Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/gsr-g8Tt1IU9iQG0YBOQnq-D-Sc.roa
File:                     gsr-g8Tt1IU9iQG0YBOQnq-D-Sc.roa (raw, json)
Hash identifier:          S1i16IvCMbfXU0FJMGWtt5fyZxqDv2z6a7GPuONUXd8=
Subject key identifier:   82:CA:FE:83:C4:ED:D4:85:3D:89:01:B4:60:13:90:9E:AF:83:F9:27
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       018CC348BE1B9658F549737A4D2D1F4CDCE1
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/gsr-g8Tt1IU9iQG0YBOQnq-D-Sc.roa
Signing time:             Mon 01 Jan 2024 04:29:33 +0000
ROA not before:           Mon 01 Jan 2024 04:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206275
IP address blocks:        46.37.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 12:48:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:be:1b:96:58:f5:49:73:7a:4d:2d:1f:4c:dc:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  1 04:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82cafe83c4edd4853d8901b46013909eaf83f927
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:bc:4d:94:82:28:d1:62:79:6b:6e:97:a9:90:
                    79:5e:75:b8:8f:91:e5:4b:3a:64:be:eb:c5:c0:15:
                    21:ab:db:8c:05:26:ef:5a:4e:28:a7:73:a3:bc:2d:
                    0d:da:d6:39:cd:3a:06:b0:6e:fc:a5:be:38:ed:37:
                    6e:a8:b4:80:13:85:50:73:2f:e8:76:7a:a3:ce:21:
                    2b:e5:af:0f:d3:ae:ea:15:85:ee:7d:cd:7e:a0:cc:
                    1d:af:4b:08:cf:01:16:24:3f:93:77:17:8e:e3:dc:
                    12:ca:44:e5:e5:2f:2d:c8:88:a8:5a:6d:58:34:9a:
                    35:67:06:97:86:97:1c:10:17:ee:7d:d8:19:ce:4c:
                    96:3c:54:c3:ca:35:07:bf:e9:e9:d3:9a:5e:4f:49:
                    c8:2c:63:9c:a3:84:16:09:25:8c:80:c4:4c:43:ce:
                    e6:42:db:d7:42:1f:cc:ca:0f:e9:1f:0a:6a:88:4e:
                    08:58:28:e6:da:6f:2b:f4:82:a3:90:3e:0b:c1:d2:
                    72:b8:78:ad:66:d1:f7:9a:f0:19:29:f1:50:65:e0:
                    b3:30:66:32:e9:4a:47:98:18:52:9e:45:34:6e:2b:
                    87:0d:ea:af:e9:3b:ea:fa:63:93:b1:0e:12:4b:99:
                    61:94:e6:ef:2c:f5:77:36:ce:34:ee:2d:b0:a2:b9:
                    f6:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:CA:FE:83:C4:ED:D4:85:3D:89:01:B4:60:13:90:9E:AF:83:F9:27
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/gsr-g8Tt1IU9iQG0YBOQnq-D-Sc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:02:8b:ca:e6:4a:7c:f5:36:ab:41:0f:49:25:94:72:56:86:
         b9:46:fe:64:32:58:4d:8d:b7:eb:47:b7:84:00:25:e4:cc:16:
         98:f7:8a:f7:f3:8c:0b:85:7a:ab:ae:8b:df:07:fd:b0:d3:75:
         4a:2b:cd:60:52:2f:f5:d3:74:72:29:71:b1:d6:37:a3:07:4d:
         81:d1:1b:eb:5f:a8:76:9f:57:89:71:25:32:40:19:cd:f8:2d:
         c5:93:19:83:80:4d:e6:59:b2:0a:01:c5:8c:10:ff:cf:e4:b2:
         dc:28:18:10:32:94:f7:77:af:2f:1b:f4:bc:84:65:c0:82:89:
         12:7a:f2:7e:be:1a:7a:89:42:3a:79:91:87:a3:e9:93:27:32:
         93:6c:43:80:c4:a3:91:8c:a8:d0:a9:c9:39:26:3f:9b:fc:89:
         9a:42:06:c9:db:be:33:8e:8f:fa:4c:89:db:0c:64:75:fa:72:
         3e:16:7b:18:b7:7a:3a:7e:65:41:77:ca:b0:c2:76:49:31:30:
         f5:63:ae:f7:3e:be:98:a6:2f:e0:d3:72:3a:29:1c:cf:41:69:
         79:db:9f:b2:8a:4d:e1:64:83:23:4b:57:d3:51:3f:4e:89:d1:
         b2:ff:84:22:c3:01:e4:cf:0e:e8:29:fb:ce:b9:1d:06:23:6a:
         73:dc:fb:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSL4bllj1SXN6TS0fTNzhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjQwMTAxMDQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmNhZmU4M2M0ZWRkNDg1M2Q4OTAxYjQ2MDEzOTA5ZWFmODNmOTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7xNlIIo0WJ5a26XqZB5XnW4j5Hl
SzpkvuvFwBUhq9uMBSbvWk4op3OjvC0N2tY5zToGsG78pb447TduqLSAE4VQcy/o
dnqjziEr5a8P067qFYXufc1+oMwdr0sIzwEWJD+TdxeO49wSykTl5S8tyIioWm1Y
NJo1ZwaXhpccEBfufdgZzkyWPFTDyjUHv+np05peT0nILGOco4QWCSWMgMRMQ87m
QtvXQh/Myg/pHwpqiE4IWCjm2m8r9IKjkD4LwdJyuHitZtH3mvAZKfFQZeCzMGYy
6UpHmBhSnkU0biuHDeqv6Tvq+mOTsQ4SS5lhlObvLPV3Ns407i2worn2KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILK/oPE7dSFPYkBtGATkJ6vg/knMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvZ3NyLWc4VHQxSVU5aVFHMFlCT1FucS1ELVNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVxMA0G
CSqGSIb3DQEBCwUAA4IBAQAWAovK5kp89TarQQ9JJZRyVoa5Rv5kMlhNjbfrR7eE
ACXkzBaY94r384wLhXqrrovfB/2w03VKK81gUi/103RyKXGx1jejB02B0RvrX6h2
n1eJcSUyQBnN+C3FkxmDgE3mWbIKAcWMEP/P5LLcKBgQMpT3d68vG/S8hGXAgokS
evJ+vhp6iUI6eZGHo+mTJzKTbEOAxKORjKjQqck5Jj+b/ImaQgbJ274zjo/6TInb
DGR1+nI+FnsYt3o6fmVBd8qwwnZJMTD1Y673Pr6Ypi/g03I6KRzPQWl525+yik3h
ZIMjS1fTUT9OidGy/4QiwwHkzw7oKfvOuR0GI2pz3Pt7
-----END CERTIFICATE-----