Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/4A12nw_PGOtE0lp0UfI0h7Y-99Q.roa
File:                     4A12nw_PGOtE0lp0UfI0h7Y-99Q.roa (raw, json)
Hash identifier:          HkSeQ6WxnAp78h46xIjTBHoUtcNA5UyOtMZ2PMoUHZc=
Subject key identifier:   E0:0D:76:9F:0F:CF:18:EB:44:D2:5A:74:51:F2:34:87:B6:3E:F7:D4
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       019426D85A00F092A06A8A3D1FB96D7BD317
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/4A12nw_PGOtE0lp0UfI0h7Y-99Q.roa
Signing time:             Thu 02 Jan 2025 11:48:20 +0000
ROA not before:           Thu 02 Jan 2025 11:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210538
IP address blocks:        46.37.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 18:31:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:5a:00:f0:92:a0:6a:8a:3d:1f:b9:6d:7b:d3:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  2 11:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e00d769f0fcf18eb44d25a7451f23487b63ef7d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:53:9a:81:67:be:9d:a8:41:a2:5f:b9:20:95:
                    c7:ab:33:58:62:b2:71:1f:ea:1e:f8:a8:ef:0d:9d:
                    ab:78:02:68:f1:91:a7:70:d6:72:fb:1c:53:90:d6:
                    8e:57:bb:2c:4b:55:6a:53:2b:30:7f:d7:e3:cb:db:
                    f8:47:71:58:51:62:b3:ed:56:03:40:df:3d:c0:51:
                    f5:86:8c:d2:ac:5a:d6:8f:1a:f7:a8:17:8b:92:0c:
                    40:07:fe:8a:e4:12:35:4b:dd:94:21:f2:0c:f9:34:
                    d4:37:b0:f5:41:b1:e4:56:76:e7:fe:6c:5e:b2:05:
                    33:16:6e:d0:94:a5:0a:e3:71:82:be:52:05:eb:8a:
                    d6:53:a8:ec:db:42:5f:e4:d8:11:a9:a6:e9:ba:59:
                    3c:81:53:8a:fc:b7:56:69:0f:12:3b:bf:4f:7b:ec:
                    34:20:ae:dc:77:0d:ed:72:ee:42:8f:48:a9:e6:de:
                    6d:80:b4:9d:fa:9c:9c:9f:48:65:5c:2a:4d:8c:c8:
                    49:03:93:d7:8e:1c:94:26:8d:28:8f:2e:65:12:2e:
                    77:05:d5:84:17:f7:15:7b:d6:25:36:7e:a6:17:16:
                    62:8b:3d:3e:2b:6d:cd:19:0f:a2:ad:4e:86:81:61:
                    80:25:c0:43:1a:6a:45:b2:ee:0f:c5:52:3c:25:1e:
                    32:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:0D:76:9F:0F:CF:18:EB:44:D2:5A:74:51:F2:34:87:B6:3E:F7:D4
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/4A12nw_PGOtE0lp0UfI0h7Y-99Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:ce:c2:d7:2a:df:83:6a:46:53:14:3b:35:bd:9b:cc:77:b3:
         c3:e7:01:f0:6c:8b:3a:6c:5b:cc:59:84:0e:c1:8a:68:80:8d:
         19:88:ad:c5:02:62:3b:33:b7:2a:4b:d1:7d:50:a2:01:a0:8f:
         0d:de:46:37:38:06:27:7d:45:f0:83:c5:a4:d9:6d:11:28:56:
         5d:42:ce:34:34:ad:de:21:d3:f6:10:c4:87:9b:f4:c9:47:d0:
         e1:b9:48:c6:57:8e:2f:23:a3:22:fc:96:cc:b8:46:04:3f:72:
         2b:fb:a2:85:1b:9f:11:8e:23:6b:ef:25:63:ab:3d:75:9c:03:
         f5:de:1d:25:90:86:fa:b7:f1:aa:35:5d:ff:e8:a6:36:b0:42:
         6f:76:86:3f:d6:b9:af:63:40:ae:d9:ea:13:5a:85:59:93:c4:
         5d:86:76:a6:40:2e:a0:93:5d:1a:db:16:b3:bd:b1:27:ad:8d:
         b9:6b:03:84:7a:7c:0a:07:7c:91:11:04:2f:be:79:8d:e3:b4:
         07:69:13:57:f5:ef:8b:78:a8:d3:71:fb:7a:f4:16:b8:aa:2a:
         6c:ae:3a:77:7c:e0:f1:83:8b:66:1a:65:60:1b:15:81:53:bb:
         95:f2:93:0b:c3:56:f7:f0:d5:fe:4f:5f:9f:47:5c:b9:b1:d5:
         17:12:37:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2FoA8JKgaoo9H7lte9MXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwMTAyMTE0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDBkNzY5ZjBmY2YxOGViNDRkMjVhNzQ1MWYyMzQ4N2I2M2VmN2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1OagWe+nahBol+5IJXHqzNYYrJx
H+oe+KjvDZ2reAJo8ZGncNZy+xxTkNaOV7ssS1VqUyswf9fjy9v4R3FYUWKz7VYD
QN89wFH1hozSrFrWjxr3qBeLkgxAB/6K5BI1S92UIfIM+TTUN7D1QbHkVnbn/mxe
sgUzFm7QlKUK43GCvlIF64rWU6js20Jf5NgRqabpulk8gVOK/LdWaQ8SO79Pe+w0
IK7cdw3tcu5Cj0ip5t5tgLSd+pycn0hlXCpNjMhJA5PXjhyUJo0ojy5lEi53BdWE
F/cVe9YlNn6mFxZiiz0+K23NGQ+irU6GgWGAJcBDGmpFsu4PxVI8JR4y0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOANdp8PzxjrRNJadFHyNIe2PvfUMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvNEExMm53X1BHT3RFMGxwMFVmSTBoN1ktOTlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVzMA0G
CSqGSIb3DQEBCwUAA4IBAQCVzsLXKt+DakZTFDs1vZvMd7PD5wHwbIs6bFvMWYQO
wYpogI0ZiK3FAmI7M7cqS9F9UKIBoI8N3kY3OAYnfUXwg8Wk2W0RKFZdQs40NK3e
IdP2EMSHm/TJR9DhuUjGV44vI6Mi/JbMuEYEP3Ir+6KFG58RjiNr7yVjqz11nAP1
3h0lkIb6t/GqNV3/6KY2sEJvdoY/1rmvY0Cu2eoTWoVZk8RdhnamQC6gk10a2xaz
vbEnrY25awOEenwKB3yREQQvvnmN47QHaRNX9e+LeKjTcft69Ba4qipsrjp3fODx
g4tmGmVgGxWBU7uV8pMLw1b38NX+T1+fR1y5sdUXEjeR
-----END CERTIFICATE-----