Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/niyH9m6CBuec-LJZ1KHxwzi8LI0.roa
File:                     niyH9m6CBuec-LJZ1KHxwzi8LI0.roa (raw, json)
Hash identifier:          tCPo/vUuXqwcxK96Xf0DCm85dw2JsrVLEQriKKn0f00=
Subject key identifier:   9E:2C:87:F6:6E:82:06:E7:9C:F8:B2:59:D4:A1:F1:C3:38:BC:2C:8D
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       01973FDED7038FA3373856B98EAE7E4A6CA6
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/niyH9m6CBuec-LJZ1KHxwzi8LI0.roa
Signing time:             Thu 05 Jun 2025 11:34:18 +0000
ROA not before:           Thu 05 Jun 2025 11:34:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214506
IP address blocks:        46.37.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 07:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3f:de:d7:03:8f:a3:37:38:56:b9:8e:ae:7e:4a:6c:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jun  5 11:34:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e2c87f66e8206e79cf8b259d4a1f1c338bc2c8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:55:2d:6d:73:00:c0:ba:9b:e5:52:85:b8:37:
                    23:d5:ef:4c:32:23:a4:5e:b0:5c:3a:5f:0a:4e:d9:
                    28:c9:ac:e2:03:47:66:34:bb:5d:c6:dd:55:c3:9a:
                    14:59:bc:79:cd:a8:5c:6e:13:5e:7b:65:03:5b:20:
                    37:fe:1a:90:dc:97:4e:8e:a6:4d:80:8f:d7:9c:4e:
                    3c:42:33:ac:c5:11:8d:27:a0:6e:f8:9a:4c:11:8b:
                    6d:73:24:31:1e:9d:ec:c6:61:16:d5:29:b5:14:6f:
                    b8:d0:cc:94:32:fc:88:fc:ba:67:81:cb:e9:78:6b:
                    a7:63:17:2a:8d:72:78:ca:95:ae:40:aa:5b:38:da:
                    a2:6b:8c:e9:e9:78:db:b7:47:1e:6a:5a:1c:97:66:
                    fe:bf:34:a6:2e:61:1a:4d:a4:23:0e:1a:f8:6e:4d:
                    b3:7a:7e:e7:36:20:d4:4b:f7:d6:38:1e:05:29:5b:
                    7c:4f:4e:85:bc:1e:db:d0:95:06:f1:79:d8:7e:6a:
                    28:2e:d6:93:7f:d5:a2:6c:51:a2:95:0a:b4:01:8d:
                    f7:68:ff:2c:04:60:a4:71:05:03:bd:0d:1c:9c:47:
                    b7:74:d8:d7:67:8c:57:29:e8:1a:18:24:52:ec:27:
                    af:d5:18:27:19:f3:f1:8b:21:94:26:76:1a:54:c2:
                    af:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:2C:87:F6:6E:82:06:E7:9C:F8:B2:59:D4:A1:F1:C3:38:BC:2C:8D
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/niyH9m6CBuec-LJZ1KHxwzi8LI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:9a:a3:23:69:a8:ca:12:9a:a9:47:b0:3b:48:f8:65:78:cc:
         86:aa:92:f4:86:37:d5:31:f9:db:0b:53:31:d6:49:70:ba:19:
         92:b0:ba:ab:77:5c:96:52:69:c5:0c:ad:55:60:a2:b6:4d:7f:
         0b:42:7b:e3:70:41:52:1c:ba:c2:e3:87:af:0c:55:9e:c8:4d:
         d7:0f:8b:cd:9b:99:8f:2e:0b:05:69:c0:da:09:30:c9:06:63:
         48:b9:0f:18:f0:9c:76:1c:18:17:dd:b8:fc:45:b5:72:77:ae:
         4c:58:41:18:11:82:e9:a7:29:db:7d:37:0f:e8:d3:fd:72:1d:
         86:99:d4:8a:ff:1e:be:c8:c3:91:27:f8:ae:33:b4:45:00:57:
         0f:8d:f7:8a:85:9f:3b:85:ff:bf:7a:a0:0d:38:7a:06:44:62:
         7a:3a:36:13:3c:80:c1:73:32:98:c9:de:5a:e6:66:52:91:0a:
         0f:81:a8:7b:cb:cf:7a:e9:b8:9f:86:60:19:aa:cf:d5:13:b5:
         ff:d5:8a:55:26:64:4e:c6:71:7c:ac:8e:f6:36:29:3e:98:92:
         de:b5:f4:26:63:95:99:1c:bf:0c:93:65:be:79:83:82:bd:7f:
         5d:c2:b9:16:20:a1:e3:15:85:ff:2d:39:64:fa:cf:04:11:04:
         e6:50:09:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc/3tcDj6M3OFa5jq5+SmymMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwNjA1MTEzNDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTJjODdmNjZlODIwNmU3OWNmOGIyNTlkNGExZjFjMzM4YmMyYzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1FUtbXMAwLqb5VKFuDcj1e9MMiOk
XrBcOl8KTtkoyaziA0dmNLtdxt1Vw5oUWbx5zahcbhNee2UDWyA3/hqQ3JdOjqZN
gI/XnE48QjOsxRGNJ6Bu+JpMEYttcyQxHp3sxmEW1Sm1FG+40MyUMvyI/Lpngcvp
eGunYxcqjXJ4ypWuQKpbONqia4zp6Xjbt0cealocl2b+vzSmLmEaTaQjDhr4bk2z
en7nNiDUS/fWOB4FKVt8T06FvB7b0JUG8XnYfmooLtaTf9WibFGilQq0AY33aP8s
BGCkcQUDvQ0cnEe3dNjXZ4xXKegaGCRS7Cev1RgnGfPxiyGUJnYaVMKvpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4sh/ZuggbnnPiyWdSh8cM4vCyNMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvbml5SDltNkNCdWVjLUxKWjFLSHh3emk4TEkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVoMA0G
CSqGSIb3DQEBCwUAA4IBAQBdmqMjaajKEpqpR7A7SPhleMyGqpL0hjfVMfnbC1Mx
1klwuhmSsLqrd1yWUmnFDK1VYKK2TX8LQnvjcEFSHLrC44evDFWeyE3XD4vNm5mP
LgsFacDaCTDJBmNIuQ8Y8Jx2HBgX3bj8RbVyd65MWEEYEYLppynbfTcP6NP9ch2G
mdSK/x6+yMORJ/iuM7RFAFcPjfeKhZ87hf+/eqANOHoGRGJ6OjYTPIDBczKYyd5a
5mZSkQoPgah7y8966bifhmAZqs/VE7X/1YpVJmROxnF8rI72Nik+mJLetfQmY5WZ
HL8Mk2W+eYOCvX9dwrkWIKHjFYX/LTlk+s8EEQTmUAlh
-----END CERTIFICATE-----