Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/2ZejEgmiPZzCplMEBjadS5Liuc8.roa
File:                     2ZejEgmiPZzCplMEBjadS5Liuc8.roa (raw, json)
Hash identifier:          +yuD1h8OddiqC/ppQeNKmjmov9ABpW0BWsQYtSsXTLI=
Subject key identifier:   D9:97:A3:12:09:A2:3D:9C:C2:A6:53:04:06:36:9D:4B:92:E2:B9:CF
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       0194D505FDF7E7D6657A56352200EF725669
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/2ZejEgmiPZzCplMEBjadS5Liuc8.roa
Signing time:             Wed 05 Feb 2025 07:32:07 +0000
ROA not before:           Wed 05 Feb 2025 07:32:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        46.37.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:d5:05:fd:f7:e7:d6:65:7a:56:35:22:00:ef:72:56:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Feb  5 07:32:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d997a31209a23d9cc2a6530406369d4b92e2b9cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:32:48:04:61:0d:21:4a:4b:2f:39:39:ba:c3:
                    6a:95:23:73:1c:11:31:d9:4a:52:f9:56:33:2d:66:
                    0b:58:e5:74:90:4a:a4:5c:e2:d1:50:c4:67:0f:c9:
                    39:22:2b:d7:dd:68:7e:97:ef:90:db:6b:0e:9c:76:
                    93:d4:a7:d5:8d:c0:7b:e5:3b:aa:75:0a:33:6f:16:
                    40:e1:15:8f:6b:dc:f3:59:e6:a3:eb:ab:d8:e4:55:
                    1e:5e:97:c7:fe:57:6b:b6:ad:a5:cf:28:18:b7:54:
                    9b:9b:1e:65:c4:8d:44:36:43:35:9a:16:a1:7a:1e:
                    6d:82:f5:b2:ad:3f:df:d6:86:c9:37:b8:dc:b3:e0:
                    a9:63:72:49:6d:be:ab:bc:66:ec:81:d2:ee:b4:0f:
                    ba:a8:17:04:bc:0c:a3:78:8d:74:38:f7:cc:81:a9:
                    43:5d:0b:0a:f3:34:e2:30:b7:9b:c6:3e:34:ea:0f:
                    5f:14:fe:2f:de:2a:7b:7b:4f:65:c2:57:15:50:51:
                    2b:f1:fd:4a:da:e3:2a:0b:36:d5:66:cf:f7:a2:04:
                    d9:28:0b:31:85:79:ee:48:93:1a:dd:09:05:6d:91:
                    25:c1:5a:4f:16:ac:ef:28:24:3d:4a:8e:57:0d:91:
                    9f:cb:b8:9e:a9:d7:78:87:83:fb:47:bf:0f:08:67:
                    fa:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:97:A3:12:09:A2:3D:9C:C2:A6:53:04:06:36:9D:4B:92:E2:B9:CF
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/2ZejEgmiPZzCplMEBjadS5Liuc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:90:53:9c:87:a7:80:c6:83:cd:e9:ed:f9:1f:00:94:89:ee:
         ae:89:46:5c:ff:2e:4f:02:31:5b:01:6f:02:a6:95:59:fb:d2:
         2a:ca:85:11:b5:e3:d1:b4:a3:17:c7:21:f2:d5:40:4f:3c:cf:
         c1:d9:f6:c5:98:4f:1c:d6:d2:74:b7:f6:83:42:8b:ff:8f:de:
         b5:53:4f:ee:10:85:5c:a9:70:4f:cf:0f:ab:e3:a4:c9:24:68:
         f8:71:d0:4c:0b:fe:86:1a:36:b4:4b:82:b4:d8:21:6c:1b:c3:
         15:43:a2:40:14:86:b4:ae:b3:3f:af:8d:d8:24:dd:c9:97:76:
         58:f9:18:09:9a:c3:b2:5d:f9:da:73:fe:3b:a9:8b:19:ba:a3:
         0e:aa:84:eb:2b:cb:8b:fc:b9:2e:ef:05:5f:53:5b:c2:d8:e6:
         2c:ad:9a:42:9a:e7:68:bc:8e:9b:d3:fe:f3:46:2d:4b:1f:3b:
         49:a5:1a:21:93:88:b6:73:94:77:5d:b7:bc:34:16:d9:08:c5:
         83:0f:1a:bc:f1:94:11:0f:a3:c1:ac:82:04:a9:c4:1b:34:a7:
         67:f1:aa:ad:3d:2a:de:de:45:24:1a:38:f2:e4:ae:2f:65:fb:
         cb:ae:2d:69:36:28:cf:c7:f8:78:66:7a:47:c6:c8:7f:c5:db:
         16:cd:a6:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTVBf3359ZlelY1IgDvclZpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwMjA1MDczMjA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTk3YTMxMjA5YTIzZDljYzJhNjUzMDQwNjM2OWQ0YjkyZTJiOWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDJIBGENIUpLLzk5usNqlSNzHBEx
2UpS+VYzLWYLWOV0kEqkXOLRUMRnD8k5IivX3Wh+l++Q22sOnHaT1KfVjcB75Tuq
dQozbxZA4RWPa9zzWeaj66vY5FUeXpfH/ldrtq2lzygYt1Sbmx5lxI1ENkM1mhah
eh5tgvWyrT/f1obJN7jcs+CpY3JJbb6rvGbsgdLutA+6qBcEvAyjeI10OPfMgalD
XQsK8zTiMLebxj406g9fFP4v3ip7e09lwlcVUFEr8f1K2uMqCzbVZs/3ogTZKAsx
hXnuSJMa3QkFbZElwVpPFqzvKCQ9So5XDZGfy7ieqdd4h4P7R78PCGf6iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNmXoxIJoj2cwqZTBAY2nUuS4rnPMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvMlplakVnbWlQWnpDcGxNRUJqYWRTNUxpdWM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiV2MA0G
CSqGSIb3DQEBCwUAA4IBAQBkkFOch6eAxoPN6e35HwCUie6uiUZc/y5PAjFbAW8C
ppVZ+9IqyoURtePRtKMXxyHy1UBPPM/B2fbFmE8c1tJ0t/aDQov/j961U0/uEIVc
qXBPzw+r46TJJGj4cdBMC/6GGja0S4K02CFsG8MVQ6JAFIa0rrM/r43YJN3Jl3ZY
+RgJmsOyXfnac/47qYsZuqMOqoTrK8uL/Lku7wVfU1vC2OYsrZpCmudovI6b0/7z
Ri1LHztJpRohk4i2c5R3Xbe8NBbZCMWDDxq88ZQRD6PBrIIEqcQbNKdn8aqtPSre
3kUkGjjy5K4vZfvLri1pNijPx/h4ZnpHxsh/xdsWzaaa
-----END CERTIFICATE-----