Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/NJkAG0smHPwLJvBxd33DEC2x70o.roa
File:                     NJkAG0smHPwLJvBxd33DEC2x70o.roa (raw, json)
Hash identifier:          YFZGhY6FyN085NdJstWBq5YomTP6xa8VqZ7+C0OH62Q=
Subject key identifier:   34:99:00:1B:4B:26:1C:FC:0B:26:F0:71:77:7D:C3:10:2D:B1:EF:4A
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       018CC348BB37B0BFCCCF48E09EAAC796405A
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/NJkAG0smHPwLJvBxd33DEC2x70o.roa
Signing time:             Mon 01 Jan 2024 04:29:32 +0000
ROA not before:           Mon 01 Jan 2024 04:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142111
IP address blocks:        46.37.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 04:37:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:bb:37:b0:bf:cc:cf:48:e0:9e:aa:c7:96:40:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  1 04:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3499001b4b261cfc0b26f071777dc3102db1ef4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e6:03:68:08:fc:25:81:1c:16:77:d3:be:0c:
                    61:ad:2d:82:8e:d5:9e:f2:fa:1c:fd:d0:a8:82:9b:
                    43:64:52:f3:ce:c7:b2:a3:df:2a:93:05:9f:ee:82:
                    f3:f9:23:ae:92:0a:4b:ef:13:e2:fd:b8:72:e5:e0:
                    1d:51:85:68:dd:cf:72:9e:a8:6d:66:e8:c5:5f:4f:
                    f4:3a:fc:ad:3a:1f:ab:dc:53:1e:e0:9f:5f:37:ec:
                    30:84:7e:07:1d:6a:39:c4:d1:6d:11:f6:9e:30:9d:
                    cd:ac:f4:41:af:15:0c:fb:ad:3d:20:2c:ff:5f:6c:
                    7d:95:89:5d:79:16:54:5c:fc:0c:fd:86:e3:20:bb:
                    69:da:a2:d1:0f:7b:c8:27:1c:ee:5c:1f:a2:cf:03:
                    96:37:e9:81:47:90:7a:e1:b9:29:98:79:4a:05:0a:
                    2a:6a:a7:fd:08:84:c1:42:7c:55:8f:84:88:04:30:
                    a3:1b:70:1e:48:05:89:a2:af:89:34:2f:b3:8a:0d:
                    9a:dd:c9:b0:88:b0:fe:71:6f:dc:0d:45:1f:1c:94:
                    19:ae:15:16:18:85:c8:02:70:d4:e8:fd:eb:95:c3:
                    da:86:2c:8c:de:18:a0:f8:1f:98:04:9a:6d:99:32:
                    08:07:7f:c2:7d:e3:b6:93:05:eb:ac:80:08:27:c9:
                    20:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:99:00:1B:4B:26:1C:FC:0B:26:F0:71:77:7D:C3:10:2D:B1:EF:4A
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/NJkAG0smHPwLJvBxd33DEC2x70o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:67:6d:2f:a5:85:a8:e8:63:cd:62:63:73:95:2b:ee:a6:13:
         43:11:3e:d3:4b:9f:02:91:e9:52:4f:fd:f6:e8:2d:dc:7a:16:
         10:c5:66:6b:b1:d3:80:f4:90:71:a7:b9:ca:2c:e9:e3:ed:1d:
         26:75:a4:93:8e:67:4e:56:2f:84:fe:07:4b:ab:15:27:bb:0d:
         f8:7a:40:e2:f9:17:3d:28:95:9d:a5:b1:c8:3c:1a:6e:03:3a:
         12:c0:47:57:05:cc:d0:5d:56:d9:7c:b2:32:6c:63:f3:b2:51:
         11:1e:68:18:8b:7c:7f:16:d0:03:99:d7:a4:69:46:00:5b:f7:
         63:54:6b:60:2e:2c:17:b1:9e:1d:d6:90:3f:79:75:b3:c2:a6:
         45:94:80:59:f2:f6:dc:8a:cd:0d:62:42:c7:ef:51:b2:cf:88:
         ad:c3:d5:ae:3e:48:a4:1e:62:8b:c8:85:3c:bc:a4:89:3c:9c:
         9b:5f:28:8c:f8:d4:2f:9a:89:69:38:da:45:1c:f1:2a:85:bd:
         ba:b9:93:d2:2b:f2:8e:ed:ac:45:63:44:96:c2:7c:6d:e8:36:
         df:ab:17:90:39:84:34:9f:35:d6:ae:5b:0e:c0:9a:b4:d0:82:
         61:0e:6e:2e:d9:91:fd:32:35:a8:0f:b0:a3:46:17:4a:7e:8e:
         79:7f:ab:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSLs3sL/Mz0jgnqrHlkBaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjQwMTAxMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDk5MDAxYjRiMjYxY2ZjMGIyNmYwNzE3NzdkYzMxMDJkYjFlZjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseYDaAj8JYEcFnfTvgxhrS2CjtWe
8voc/dCogptDZFLzzseyo98qkwWf7oLz+SOukgpL7xPi/bhy5eAdUYVo3c9ynqht
ZujFX0/0OvytOh+r3FMe4J9fN+wwhH4HHWo5xNFtEfaeMJ3NrPRBrxUM+609ICz/
X2x9lYldeRZUXPwM/YbjILtp2qLRD3vIJxzuXB+izwOWN+mBR5B64bkpmHlKBQoq
aqf9CITBQnxVj4SIBDCjG3AeSAWJoq+JNC+zig2a3cmwiLD+cW/cDUUfHJQZrhUW
GIXIAnDU6P3rlcPahiyM3hig+B+YBJptmTIIB3/CfeO2kwXrrIAIJ8kgEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSZABtLJhz8CybwcXd9wxAtse9KMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvTkprQUcwc21IUHdMSnZCeGQzM0RFQzJ4NzBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVwMA0G
CSqGSIb3DQEBCwUAA4IBAQBQZ20vpYWo6GPNYmNzlSvuphNDET7TS58CkelST/32
6C3cehYQxWZrsdOA9JBxp7nKLOnj7R0mdaSTjmdOVi+E/gdLqxUnuw34ekDi+Rc9
KJWdpbHIPBpuAzoSwEdXBczQXVbZfLIybGPzslERHmgYi3x/FtADmdekaUYAW/dj
VGtgLiwXsZ4d1pA/eXWzwqZFlIBZ8vbcis0NYkLH71Gyz4itw9WuPkikHmKLyIU8
vKSJPJybXyiM+NQvmolpONpFHPEqhb26uZPSK/KO7axFY0SWwnxt6DbfqxeQOYQ0
nzXWrlsOwJq00IJhDm4u2ZH9MjWoD7CjRhdKfo55f6sN
-----END CERTIFICATE-----