Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/jRPfLG6RyZ7SZSXO_mU9NKiCcw4.roa
File:                     jRPfLG6RyZ7SZSXO_mU9NKiCcw4.roa (raw, json)
Hash identifier:          wJ1Kb8DcLkiF8lcwDzcj7MAfl2lJGCFUBETZdyBX7GA=
Subject key identifier:   8D:13:DF:2C:6E:91:C9:9E:D2:65:25:CE:FE:65:3D:34:A8:82:73:0E
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       019426D85D94C1E478B27DF58086186916AC
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/jRPfLG6RyZ7SZSXO_mU9NKiCcw4.roa
Signing time:             Thu 02 Jan 2025 11:48:21 +0000
ROA not before:           Thu 02 Jan 2025 11:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399641
IP address blocks:        46.37.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:5d:94:c1:e4:78:b2:7d:f5:80:86:18:69:16:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  2 11:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d13df2c6e91c99ed26525cefe653d34a882730e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:33:8a:b4:18:bd:ce:e6:5d:4e:19:0c:0c:94:
                    14:d0:17:b9:8f:0a:77:2e:3e:a0:19:98:87:20:d9:
                    8c:c3:7f:15:c0:91:ea:7a:e4:b5:b9:87:1a:34:19:
                    0e:d1:a3:6b:bf:39:40:a7:ae:fd:61:5f:95:92:53:
                    dc:78:64:63:09:27:f7:34:8a:06:1d:89:32:dd:10:
                    6f:f7:b1:b4:6f:d3:6b:07:ec:0b:59:01:15:24:94:
                    2f:b9:79:9a:68:8e:28:51:2e:69:ba:1f:06:dc:e9:
                    b5:a6:fe:36:c0:f8:4b:c7:04:8f:27:22:3c:b8:4f:
                    7b:6e:12:ef:c2:f7:1d:f0:9b:83:eb:99:48:27:06:
                    3d:65:05:e3:66:d4:ce:f0:e9:88:5b:f3:05:57:27:
                    5a:03:a7:6d:9e:62:ad:f7:0c:0e:0b:1f:8e:f1:e6:
                    80:5f:48:6d:6d:71:0e:e9:f3:87:e8:a9:24:82:a0:
                    68:9f:04:f1:0a:26:bd:12:6f:2a:60:d9:53:4a:13:
                    ef:bf:3d:d3:be:2e:a0:26:13:da:ae:15:57:67:fe:
                    22:15:4e:ad:0b:81:35:75:e1:dc:84:2a:45:26:06:
                    cc:8d:a5:ef:95:e9:7a:70:c4:99:96:d0:d4:48:46:
                    3c:33:11:fa:48:1f:fe:4a:7f:17:9b:7c:87:69:f2:
                    25:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:13:DF:2C:6E:91:C9:9E:D2:65:25:CE:FE:65:3D:34:A8:82:73:0E
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/jRPfLG6RyZ7SZSXO_mU9NKiCcw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:82:5f:44:fa:4e:58:2e:1a:3a:2c:14:ea:f2:f5:7d:da:15:
         27:f0:a7:f8:13:58:a0:c1:59:5e:5e:b4:2e:d0:d5:dd:78:e6:
         9d:9a:35:c2:1c:bf:9e:b8:ab:8c:08:56:d6:6f:b7:91:59:f4:
         8c:08:4b:97:44:63:4b:15:e2:d8:bd:9c:7d:9f:83:c7:0c:93:
         5b:c4:4b:0f:f8:ec:d0:ec:1d:38:9f:2f:b0:3e:bb:71:51:6f:
         d5:9c:99:ad:2f:99:c5:3d:36:e2:0b:0d:26:66:f9:15:53:26:
         55:93:89:cf:1d:27:9f:6c:68:24:4f:9f:c9:2a:1d:c5:28:ae:
         d9:84:2b:da:f7:c1:de:42:41:92:67:14:5e:08:a0:0c:26:0a:
         0d:b7:a0:49:84:82:dd:d1:b5:c0:29:2c:e3:28:79:9b:a1:ed:
         2a:c7:53:32:de:75:5c:72:ad:a6:55:2b:ea:da:44:fa:7f:85:
         07:ea:a3:19:c8:b7:fa:72:b4:24:2c:9e:f1:07:d0:db:b4:56:
         09:2c:9f:bf:be:a5:cf:54:a1:da:36:6e:1f:c9:3e:a3:7f:5e:
         68:63:e2:87:6a:cf:2c:2f:f2:9e:23:9a:4b:42:f3:d9:03:14:
         88:39:ea:4f:06:88:a5:fb:e8:be:ae:c2:40:45:b8:e9:de:92:
         ce:61:ea:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2F2UweR4sn31gIYYaRasMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwMTAyMTE0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDEzZGYyYzZlOTFjOTllZDI2NTI1Y2VmZTY1M2QzNGE4ODI3MzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTOKtBi9zuZdThkMDJQU0Be5jwp3
Lj6gGZiHINmMw38VwJHqeuS1uYcaNBkO0aNrvzlAp679YV+VklPceGRjCSf3NIoG
HYky3RBv97G0b9NrB+wLWQEVJJQvuXmaaI4oUS5puh8G3Om1pv42wPhLxwSPJyI8
uE97bhLvwvcd8JuD65lIJwY9ZQXjZtTO8OmIW/MFVydaA6dtnmKt9wwOCx+O8eaA
X0htbXEO6fOH6KkkgqBonwTxCia9Em8qYNlTShPvvz3Tvi6gJhParhVXZ/4iFU6t
C4E1deHchCpFJgbMjaXvlel6cMSZltDUSEY8MxH6SB/+Sn8Xm3yHafIllQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI0T3yxukcme0mUlzv5lPTSognMOMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvalJQZkxHNlJ5WjdTWlNYT19tVTlOS2lDY3c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVmMA0G
CSqGSIb3DQEBCwUAA4IBAQA+gl9E+k5YLho6LBTq8vV92hUn8Kf4E1igwVleXrQu
0NXdeOadmjXCHL+euKuMCFbWb7eRWfSMCEuXRGNLFeLYvZx9n4PHDJNbxEsP+OzQ
7B04ny+wPrtxUW/VnJmtL5nFPTbiCw0mZvkVUyZVk4nPHSefbGgkT5/JKh3FKK7Z
hCva98HeQkGSZxReCKAMJgoNt6BJhILd0bXAKSzjKHmboe0qx1My3nVccq2mVSvq
2kT6f4UH6qMZyLf6crQkLJ7xB9DbtFYJLJ+/vqXPVKHaNm4fyT6jf15oY+KHas8s
L/KeI5pLQvPZAxSIOepPBoil++i+rsJARbjp3pLOYeq3
-----END CERTIFICATE-----