Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/lS_7IMF-p_OtU3DTUIjtws51RJg.roa
File:                     lS_7IMF-p_OtU3DTUIjtws51RJg.roa (raw, json)
Hash identifier:          rexSeLCdQgG/bo4ZfFHDlDDCRhszOmEu8h+czqWrXA8=
Subject key identifier:   95:2F:FB:20:C1:7E:A7:F3:AD:53:70:D3:50:88:ED:C2:CE:75:44:98
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       018CC348BF521850CDEFCD0FAFF433E7EE38
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/lS_7IMF-p_OtU3DTUIjtws51RJg.roa
Signing time:             Mon 01 Jan 2024 04:29:33 +0000
ROA not before:           Mon 01 Jan 2024 04:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212384
IP address blocks:        46.37.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 04:03:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:bf:52:18:50:cd:ef:cd:0f:af:f4:33:e7:ee:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  1 04:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=952ffb20c17ea7f3ad5370d35088edc2ce754498
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:20:11:f2:b7:c9:1d:a1:ba:f6:73:a1:11:b9:
                    d7:08:ac:c1:9b:5e:c1:15:7f:f2:f5:aa:28:2c:42:
                    b2:77:3d:5f:b6:94:5d:95:f4:ab:d6:2e:e7:1a:a3:
                    1d:d4:dd:45:e3:71:e0:c0:f2:1e:1e:e1:5a:45:53:
                    9d:76:7f:f0:84:56:4b:17:9d:83:8b:e6:3a:ef:92:
                    3d:7f:18:fe:f8:0b:0c:43:d2:52:aa:a2:d1:65:b5:
                    6e:57:24:9a:7e:84:14:af:a1:52:81:ae:d9:01:dc:
                    94:e7:43:06:93:0b:1e:2e:36:e0:46:cc:5c:1c:7b:
                    7f:1a:ee:61:53:63:fe:41:50:33:66:a9:c0:f6:c2:
                    19:31:13:32:81:07:9a:a9:d3:51:df:3e:a3:6a:1a:
                    8b:a7:1c:0f:ca:23:b2:19:35:e5:24:d5:58:41:7c:
                    91:38:4d:af:34:ed:90:8e:8e:3f:19:00:e6:fe:f8:
                    02:92:3f:5d:55:45:2f:48:b0:74:28:b8:a0:59:b8:
                    14:29:d6:82:82:34:b1:7c:0b:86:91:ef:47:0b:b1:
                    79:fa:ed:23:48:e3:e9:b2:42:9b:52:f1:44:7e:82:
                    ef:08:ef:da:f1:5d:b4:31:c0:87:83:24:e2:35:3b:
                    d4:45:c6:1f:df:47:dc:6a:68:c8:11:d1:9f:21:26:
                    00:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:2F:FB:20:C1:7E:A7:F3:AD:53:70:D3:50:88:ED:C2:CE:75:44:98
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/lS_7IMF-p_OtU3DTUIjtws51RJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:6c:f2:41:bb:da:9a:98:b3:42:bd:90:d6:4c:eb:4e:42:f3:
         c9:5d:8c:d5:68:54:f0:01:28:af:ed:33:97:72:e0:dc:a8:1d:
         7b:4c:8f:b8:11:b4:f8:4a:fe:c1:4a:5c:2d:1f:c7:7b:9a:78:
         bf:35:de:14:6e:80:93:3b:ec:d3:76:06:72:40:b7:3d:65:42:
         d1:90:09:59:d6:cd:c7:c7:bb:e6:9f:54:16:6e:a4:41:b0:74:
         77:0f:ee:c4:87:c9:8b:fd:e5:1b:ae:9a:d5:d3:67:7e:3d:2a:
         c6:ea:dd:86:53:ce:7c:83:c3:5f:d9:f1:3e:4d:8f:d9:92:99:
         d9:7d:e8:d6:29:6d:35:2f:07:84:71:43:b5:c3:9e:2a:19:d5:
         ed:b9:43:c8:16:a1:0e:4d:da:45:e9:f3:b8:bc:2e:b5:01:e3:
         25:87:3b:b4:6a:ab:4e:b4:68:cd:e8:b7:53:00:29:3a:91:50:
         85:95:02:9f:1c:7a:17:ce:06:17:e3:9c:33:6b:a8:e9:8f:96:
         06:19:dd:ab:0f:7f:4a:af:08:28:de:7c:d2:3b:c0:5c:b7:11:
         3b:87:8f:ce:cf:2c:7e:e9:f2:bd:ff:c2:b3:d3:ff:43:a4:b0:
         c8:23:fb:cb:27:74:ca:0d:3d:c5:37:68:68:6a:b6:35:fe:04:
         22:b4:ce:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSL9SGFDN780Pr/Qz5+44MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjQwMTAxMDQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTJmZmIyMGMxN2VhN2YzYWQ1MzcwZDM1MDg4ZWRjMmNlNzU0NDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyAR8rfJHaG69nOhEbnXCKzBm17B
FX/y9aooLEKydz1ftpRdlfSr1i7nGqMd1N1F43HgwPIeHuFaRVOddn/whFZLF52D
i+Y675I9fxj++AsMQ9JSqqLRZbVuVySafoQUr6FSga7ZAdyU50MGkwseLjbgRsxc
HHt/Gu5hU2P+QVAzZqnA9sIZMRMygQeaqdNR3z6jahqLpxwPyiOyGTXlJNVYQXyR
OE2vNO2Qjo4/GQDm/vgCkj9dVUUvSLB0KLigWbgUKdaCgjSxfAuGke9HC7F5+u0j
SOPpskKbUvFEfoLvCO/a8V20McCHgyTiNTvURcYf30fcamjIEdGfISYAkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJUv+yDBfqfzrVNw01CI7cLOdUSYMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvbFNfN0lNRi1wX090VTNEVFVJanR3czUxUkpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVnMA0G
CSqGSIb3DQEBCwUAA4IBAQAnbPJBu9qamLNCvZDWTOtOQvPJXYzVaFTwASiv7TOX
cuDcqB17TI+4EbT4Sv7BSlwtH8d7mni/Nd4UboCTO+zTdgZyQLc9ZULRkAlZ1s3H
x7vmn1QWbqRBsHR3D+7Eh8mL/eUbrprV02d+PSrG6t2GU858g8Nf2fE+TY/ZkpnZ
fejWKW01LweEcUO1w54qGdXtuUPIFqEOTdpF6fO4vC61AeMlhzu0aqtOtGjN6LdT
ACk6kVCFlQKfHHoXzgYX45wza6jpj5YGGd2rD39Krwgo3nzSO8BctxE7h4/Ozyx+
6fK9/8Kz0/9DpLDII/vLJ3TKDT3FN2hoarY1/gQitM4H
-----END CERTIFICATE-----