Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/h5I2QrKP1Cyc8pihXm8C_2OfIWo.roa
File:                     h5I2QrKP1Cyc8pihXm8C_2OfIWo.roa (raw, json)
Hash identifier:          vfRlgWm7051wbahpydRtV1aRTWqhEtXphul+L25YupI=
Subject key identifier:   87:92:36:42:B2:8F:D4:2C:9C:F2:98:A1:5E:6F:02:FF:63:9F:21:6A
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       019426D85B4FE7934CA4C8BD929E19CA2D87
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/h5I2QrKP1Cyc8pihXm8C_2OfIWo.roa
Signing time:             Thu 02 Jan 2025 11:48:20 +0000
ROA not before:           Thu 02 Jan 2025 11:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215027
IP address blocks:        46.37.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:5b:4f:e7:93:4c:a4:c8:bd:92:9e:19:ca:2d:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  2 11:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87923642b28fd42c9cf298a15e6f02ff639f216a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e3:af:a4:8c:eb:f4:2f:84:f2:f2:75:9f:01:
                    4f:b3:78:9e:8e:e7:8e:7e:4b:99:c3:a3:2b:ec:b8:
                    f4:8e:5e:e1:0e:02:a2:6e:b2:c9:e6:7a:56:c8:40:
                    13:50:5d:4d:bd:67:b4:6b:d5:da:fa:90:64:40:00:
                    bb:dc:21:ac:1b:b4:41:27:86:70:d8:9e:42:2c:16:
                    fc:7e:70:fa:d2:ce:52:b7:98:e7:f7:55:59:de:9f:
                    65:bd:cc:d2:0f:bd:94:87:ec:56:5f:4c:ad:c3:6c:
                    13:b3:90:48:a7:b5:0e:4f:a2:4e:44:6e:43:63:d7:
                    fe:32:0d:ca:3c:5c:f2:0a:3b:d0:ea:39:a4:9e:4c:
                    7a:d3:95:65:6c:b9:85:79:00:5f:c6:a8:27:a8:ee:
                    29:e7:df:c6:10:00:ce:50:f5:93:53:09:5b:3a:49:
                    57:2e:5d:43:bb:47:46:86:26:86:c2:2e:69:b3:1d:
                    5e:6c:d4:bc:f6:06:bf:d9:88:b1:a1:35:fc:7e:de:
                    58:80:23:bc:8e:af:a3:bb:68:46:28:65:97:58:91:
                    0f:54:95:d7:b6:a8:ca:b7:da:66:87:a1:8a:67:60:
                    7f:df:df:17:66:a2:0e:77:34:a9:53:1a:13:a2:40:
                    90:6f:76:b5:09:2d:d5:92:78:eb:2b:e6:a5:04:57:
                    73:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:92:36:42:B2:8F:D4:2C:9C:F2:98:A1:5E:6F:02:FF:63:9F:21:6A
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/h5I2QrKP1Cyc8pihXm8C_2OfIWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:20:e2:23:3e:01:cf:48:43:63:b9:7b:92:f8:fc:53:76:e6:
         06:a6:4a:3a:09:54:3f:8b:ca:ed:17:ad:56:51:bd:72:2c:06:
         75:4c:59:ab:0d:cd:29:c0:f5:6d:96:97:27:7e:b7:7d:72:86:
         15:88:28:b5:f2:67:f1:6a:82:67:f3:a3:65:e1:ec:98:f2:54:
         8c:b3:2f:7c:c3:b6:c5:24:85:b5:21:cc:55:e1:77:bb:9d:4d:
         c7:69:26:b7:c0:c4:76:96:48:4d:2c:91:a8:0b:f6:e1:a1:f9:
         f8:29:60:9d:dd:0e:40:91:0c:2d:ab:4f:1e:06:61:3a:5d:a0:
         44:8d:d3:fb:f7:ed:fb:bb:dd:5d:0b:a7:01:40:01:0b:74:c1:
         e3:8c:00:4b:35:c4:da:5a:c3:23:5c:84:96:4c:1a:c5:d1:6d:
         6c:31:66:73:a0:b4:7a:ed:b5:f1:1e:ea:2d:1a:ae:d3:98:5e:
         d4:bd:88:48:b2:3c:d5:e1:b2:da:ac:f0:a2:da:a6:9a:b2:2b:
         d3:fd:49:92:d8:31:0c:81:4a:c6:ff:be:b0:95:6f:74:01:46:
         1a:67:10:51:fa:89:18:77:61:a1:f8:b0:98:f1:be:fc:05:7e:
         47:f0:9c:fc:c8:e2:9c:e1:ae:4e:6a:95:9f:79:bf:1a:97:f0:
         4c:ad:6b:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2FtP55NMpMi9kp4Zyi2HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwMTAyMTE0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzkyMzY0MmIyOGZkNDJjOWNmMjk4YTE1ZTZmMDJmZjYzOWYyMTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuOvpIzr9C+E8vJ1nwFPs3iejueO
fkuZw6Mr7Lj0jl7hDgKibrLJ5npWyEATUF1NvWe0a9Xa+pBkQAC73CGsG7RBJ4Zw
2J5CLBb8fnD60s5St5jn91VZ3p9lvczSD72Uh+xWX0ytw2wTs5BIp7UOT6JORG5D
Y9f+Mg3KPFzyCjvQ6jmknkx605VlbLmFeQBfxqgnqO4p59/GEADOUPWTUwlbOklX
Ll1Du0dGhiaGwi5psx1ebNS89ga/2YixoTX8ft5YgCO8jq+ju2hGKGWXWJEPVJXX
tqjKt9pmh6GKZ2B/398XZqIOdzSpUxoTokCQb3a1CS3VknjrK+alBFdz+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIeSNkKyj9QsnPKYoV5vAv9jnyFqMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvaDVJMlFyS1AxQ3ljOHBpaFhtOENfMk9mSVdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVzMA0G
CSqGSIb3DQEBCwUAA4IBAQCHIOIjPgHPSENjuXuS+PxTduYGpko6CVQ/i8rtF61W
Ub1yLAZ1TFmrDc0pwPVtlpcnfrd9coYViCi18mfxaoJn86Nl4eyY8lSMsy98w7bF
JIW1IcxV4Xe7nU3HaSa3wMR2lkhNLJGoC/bhofn4KWCd3Q5AkQwtq08eBmE6XaBE
jdP79+37u91dC6cBQAELdMHjjABLNcTaWsMjXISWTBrF0W1sMWZzoLR67bXxHuot
Gq7TmF7UvYhIsjzV4bLarPCi2qaasivT/UmS2DEMgUrG/76wlW90AUYaZxBR+okY
d2Gh+LCY8b78BX5H8Jz8yOKc4a5OapWfeb8al/BMrWv/
-----END CERTIFICATE-----