Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/FPjxQ4o4SwR17Rt2SS5L4PwX_zw.roa
File:                     FPjxQ4o4SwR17Rt2SS5L4PwX_zw.roa (raw, json)
Hash identifier:          K48JyPgyTAb4lzNQOhkJXih/OMOra+QPg087+WMsBrM=
Subject key identifier:   14:F8:F1:43:8A:38:4B:04:75:ED:1B:76:49:2E:4B:E0:FC:17:FF:3C
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       019426D84D1FE7396C4040841F74DAB43DD6
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/FPjxQ4o4SwR17Rt2SS5L4PwX_zw.roa
Signing time:             Thu 02 Jan 2025 11:48:17 +0000
ROA not before:           Thu 02 Jan 2025 11:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3356
IP address blocks:        46.37.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 14:35:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:4d:1f:e7:39:6c:40:40:84:1f:74:da:b4:3d:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  2 11:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14f8f1438a384b0475ed1b76492e4be0fc17ff3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:1f:12:45:36:55:de:75:10:4a:36:8e:c7:bf:
                    13:f0:48:75:eb:ef:39:9b:56:25:d3:71:f1:d7:98:
                    c4:37:9b:ae:63:ed:9b:70:2f:c6:19:af:de:49:0e:
                    39:bd:3f:4e:49:e4:5d:d0:6e:34:81:22:ec:c1:27:
                    e9:52:b6:a4:a9:ed:68:29:ec:5a:97:02:9c:de:db:
                    b8:5a:b7:81:e7:73:5d:74:b9:5b:1b:f0:88:55:fb:
                    2a:8d:20:da:04:68:86:0a:1c:b4:f2:d2:42:bf:32:
                    50:f0:cf:70:0e:5f:84:ab:e5:25:8e:0e:20:0d:f0:
                    94:7c:40:91:ac:72:63:2d:4f:49:d9:ca:b4:06:1b:
                    54:e0:1a:f6:32:03:b3:80:eb:f4:08:57:ab:22:64:
                    3f:40:08:a0:ef:b2:21:a0:b9:a6:6c:6c:b9:e6:bd:
                    d0:b7:2c:a5:8c:c1:ae:53:88:40:4c:e1:29:8b:7d:
                    1a:4b:b9:af:4d:91:b2:ee:3b:fb:2c:fb:ac:8a:5e:
                    7e:21:c5:6f:be:24:3e:01:be:7d:e3:9c:94:39:17:
                    64:6c:36:bd:26:4a:87:9c:61:70:7b:b0:25:85:45:
                    16:c7:7a:33:74:d8:fe:fa:3d:d6:d4:2f:00:cf:34:
                    98:99:4f:88:93:52:8a:06:6f:de:b1:0d:f1:0e:0e:
                    7c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:F8:F1:43:8A:38:4B:04:75:ED:1B:76:49:2E:4B:E0:FC:17:FF:3C
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/FPjxQ4o4SwR17Rt2SS5L4PwX_zw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:5a:f1:88:8c:67:9b:55:00:53:d4:6b:97:1f:e3:53:26:c0:
         b6:8f:fe:25:9a:be:5f:2c:08:c4:4c:fd:1d:a6:b0:03:fd:99:
         6a:6c:ac:ff:74:fe:06:84:9f:05:77:f7:4d:27:97:ca:f0:0e:
         51:65:7c:f4:c5:3b:44:04:8a:76:84:9c:df:b6:70:1f:14:06:
         26:8a:9b:d3:32:86:39:dc:70:83:b6:a4:b2:05:d5:9b:03:96:
         9b:e1:5e:37:8a:af:96:cb:0f:cd:84:79:99:24:fb:29:c9:fb:
         80:b4:f6:59:d7:5d:2b:5f:32:d6:fa:c3:13:9c:ea:8a:4b:67:
         22:99:3b:77:81:1b:57:5a:6b:58:1b:1b:51:7e:51:7f:22:2f:
         c9:bd:89:ed:5b:2a:5a:9b:79:38:af:59:c1:8d:a0:de:95:33:
         e1:9b:b6:1a:15:48:33:7f:b7:47:8b:4b:bc:17:6a:10:0a:0f:
         66:d1:ee:7e:ee:4f:18:12:bf:5c:dd:fb:af:1b:c7:fc:02:8a:
         a8:4a:81:44:95:a4:49:39:b0:52:0c:9e:31:75:ae:34:f6:5b:
         c4:b1:8f:71:55:2b:60:65:e8:42:4a:ff:ee:59:bc:30:56:aa:
         ce:a2:46:80:05:70:c0:d8:a7:6d:22:c8:db:68:3b:37:c4:ae:
         46:ef:d4:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2E0f5zlsQECEH3TatD3WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwMTAyMTE0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGY4ZjE0MzhhMzg0YjA0NzVlZDFiNzY0OTJlNGJlMGZjMTdmZjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqx8SRTZV3nUQSjaOx78T8Eh16+85
m1Yl03Hx15jEN5uuY+2bcC/GGa/eSQ45vT9OSeRd0G40gSLswSfpUrakqe1oKexa
lwKc3tu4WreB53NddLlbG/CIVfsqjSDaBGiGChy08tJCvzJQ8M9wDl+Eq+Uljg4g
DfCUfECRrHJjLU9J2cq0BhtU4Br2MgOzgOv0CFerImQ/QAig77IhoLmmbGy55r3Q
tyyljMGuU4hATOEpi30aS7mvTZGy7jv7LPusil5+IcVvviQ+Ab5945yUORdkbDa9
JkqHnGFwe7AlhUUWx3ozdNj++j3W1C8AzzSYmU+Ik1KKBm/esQ3xDg58KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBT48UOKOEsEde0bdkkuS+D8F/88MB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvRlBqeFE0bzRTd1IxN1J0MlNTNUw0UHdYX3p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVpMA0G
CSqGSIb3DQEBCwUAA4IBAQAmWvGIjGebVQBT1GuXH+NTJsC2j/4lmr5fLAjETP0d
prAD/ZlqbKz/dP4GhJ8Fd/dNJ5fK8A5RZXz0xTtEBIp2hJzftnAfFAYmipvTMoY5
3HCDtqSyBdWbA5ab4V43iq+Wyw/NhHmZJPspyfuAtPZZ110rXzLW+sMTnOqKS2ci
mTt3gRtXWmtYGxtRflF/Ii/JvYntWypam3k4r1nBjaDelTPhm7YaFUgzf7dHi0u8
F2oQCg9m0e5+7k8YEr9c3fuvG8f8AoqoSoFElaRJObBSDJ4xda409lvEsY9xVStg
ZehCSv/uWbwwVqrOokaABXDA2KdtIsjbaDs3xK5G79QV
-----END CERTIFICATE-----