Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/rVQkk2NuniU-ouxqYLiRmvOXpyQ.roa
File:                     rVQkk2NuniU-ouxqYLiRmvOXpyQ.roa (raw, json)
Hash identifier:          RTF+qgHFIX0oHl9UdBY8NZR+A7k0SHqraUlrdiDODys=
Subject key identifier:   AD:54:24:93:63:6E:9E:25:3E:A2:EC:6A:60:B8:91:9A:F3:97:A7:24
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       018D619F747B0789B54420B4C976B4C9BD06
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/rVQkk2NuniU-ouxqYLiRmvOXpyQ.roa
Signing time:             Wed 31 Jan 2024 22:24:16 +0000
ROA not before:           Wed 31 Jan 2024 22:24:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        46.37.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 04:37:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:61:9f:74:7b:07:89:b5:44:20:b4:c9:76:b4:c9:bd:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan 31 22:24:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad542493636e9e253ea2ec6a60b8919af397a724
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:3f:cd:cd:29:bc:ab:66:cb:da:f1:cd:3c:c3:
                    49:7d:90:59:2c:ad:3d:89:4f:5b:c8:65:22:f3:97:
                    31:98:de:5b:38:61:f4:39:dd:58:25:7b:b2:b8:82:
                    b9:0d:1a:12:49:4f:4c:6e:27:36:0a:87:43:9f:6f:
                    20:77:9d:a0:ef:62:06:b3:c9:89:80:07:90:09:a2:
                    ed:cd:c1:e2:72:1c:08:c1:20:f2:ac:5e:f2:c2:83:
                    ee:e3:4b:57:57:91:c5:04:2b:d5:d8:73:ea:23:a9:
                    24:ca:d7:62:ef:a4:2e:bf:d4:f0:2a:68:91:8e:62:
                    69:6c:f8:b5:38:6d:3f:72:33:11:3b:ac:56:74:21:
                    e4:25:bf:82:ee:a8:9d:fa:8f:6c:f0:1f:7b:04:07:
                    44:7a:63:5f:ef:ca:1c:21:13:0e:54:15:5d:45:84:
                    c1:6f:a2:de:cb:27:59:0e:62:dc:18:d9:6d:c8:6d:
                    73:b9:ca:78:ec:d1:9a:ec:b4:8e:68:34:eb:8a:eb:
                    91:63:b6:37:76:0b:bd:13:cb:2e:35:3e:27:d6:90:
                    a7:e4:b4:d3:31:f5:37:fe:bc:c9:61:7f:21:fa:50:
                    05:9d:61:6e:50:b4:cb:62:5d:31:98:2b:2e:4c:54:
                    97:49:5d:fe:cd:35:33:31:fb:af:10:75:1d:4b:cb:
                    47:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:54:24:93:63:6E:9E:25:3E:A2:EC:6A:60:B8:91:9A:F3:97:A7:24
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/rVQkk2NuniU-ouxqYLiRmvOXpyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:63:61:74:16:1a:d4:34:ff:aa:9c:35:24:44:48:cb:45:c9:
         64:d6:00:a7:29:0a:90:13:10:ec:9b:2d:f2:b6:87:58:04:7a:
         9d:9e:f9:bd:bd:5d:57:49:2e:5c:4b:d0:5b:3d:81:17:ef:e7:
         25:81:ed:6b:0b:62:83:b4:9a:c5:1b:74:05:b6:65:a1:f7:b1:
         09:cf:78:13:54:87:d9:34:a9:4c:d7:34:2e:ce:f4:13:6a:98:
         df:e6:68:0e:d1:5a:1b:a7:08:dc:22:99:80:86:e1:9a:5a:15:
         12:fa:9a:d0:d8:a5:ca:49:d5:09:a0:04:d9:1c:6e:31:c6:66:
         42:65:89:9e:97:98:d2:04:72:33:c7:31:1f:fd:58:2d:7f:40:
         29:cb:4d:11:7b:f5:b3:6b:58:68:f9:2b:16:d5:19:ab:3e:7b:
         07:d7:6b:83:eb:97:6f:96:18:70:0d:a8:a5:4b:b8:45:1b:db:
         e1:39:73:d0:74:ee:3e:b0:ae:28:24:01:53:02:38:2a:3c:51:
         28:09:f7:ab:3b:12:e3:c1:9a:18:bf:84:b0:29:5d:bc:20:65:
         d7:d7:d8:2c:f1:ba:6b:ec:98:f5:3b:37:a5:a1:b7:a7:63:f2:
         7f:9a:47:5a:d6:1d:a0:0a:3b:0d:72:3d:ec:5f:2a:4a:36:ba:
         50:36:5a:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1hn3R7B4m1RCC0yXa0yb0GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjQwMTMxMjIyNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDU0MjQ5MzYzNmU5ZTI1M2VhMmVjNmE2MGI4OTE5YWYzOTdhNzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnz/NzSm8q2bL2vHNPMNJfZBZLK09
iU9byGUi85cxmN5bOGH0Od1YJXuyuIK5DRoSSU9Mbic2CodDn28gd52g72IGs8mJ
gAeQCaLtzcHichwIwSDyrF7ywoPu40tXV5HFBCvV2HPqI6kkytdi76Quv9TwKmiR
jmJpbPi1OG0/cjMRO6xWdCHkJb+C7qid+o9s8B97BAdEemNf78ocIRMOVBVdRYTB
b6LeyydZDmLcGNltyG1zucp47NGa7LSOaDTriuuRY7Y3dgu9E8suNT4n1pCn5LTT
MfU3/rzJYX8h+lAFnWFuULTLYl0xmCsuTFSXSV3+zTUzMfuvEHUdS8tHOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK1UJJNjbp4lPqLsamC4kZrzl6ckMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvclZRa2syTnVuaVUtb3V4cVlMaVJtdk9YcHlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVzMA0G
CSqGSIb3DQEBCwUAA4IBAQBQY2F0FhrUNP+qnDUkREjLRclk1gCnKQqQExDsmy3y
todYBHqdnvm9vV1XSS5cS9BbPYEX7+clge1rC2KDtJrFG3QFtmWh97EJz3gTVIfZ
NKlM1zQuzvQTapjf5mgO0VobpwjcIpmAhuGaWhUS+prQ2KXKSdUJoATZHG4xxmZC
ZYmel5jSBHIzxzEf/Vgtf0Apy00Re/Wza1ho+SsW1RmrPnsH12uD65dvlhhwDail
S7hFG9vhOXPQdO4+sK4oJAFTAjgqPFEoCferOxLjwZoYv4SwKV28IGXX19gs8bpr
7Jj1OzelobenY/J/mkda1h2gCjsNcj3sXypKNrpQNlqt
-----END CERTIFICATE-----