Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/rFSszZrAXt7klkpsUlQXY_mxSAU.roa
File:                     rFSszZrAXt7klkpsUlQXY_mxSAU.roa (raw, json)
Hash identifier:          i1ims/sNXA4gtCRRZdO2d0D52xjGt/wQWta8p0+dVOk=
Subject key identifier:   AC:54:AC:CD:9A:C0:5E:DE:E4:96:4A:6C:52:54:17:63:F9:B1:48:05
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       019426D84F9137732ED6EBC73B17FFDB0FDE
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/rFSszZrAXt7klkpsUlQXY_mxSAU.roa
Signing time:             Thu 02 Jan 2025 11:48:17 +0000
ROA not before:           Thu 02 Jan 2025 11:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     18229
IP address blocks:        46.37.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:4f:91:37:73:2e:d6:eb:c7:3b:17:ff:db:0f:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  2 11:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac54accd9ac05edee4964a6c52541763f9b14805
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:93:ee:d1:a7:63:c4:18:3d:d8:ce:d2:64:25:
                    33:d3:b4:ab:7b:71:04:81:87:2d:1f:2f:e7:e0:dd:
                    6d:bc:e8:08:10:20:10:5f:9d:87:cc:3b:04:7d:5c:
                    fa:7e:ca:50:d2:e4:5a:87:c0:8d:48:a6:54:65:0d:
                    15:8f:ad:41:1a:42:98:3a:2a:99:dc:43:e4:ff:de:
                    58:16:3a:2d:74:a5:bc:fa:61:3b:48:54:f1:03:1b:
                    60:f6:18:4b:f9:1e:57:37:cf:13:b7:83:56:e2:43:
                    e0:5d:e6:87:76:e9:a4:27:f5:d1:e4:0a:eb:4c:f2:
                    b3:fb:52:29:51:37:4f:1e:c0:1a:f4:44:13:d7:48:
                    29:22:f2:1f:02:b4:73:aa:1a:08:0b:fd:16:ad:de:
                    39:bd:fe:2a:f1:55:4f:22:b9:ac:71:df:b3:19:db:
                    78:3a:47:f8:0a:10:67:61:7d:aa:0b:ec:cf:1e:1c:
                    db:ce:5b:5f:d8:cf:5f:4d:0b:85:e0:a1:35:6a:ee:
                    9e:e2:ab:03:04:87:83:ed:04:53:0b:9e:2d:5f:0f:
                    a1:c3:3f:d7:a1:81:97:b5:03:63:e5:42:5d:05:00:
                    27:93:bc:08:31:68:ab:20:1a:ff:1b:cd:31:4f:36:
                    f9:9e:33:0a:c4:45:6e:33:6a:b8:5d:f9:6d:fe:0c:
                    fb:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:54:AC:CD:9A:C0:5E:DE:E4:96:4A:6C:52:54:17:63:F9:B1:48:05
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/rFSszZrAXt7klkpsUlQXY_mxSAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:ba:fa:dc:ea:38:86:73:56:de:31:21:85:85:c5:a5:2c:85:
         c0:f5:11:17:fc:7e:c5:c4:95:b7:cd:16:12:19:fa:f9:7b:8f:
         e4:40:4d:94:54:24:67:a8:b7:77:d3:9d:35:c7:a4:48:99:bc:
         a8:30:91:5a:bf:da:86:2b:27:fe:a6:6f:34:59:70:09:55:41:
         07:29:75:9e:f2:3f:7b:02:85:4f:bd:7d:4f:ae:d1:43:36:13:
         d5:a1:22:ee:08:32:82:82:ee:56:a4:d4:ea:15:e1:db:82:4d:
         1b:c0:7c:ba:c0:85:99:79:85:5b:cd:ab:09:0d:31:5d:5e:c1:
         9d:81:2b:38:f0:2e:98:3d:ce:3e:fc:ad:c9:25:50:a6:10:d3:
         b5:ce:18:10:04:25:11:a7:22:8d:ee:69:88:0b:14:c3:82:d9:
         07:8d:5e:b0:4b:8c:b0:92:55:95:96:e9:8e:dd:c0:4c:ac:e3:
         96:d4:3e:54:96:e7:aa:12:b4:eb:43:38:f4:93:50:1f:01:b7:
         c3:72:e6:a7:8a:45:5d:d5:69:1c:75:b9:18:a0:da:8e:fe:59:
         2c:d8:ae:fd:06:70:17:e6:0a:9e:ad:66:d9:08:c1:15:c0:52:
         1f:f5:44:04:d6:7f:2c:d1:7b:3d:7b:83:07:7c:5d:b9:0b:3b:
         23:d9:87:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2E+RN3Mu1uvHOxf/2w/eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwMTAyMTE0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzU0YWNjZDlhYzA1ZWRlZTQ5NjRhNmM1MjU0MTc2M2Y5YjE0ODA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJPu0adjxBg92M7SZCUz07Sre3EE
gYctHy/n4N1tvOgIECAQX52HzDsEfVz6fspQ0uRah8CNSKZUZQ0Vj61BGkKYOiqZ
3EPk/95YFjotdKW8+mE7SFTxAxtg9hhL+R5XN88Tt4NW4kPgXeaHdumkJ/XR5Arr
TPKz+1IpUTdPHsAa9EQT10gpIvIfArRzqhoIC/0Wrd45vf4q8VVPIrmscd+zGdt4
Okf4ChBnYX2qC+zPHhzbzltf2M9fTQuF4KE1au6e4qsDBIeD7QRTC54tXw+hwz/X
oYGXtQNj5UJdBQAnk7wIMWirIBr/G80xTzb5njMKxEVuM2q4Xflt/gz7YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKxUrM2awF7e5JZKbFJUF2P5sUgFMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvckZTc3packFYdDdrbGtwc1VsUVhZX214U0FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVhMA0G
CSqGSIb3DQEBCwUAA4IBAQA0uvrc6jiGc1beMSGFhcWlLIXA9REX/H7FxJW3zRYS
Gfr5e4/kQE2UVCRnqLd30501x6RImbyoMJFav9qGKyf+pm80WXAJVUEHKXWe8j97
AoVPvX1PrtFDNhPVoSLuCDKCgu5WpNTqFeHbgk0bwHy6wIWZeYVbzasJDTFdXsGd
gSs48C6YPc4+/K3JJVCmENO1zhgQBCURpyKN7mmICxTDgtkHjV6wS4ywklWVlumO
3cBMrOOW1D5UlueqErTrQzj0k1AfAbfDcuanikVd1WkcdbkYoNqO/lks2K79BnAX
5gqerWbZCMEVwFIf9UQE1n8s0Xs9e4MHfF25Czsj2YfJ
-----END CERTIFICATE-----