Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/W3Wu3UTi9jx16QwCwWUHmH3fDLs.roa
File:                     W3Wu3UTi9jx16QwCwWUHmH3fDLs.roa (raw, json)
Hash identifier:          QdgcaKghoj5O1OZe6qAQMPAEr/gIVQdC0zQ3tLXL4Hw=
Subject key identifier:   5B:75:AE:DD:44:E2:F6:3C:75:E9:0C:02:C1:65:07:98:7D:DF:0C:BB
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       0196E21A8350BAB2066D46A2882685D9B655
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/W3Wu3UTi9jx16QwCwWUHmH3fDLs.roa
Signing time:             Sun 18 May 2025 06:35:10 +0000
ROA not before:           Sun 18 May 2025 06:35:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     149766
IP address blocks:        46.37.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e2:1a:83:50:ba:b2:06:6d:46:a2:88:26:85:d9:b6:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: May 18 06:35:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b75aedd44e2f63c75e90c02c16507987ddf0cbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:20:34:98:01:73:76:38:fe:44:63:68:83:b2:
                    7b:f7:dd:b7:cd:0c:ee:e4:e6:f7:8e:47:ed:6e:5f:
                    3a:07:d1:c9:68:ca:ca:72:e8:5b:28:6b:47:43:93:
                    5e:57:85:05:de:96:02:c0:50:db:8d:bf:e9:e2:66:
                    d9:c9:b9:36:b5:d3:d9:84:d1:5f:b4:ac:9d:8f:17:
                    a4:28:3e:b9:7e:b4:91:87:f5:fc:5c:b9:56:9f:1a:
                    b7:9b:bf:f6:29:da:cf:a3:b6:61:23:39:c0:25:59:
                    31:e1:3d:25:21:aa:1a:5a:1e:1a:9b:d4:56:c2:e4:
                    37:db:66:f0:c8:bd:c2:97:77:cc:2c:0d:ac:65:1f:
                    23:99:d6:27:f9:f7:bd:07:05:0a:a6:91:d2:d4:77:
                    63:3d:3d:49:fa:56:6e:fa:42:28:e7:4a:14:1b:af:
                    93:ac:77:b8:73:4e:9d:4e:1b:74:7c:7c:e3:6c:25:
                    00:ae:ca:c9:f5:fd:23:30:09:a9:c1:c8:cf:7a:ec:
                    14:1e:b1:56:1e:53:07:9c:8a:83:d4:a6:69:b7:2f:
                    1d:58:e5:6d:88:c6:7a:1d:85:ee:d8:23:f4:5f:96:
                    2c:05:31:ec:81:15:0a:7f:7a:d9:dd:32:d7:6f:bd:
                    14:21:0c:a8:d4:0a:41:48:c7:eb:a5:5f:c7:e6:48:
                    f8:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:75:AE:DD:44:E2:F6:3C:75:E9:0C:02:C1:65:07:98:7D:DF:0C:BB
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/W3Wu3UTi9jx16QwCwWUHmH3fDLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:d6:41:79:54:6e:41:1e:45:b3:a7:5f:3d:42:e4:f5:55:36:
         14:ef:ea:12:7b:b9:45:37:b3:9a:89:45:b2:e2:a2:fa:42:d0:
         77:fd:5f:75:38:1e:83:36:63:40:60:a2:5e:9b:61:66:4d:06:
         41:4c:98:7c:79:e5:e1:fd:87:fd:75:c0:b8:7b:23:5b:f8:88:
         df:63:03:70:04:48:69:1c:a3:a0:65:b2:a9:d8:a5:d7:71:ad:
         57:f1:16:be:77:fd:f0:d9:29:ea:74:be:93:3b:7c:a0:66:0c:
         3b:12:62:38:8c:64:97:76:d7:5d:61:53:63:bd:99:8d:32:90:
         f7:ac:ac:5a:b8:71:4f:c9:02:f2:3c:2c:fe:57:46:6e:f2:54:
         6c:a4:f9:78:19:5e:51:6d:33:e6:d8:10:ce:b6:1d:5b:25:9b:
         1d:58:fe:3a:c0:c5:b7:ad:89:cd:55:ad:2f:35:1f:4e:2b:72:
         ba:b2:53:9f:b0:4c:06:af:32:b0:aa:e7:1e:eb:9a:fa:3c:78:
         61:6c:e1:11:26:7c:35:49:6e:0d:a6:a9:12:b1:f9:36:7a:0f:
         74:c5:da:1e:c9:98:a3:c1:1b:75:97:e4:e3:5e:af:27:87:7f:
         e4:6b:1f:10:64:d1:09:4c:90:cb:7a:2c:95:da:a9:47:d3:f0:
         b9:d7:0d:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbiGoNQurIGbUaiiCaF2bZVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwNTE4MDYzNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yjc1YWVkZDQ0ZTJmNjNjNzVlOTBjMDJjMTY1MDc5ODdkZGYwY2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2CA0mAFzdjj+RGNog7J79923zQzu
5Ob3jkftbl86B9HJaMrKcuhbKGtHQ5NeV4UF3pYCwFDbjb/p4mbZybk2tdPZhNFf
tKydjxekKD65frSRh/X8XLlWnxq3m7/2KdrPo7ZhIznAJVkx4T0lIaoaWh4am9RW
wuQ322bwyL3Cl3fMLA2sZR8jmdYn+fe9BwUKppHS1HdjPT1J+lZu+kIo50oUG6+T
rHe4c06dTht0fHzjbCUArsrJ9f0jMAmpwcjPeuwUHrFWHlMHnIqD1KZpty8dWOVt
iMZ6HYXu2CP0X5YsBTHsgRUKf3rZ3TLXb70UIQyo1ApBSMfrpV/H5kj4UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFt1rt1E4vY8dekMAsFlB5h93wy7MB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvVzNXdTNVVGk5angxNlF3Q3dXVUhtSDNmRExzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiV5MA0G
CSqGSIb3DQEBCwUAA4IBAQAF1kF5VG5BHkWzp189QuT1VTYU7+oSe7lFN7OaiUWy
4qL6QtB3/V91OB6DNmNAYKJem2FmTQZBTJh8eeXh/Yf9dcC4eyNb+IjfYwNwBEhp
HKOgZbKp2KXXca1X8Ra+d/3w2SnqdL6TO3ygZgw7EmI4jGSXdtddYVNjvZmNMpD3
rKxauHFPyQLyPCz+V0Zu8lRspPl4GV5RbTPm2BDOth1bJZsdWP46wMW3rYnNVa0v
NR9OK3K6slOfsEwGrzKwquce65r6PHhhbOERJnw1SW4NpqkSsfk2eg90xdoeyZij
wRt1l+TjXq8nh3/kax8QZNEJTJDLeiyV2qlH0/C51w1p
-----END CERTIFICATE-----