Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/T_IuZ6Idwt5WwKkbtWPNPQm7ZLs.roa
File:                     T_IuZ6Idwt5WwKkbtWPNPQm7ZLs.roa (raw, json)
Hash identifier:          Uyl84L/mqoMC639+8r0Y0GUuyYAjPCMAh7Wt8Rcr//g=
Subject key identifier:   4F:F2:2E:67:A2:1D:C2:DE:56:C0:A9:1B:B5:63:CD:3D:09:BB:64:BB
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       018CD6341AFB5E126900B4F6CB16939DEEFB
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/T_IuZ6Idwt5WwKkbtWPNPQm7ZLs.roa
Signing time:             Thu 04 Jan 2024 20:39:48 +0000
ROA not before:           Thu 04 Jan 2024 20:39:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211772
IP address blocks:        46.37.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 04:37:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d6:34:1a:fb:5e:12:69:00:b4:f6:cb:16:93:9d:ee:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  4 20:39:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ff22e67a21dc2de56c0a91bb563cd3d09bb64bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:7e:5f:55:cc:13:68:ce:02:25:55:54:13:d3:
                    62:b2:1e:dd:0a:33:a6:97:e9:29:b9:67:9e:ae:d2:
                    b2:32:c8:6a:64:20:73:e5:12:cf:9b:52:cb:b0:dc:
                    57:ae:4d:ae:cc:ae:7b:9e:19:1a:25:3e:bb:f4:ec:
                    67:61:72:f1:62:7c:33:a0:30:f4:e5:c5:cc:32:ff:
                    40:26:99:bd:ed:09:87:40:2c:20:8c:69:1c:dc:44:
                    57:63:45:9b:28:f7:db:f6:62:a0:77:48:d1:f4:f7:
                    4d:ae:40:73:23:98:2a:93:cf:ea:05:17:16:c7:e8:
                    ff:61:f7:ee:eb:90:4e:a3:e6:c3:7a:5a:c3:98:74:
                    1b:72:4c:4f:4a:3f:fa:57:73:03:7e:1e:f0:8f:56:
                    b5:44:c1:37:ad:82:74:c0:05:f6:ab:32:ea:ed:9e:
                    10:32:db:e8:93:12:c0:d9:c0:33:6b:e2:aa:69:3a:
                    4c:00:ec:9b:3a:d7:d0:d2:52:ab:3d:57:ed:e3:8e:
                    1d:28:6b:51:72:e0:09:f3:a9:d0:63:40:4b:5e:17:
                    af:fa:7c:cf:18:b8:3d:f2:65:ff:31:36:27:91:30:
                    75:48:14:25:7e:08:57:fb:b4:40:0a:1c:ef:a1:64:
                    c1:2a:d2:a6:6c:30:25:9c:e9:da:db:dc:1e:15:ad:
                    e8:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:F2:2E:67:A2:1D:C2:DE:56:C0:A9:1B:B5:63:CD:3D:09:BB:64:BB
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/T_IuZ6Idwt5WwKkbtWPNPQm7ZLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:89:0f:76:3c:f8:92:74:e9:bd:a0:cd:12:85:08:03:f9:d0:
         4b:24:f4:72:ee:49:cc:59:3d:af:ca:31:fe:96:1c:62:1f:42:
         e0:f0:40:86:21:d9:24:d2:d9:8f:f1:6b:0d:a7:88:d3:9d:94:
         de:df:80:b1:2b:25:c3:47:98:67:6c:a0:2b:79:83:9a:7c:61:
         57:c6:33:1e:52:40:d4:85:c1:44:f1:7b:14:a9:88:68:3c:6b:
         a5:51:3e:41:b5:6e:3e:fa:7b:91:3b:8b:1c:3f:06:be:8e:0c:
         1b:0c:de:a9:5e:e9:4b:06:8c:1c:8b:59:e4:8e:7f:78:13:93:
         bd:04:25:1a:80:0b:31:73:1d:a2:7f:6e:55:dd:0d:63:bc:fe:
         f9:54:0a:cb:44:d6:04:51:ff:01:1d:2a:d2:7d:e9:e0:c6:b6:
         10:04:5f:6c:90:a4:db:58:37:c1:ea:db:c7:35:d9:ac:7a:e9:
         91:c7:fa:94:d0:ea:71:84:04:e9:cd:96:68:64:dd:f4:ec:b0:
         bf:c0:e1:9b:b5:22:9b:95:4a:19:49:71:81:ac:96:03:a6:d8:
         99:0f:38:b0:e9:9f:0c:51:91:a1:29:73:7b:bf:7a:9f:7e:0e:
         43:8c:83:7c:ff:cb:c4:94:e8:11:17:ef:0a:92:e6:c6:1d:7b:
         e2:84:30:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzWNBr7XhJpALT2yxaTne77MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjQwMTA0MjAzOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmYyMmU2N2EyMWRjMmRlNTZjMGE5MWJiNTYzY2QzZDA5YmI2NGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgH5fVcwTaM4CJVVUE9Nish7dCjOm
l+kpuWeertKyMshqZCBz5RLPm1LLsNxXrk2uzK57nhkaJT679OxnYXLxYnwzoDD0
5cXMMv9AJpm97QmHQCwgjGkc3ERXY0WbKPfb9mKgd0jR9PdNrkBzI5gqk8/qBRcW
x+j/Yffu65BOo+bDelrDmHQbckxPSj/6V3MDfh7wj1a1RME3rYJ0wAX2qzLq7Z4Q
MtvokxLA2cAza+KqaTpMAOybOtfQ0lKrPVft444dKGtRcuAJ86nQY0BLXhev+nzP
GLg98mX/MTYnkTB1SBQlfghX+7RAChzvoWTBKtKmbDAlnOna29weFa3oSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/yLmeiHcLeVsCpG7VjzT0Ju2S7MB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvVF9JdVo2SWR3dDVXd0trYnRXUE5QUW03WkxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiV6MA0G
CSqGSIb3DQEBCwUAA4IBAQAbiQ92PPiSdOm9oM0ShQgD+dBLJPRy7knMWT2vyjH+
lhxiH0Lg8ECGIdkk0tmP8WsNp4jTnZTe34CxKyXDR5hnbKAreYOafGFXxjMeUkDU
hcFE8XsUqYhoPGulUT5BtW4++nuRO4scPwa+jgwbDN6pXulLBowci1nkjn94E5O9
BCUagAsxcx2if25V3Q1jvP75VArLRNYEUf8BHSrSfengxrYQBF9skKTbWDfB6tvH
NdmseumRx/qU0OpxhATpzZZoZN307LC/wOGbtSKblUoZSXGBrJYDptiZDziw6Z8M
UZGhKXN7v3qffg5DjIN8/8vElOgRF+8KkubGHXvihDC6
-----END CERTIFICATE-----