Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/1-tIjuiVKG5efKq728l75mt6vFcI.roa
File:                     1-tIjuiVKG5efKq728l75mt6vFcI.roa (raw, json)
Hash identifier:          i9dyyJea0WVUAcUbhig9A7yoFw52SsLjOuVcqGjw+D8=
Subject key identifier:   FA:D2:23:BA:25:4A:1B:97:9F:2A:AE:F6:F2:5E:F9:9A:DE:AF:15:C2
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       019426D85630CFFBB4B0E3B67052DECF35D1
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/1-tIjuiVKG5efKq728l75mt6vFcI.roa
Signing time:             Thu 02 Jan 2025 11:48:19 +0000
ROA not before:           Thu 02 Jan 2025 11:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     134465
IP address blocks:        46.37.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:56:30:cf:fb:b4:b0:e3:b6:70:52:de:cf:35:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  2 11:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fad223ba254a1b979f2aaef6f25ef99adeaf15c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c1:19:b4:8c:f6:ca:fb:fc:12:ee:a1:35:fa:
                    b3:6f:75:b1:cc:b9:a2:47:51:df:1a:b4:ad:af:49:
                    eb:a5:4b:af:09:51:bd:8f:a6:7e:c3:22:83:68:b4:
                    fb:7f:1d:40:37:03:d9:cf:28:ec:83:3c:2c:56:d3:
                    ee:dc:3e:e1:ae:5b:fd:cc:57:02:1c:c7:76:42:e3:
                    f4:9d:4b:8b:27:85:57:c7:a2:6b:88:d6:bc:63:c2:
                    99:ce:ed:ca:c9:0b:e4:7c:00:62:bb:de:9e:01:68:
                    98:95:44:16:fd:bc:62:2d:ff:03:20:ee:2f:15:26:
                    fc:f3:a5:d4:4a:4c:0a:22:e5:bf:6b:9d:1e:31:f5:
                    05:04:11:a7:19:54:2e:a2:c5:1d:56:e9:25:43:13:
                    d2:7b:fc:3b:53:03:b7:49:87:28:b9:0a:79:5a:93:
                    6d:05:ae:60:c0:e8:8a:76:ab:76:a1:e4:16:41:f5:
                    6b:04:64:21:09:43:09:09:1a:44:8b:1d:b5:ed:4d:
                    e0:fe:ff:be:31:e7:97:d7:2d:6e:22:7f:7e:f3:d0:
                    fd:0d:81:7b:56:f0:cd:67:4f:ad:94:b7:38:d9:38:
                    8c:18:b3:2b:31:cd:85:72:1b:06:3b:36:bf:7a:22:
                    10:19:1f:27:52:a4:d4:f2:8c:6a:dc:7f:97:9d:af:
                    ca:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:D2:23:BA:25:4A:1B:97:9F:2A:AE:F6:F2:5E:F9:9A:DE:AF:15:C2
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/1-tIjuiVKG5efKq728l75mt6vFcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:c9:ea:ab:37:f6:10:a4:38:21:b1:c7:98:29:3b:84:a5:0c:
         80:bf:57:42:91:d1:6d:41:db:f8:ce:ed:30:66:fb:7b:e1:d8:
         f3:21:5b:5b:d6:2b:a0:2b:2f:89:d0:21:8d:c7:1a:9a:e6:02:
         a3:bb:a3:bf:e9:1f:fd:ea:df:4f:68:0b:a4:85:1f:df:97:95:
         6e:85:53:ff:f4:9b:64:8e:3d:d0:7d:7b:6f:b5:10:1f:d0:96:
         76:98:f1:23:73:c0:db:7a:c4:c7:e4:97:41:8e:b9:2c:ab:dd:
         7f:97:61:06:de:b7:9c:e5:70:a3:04:4e:c1:10:b6:72:47:71:
         13:5f:c3:16:4f:bd:ed:ef:c0:2d:57:28:15:bd:54:53:82:00:
         8f:f8:43:0f:7d:31:fe:5e:df:e5:b3:62:b3:4e:9a:ac:66:8d:
         d1:f5:86:2c:97:bf:6f:80:0f:c0:3b:8a:9b:a3:28:eb:b0:ca:
         eb:2f:43:1f:75:19:92:11:89:be:5c:50:a2:63:36:f3:64:70:
         48:c7:fa:48:23:f7:25:de:27:8c:fd:05:19:92:ba:84:b9:c2:
         2b:3d:ad:ca:80:ef:cb:d8:23:51:79:e2:73:a9:8c:8c:65:ca:
         f3:a0:dc:cc:ae:3f:fd:e7:88:06:a8:9a:ce:f6:81:17:7a:07:
         30:83:d9:2d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQm2FYwz/u0sOO2cFLezzXRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwMTAyMTE0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWQyMjNiYTI1NGExYjk3OWYyYWFlZjZmMjVlZjk5YWRlYWYxNWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8EZtIz2yvv8Eu6hNfqzb3WxzLmi
R1HfGrStr0nrpUuvCVG9j6Z+wyKDaLT7fx1ANwPZzyjsgzwsVtPu3D7hrlv9zFcC
HMd2QuP0nUuLJ4VXx6JriNa8Y8KZzu3KyQvkfABiu96eAWiYlUQW/bxiLf8DIO4v
FSb886XUSkwKIuW/a50eMfUFBBGnGVQuosUdVuklQxPSe/w7UwO3SYcouQp5WpNt
Ba5gwOiKdqt2oeQWQfVrBGQhCUMJCRpEix217U3g/v++MeeX1y1uIn9+89D9DYF7
VvDNZ0+tlLc42TiMGLMrMc2FchsGOza/eiIQGR8nUqTU8oxq3H+Xna/KVQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPrSI7olShuXnyqu9vJe+ZrerxXCMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvMS10SWp1aVZLRzVlZktxNzI4bDc1bXQ2dkZjSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTcvY2RmZjE2LTQ1OGEtNDdjMy04ZGZhLTIzMTU0OTQwOTcy
MC8xLzA4OEloSkdLVUNPZTl3VVk3cF9BVHhxdUdTay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC4lejAN
BgkqhkiG9w0BAQsFAAOCAQEAT8nqqzf2EKQ4IbHHmCk7hKUMgL9XQpHRbUHb+M7t
MGb7e+HY8yFbW9YroCsvidAhjccamuYCo7ujv+kf/erfT2gLpIUf35eVboVT//Sb
ZI490H17b7UQH9CWdpjxI3PA23rEx+SXQY65LKvdf5dhBt63nOVwowROwRC2ckdx
E1/DFk+97e/ALVcoFb1UU4IAj/hDD30x/l7f5bNis06arGaN0fWGLJe/b4APwDuK
m6Mo67DK6y9DH3UZkhGJvlxQomM282RwSMf6SCP3Jd4njP0FGZK6hLnCKz2tyoDv
y9gjUXnic6mMjGXK86DczK4//eeIBqiazvaBF3oHMIPZLQ==
-----END CERTIFICATE-----