Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/XDQYkplGvEwobT9wL6phiHMawho.roa
File:                     XDQYkplGvEwobT9wL6phiHMawho.roa (raw, json)
Hash identifier:          ZSIPJghoaAEei45qHKTMqiIYssAU0Ng0OfGpi0Go1S8=
Subject key identifier:   5C:34:18:92:99:46:BC:4C:28:6D:3F:70:2F:AA:61:88:73:1A:C2:1A
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       018CC348B75C27DCDB91BA77E75F80F17838
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/XDQYkplGvEwobT9wL6phiHMawho.roa
Signing time:             Mon 01 Jan 2024 04:29:31 +0000
ROA not before:           Mon 01 Jan 2024 04:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     18229
IP address blocks:        46.37.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 10:02:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b7:5c:27:dc:db:91:ba:77:e7:5f:80:f1:78:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  1 04:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c3418929946bc4c286d3f702faa6188731ac21a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:25:b1:41:77:8b:3c:3e:81:0b:53:96:e2:f9:
                    8f:8f:7a:07:c0:2b:2d:7f:c2:37:3b:c9:e2:ea:b1:
                    df:c7:50:28:ea:b7:71:4d:d6:b9:de:a6:fd:3e:0c:
                    66:98:f2:b2:ca:64:37:23:7c:58:95:97:47:59:d7:
                    a1:3a:83:cf:04:f7:51:7c:85:a1:da:7b:83:1f:52:
                    55:2e:96:84:a0:a0:b7:85:52:d1:97:e2:30:4c:c8:
                    2c:9a:74:09:65:2b:43:a9:d2:d9:d4:9f:03:31:7c:
                    e3:50:3b:62:29:c5:df:94:fc:89:53:49:e4:21:60:
                    f2:ab:e2:2e:02:5e:9d:48:8d:ef:ca:b8:30:eb:d6:
                    dd:c6:ad:dc:c1:a2:d7:f6:b7:05:77:97:d5:b9:7d:
                    7d:30:02:9c:cb:e5:16:dc:fc:bc:09:14:09:83:0c:
                    7b:87:c0:38:53:81:90:f2:0d:19:2a:1e:c8:2f:89:
                    88:8c:2a:44:cc:d0:ea:da:86:6d:be:52:c1:13:94:
                    0b:e4:7b:05:9d:3c:3a:4e:85:fc:94:3b:c2:e7:b7:
                    59:39:a6:93:e5:78:bf:ab:1b:7b:72:6b:f8:95:a3:
                    e6:41:24:66:a6:88:fa:7d:ef:c0:ef:2e:85:9d:47:
                    b2:f6:a2:59:e1:e8:76:57:4d:d7:f2:04:14:00:5b:
                    7d:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:34:18:92:99:46:BC:4C:28:6D:3F:70:2F:AA:61:88:73:1A:C2:1A
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/XDQYkplGvEwobT9wL6phiHMawho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:b2:b6:5b:50:9f:a5:de:79:35:49:10:83:20:b9:70:f7:7e:
         59:f1:ee:c5:26:78:cf:2b:e8:b7:e0:a3:22:a5:3e:ae:01:b8:
         87:30:83:38:1d:08:be:37:ed:be:02:56:7e:63:fa:8c:bf:37:
         4b:2e:75:96:5d:07:f3:e6:66:6c:4b:2c:41:d5:86:df:c7:18:
         5d:87:ef:d8:50:16:a1:b1:96:4d:b0:88:f5:58:c8:3f:98:b4:
         99:1e:90:5e:88:31:cb:3c:15:d0:b7:0b:0e:ce:65:a7:ec:ae:
         a1:9a:a3:91:b9:80:3e:fd:29:d5:cb:8c:49:5a:cc:d3:7b:c8:
         0b:8c:7b:70:7c:da:9e:7f:f6:75:71:89:f8:56:01:1c:7d:0d:
         91:89:36:54:0a:1c:50:45:d3:c5:cc:73:37:f7:92:04:7d:96:
         ee:86:94:82:b4:73:6e:19:c2:c5:64:d4:ff:f7:d7:29:2d:5f:
         ad:08:16:47:00:cb:73:ed:fe:2a:6b:d5:30:a1:a0:f8:a6:9c:
         97:86:87:9f:67:42:7e:1f:52:24:9f:9c:cd:74:13:6e:bf:e4:
         60:dd:b7:88:87:7e:6f:7f:fe:17:80:0a:e5:4c:df:32:ff:62:
         bd:2f:51:1a:22:8e:85:0f:6b:a2:64:32:72:b7:d6:3e:1a:9a:
         09:fc:e7:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSLdcJ9zbkbp351+A8Xg4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjQwMTAxMDQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzM0MTg5Mjk5NDZiYzRjMjg2ZDNmNzAyZmFhNjE4ODczMWFjMjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSWxQXeLPD6BC1OW4vmPj3oHwCst
f8I3O8ni6rHfx1Ao6rdxTda53qb9PgxmmPKyymQ3I3xYlZdHWdehOoPPBPdRfIWh
2nuDH1JVLpaEoKC3hVLRl+IwTMgsmnQJZStDqdLZ1J8DMXzjUDtiKcXflPyJU0nk
IWDyq+IuAl6dSI3vyrgw69bdxq3cwaLX9rcFd5fVuX19MAKcy+UW3Py8CRQJgwx7
h8A4U4GQ8g0ZKh7IL4mIjCpEzNDq2oZtvlLBE5QL5HsFnTw6ToX8lDvC57dZOaaT
5Xi/qxt7cmv4laPmQSRmpoj6fe/A7y6FnUey9qJZ4eh2V03X8gQUAFt9DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFw0GJKZRrxMKG0/cC+qYYhzGsIaMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvWERRWWtwbEd2RXdvYlQ5d0w2cGhpSE1hd2hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVhMA0G
CSqGSIb3DQEBCwUAA4IBAQAesrZbUJ+l3nk1SRCDILlw935Z8e7FJnjPK+i34KMi
pT6uAbiHMIM4HQi+N+2+AlZ+Y/qMvzdLLnWWXQfz5mZsSyxB1Ybfxxhdh+/YUBah
sZZNsIj1WMg/mLSZHpBeiDHLPBXQtwsOzmWn7K6hmqORuYA+/SnVy4xJWszTe8gL
jHtwfNqef/Z1cYn4VgEcfQ2RiTZUChxQRdPFzHM395IEfZbuhpSCtHNuGcLFZNT/
99cpLV+tCBZHAMtz7f4qa9UwoaD4ppyXhoefZ0J+H1Ikn5zNdBNuv+Rg3beIh35v
f/4XgArlTN8y/2K9L1EaIo6FD2uiZDJyt9Y+GpoJ/Of0
-----END CERTIFICATE-----