Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/5iHKh2fvXWQj2HWia5_IKvPwHoU.roa
File:                     5iHKh2fvXWQj2HWia5_IKvPwHoU.roa (raw, json)
Hash identifier:          s8W1Yl6T5ofAhDsk1QSpkpatIaKjULwoUAnxpS4PU7E=
Subject key identifier:   E6:21:CA:87:67:EF:5D:64:23:D8:75:A2:6B:9F:C8:2A:F3:F0:1E:85
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       019426D85C5CC10588FEB6E7F2150847A9B1
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/5iHKh2fvXWQj2HWia5_IKvPwHoU.roa
Signing time:             Thu 02 Jan 2025 11:48:21 +0000
ROA not before:           Thu 02 Jan 2025 11:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397423
IP address blocks:        46.37.100.0/24 maxlen: 24
                          46.37.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:5c:5c:c1:05:88:fe:b6:e7:f2:15:08:47:a9:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  2 11:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e621ca8767ef5d6423d875a26b9fc82af3f01e85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:6a:47:0e:54:d5:97:2c:20:c7:9e:b7:d9:72:
                    d6:ae:3b:bf:1f:b6:bd:ea:fb:cb:7a:bb:d1:97:83:
                    9e:2a:41:bb:16:4b:1f:be:fd:95:07:0a:67:d0:99:
                    ac:33:90:c0:90:af:96:1c:40:54:0b:e1:a9:c2:f3:
                    9f:aa:c2:b3:80:ca:35:a7:0a:0e:d6:05:57:14:d8:
                    b9:ac:8f:8c:ea:e6:e3:a3:3f:66:86:68:89:44:5d:
                    ad:7a:fa:6c:b8:b8:38:ce:12:0f:08:46:f4:99:01:
                    d1:43:33:fc:e9:88:44:f4:b9:40:9d:b2:82:fe:ae:
                    52:49:49:8e:6d:b0:34:46:4f:7d:81:c8:ce:ef:d5:
                    72:b7:6a:9f:fe:30:1a:99:5d:ec:bf:0b:b7:6e:8a:
                    bf:fa:7a:34:38:2e:7f:c1:64:1f:45:f3:2d:d1:a7:
                    96:2a:ca:75:3d:9d:1a:35:97:b8:66:22:2a:4c:39:
                    48:e8:7f:03:66:b0:d2:c0:3d:0f:3c:b5:d1:f9:31:
                    4d:15:80:a2:c5:3b:48:0c:7a:91:3b:4d:85:41:ee:
                    e0:38:9d:6e:64:cb:c3:a7:e8:fa:92:d0:8f:8f:a8:
                    6f:a9:99:ce:08:f6:0c:bd:63:c6:1b:d9:ca:14:c6:
                    ad:cb:ae:88:70:22:e1:14:a5:8c:ff:f7:f2:75:e1:
                    1e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:21:CA:87:67:EF:5D:64:23:D8:75:A2:6B:9F:C8:2A:F3:F0:1E:85
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/5iHKh2fvXWQj2HWia5_IKvPwHoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.100.0/24
                  46.37.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:e7:0c:ae:cf:c1:bc:78:15:c3:65:16:e6:fc:6d:b6:ef:2a:
         59:23:93:f4:73:d1:5b:05:86:db:77:72:fd:e4:9c:78:ce:b4:
         37:ef:12:a1:cb:81:b0:13:5b:05:a1:91:5a:0d:99:ff:94:7b:
         d3:d4:e0:de:55:10:5b:cb:7a:e2:76:75:f5:a3:a8:82:e7:fa:
         1a:f8:88:73:a8:af:59:f0:a0:85:46:20:6b:e0:96:fb:ab:39:
         bd:a0:66:97:d3:b7:78:16:ed:6e:3f:82:de:96:8f:7d:9c:aa:
         89:48:ad:9c:a9:db:62:8e:d5:0d:63:7d:c7:2e:30:db:f7:d4:
         9f:6b:9b:47:cb:be:db:c2:6a:db:c0:a0:5c:77:f3:3c:fe:50:
         31:eb:45:92:9f:a7:3f:aa:b4:72:b0:7e:c6:c0:6f:a8:1c:50:
         5a:44:c2:3a:1a:dc:3c:92:18:9f:a5:c5:9c:2f:e3:69:dc:b2:
         bf:7d:6f:f7:6d:79:3d:c5:8d:ea:79:8a:4a:5e:1b:32:2c:11:
         39:4b:65:29:3a:6b:65:71:0d:f0:b0:91:4f:0c:e9:35:c8:53:
         86:8e:c8:c8:e1:57:bc:2b:20:be:8a:5a:eb:2c:73:b5:89:7b:
         1f:bd:25:c8:eb:c0:83:c4:e9:0e:43:62:54:82:c5:fd:3e:8e:
         55:ef:de:2f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQm2FxcwQWI/rbn8hUIR6mxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwMTAyMTE0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjIxY2E4NzY3ZWY1ZDY0MjNkODc1YTI2YjlmYzgyYWYzZjAxZTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGpHDlTVlywgx5632XLWrju/H7a9
6vvLervRl4OeKkG7Fksfvv2VBwpn0JmsM5DAkK+WHEBUC+GpwvOfqsKzgMo1pwoO
1gVXFNi5rI+M6ubjoz9mhmiJRF2tevpsuLg4zhIPCEb0mQHRQzP86YhE9LlAnbKC
/q5SSUmObbA0Rk99gcjO79Vyt2qf/jAamV3svwu3boq/+no0OC5/wWQfRfMt0aeW
Ksp1PZ0aNZe4ZiIqTDlI6H8DZrDSwD0PPLXR+TFNFYCixTtIDHqRO02FQe7gOJ1u
ZMvDp+j6ktCPj6hvqZnOCPYMvWPGG9nKFMaty66IcCLhFKWM//fydeEeaQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOYhyodn711kI9h1omufyCrz8B6FMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvNWlIS2gyZnZYV1FqMkhXaWE1X0lLdlB3SG9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALiVkAwQA
LiV3MA0GCSqGSIb3DQEBCwUAA4IBAQCD5wyuz8G8eBXDZRbm/G227ypZI5P0c9Fb
BYbbd3L95Jx4zrQ37xKhy4GwE1sFoZFaDZn/lHvT1ODeVRBby3ridnX1o6iC5/oa
+IhzqK9Z8KCFRiBr4Jb7qzm9oGaX07d4Fu1uP4Lelo99nKqJSK2cqdtijtUNY33H
LjDb99Sfa5tHy77bwmrbwKBcd/M8/lAx60WSn6c/qrRysH7GwG+oHFBaRMI6Gtw8
khifpcWcL+Np3LK/fW/3bXk9xY3qeYpKXhsyLBE5S2UpOmtlcQ3wsJFPDOk1yFOG
jsjI4Ve8KyC+ilrrLHO1iXsfvSXI68CDxOkOQ2JUgsX9Po5V794v
-----END CERTIFICATE-----