Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/CLOCScT-PPckvZAMpPt4dXonjGw.roa
File:                     CLOCScT-PPckvZAMpPt4dXonjGw.roa (raw, json)
Hash identifier:          kaDZG1c2ZUGekzfOiwmjGKkXu1v8wH6Kp+oKfX1YwEw=
Subject key identifier:   08:B3:82:49:C4:FE:3C:F7:24:BD:90:0C:A4:FB:78:75:7A:27:8C:6C
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       01990B223AFC6E1F9869350CFBAD1A69D6B9
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/CLOCScT-PPckvZAMpPt4dXonjGw.roa
Signing time:             Tue 02 Sep 2025 15:53:36 +0000
ROA not before:           Tue 02 Sep 2025 15:53:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        46.37.99.0/24 maxlen: 24
                          46.37.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Sep 2025 21:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0b:22:3a:fc:6e:1f:98:69:35:0c:fb:ad:1a:69:d6:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Sep  2 15:53:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08b38249c4fe3cf724bd900ca4fb78757a278c6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:51:25:a3:33:c5:cb:0b:f0:eb:98:33:72:c2:
                    c3:e6:fa:2e:8e:7e:6e:77:05:e0:e3:33:d5:b6:08:
                    f6:05:15:70:c2:ff:c8:9b:18:7f:45:60:3c:9e:6d:
                    fa:cc:90:79:db:78:6b:49:e8:89:33:e9:a6:05:b5:
                    91:12:17:0b:d4:8c:35:24:77:87:5b:d0:51:da:b5:
                    ac:97:b6:f4:33:4e:2c:ff:90:e3:a5:51:85:c7:58:
                    8b:96:e1:18:8e:61:b3:87:8c:c1:19:bd:fc:26:f9:
                    17:be:9f:44:b7:99:74:3f:61:1d:db:ef:d2:a9:8c:
                    07:ce:7c:f8:4e:f4:71:64:87:de:7c:b4:bb:e0:09:
                    12:32:4f:20:15:8e:8c:f0:0e:28:8d:53:00:84:be:
                    13:6c:dc:ac:4a:cb:bf:b3:09:df:fe:2b:7b:56:bf:
                    31:d9:97:b5:1a:7c:a0:7d:ac:c8:8e:ad:4f:b7:d0:
                    6a:ae:cb:b0:26:29:72:5a:fd:f1:61:7f:12:8e:93:
                    d4:7d:6b:a6:f3:6f:40:be:9f:95:be:73:6d:58:86:
                    e7:65:f4:85:1b:19:df:a4:53:60:77:12:e7:38:3e:
                    3e:9a:30:5e:76:f6:24:0a:d8:39:1f:da:a4:30:68:
                    e4:65:a6:45:59:40:b3:9a:6f:db:9d:8c:60:a2:cf:
                    b8:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:B3:82:49:C4:FE:3C:F7:24:BD:90:0C:A4:FB:78:75:7A:27:8C:6C
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/CLOCScT-PPckvZAMpPt4dXonjGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.99.0/24
                  46.37.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:8e:94:cd:a9:71:63:e5:1a:37:ec:19:0d:1f:57:73:01:47:
         84:08:bc:ff:e8:3b:e4:1a:6f:59:08:3b:d5:b5:3a:0b:4c:5f:
         14:21:58:fb:e3:dd:52:ce:50:76:6e:8f:4f:0c:a7:87:ba:90:
         39:06:56:94:d2:84:40:fd:41:d0:6d:94:88:23:6a:7d:64:9f:
         9c:99:5a:9f:5b:79:f1:ce:2f:e9:e2:ec:f1:4e:07:c7:75:0d:
         98:8b:ea:4d:c4:97:c6:22:68:5f:3a:9b:37:ba:b6:fe:91:80:
         32:30:2b:87:79:4f:b7:a6:30:3f:5f:f0:8b:a7:34:f2:6d:f0:
         86:71:b4:2c:5e:02:21:d5:7b:cb:59:a6:28:0d:19:55:d0:01:
         62:af:e4:0c:3e:dd:21:86:6c:ab:44:be:7b:63:ea:b5:b9:9b:
         bb:e3:a2:fe:d8:e9:d7:cc:46:be:0f:c8:76:de:a4:44:1d:5b:
         a8:32:40:28:36:b1:f5:bf:f6:bc:36:58:71:8c:68:76:bf:fb:
         e6:6e:79:37:f9:5c:4d:a4:85:fc:58:82:12:cc:9f:ab:38:30:
         8e:97:b8:0b:b6:74:b7:22:b1:06:eb:3b:7d:df:01:27:fc:f5:
         17:fb:80:72:95:f8:56:6f:0d:5b:f3:b7:61:7d:1f:f3:67:e7:
         60:4d:8c:c6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkLIjr8bh+YaTUM+60aada5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwOTAyMTU1MzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGIzODI0OWM0ZmUzY2Y3MjRiZDkwMGNhNGZiNzg3NTdhMjc4YzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4FElozPFywvw65gzcsLD5voujn5u
dwXg4zPVtgj2BRVwwv/Imxh/RWA8nm36zJB523hrSeiJM+mmBbWREhcL1Iw1JHeH
W9BR2rWsl7b0M04s/5DjpVGFx1iLluEYjmGzh4zBGb38JvkXvp9Et5l0P2Ed2+/S
qYwHznz4TvRxZIfefLS74AkSMk8gFY6M8A4ojVMAhL4TbNysSsu/swnf/it7Vr8x
2Ze1GnygfazIjq1Pt9BqrsuwJilyWv3xYX8SjpPUfWum829Avp+VvnNtWIbnZfSF
GxnfpFNgdxLnOD4+mjBedvYkCtg5H9qkMGjkZaZFWUCzmm/bnYxgos+4cwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAizgknE/jz3JL2QDKT7eHV6J4xsMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvQ0xPQ1NjVC1QUGNrdlpBTXBQdDRkWG9uakd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALiVjAwQA
LiV0MA0GCSqGSIb3DQEBCwUAA4IBAQBfjpTNqXFj5Ro37BkNH1dzAUeECLz/6Dvk
Gm9ZCDvVtToLTF8UIVj7491SzlB2bo9PDKeHupA5BlaU0oRA/UHQbZSII2p9ZJ+c
mVqfW3nxzi/p4uzxTgfHdQ2Yi+pNxJfGImhfOps3urb+kYAyMCuHeU+3pjA/X/CL
pzTybfCGcbQsXgIh1XvLWaYoDRlV0AFir+QMPt0hhmyrRL57Y+q1uZu746L+2OnX
zEa+D8h23qREHVuoMkAoNrH1v/a8NlhxjGh2v/vmbnk3+VxNpIX8WIISzJ+rODCO
l7gLtnS3IrEG6zt93wEn/PUX+4BylfhWbw1b87dhfR/zZ+dgTYzG
-----END CERTIFICATE-----