Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/HQYbe_-Sx3CzD3NtTm4sxYbxiY0.roa
File:                     HQYbe_-Sx3CzD3NtTm4sxYbxiY0.roa (raw, json)
Hash identifier:          eotqCZY7+68gCvV7weUhzYf7Y17m9eYTG80yQlvY0og=
Subject key identifier:   1D:06:1B:7B:FF:92:C7:70:B3:0F:73:6D:4E:6E:2C:C5:86:F1:89:8D
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       018DF5FBADCCBD58E15DB4EAFA74B45E4CE1
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/HQYbe_-Sx3CzD3NtTm4sxYbxiY0.roa
Signing time:             Thu 29 Feb 2024 17:48:48 +0000
ROA not before:           Thu 29 Feb 2024 17:48:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59895
IP address blocks:        46.37.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f5:fb:ad:cc:bd:58:e1:5d:b4:ea:fa:74:b4:5e:4c:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Feb 29 17:48:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d061b7bff92c770b30f736d4e6e2cc586f1898d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:a8:db:31:c0:3d:40:8e:89:3b:f7:f5:8b:c9:
                    fc:db:f3:96:0f:76:76:ff:2b:61:81:db:f9:ba:e5:
                    9f:47:d3:c7:8e:b8:18:00:b4:62:2a:44:7e:0b:d7:
                    96:a5:ed:cc:67:9f:7f:91:20:6c:24:8a:83:93:0a:
                    28:fd:e5:67:a7:87:df:80:42:ac:ad:90:f8:95:f6:
                    03:4d:37:ba:6e:da:e5:97:1f:74:69:72:b3:f3:c6:
                    3c:0a:64:e6:bd:c4:95:7f:8c:0a:6b:fc:0b:a0:27:
                    cf:2d:6a:e5:04:70:c2:c7:50:48:8e:18:05:76:0c:
                    f4:7e:5b:1c:b7:9c:f0:f9:5b:f7:3a:01:8c:0b:de:
                    e5:5f:8f:a6:49:6f:3b:12:2f:73:79:04:5c:52:65:
                    f7:5b:80:94:1e:a5:2f:aa:01:53:58:78:7c:4c:13:
                    f3:40:19:71:fd:b4:b1:ab:62:1f:ed:2c:3d:5a:b1:
                    26:29:3b:6d:88:05:94:44:fc:42:0e:19:a8:32:77:
                    a4:cf:3e:89:4e:df:b1:d6:97:ec:4e:5e:53:06:72:
                    31:7f:d6:27:69:1a:19:ae:1e:5c:e5:73:a4:50:93:
                    fa:32:e3:6b:8f:3a:55:e7:41:12:53:ae:8d:6a:97:
                    e2:d7:61:c3:78:4e:a8:5f:f2:4f:c1:e3:7c:44:86:
                    9a:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:06:1B:7B:FF:92:C7:70:B3:0F:73:6D:4E:6E:2C:C5:86:F1:89:8D
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/HQYbe_-Sx3CzD3NtTm4sxYbxiY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:91:2f:92:20:4e:de:cc:25:81:e1:aa:f5:60:0f:9f:33:b3:
         69:91:68:d5:0a:bb:9d:9e:01:4a:7d:cb:45:a9:de:0d:47:04:
         99:33:28:40:9d:95:09:95:22:41:d4:a9:49:c9:7c:b8:00:1e:
         da:0d:b5:6a:1b:f3:bd:45:37:0a:4d:1e:b2:00:d9:5a:44:df:
         8c:82:f7:54:0c:80:6c:ee:81:50:f2:31:fb:35:00:7d:35:4c:
         f2:d7:3b:3d:ea:f0:78:e4:f6:24:d2:f8:13:c6:a5:4a:f4:6f:
         ae:5a:22:bc:e0:0b:3b:5f:68:80:84:35:ee:71:a0:50:b7:49:
         23:1a:69:e5:03:f3:99:e7:bb:ad:bd:05:e7:a3:dd:e2:e0:42:
         f9:d8:3d:97:a0:7b:f2:a9:85:2a:43:98:57:44:61:02:2c:00:
         a2:90:54:ab:c4:e1:d0:7a:c0:a7:5d:3f:5c:6e:87:9c:87:51:
         3c:8c:c3:6b:00:d4:e3:44:7a:8e:88:de:80:5c:4b:33:ac:9e:
         ee:5b:5c:23:70:6d:f3:16:63:6c:2b:40:c2:4f:52:3d:fc:76:
         e0:4a:a0:90:b1:1a:78:47:76:7a:6a:b5:43:0a:1e:ae:da:80:
         0e:99:cd:12:7c:91:36:0a:74:79:74:cb:57:05:26:05:cb:78:
         9b:6c:14:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY31+63MvVjhXbTq+nS0XkzhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjQwMjI5MTc0ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDA2MWI3YmZmOTJjNzcwYjMwZjczNmQ0ZTZlMmNjNTg2ZjE4OThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjajbMcA9QI6JO/f1i8n82/OWD3Z2
/ythgdv5uuWfR9PHjrgYALRiKkR+C9eWpe3MZ59/kSBsJIqDkwoo/eVnp4ffgEKs
rZD4lfYDTTe6btrllx90aXKz88Y8CmTmvcSVf4wKa/wLoCfPLWrlBHDCx1BIjhgF
dgz0flsct5zw+Vv3OgGMC97lX4+mSW87Ei9zeQRcUmX3W4CUHqUvqgFTWHh8TBPz
QBlx/bSxq2If7Sw9WrEmKTttiAWURPxCDhmoMnekzz6JTt+x1pfsTl5TBnIxf9Yn
aRoZrh5c5XOkUJP6MuNrjzpV50ESU66Napfi12HDeE6oX/JPweN8RIaaLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB0GG3v/ksdwsw9zbU5uLMWG8YmNMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvSFFZYmVfLVN4M0N6RDNOdFRtNHN4WWJ4aVkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVuMA0G
CSqGSIb3DQEBCwUAA4IBAQB2kS+SIE7ezCWB4ar1YA+fM7NpkWjVCrudngFKfctF
qd4NRwSZMyhAnZUJlSJB1KlJyXy4AB7aDbVqG/O9RTcKTR6yANlaRN+MgvdUDIBs
7oFQ8jH7NQB9NUzy1zs96vB45PYk0vgTxqVK9G+uWiK84As7X2iAhDXucaBQt0kj
GmnlA/OZ57utvQXno93i4EL52D2XoHvyqYUqQ5hXRGECLACikFSrxOHQesCnXT9c
boech1E8jMNrANTjRHqOiN6AXEszrJ7uW1wjcG3zFmNsK0DCT1I9/HbgSqCQsRp4
R3Z6arVDCh6u2oAOmc0SfJE2CnR5dMtXBSYFy3ibbBQf
-----END CERTIFICATE-----