Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/6x6vqgCHnPQXXCFncfeZab-OtNs.roa
File:                     6x6vqgCHnPQXXCFncfeZab-OtNs.roa (raw, json)
Hash identifier:          vEqAS2W1Mca8pIVlABSdoB6CUZnRlz4vKzwu26p0xNw=
Subject key identifier:   EB:1E:AF:AA:00:87:9C:F4:17:5C:21:67:71:F7:99:69:BF:8E:B4:DB
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       0195FBAFB1B33102B8D5C0A5ED076A082302
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/6x6vqgCHnPQXXCFncfeZab-OtNs.roa
Signing time:             Thu 03 Apr 2025 12:45:50 +0000
ROA not before:           Thu 03 Apr 2025 12:45:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49678
IP address blocks:        46.37.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:fb:af:b1:b3:31:02:b8:d5:c0:a5:ed:07:6a:08:23:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Apr  3 12:45:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb1eafaa00879cf4175c216771f79969bf8eb4db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:36:35:43:1f:0d:ed:a3:0d:88:8d:a1:5d:74:
                    7c:7b:97:bf:1a:57:ef:e9:7e:d3:1b:fa:53:1e:05:
                    7b:37:8a:56:10:9b:1f:ee:7a:6e:78:ce:8d:e9:f6:
                    ff:9b:88:8c:4a:55:d5:37:4d:e9:f4:f6:59:00:46:
                    08:8a:2d:49:e6:3b:f3:f1:85:04:31:74:52:13:67:
                    bf:0d:6e:1e:ba:34:f4:82:d0:9e:9d:17:36:88:e2:
                    ef:df:ce:69:8e:5f:ec:1f:61:1a:de:d1:6f:37:f2:
                    c5:28:bb:a9:40:8e:f7:1b:7b:ab:de:e2:33:61:1c:
                    d3:30:76:39:6d:88:20:04:f9:84:06:63:7c:b4:ae:
                    52:b6:94:41:be:bc:24:0f:2e:2b:2f:dd:19:85:b8:
                    ca:bd:3d:98:84:e0:af:39:59:8b:f1:b1:61:95:d6:
                    98:ce:3b:8c:f8:8e:66:94:3b:f3:16:71:5f:fc:a1:
                    c1:14:a3:42:84:0a:01:27:55:47:d6:16:18:3b:ef:
                    29:d2:40:f3:0d:43:d9:22:5f:8b:f9:10:44:05:f0:
                    fd:fc:b5:55:9b:ef:71:a7:49:11:ae:c1:98:47:7b:
                    2f:66:81:b4:49:1b:d8:a2:ab:18:5d:73:79:5b:79:
                    46:e0:48:2d:b9:a1:28:bd:0d:40:3f:6e:b0:75:32:
                    a2:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:1E:AF:AA:00:87:9C:F4:17:5C:21:67:71:F7:99:69:BF:8E:B4:DB
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/6x6vqgCHnPQXXCFncfeZab-OtNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:06:b6:01:c3:a9:16:39:67:a4:98:cb:62:10:46:06:d9:41:
         15:e8:e2:68:1a:56:ee:e9:b4:3a:c6:f5:0a:6f:04:3a:50:66:
         ac:90:b2:0f:09:9b:c0:0b:58:91:30:04:8a:61:22:d2:35:69:
         fa:b3:24:74:b9:4c:04:62:43:61:a9:a2:eb:5f:74:de:48:ac:
         90:68:c7:c2:f8:08:ab:99:69:e2:83:e6:9e:34:06:92:77:c8:
         b2:a0:78:d4:2a:7e:73:f0:51:cf:93:ea:e9:c3:b2:41:d6:33:
         a3:62:f3:12:53:20:cc:4b:44:99:a2:3c:fa:ae:2e:b9:1a:18:
         66:93:a5:e8:64:e9:a9:37:55:ae:df:27:ac:59:39:8d:74:fd:
         7e:1e:68:89:6a:1b:44:25:79:b6:a0:17:d1:c0:8f:6f:bc:30:
         a2:3b:eb:b7:a9:d0:31:8e:4b:e1:3a:cc:f8:f8:7e:b5:d5:c5:
         d8:99:18:11:2c:32:9e:36:66:b1:a8:3a:9e:36:3b:ad:71:f1:
         87:d1:e7:c2:37:e1:7a:7d:12:37:42:82:a6:4a:82:12:48:6a:
         0d:c9:d7:3e:84:1d:7d:12:ab:f2:d3:1e:73:d5:cb:a7:33:7b:
         35:bd:cf:e8:94:c1:30:54:59:88:c9:97:8b:b6:59:2b:45:fa:
         ab:f0:d8:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZX7r7GzMQK41cCl7QdqCCMCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwNDAzMTI0NTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjFlYWZhYTAwODc5Y2Y0MTc1YzIxNjc3MWY3OTk2OWJmOGViNGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTY1Qx8N7aMNiI2hXXR8e5e/Glfv
6X7TG/pTHgV7N4pWEJsf7npueM6N6fb/m4iMSlXVN03p9PZZAEYIii1J5jvz8YUE
MXRSE2e/DW4eujT0gtCenRc2iOLv385pjl/sH2Ea3tFvN/LFKLupQI73G3ur3uIz
YRzTMHY5bYggBPmEBmN8tK5StpRBvrwkDy4rL90ZhbjKvT2YhOCvOVmL8bFhldaY
zjuM+I5mlDvzFnFf/KHBFKNChAoBJ1VH1hYYO+8p0kDzDUPZIl+L+RBEBfD9/LVV
m+9xp0kRrsGYR3svZoG0SRvYoqsYXXN5W3lG4EgtuaEovQ1AP26wdTKibQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOser6oAh5z0F1whZ3H3mWm/jrTbMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvNng2dnFnQ0huUFFYWENGbmNmZVphYi1PdE5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiV1MA0G
CSqGSIb3DQEBCwUAA4IBAQC3BrYBw6kWOWekmMtiEEYG2UEV6OJoGlbu6bQ6xvUK
bwQ6UGaskLIPCZvAC1iRMASKYSLSNWn6syR0uUwEYkNhqaLrX3TeSKyQaMfC+Air
mWnig+aeNAaSd8iyoHjUKn5z8FHPk+rpw7JB1jOjYvMSUyDMS0SZojz6ri65Ghhm
k6XoZOmpN1Wu3yesWTmNdP1+HmiJahtEJXm2oBfRwI9vvDCiO+u3qdAxjkvhOsz4
+H611cXYmRgRLDKeNmaxqDqeNjutcfGH0efCN+F6fRI3QoKmSoISSGoNydc+hB19
Eqvy0x5z1cunM3s1vc/olMEwVFmIyZeLtlkrRfqr8Nix
-----END CERTIFICATE-----