Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/SxQiwl9wBCssmwPLiGBIskaNcHU.roa
File:                     SxQiwl9wBCssmwPLiGBIskaNcHU.roa (raw, json)
Hash identifier:          JHWP1S2txDI9Eyb7YHcVGUvbqcHn/f8GMdaq9f/MpLc=
Subject key identifier:   4B:14:22:C2:5F:70:04:2B:2C:9B:03:CB:88:60:48:B2:46:8D:70:75
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       018CC348BAE5DBBE8770614076E031972A18
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/SxQiwl9wBCssmwPLiGBIskaNcHU.roa
Signing time:             Mon 01 Jan 2024 04:29:32 +0000
ROA not before:           Mon 01 Jan 2024 04:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     132244
IP address blocks:        46.37.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 19:03:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ba:e5:db:be:87:70:61:40:76:e0:31:97:2a:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  1 04:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b1422c25f70042b2c9b03cb886048b2468d7075
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:22:1c:11:37:0b:ae:b3:55:24:2d:7f:96:45:
                    b1:a7:0b:1d:f9:a5:27:bc:45:03:14:54:fd:9e:e6:
                    a9:1a:ab:3d:ff:9f:1d:ca:df:ec:a3:b7:b7:89:56:
                    2c:0a:16:68:12:f6:d9:38:71:97:f1:e7:85:59:cc:
                    45:1b:a9:e7:ee:45:a1:25:82:1e:0c:1a:77:5c:79:
                    d4:af:b2:23:47:eb:21:9d:8f:12:8c:9c:01:e0:d4:
                    9d:36:98:ec:cf:b5:6c:ab:5b:ef:07:f7:ef:25:67:
                    3e:0e:74:92:b0:84:5e:9c:81:4b:a0:74:60:32:90:
                    52:50:f2:a4:fd:1d:3e:f3:14:1f:f4:58:18:d3:58:
                    10:de:45:0e:09:cb:40:72:12:00:91:35:51:b5:51:
                    df:ae:4d:5c:02:c8:9b:0a:46:07:ed:17:4a:1c:3e:
                    05:56:6b:11:4a:e2:af:3e:ee:8a:59:db:d3:c4:49:
                    8e:26:86:39:3d:3c:1b:30:c0:d1:aa:b3:62:90:db:
                    5d:20:b5:a6:98:d6:66:a3:b8:ba:48:3b:f7:54:61:
                    37:e9:e1:62:ce:8a:f5:6e:7f:21:06:42:9a:24:f6:
                    13:90:86:29:70:71:5b:59:75:70:18:38:e4:0f:37:
                    82:28:22:99:62:1a:64:dd:66:82:e3:e1:28:20:26:
                    9e:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:14:22:C2:5F:70:04:2B:2C:9B:03:CB:88:60:48:B2:46:8D:70:75
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/SxQiwl9wBCssmwPLiGBIskaNcHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:08:c8:5b:df:2f:4b:19:82:6f:f7:4d:ac:7f:6f:2e:2a:75:
         62:04:ec:9c:69:c0:0b:7b:f4:3f:c8:fe:79:6f:ea:ac:d3:e5:
         a1:a4:57:f7:61:46:85:3e:90:db:9b:c7:2d:dc:f1:08:ca:6f:
         ab:9e:99:70:9a:33:d4:ee:6e:97:33:3b:ce:f2:9c:b9:26:d3:
         f4:66:5d:a1:17:2c:e9:f9:a3:58:3b:04:c2:f5:0d:da:aa:09:
         58:22:fc:f7:29:d7:09:11:87:38:a5:02:8f:e4:ea:13:fd:ba:
         27:c4:0f:98:30:5c:59:05:0b:5a:41:a4:f8:3d:06:b4:bc:ed:
         37:2b:4e:6e:b8:a8:4d:86:47:f5:72:10:38:3c:1d:f9:44:9b:
         4f:32:c4:da:5b:60:7d:b9:b0:6e:b3:aa:a4:34:26:be:04:da:
         0f:15:81:0b:22:b2:c8:29:e3:05:78:a8:65:c1:73:33:1f:a8:
         2f:53:70:f0:e1:d2:b5:aa:a5:26:fe:64:b2:54:f2:0a:8c:8d:
         d6:49:1c:20:c2:92:45:aa:56:b6:96:89:10:7e:ac:99:e7:f7:
         8b:de:d1:e9:3a:c3:2d:15:52:4b:05:d4:19:bf:dd:33:02:99:
         e5:da:db:26:7d:b1:c8:af:0d:28:0b:24:67:4c:2e:87:66:38:
         33:38:90:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSLrl276HcGFAduAxlyoYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjQwMTAxMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjE0MjJjMjVmNzAwNDJiMmM5YjAzY2I4ODYwNDhiMjQ2OGQ3MDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCIcETcLrrNVJC1/lkWxpwsd+aUn
vEUDFFT9nuapGqs9/58dyt/so7e3iVYsChZoEvbZOHGX8eeFWcxFG6nn7kWhJYIe
DBp3XHnUr7IjR+shnY8SjJwB4NSdNpjsz7Vsq1vvB/fvJWc+DnSSsIRenIFLoHRg
MpBSUPKk/R0+8xQf9FgY01gQ3kUOCctAchIAkTVRtVHfrk1cAsibCkYH7RdKHD4F
VmsRSuKvPu6KWdvTxEmOJoY5PTwbMMDRqrNikNtdILWmmNZmo7i6SDv3VGE36eFi
zor1bn8hBkKaJPYTkIYpcHFbWXVwGDjkDzeCKCKZYhpk3WaC4+EoICaemQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEsUIsJfcAQrLJsDy4hgSLJGjXB1MB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvU3hRaXdsOXdCQ3NzbXdQTGlHQklza2FOY0hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVhMA0G
CSqGSIb3DQEBCwUAA4IBAQCFCMhb3y9LGYJv902sf28uKnViBOycacALe/Q/yP55
b+qs0+WhpFf3YUaFPpDbm8ct3PEIym+rnplwmjPU7m6XMzvO8py5JtP0Zl2hFyzp
+aNYOwTC9Q3aqglYIvz3KdcJEYc4pQKP5OoT/bonxA+YMFxZBQtaQaT4PQa0vO03
K05uuKhNhkf1chA4PB35RJtPMsTaW2B9ubBus6qkNCa+BNoPFYELIrLIKeMFeKhl
wXMzH6gvU3Dw4dK1qqUm/mSyVPIKjI3WSRwgwpJFqla2lokQfqyZ5/eL3tHpOsMt
FVJLBdQZv90zApnl2tsmfbHIrw0oCyRnTC6HZjgzOJD3
-----END CERTIFICATE-----