Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/DEhE_ypiBE06kNcR8dcJl852_o0.roa
File:                     DEhE_ypiBE06kNcR8dcJl852_o0.roa (raw, json)
Hash identifier:          HEfWjNNUWJB/xXURsfKkp+P3LFzpYaEky6LDs3aHYZM=
Subject key identifier:   0C:48:44:FF:2A:62:04:4D:3A:90:D7:11:F1:D7:09:97:CE:76:FE:8D
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       019426D8585590C1EBF0D7CF52C0A120C24B
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/DEhE_ypiBE06kNcR8dcJl852_o0.roa
Signing time:             Thu 02 Jan 2025 11:48:20 +0000
ROA not before:           Thu 02 Jan 2025 11:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204316
IP address blocks:        46.37.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:58:55:90:c1:eb:f0:d7:cf:52:c0:a1:20:c2:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  2 11:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c4844ff2a62044d3a90d711f1d70997ce76fe8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:00:ad:90:c4:01:bb:20:c3:e0:d0:d2:75:c6:
                    eb:81:df:0e:4b:4d:67:6a:ef:a0:41:f0:f9:4b:55:
                    11:51:d3:ea:58:a4:19:b5:89:d6:d6:60:cf:58:50:
                    07:1e:05:72:7c:0b:20:b3:a5:68:85:d7:e5:84:09:
                    cc:eb:c5:75:7e:bb:14:6c:37:2e:6f:84:a6:27:c6:
                    62:3a:83:02:fa:fe:5d:a3:2d:56:8d:5d:33:21:51:
                    2e:32:f0:cd:8c:8e:68:0e:1a:65:87:be:66:e1:e7:
                    d6:82:da:f8:5f:70:5d:13:cb:88:f3:66:a2:fd:96:
                    d7:85:b7:d1:cb:a9:31:12:e6:7c:6e:c1:cd:4c:c9:
                    e3:c8:aa:d9:39:01:09:ed:48:d1:6c:89:98:e9:e9:
                    56:05:42:00:3f:a0:49:29:72:f0:59:9d:a3:2a:4a:
                    07:54:0e:85:8a:5a:51:b9:20:8a:33:50:17:20:55:
                    08:c5:e8:bc:29:56:55:6a:ab:b8:2f:c6:8a:ac:3e:
                    cc:c7:ca:95:d1:9a:8d:80:19:c6:1a:ce:4e:f0:fa:
                    f7:d6:99:bd:0b:1b:f0:e7:a0:47:38:9b:06:2b:ae:
                    2a:01:dc:da:db:18:83:ac:20:4a:ef:d8:b8:4b:a5:
                    7d:99:12:9a:7e:95:ac:3b:14:a3:30:5a:3c:f4:f8:
                    db:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:48:44:FF:2A:62:04:4D:3A:90:D7:11:F1:D7:09:97:CE:76:FE:8D
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/DEhE_ypiBE06kNcR8dcJl852_o0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:1a:cf:eb:71:15:f4:ee:48:5d:d9:6d:97:ff:1f:e1:da:ea:
         a8:ec:96:8d:3f:d4:89:7e:bf:9b:31:3c:c9:e1:01:d8:c8:67:
         a0:cd:07:3c:b6:20:d5:ae:96:80:ea:e8:fa:e2:b6:dd:3e:d4:
         da:3d:bf:3d:5d:43:81:29:7d:4c:5b:85:0c:8e:a1:31:dd:6d:
         d6:09:0b:59:f9:a5:f0:54:42:fa:7f:d9:2d:02:22:2c:9c:99:
         9a:39:1e:d3:8d:e3:a8:c3:c7:e8:cf:92:a6:db:32:0c:57:f7:
         7b:2a:78:66:e5:b5:0c:e7:44:f9:24:0b:37:cf:f7:76:ce:c0:
         a8:8c:2e:be:7a:3a:f6:66:50:26:50:c7:97:31:41:40:f4:2a:
         08:4a:5a:2f:2e:a6:a7:c7:dd:60:c6:50:cf:dd:58:39:41:99:
         ae:f2:bf:cf:76:36:36:87:bf:88:cf:e8:45:9d:05:1b:c2:53:
         ec:bd:c6:b0:04:a0:c8:a7:5d:63:c7:c5:2f:38:30:20:cc:61:
         cd:76:11:85:bf:38:f3:0c:c8:4a:2a:5d:39:91:bb:7c:0f:d7:
         49:a5:4f:0b:d7:32:35:80:93:f8:8b:09:72:85:dc:72:70:a9:
         a2:9d:95:6e:26:d5:9b:95:9b:2d:76:47:f5:5a:28:45:fb:98:
         55:67:ec:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2FhVkMHr8NfPUsChIMJLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwMTAyMTE0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzQ4NDRmZjJhNjIwNDRkM2E5MGQ3MTFmMWQ3MDk5N2NlNzZmZThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0QCtkMQBuyDD4NDSdcbrgd8OS01n
au+gQfD5S1URUdPqWKQZtYnW1mDPWFAHHgVyfAsgs6VohdflhAnM68V1frsUbDcu
b4SmJ8ZiOoMC+v5doy1WjV0zIVEuMvDNjI5oDhplh75m4efWgtr4X3BdE8uI82ai
/ZbXhbfRy6kxEuZ8bsHNTMnjyKrZOQEJ7UjRbImY6elWBUIAP6BJKXLwWZ2jKkoH
VA6FilpRuSCKM1AXIFUIxei8KVZVaqu4L8aKrD7Mx8qV0ZqNgBnGGs5O8Pr31pm9
Cxvw56BHOJsGK64qAdza2xiDrCBK79i4S6V9mRKafpWsOxSjMFo89PjbdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAxIRP8qYgRNOpDXEfHXCZfOdv6NMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvREVoRV95cGlCRTA2a05jUjhkY0psODUyX28wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVoMA0G
CSqGSIb3DQEBCwUAA4IBAQCLGs/rcRX07khd2W2X/x/h2uqo7JaNP9SJfr+bMTzJ
4QHYyGegzQc8tiDVrpaA6uj64rbdPtTaPb89XUOBKX1MW4UMjqEx3W3WCQtZ+aXw
VEL6f9ktAiIsnJmaOR7TjeOow8foz5Km2zIMV/d7Knhm5bUM50T5JAs3z/d2zsCo
jC6+ejr2ZlAmUMeXMUFA9CoISlovLqanx91gxlDP3Vg5QZmu8r/PdjY2h7+Iz+hF
nQUbwlPsvcawBKDIp11jx8UvODAgzGHNdhGFvzjzDMhKKl05kbt8D9dJpU8L1zI1
gJP4iwlyhdxycKminZVuJtWblZstdkf1WihF+5hVZ+yY
-----END CERTIFICATE-----