Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/ptCX-_1nc89pNjfGQ5x6IbDKZVA.roa
File:                     ptCX-_1nc89pNjfGQ5x6IbDKZVA.roa (raw, json)
Hash identifier:          g1rGRlkVp9beVUJJwTM6hTC16xmemNH4K4Mbj6oXKgE=
Subject key identifier:   A6:D0:97:FB:FD:67:73:CF:69:36:37:C6:43:9C:7A:21:B0:CA:65:50
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       019426D85234BAEA9AFBDACB987A521A8A91
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/ptCX-_1nc89pNjfGQ5x6IbDKZVA.roa
Signing time:             Thu 02 Jan 2025 11:48:18 +0000
ROA not before:           Thu 02 Jan 2025 11:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43260
IP address blocks:        46.37.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 09:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:52:34:ba:ea:9a:fb:da:cb:98:7a:52:1a:8a:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  2 11:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6d097fbfd6773cf693637c6439c7a21b0ca6550
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:be:e9:8c:92:62:d4:c7:5f:25:c3:06:bc:23:
                    4c:8b:d6:10:4b:0a:11:06:3a:28:40:21:85:55:c4:
                    88:b3:67:a4:4e:ed:5f:af:30:11:8c:14:65:92:de:
                    4c:ee:31:5a:88:0a:62:bb:07:e3:cd:1d:cd:c3:4b:
                    a7:39:74:84:1e:56:3e:2a:ed:77:37:8f:e7:2d:ea:
                    ea:b2:65:ea:28:44:9a:ce:52:65:7a:a8:cf:07:0b:
                    80:b0:d1:b5:96:df:16:e0:c6:7b:19:b4:ba:5d:1a:
                    23:c1:62:a2:1e:d8:12:04:a6:9a:a2:e8:7d:eb:80:
                    8e:b2:53:df:44:73:a9:84:4d:62:22:79:b9:25:1c:
                    c0:75:0c:fd:13:ef:57:d5:cc:77:63:84:34:95:6d:
                    16:7f:65:fd:6c:2f:01:3a:54:02:be:6a:4f:84:48:
                    13:7b:f5:ed:b3:8d:b3:4a:9f:89:46:5f:fb:10:08:
                    6d:c8:84:70:b5:ef:4f:f3:06:a3:ca:33:77:a7:1e:
                    b1:cf:7b:62:11:e6:e7:32:62:1f:97:36:0f:c7:d8:
                    d1:c8:5b:68:ac:9c:78:35:6b:0d:07:6c:12:91:72:
                    66:38:1f:48:84:f5:27:30:7d:29:f3:1b:f2:0a:1f:
                    9c:1e:94:7e:72:33:2b:64:17:54:60:a1:07:49:e7:
                    43:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:D0:97:FB:FD:67:73:CF:69:36:37:C6:43:9C:7A:21:B0:CA:65:50
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/ptCX-_1nc89pNjfGQ5x6IbDKZVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:e3:d4:54:45:92:0f:42:f5:30:e0:f6:bd:b8:30:a2:04:dc:
         94:f0:7a:e1:c6:95:51:ff:b0:85:5d:cc:4a:3d:bf:e2:5d:03:
         7c:60:18:ba:2c:8c:9a:71:c7:8a:3b:b8:8a:19:f7:1d:d2:b8:
         f5:2b:69:f2:01:3f:51:39:bf:5b:f0:2d:31:ef:d2:e9:2c:a7:
         a5:2a:6b:7f:54:5a:80:56:4a:6d:2b:9a:2e:c4:e2:dd:a0:9c:
         99:a9:f5:fa:b7:61:fa:fb:70:d2:fe:90:0b:e2:71:df:9f:c7:
         19:52:58:00:ae:8f:e6:33:9c:20:7f:ce:09:16:db:29:04:68:
         38:95:39:10:1e:6e:07:a7:09:b6:4c:4b:82:00:ba:1b:ee:ce:
         6d:d1:d0:76:08:4e:17:fd:0e:3e:25:1e:e5:6b:81:ff:62:87:
         31:0e:08:1d:5a:ac:e9:6b:02:cb:c2:b9:5f:bd:24:63:c4:ac:
         e2:dc:6e:62:6a:95:74:a3:a4:67:ba:a4:d7:77:29:ab:e0:7c:
         d2:76:3c:9b:64:e1:7b:18:0c:f4:8c:b4:a6:c5:e1:ea:4d:30:
         53:9a:f0:88:20:af:94:54:bc:25:31:8a:17:7d:ac:fe:94:5f:
         da:7a:49:84:5f:3f:18:65:9a:94:2b:2e:13:6a:df:81:ee:8d:
         03:e9:44:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2FI0uuqa+9rLmHpSGoqRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwMTAyMTE0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmQwOTdmYmZkNjc3M2NmNjkzNjM3YzY0MzljN2EyMWIwY2E2NTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu77pjJJi1MdfJcMGvCNMi9YQSwoR
BjooQCGFVcSIs2ekTu1frzARjBRlkt5M7jFaiApiuwfjzR3Nw0unOXSEHlY+Ku13
N4/nLerqsmXqKESazlJleqjPBwuAsNG1lt8W4MZ7GbS6XRojwWKiHtgSBKaaouh9
64COslPfRHOphE1iInm5JRzAdQz9E+9X1cx3Y4Q0lW0Wf2X9bC8BOlQCvmpPhEgT
e/Xts42zSp+JRl/7EAhtyIRwte9P8wajyjN3px6xz3tiEebnMmIflzYPx9jRyFto
rJx4NWsNB2wSkXJmOB9IhPUnMH0p8xvyCh+cHpR+cjMrZBdUYKEHSedDDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKbQl/v9Z3PPaTY3xkOceiGwymVQMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvcHRDWC1fMW5jODlwTmpmR1E1eDZJYkRLWlZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVzMA0G
CSqGSIb3DQEBCwUAA4IBAQAS49RURZIPQvUw4Pa9uDCiBNyU8HrhxpVR/7CFXcxK
Pb/iXQN8YBi6LIyacceKO7iKGfcd0rj1K2nyAT9ROb9b8C0x79LpLKelKmt/VFqA
VkptK5ouxOLdoJyZqfX6t2H6+3DS/pAL4nHfn8cZUlgAro/mM5wgf84JFtspBGg4
lTkQHm4Hpwm2TEuCALob7s5t0dB2CE4X/Q4+JR7la4H/YocxDggdWqzpawLLwrlf
vSRjxKzi3G5iapV0o6RnuqTXdymr4HzSdjybZOF7GAz0jLSmxeHqTTBTmvCIIK+U
VLwlMYoXfaz+lF/aekmEXz8YZZqUKy4Tat+B7o0D6USD
-----END CERTIFICATE-----