:       /CN=1d15000772b3c3fa2bbd7727d3d389391a14633e
Certificate serial:       0192488E27E1119852170B3913F52AA9671E
Authority key identifier: 1D:15:00:07:72:B3:C3:FA:2B:BD:77:27:D3:D3:89:39:1A:14:63:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HRUAB3Kzw_orvXcn09OJORoUYz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/cd6478-cef6-4a70-b488-b2129fb4ca5a/1/m7Mr37sdaBmc_Av9_sBguWgBYqU.roa
Signing time:             Tue 01 Oct 2024 14:48:48 +0000
ROA not before:           Tue 01 Oct 2024 14:48:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47381
IP address blocks:        185.224.46.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/cd6478-cef6-4a70-b488-b2129fb4ca5a/1/HRUAB3Kzw_orvXcn09OJORoUYz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/cd6478-cef6-4a70-b488-b2129fb4ca5a/1/HRUAB3Kzw_orvXcn09OJORoUYz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HRUAB3Kzw_orvXcn09OJORoUYz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:48:8e:27:e1:11:98:52:17:0b:39:13:f5:2a:a9:67:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d15000772b3c3fa2bbd7727d3d389391a14633e
        Validity
            Not Before: Oct  1 14:48:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9bb32bdfbb1d68199cfc0bfdfec060b9680162a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:6b:bf:b6:52:35:fd:bc:d5:8c:0b:1f:4f:50:
                    5b:d3:60:9f:0e:cb:20:e2:1a:d5:b8:af:48:52:a8:
                    29:c1:b6:72:5c:aa:88:a4:42:5a:df:47:ca:af:06:
                    99:25:fc:9d:4a:ea:e8:89:a6:f2:06:6f:15:6a:81:
                    9a:56:4d:0b:08:20:0e:91:5c:64:79:5b:1e:af:e0:
                    02:34:67:e4:a5:ba:7e:c9:15:48:d2:b3:eb:bb:c2:
                    73:60:e9:f9:3d:3b:e8:a4:f4:18:9b:f6:8f:19:d5:
                    42:6f:68:78:c9:7e:0e:75:f0:02:ab:f2:20:eb:5c:
                    b2:0e:0c:e6:2d:b3:6b:ee:c5:a4:e8:b5:c7:32:f3:
                    24:ea:05:ef:ba:01:f1:dc:1a:d7:fe:67:0d:9c:4c:
                    49:a8:66:2e:a5:cb:ea:d5:a2:54:2c:20:f8:27:88:
                    bf:09:18:af:32:28:fe:f8:09:73:bc:eb:b2:8f:80:
                    5e:69:cd:4b:19:67:10:5e:2f:59:29:9d:44:01:47:
                    da:18:34:71:c7:95:52:10:06:71:8d:d3:eb:f1:14:
                    17:d1:d1:de:5b:06:c4:30:6d:56:f4:b1:8d:4a:70:
                    ea:77:6a:f6:b4:6e:d0:a3:ae:43:23:03:9f:9b:9d:
                    8b:79:12:dc:84:1a:ee:9d:25:29:f5:89:e7:37:2d:
                    b5:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:B3:2B:DF:BB:1D:68:19:9C:FC:0B:FD:FE:C0:60:B9:68:01:62:A5
            X509v3 Authority Key Identifier:
                keyid:1D:15:00:07:72:B3:C3:FA:2B:BD:77:27:D3:D3:89:39:1A:14:63:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HRUAB3Kzw_orvXcn09OJORoUYz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/cd6478-cef6-4a70-b488-b2129fb4ca5a/1/m7Mr37sdaBmc_Av9_sBguWgBYqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/cd6478-cef6-4a70-b488-b2129fb4ca5a/1/HRUAB3Kzw_orvXcn09OJORoUYz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:bf:d0:81:74:3a:08:5a:66:cc:ed:d8:5f:c3:54:98:90:de:
         44:f5:22:2f:3b:60:90:a9:d3:39:04:a0:7c:d1:e6:7f:9a:0e:
         3c:65:95:3a:34:c2:cf:72:3a:3f:74:d7:06:53:8e:c9:dd:f4:
         98:cb:21:10:0f:0b:de:41:95:0f:2e:96:a0:a9:67:df:d2:22:
         11:2b:b6:b9:a5:be:46:cb:f9:01:0e:af:bc:c9:43:b5:bd:8e:
         9e:d0:71:47:a8:af:fe:57:6c:58:4a:69:a8:ca:3c:aa:a2:f4:
         06:30:87:cd:cf:30:50:e9:23:13:8c:be:78:18:23:50:7a:4f:
         16:9c:2d:28:87:cc:7e:eb:a4:e7:18:5a:61:2c:90:a8:ce:89:
         32:ce:83:71:4d:9d:09:16:d1:41:7f:97:3f:7b:ba:39:1d:6c:
         0e:2d:ca:a0:d3:4e:e7:aa:fd:c1:6b:0f:ba:46:85:80:47:9e:
         c7:21:fc:04:78:2a:b0:4f:e5:13:23:7d:c9:39:9c:4e:b1:05:
         9e:33:1a:40:f5:ca:8e:06:09:78:59:4e:f0:d0:be:7a:b0:93:
         e2:dc:5f:ea:88:92:a7:7a:92:5f:e1:60:37:52:c3:b4:c4:b6:
         fd:08:74:82:d4:52:45:4c:4d:ea:32:eb:7d:40:03:5e:96:5d:
         ad:f6:5b:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJIjifhEZhSFws5E/UqqWceMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMTUwMDA3NzJiM2MzZmEyYmJkNzcyN2QzZDM4OTM5MWEx
NDYzM2UwHhcNMjQxMDAxMTQ0ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmIzMmJkZmJiMWQ2ODE5OWNmYzBiZmRmZWMwNjBiOTY4MDE2MmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmu/tlI1/bzVjAsfT1Bb02CfDssg
4hrVuK9IUqgpwbZyXKqIpEJa30fKrwaZJfydSuroiabyBm8VaoGaVk0LCCAOkVxk
eVser+ACNGfkpbp+yRVI0rPru8JzYOn5PTvopPQYm/aPGdVCb2h4yX4OdfACq/Ig
61yyDgzmLbNr7sWk6LXHMvMk6gXvugHx3BrX/mcNnExJqGYupcvq1aJULCD4J4i/
CRivMij++AlzvOuyj4Beac1LGWcQXi9ZKZ1EAUfaGDRxx5VSEAZxjdPr8RQX0dHe
WwbEMG1W9LGNSnDqd2r2tG7Qo65DIwOfm52LeRLchBrunSUp9YnnNy218wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJuzK9+7HWgZnPwL/f7AYLloAWKlMB8GA1UdIwQY
MBaAFB0VAAdys8P6K713J9PTiTkaFGM+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFJVQUIzS3p3X29ydlhjbjA5T0pPUm9VWXo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9jZDY0NzgtY2VmNi00YTcwLWI0ODgt
YjIxMjlmYjRjYTVhLzEvbTdNcjM3c2RhQm1jX0F2OV9zQmd1V2dCWXFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9jZDY0NzgtY2VmNi00YTcwLWI0ODgtYjIxMjlmYjRjYTVh
LzEvSFJVQUIzS3p3X29ydlhjbjA5T0pPUm9VWXo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBueAuMA0G
CSqGSIb3DQEBCwUAA4IBAQBzv9CBdDoIWmbM7dhfw1SYkN5E9SIvO2CQqdM5BKB8
0eZ/mg48ZZU6NMLPcjo/dNcGU47J3fSYyyEQDwveQZUPLpagqWff0iIRK7a5pb5G
y/kBDq+8yUO1vY6e0HFHqK/+V2xYSmmoyjyqovQGMIfNzzBQ6SMTjL54GCNQek8W
nC0oh8x+66TnGFphLJCozokyzoNxTZ0JFtFBf5c/e7o5HWwOLcqg007nqv3Baw+6
RoWAR57HIfwEeCqwT+UTI33JOZxOsQWeMxpA9cqOBgl4WU7w0L56sJPi3F/qiJKn
epJf4WA3UsO0xLb9CHSC1FJFTE3qMut9QANell2t9lsv
-----END CERTIFICATE-----