Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/py3a0cnA6D-ZWWbBM2S12B4BJQw.roa
File:                     py3a0cnA6D-ZWWbBM2S12B4BJQw.roa (raw, json)
Hash identifier:          ZG3Qjxg5xRmfASMZRK+Mn8QGLIBHxwD65f16An13Db8=
Subject key identifier:   A7:2D:DA:D1:C9:C0:E8:3F:99:59:66:C1:33:64:B5:D8:1E:01:25:0C
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       019E364E888B86E396E17867D9FB066F791E
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/py3a0cnA6D-ZWWbBM2S12B4BJQw.roa
Signing time:             Sun 17 May 2026 14:19:36 +0000
ROA not before:           Sun 17 May 2026 14:19:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        46.37.96.0/24 maxlen: 24
                          46.37.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:36:4e:88:8b:86:e3:96:e1:78:67:d9:fb:06:6f:79:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: May 17 14:19:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a72ddad1c9c0e83f995966c13364b5d81e01250c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:40:33:75:9c:d0:a1:dc:0a:3e:28:ac:94:b6:
                    72:a2:a6:8f:83:2f:c2:4b:e0:c8:f1:ef:24:96:86:
                    70:5d:8b:e4:6d:a4:d3:e7:c4:ba:9d:4b:75:47:17:
                    6a:80:82:15:8c:61:29:92:89:33:21:da:14:06:a3:
                    f8:33:74:ae:33:94:8a:0d:1f:80:41:f4:00:ec:7b:
                    f4:e7:fc:6f:66:46:89:8f:5a:a5:d1:cf:e6:a5:46:
                    a5:5b:f5:06:3b:67:39:de:ea:7f:c9:e3:4d:29:64:
                    90:6e:03:41:67:6a:82:ec:06:fd:39:45:65:55:54:
                    7c:83:2f:37:41:3e:59:ed:f5:ef:99:27:ae:53:c1:
                    00:6c:dd:d0:8c:b1:92:9a:7f:3e:23:87:77:8d:cf:
                    36:6f:da:73:0c:eb:27:51:96:51:a6:f8:06:66:7c:
                    af:2a:2a:bd:41:e5:eb:a1:8d:9d:2b:07:25:6c:df:
                    c7:8d:70:93:b7:2b:dc:24:28:eb:ce:cc:80:07:cf:
                    95:6b:58:47:e7:bb:28:36:09:63:2a:f6:d7:62:94:
                    47:5c:95:9d:02:32:38:8d:50:7c:4c:5c:8c:4d:3d:
                    8c:6c:95:8b:7b:8f:46:e8:60:d7:a0:99:e5:1d:d4:
                    98:73:a9:b7:a7:9b:4e:db:83:f2:65:50:a4:84:d0:
                    f3:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:2D:DA:D1:C9:C0:E8:3F:99:59:66:C1:33:64:B5:D8:1E:01:25:0C
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/py3a0cnA6D-ZWWbBM2S12B4BJQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.96.0/24
                  46.37.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:55:51:04:1b:a3:c8:68:e3:4b:54:6a:2c:67:d5:4d:de:91:
         84:ca:d6:21:77:57:a2:96:f1:c8:29:9f:17:69:f3:09:15:7e:
         99:ec:81:ee:07:73:0a:b0:c9:e9:f4:9e:49:29:bf:9c:de:07:
         f1:b2:cf:3f:d3:55:95:51:0a:ad:f5:21:0d:3a:3a:47:b1:ec:
         fa:48:73:ff:24:e2:76:8e:ea:b5:e0:2c:1d:34:fa:eb:d7:f2:
         e9:a6:92:8b:e4:a6:6e:86:0c:8a:f1:27:81:ef:ff:a8:59:12:
         02:dd:2e:17:90:a3:b3:fd:90:92:81:1d:c9:ef:7a:d4:6d:f9:
         3b:a3:69:2c:f4:87:6b:c7:98:ed:6c:38:79:a1:3b:61:25:8f:
         72:39:f0:0c:67:26:19:66:6b:85:82:d9:bb:96:6b:78:a6:34:
         e7:f4:4c:c7:60:7a:ea:a0:a9:c0:1c:88:a4:63:1f:a8:e3:7a:
         bd:56:d4:98:dd:f1:f0:bf:6a:e0:a8:84:fa:4b:fe:4c:4d:c9:
         2a:84:87:94:96:ca:f4:29:38:1d:8d:7e:63:8e:c5:90:49:33:
         5b:61:fa:49:a1:88:6b:ca:3f:2a:3d:a5:c4:fd:67:1c:9b:22:
         40:38:1a:aa:9e:8b:78:a9:db:af:64:c5:6e:49:e5:14:e6:4d:
         44:f4:1f:f7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ42ToiLhuOW4Xhn2fsGb3keMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjYwNTE3MTQxOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzJkZGFkMWM5YzBlODNmOTk1OTY2YzEzMzY0YjVkODFlMDEyNTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEAzdZzQodwKPiislLZyoqaPgy/C
S+DI8e8kloZwXYvkbaTT58S6nUt1RxdqgIIVjGEpkokzIdoUBqP4M3SuM5SKDR+A
QfQA7Hv05/xvZkaJj1ql0c/mpUalW/UGO2c53up/yeNNKWSQbgNBZ2qC7Ab9OUVl
VVR8gy83QT5Z7fXvmSeuU8EAbN3QjLGSmn8+I4d3jc82b9pzDOsnUZZRpvgGZnyv
Kiq9QeXroY2dKwclbN/HjXCTtyvcJCjrzsyAB8+Va1hH57soNgljKvbXYpRHXJWd
AjI4jVB8TFyMTT2MbJWLe49G6GDXoJnlHdSYc6m3p5tO24PyZVCkhNDzGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKct2tHJwOg/mVlmwTNktdgeASUMMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvcHkzYTBjbkE2RC1aV1diQk0yUzEyQjRCSlF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALiVgAwQA
LiVxMA0GCSqGSIb3DQEBCwUAA4IBAQAnVVEEG6PIaONLVGosZ9VN3pGEytYhd1ei
lvHIKZ8XafMJFX6Z7IHuB3MKsMnp9J5JKb+c3gfxss8/01WVUQqt9SENOjpHsez6
SHP/JOJ2juq14CwdNPrr1/LpppKL5KZuhgyK8SeB7/+oWRIC3S4XkKOz/ZCSgR3J
73rUbfk7o2ks9Idrx5jtbDh5oTthJY9yOfAMZyYZZmuFgtm7lmt4pjTn9EzHYHrq
oKnAHIikYx+o43q9VtSY3fHwv2rgqIT6S/5MTckqhIeUlsr0KTgdjX5jjsWQSTNb
YfpJoYhryj8qPaXE/WccmyJAOBqqnot4qduvZMVuSeUU5k1E9B/3
-----END CERTIFICATE-----