Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/k_sLAon_QYyYoj6_EaRBBIDujYU.roa
File:                     k_sLAon_QYyYoj6_EaRBBIDujYU.roa (raw, json)
Hash identifier:          HoHym3yuH1YLAqw9Pl8rMG+KrpLJP08AatrxeboOI60=
Subject key identifier:   93:FB:0B:02:89:FF:41:8C:98:A2:3E:BF:11:A4:41:04:80:EE:8D:85
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       018CC348B4F37B49721566562F5C036D11CD
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/k_sLAon_QYyYoj6_EaRBBIDujYU.roa
Signing time:             Mon 01 Jan 2024 04:29:31 +0000
ROA not before:           Mon 01 Jan 2024 04:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        46.37.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 04:03:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b4:f3:7b:49:72:15:66:56:2f:5c:03:6d:11:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  1 04:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93fb0b0289ff418c98a23ebf11a4410480ee8d85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:8b:50:76:63:ee:80:33:22:89:c6:0b:06:dd:
                    f1:5b:e8:21:8c:bd:81:ee:13:ae:5f:16:e9:3d:07:
                    f0:fc:cf:6f:2c:4a:c4:73:a9:6a:8c:56:a9:29:62:
                    7f:e3:62:d7:6e:e8:ac:6c:72:53:2b:56:fe:07:af:
                    ce:02:4a:83:df:6f:de:c4:22:80:a6:6b:6a:73:a6:
                    32:3b:c6:2b:98:15:30:1f:67:ce:86:e4:04:99:91:
                    68:bc:60:8e:c5:1e:39:6e:07:ec:24:13:89:59:c5:
                    51:46:d3:81:bd:60:9d:fa:1c:b4:f2:41:18:3f:ea:
                    df:e8:83:e7:bc:75:3a:99:07:fd:ab:2f:eb:f6:d7:
                    2c:8f:4f:61:8c:9c:c8:a2:68:e2:c6:59:5e:c1:bf:
                    c0:0e:87:36:4f:7f:34:36:68:0c:bb:00:37:d1:92:
                    15:ee:e6:fb:2d:e8:f7:1c:42:bb:9d:27:00:b9:aa:
                    07:8d:41:c8:0f:0a:e3:47:24:6c:69:bd:8a:93:d0:
                    f8:98:de:6a:8c:87:2a:15:6f:ad:01:21:36:12:3c:
                    54:f6:db:89:6c:fe:db:87:63:91:7c:ba:72:25:3c:
                    22:d2:05:2f:a3:63:b9:f4:40:c2:65:3a:db:86:2b:
                    3f:84:38:ac:74:5c:20:48:53:43:7f:d9:a4:7e:79:
                    ae:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:FB:0B:02:89:FF:41:8C:98:A2:3E:BF:11:A4:41:04:80:EE:8D:85
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/k_sLAon_QYyYoj6_EaRBBIDujYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:c2:76:0d:a3:f3:53:51:27:94:5f:ab:27:3b:87:72:df:0b:
         f9:dd:9d:48:b3:9f:11:8b:a3:8c:e5:bc:91:30:6c:31:01:f9:
         f9:9b:b8:3f:49:4b:8f:51:7f:60:d0:a2:f3:03:2c:88:3d:bd:
         8e:0a:f5:1f:e3:0a:f9:70:3a:ab:2e:45:c1:d6:9c:71:67:e2:
         e2:2d:10:8b:a1:e4:09:90:15:55:12:fc:e6:c4:c3:6a:6e:7e:
         90:3a:f1:bc:53:4b:cd:3f:01:43:73:b1:37:55:ee:29:41:36:
         04:03:f7:67:f2:42:50:72:75:93:35:5c:65:02:26:a6:11:37:
         54:cf:65:c1:9b:89:75:92:f5:98:e9:9c:ec:eb:35:8f:ac:1f:
         1a:90:d4:d4:dd:58:49:4a:fd:30:05:ee:08:df:7b:20:d2:f1:
         1b:53:64:43:cf:1f:86:a9:d7:92:ac:73:84:0e:f0:7f:b0:b4:
         69:7d:40:6d:90:1d:5e:76:6f:4b:33:b0:c2:88:ab:1c:55:fb:
         c4:01:5b:88:52:09:f1:07:57:2f:f6:7b:ae:3f:51:de:30:d5:
         91:c4:81:4a:f3:9f:e8:7b:7d:2e:6d:25:44:e2:b8:a1:dd:a8:
         51:bf:21:d2:23:f2:e1:4c:75:d5:05:cb:98:a7:3c:bb:e8:5f:
         fb:e6:74:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSLTze0lyFWZWL1wDbRHNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjQwMTAxMDQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2ZiMGIwMjg5ZmY0MThjOThhMjNlYmYxMWE0NDEwNDgwZWU4ZDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmotQdmPugDMiicYLBt3xW+ghjL2B
7hOuXxbpPQfw/M9vLErEc6lqjFapKWJ/42LXbuisbHJTK1b+B6/OAkqD32/exCKA
pmtqc6YyO8YrmBUwH2fOhuQEmZFovGCOxR45bgfsJBOJWcVRRtOBvWCd+hy08kEY
P+rf6IPnvHU6mQf9qy/r9tcsj09hjJzIomjixllewb/ADoc2T380NmgMuwA30ZIV
7ub7Lej3HEK7nScAuaoHjUHIDwrjRyRsab2Kk9D4mN5qjIcqFW+tASE2EjxU9tuJ
bP7bh2ORfLpyJTwi0gUvo2O59EDCZTrbhis/hDisdFwgSFNDf9mkfnmuawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJP7CwKJ/0GMmKI+vxGkQQSA7o2FMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEva19zTEFvbl9RWXlZb2o2X0VhUkJCSUR1allVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVpMA0G
CSqGSIb3DQEBCwUAA4IBAQCnwnYNo/NTUSeUX6snO4dy3wv53Z1Is58Ri6OM5byR
MGwxAfn5m7g/SUuPUX9g0KLzAyyIPb2OCvUf4wr5cDqrLkXB1pxxZ+LiLRCLoeQJ
kBVVEvzmxMNqbn6QOvG8U0vNPwFDc7E3Ve4pQTYEA/dn8kJQcnWTNVxlAiamETdU
z2XBm4l1kvWY6Zzs6zWPrB8akNTU3VhJSv0wBe4I33sg0vEbU2RDzx+GqdeSrHOE
DvB/sLRpfUBtkB1edm9LM7DCiKscVfvEAVuIUgnxB1cv9nuuP1HeMNWRxIFK85/o
e30ubSVE4rih3ahRvyHSI/LhTHXVBcuYpzy76F/75nRx
-----END CERTIFICATE-----