Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/Q9n5LyWptjtprJQLhllalzNTCQY.roa
File:                     Q9n5LyWptjtprJQLhllalzNTCQY.roa (raw, json)
Hash identifier:          aKQXmD0BQQGmCd8TN0DAeLdmX/uWQC+Je4vTp+GPO8w=
Subject key identifier:   43:D9:F9:2F:25:A9:B6:3B:69:AC:94:0B:86:59:5A:97:33:53:09:06
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       019426D85EA96CDD9583D51710CA1EE3F234
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/Q9n5LyWptjtprJQLhllalzNTCQY.roa
Signing time:             Thu 02 Jan 2025 11:48:21 +0000
ROA not before:           Thu 02 Jan 2025 11:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400040
IP address blocks:        46.37.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:5e:a9:6c:dd:95:83:d5:17:10:ca:1e:e3:f2:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  2 11:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43d9f92f25a9b63b69ac940b86595a9733530906
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:35:2c:4a:df:b8:75:f2:9b:79:6e:83:b1:21:
                    97:71:17:20:89:97:0e:96:04:74:c7:ba:c7:73:1f:
                    e2:59:ec:16:bc:fb:12:e8:e2:26:1a:a4:4e:31:a1:
                    ee:ec:a6:9e:8e:40:7f:12:59:bc:e0:fb:20:34:55:
                    00:b1:88:78:6a:2e:64:b9:93:7c:51:56:a4:4d:20:
                    ed:d9:74:e3:e2:14:cc:d3:38:45:3c:37:7a:52:1c:
                    99:b7:f3:48:0c:99:b4:34:c0:17:6b:d7:be:e9:bc:
                    20:07:30:9f:33:54:cb:40:a5:8d:b0:4a:c8:8e:92:
                    5b:e1:d3:0d:35:7b:5e:79:a0:d9:df:38:0b:de:61:
                    5b:b5:7b:73:14:82:5f:91:c6:9f:4e:ae:1b:24:ae:
                    de:b4:79:18:b7:d9:f6:53:df:37:4e:14:a0:97:f5:
                    30:0b:3c:2e:43:ac:2e:14:dc:9e:1a:3e:40:33:8a:
                    0f:44:73:5f:3e:7f:be:6c:a0:7a:ff:ef:66:d4:b8:
                    f0:c3:c6:9d:bb:75:3c:f4:32:13:1d:31:19:37:68:
                    aa:ed:f6:2b:f6:14:43:5c:c0:99:d5:4d:d3:3b:f1:
                    41:53:a1:79:ee:8f:ef:77:f5:29:06:1a:8f:0d:12:
                    7e:5d:fa:b3:e0:7d:e7:67:a0:a9:3e:c7:0a:07:2b:
                    e4:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:D9:F9:2F:25:A9:B6:3B:69:AC:94:0B:86:59:5A:97:33:53:09:06
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/Q9n5LyWptjtprJQLhllalzNTCQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:bf:93:a3:da:2f:b9:43:48:63:44:00:71:4a:b5:41:bb:51:
         d2:a8:76:91:8a:55:0a:0e:2f:43:f7:bb:6a:d0:b8:97:ec:0b:
         b8:c2:12:50:d7:63:6e:3c:6c:12:2a:9b:0a:b0:6d:78:6f:b7:
         ad:95:4b:a2:3a:e8:52:a8:c6:05:8e:e1:af:4c:e1:26:3e:b9:
         03:9f:7f:b5:9e:d7:81:5b:63:47:b2:8a:b6:2a:86:00:1b:5a:
         86:0f:93:f7:b2:ea:7e:d4:e3:9f:3b:66:20:3d:85:11:a5:ee:
         f5:c8:3e:79:b3:52:f3:8d:70:d2:63:fe:de:31:49:b8:b5:38:
         e7:c8:a7:de:6e:a5:f8:50:18:80:1c:13:45:a8:70:b7:98:54:
         fc:2e:1c:c4:41:f2:95:e5:73:ec:c6:b9:88:35:8a:eb:df:bf:
         f1:a3:08:68:a9:7d:0b:e3:dd:f4:cc:04:c3:fa:44:5f:02:af:
         a3:bb:0e:ad:f1:7f:0e:79:88:f8:be:61:77:c4:18:95:a5:9e:
         10:d2:43:bf:d7:cd:61:c6:43:23:e6:e5:69:46:3b:a1:c1:79:
         ce:fc:2d:13:40:a6:74:b5:92:90:81:ff:c9:c5:0c:26:3c:08:
         48:39:99:df:ab:40:c5:b5:f8:da:75:df:25:8d:ce:f3:49:94:
         ff:b7:bd:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2F6pbN2Vg9UXEMoe4/I0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwMTAyMTE0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2Q5ZjkyZjI1YTliNjNiNjlhYzk0MGI4NjU5NWE5NzMzNTMwOTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTUsSt+4dfKbeW6DsSGXcRcgiZcO
lgR0x7rHcx/iWewWvPsS6OImGqROMaHu7KaejkB/Elm84PsgNFUAsYh4ai5kuZN8
UVakTSDt2XTj4hTM0zhFPDd6UhyZt/NIDJm0NMAXa9e+6bwgBzCfM1TLQKWNsErI
jpJb4dMNNXteeaDZ3zgL3mFbtXtzFIJfkcafTq4bJK7etHkYt9n2U983ThSgl/Uw
CzwuQ6wuFNyeGj5AM4oPRHNfPn++bKB6/+9m1Ljww8adu3U89DITHTEZN2iq7fYr
9hRDXMCZ1U3TO/FBU6F57o/vd/UpBhqPDRJ+Xfqz4H3nZ6CpPscKByvkCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPZ+S8lqbY7aayUC4ZZWpczUwkGMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvUTluNUx5V3B0anRwckpRTGhsbGFsek5UQ1FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVpMA0G
CSqGSIb3DQEBCwUAA4IBAQCuv5Oj2i+5Q0hjRABxSrVBu1HSqHaRilUKDi9D97tq
0LiX7Au4whJQ12NuPGwSKpsKsG14b7etlUuiOuhSqMYFjuGvTOEmPrkDn3+1nteB
W2NHsoq2KoYAG1qGD5P3sup+1OOfO2YgPYURpe71yD55s1LzjXDSY/7eMUm4tTjn
yKfebqX4UBiAHBNFqHC3mFT8LhzEQfKV5XPsxrmINYrr37/xowhoqX0L4930zATD
+kRfAq+juw6t8X8OeYj4vmF3xBiVpZ4Q0kO/181hxkMj5uVpRjuhwXnO/C0TQKZ0
tZKQgf/JxQwmPAhIOZnfq0DFtfjadd8ljc7zSZT/t72F
-----END CERTIFICATE-----