Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/JKO6fIjUEYyBk-Sia7vXj0dTzSU.roa
File:                     JKO6fIjUEYyBk-Sia7vXj0dTzSU.roa (raw, json)
Hash identifier:          ghCEJVwJqXd+K5WaV+vy/4r9/rFrl4q6B161J8wEP+s=
Subject key identifier:   24:A3:BA:7C:88:D4:11:8C:81:93:E4:A2:6B:BB:D7:8F:47:53:CD:25
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       01933A33C09F55C6887905E8809AF12EEE2A
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/JKO6fIjUEYyBk-Sia7vXj0dTzSU.roa
Signing time:             Sun 17 Nov 2024 12:58:10 +0000
ROA not before:           Sun 17 Nov 2024 12:58:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134465
IP address blocks:        46.37.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:3a:33:c0:9f:55:c6:88:79:05:e8:80:9a:f1:2e:ee:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Nov 17 12:58:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24a3ba7c88d4118c8193e4a26bbbd78f4753cd25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:cd:b1:e9:68:0a:d0:b5:11:b2:d1:63:db:e0:
                    d6:d9:83:75:ff:ba:11:8c:14:76:cc:ae:4c:07:2e:
                    36:ba:f6:5c:4b:d5:13:54:d3:fb:c2:76:c7:a2:c8:
                    d5:c8:6e:02:e4:61:99:74:ca:df:69:54:9a:2b:51:
                    89:77:09:d9:17:26:63:ff:6c:74:74:1a:ad:c4:fb:
                    8c:c5:56:9e:f9:4d:ac:99:1d:56:ed:d1:d2:df:ab:
                    81:a0:a6:f8:7e:00:8c:76:90:45:04:2c:b8:5b:35:
                    52:83:79:99:24:87:f1:d7:13:a7:64:1d:e7:89:7f:
                    56:8b:0e:9d:10:c5:d3:15:24:40:a5:a4:8f:71:a2:
                    35:04:c8:69:94:1d:19:84:b2:dc:b2:24:65:cc:7a:
                    21:e2:0a:d0:45:30:a1:2b:f5:9c:5b:71:cd:03:71:
                    b7:92:11:07:71:d6:e1:d9:c3:91:16:6e:ef:ca:8c:
                    62:62:90:17:a7:3c:15:81:ad:55:58:d0:a1:ae:75:
                    39:62:fd:c4:44:9f:ea:ad:b3:5e:dc:f1:1b:f9:89:
                    85:22:49:05:a6:6c:de:3e:b7:ae:e9:64:8c:7f:c2:
                    75:06:85:16:91:41:05:c7:0b:0f:1c:76:ec:60:49:
                    d1:05:78:cd:5d:a6:c2:0f:62:fb:83:bf:2e:71:dd:
                    c8:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:A3:BA:7C:88:D4:11:8C:81:93:E4:A2:6B:BB:D7:8F:47:53:CD:25
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/JKO6fIjUEYyBk-Sia7vXj0dTzSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:2c:ac:de:3d:4f:fb:5e:8f:e9:8b:c7:c8:c8:53:3d:e6:3a:
         ab:94:f4:dd:a8:3a:e6:d4:6a:7c:66:bd:7a:3f:a1:2b:61:d0:
         f8:76:77:3d:3c:cb:a3:01:f7:51:87:f3:96:f1:e8:f2:0d:90:
         a3:26:43:d9:93:af:18:f0:f9:c5:05:28:b6:07:54:e8:b8:2d:
         db:19:4e:7b:10:de:4c:7b:78:e1:85:bb:40:fc:bb:f8:bf:f3:
         59:3a:80:b0:ef:0a:93:06:6a:56:c2:09:36:8e:b9:fc:54:b9:
         02:24:24:7b:0a:77:fb:8d:a2:5e:07:bc:3c:16:ca:6c:f8:ec:
         46:65:b3:2b:09:28:25:50:31:dd:77:3b:84:77:72:16:01:5c:
         b9:0a:57:6c:62:e7:05:68:ab:3c:9b:ed:79:99:f7:aa:7c:de:
         f5:53:0a:47:83:20:78:c7:ee:39:14:5d:5d:f5:63:a6:1f:f5:
         05:91:2e:a3:c4:73:f1:59:98:9e:9e:e0:ed:70:8f:8c:38:99:
         84:81:eb:17:14:46:fb:a6:09:84:bd:5b:4c:67:c7:71:61:75:
         e0:e6:b3:b2:52:8b:d5:d1:c6:fd:52:d6:99:0e:8c:10:de:6a:
         a1:08:b0:34:dc:55:f7:14:0e:b4:2d:c6:e6:65:21:42:d0:f5:
         b2:07:5c:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZM6M8CfVcaIeQXogJrxLu4qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjQxMTE3MTI1ODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGEzYmE3Yzg4ZDQxMThjODE5M2U0YTI2YmJiZDc4ZjQ3NTNjZDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0s2x6WgK0LURstFj2+DW2YN1/7oR
jBR2zK5MBy42uvZcS9UTVNP7wnbHosjVyG4C5GGZdMrfaVSaK1GJdwnZFyZj/2x0
dBqtxPuMxVae+U2smR1W7dHS36uBoKb4fgCMdpBFBCy4WzVSg3mZJIfx1xOnZB3n
iX9Wiw6dEMXTFSRApaSPcaI1BMhplB0ZhLLcsiRlzHoh4grQRTChK/WcW3HNA3G3
khEHcdbh2cORFm7vyoxiYpAXpzwVga1VWNChrnU5Yv3ERJ/qrbNe3PEb+YmFIkkF
pmzePreu6WSMf8J1BoUWkUEFxwsPHHbsYEnRBXjNXabCD2L7g78ucd3I8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCSjunyI1BGMgZPkomu7149HU80lMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvSktPNmZJalVFWXlCay1TaWE3dlhqMGRUelNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiV6MA0G
CSqGSIb3DQEBCwUAA4IBAQAuLKzePU/7Xo/pi8fIyFM95jqrlPTdqDrm1Gp8Zr16
P6ErYdD4dnc9PMujAfdRh/OW8ejyDZCjJkPZk68Y8PnFBSi2B1TouC3bGU57EN5M
e3jhhbtA/Lv4v/NZOoCw7wqTBmpWwgk2jrn8VLkCJCR7Cnf7jaJeB7w8Fsps+OxG
ZbMrCSglUDHddzuEd3IWAVy5CldsYucFaKs8m+15mfeqfN71UwpHgyB4x+45FF1d
9WOmH/UFkS6jxHPxWZienuDtcI+MOJmEgesXFEb7pgmEvVtMZ8dxYXXg5rOyUovV
0cb9UtaZDowQ3mqhCLA03FX3FA60LcbmZSFC0PWyB1z/
-----END CERTIFICATE-----