Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/tSlsn1m6nihSC9bLXWQB2y3OnHc.roa
File:                     tSlsn1m6nihSC9bLXWQB2y3OnHc.roa (raw, json)
Hash identifier:          Rz0AIS1fvLpf/pOCzGDaJ2epEH0p2sunKN0e9jNfFpc=
Subject key identifier:   B5:29:6C:9F:59:BA:9E:28:52:0B:D6:CB:5D:64:01:DB:2D:CE:9C:77
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       01931869B7A981560F96A3EAEDF129BF04AA
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/tSlsn1m6nihSC9bLXWQB2y3OnHc.roa
Signing time:             Sun 10 Nov 2024 23:30:01 +0000
ROA not before:           Sun 10 Nov 2024 23:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        46.37.99.0/24 maxlen: 24
                          46.37.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:18:69:b7:a9:81:56:0f:96:a3:ea:ed:f1:29:bf:04:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Nov 10 23:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5296c9f59ba9e28520bd6cb5d6401db2dce9c77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b2:cf:15:22:bf:ac:72:c0:3b:51:e0:02:ef:
                    e0:49:1b:b8:f0:57:85:39:d1:31:e6:ca:f6:f7:79:
                    36:72:98:a2:97:c5:99:38:0b:a2:78:ed:58:e4:66:
                    5b:74:71:8c:a4:25:1b:6e:2d:55:2d:64:a0:dc:1c:
                    67:c6:0f:92:05:e5:09:ec:f3:5a:ba:ca:cb:55:ca:
                    e3:f8:65:e1:c5:7a:87:06:c8:f4:52:5c:ee:c2:25:
                    1f:f6:c7:8c:70:66:51:c9:77:80:5c:16:4b:3b:b0:
                    16:f0:76:c3:e1:5b:d3:d6:65:17:88:9c:ec:9b:11:
                    f8:13:2e:48:e8:57:3a:e2:c2:e9:6b:a0:59:0c:22:
                    36:8a:77:42:df:3e:3e:87:c4:c8:24:6d:5a:24:02:
                    35:56:0b:14:3e:17:3c:23:d7:66:8c:04:d9:41:97:
                    8d:8f:6f:ea:b8:83:35:d5:e5:ad:24:ea:72:2e:5d:
                    fd:f5:b1:5e:b9:cd:b0:05:e4:c9:ec:80:7a:82:63:
                    f5:09:a7:a1:97:0c:a4:b3:a4:da:86:ba:d6:0b:1c:
                    dd:53:d7:9e:5e:59:2c:1f:66:49:71:83:28:6f:ff:
                    a4:5a:50:f2:e5:27:1e:30:fe:71:4c:39:17:bb:4d:
                    13:94:59:20:18:be:cf:88:c3:05:ac:eb:51:56:96:
                    71:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:29:6C:9F:59:BA:9E:28:52:0B:D6:CB:5D:64:01:DB:2D:CE:9C:77
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/tSlsn1m6nihSC9bLXWQB2y3OnHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.99.0/24
                  46.37.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:f0:d0:2f:f6:0c:a6:69:3b:47:9d:5f:c3:56:30:8c:15:a8:
         cd:05:9d:26:4c:c5:34:32:1c:9e:a4:27:d4:54:9a:59:b5:b6:
         56:cc:50:90:2c:b1:6c:8e:9a:e3:f2:77:98:57:4a:4f:6e:62:
         a4:65:d7:df:74:67:60:87:fe:4a:f8:52:62:9f:5b:db:60:b3:
         f0:f4:9e:97:7b:24:41:20:2e:ce:14:57:76:ac:4f:ff:e4:15:
         77:fd:1d:ae:e9:d4:6a:b6:c1:e0:26:73:70:e6:d1:e8:7a:9c:
         0b:a9:b6:fc:59:9d:d4:01:19:f8:70:73:13:8d:02:99:4c:4b:
         1f:74:b6:14:3a:84:db:79:fe:26:17:51:56:97:ed:1a:67:75:
         42:b2:75:19:97:c3:ea:0b:76:0a:9e:b7:96:1d:61:91:5e:ec:
         af:26:8e:ca:c2:0d:aa:43:f0:84:29:48:a2:c3:93:07:34:59:
         e6:a4:74:12:71:9d:9b:6e:1c:b8:4a:17:a6:c5:68:be:39:5e:
         12:9e:0d:9a:a6:85:0c:84:b0:13:dc:4a:b5:8b:3a:da:c8:db:
         ea:42:71:41:e5:b7:6e:89:fb:27:5f:85:76:08:dc:1d:94:84:
         4b:9d:a0:3a:79:47:9c:57:db:19:39:25:e5:5c:96:4a:02:4a:
         96:d6:0e:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZMYabepgVYPlqPq7fEpvwSqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjQxMTEwMjMzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTI5NmM5ZjU5YmE5ZTI4NTIwYmQ2Y2I1ZDY0MDFkYjJkY2U5Yzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLLPFSK/rHLAO1HgAu/gSRu48FeF
OdEx5sr293k2cpiil8WZOAuieO1Y5GZbdHGMpCUbbi1VLWSg3Bxnxg+SBeUJ7PNa
usrLVcrj+GXhxXqHBsj0UlzuwiUf9seMcGZRyXeAXBZLO7AW8HbD4VvT1mUXiJzs
mxH4Ey5I6Fc64sLpa6BZDCI2indC3z4+h8TIJG1aJAI1VgsUPhc8I9dmjATZQZeN
j2/quIM11eWtJOpyLl399bFeuc2wBeTJ7IB6gmP1Caehlwyks6TahrrWCxzdU9ee
XlksH2ZJcYMob/+kWlDy5SceMP5xTDkXu00TlFkgGL7PiMMFrOtRVpZxCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLUpbJ9Zup4oUgvWy11kAdstzpx3MB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvdFNsc24xbTZuaWhTQzliTFhXUUIyeTNPbkhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALiVjAwQA
LiV5MA0GCSqGSIb3DQEBCwUAA4IBAQBs8NAv9gymaTtHnV/DVjCMFajNBZ0mTMU0
MhyepCfUVJpZtbZWzFCQLLFsjprj8neYV0pPbmKkZdffdGdgh/5K+FJin1vbYLPw
9J6XeyRBIC7OFFd2rE//5BV3/R2u6dRqtsHgJnNw5tHoepwLqbb8WZ3UARn4cHMT
jQKZTEsfdLYUOoTbef4mF1FWl+0aZ3VCsnUZl8PqC3YKnreWHWGRXuyvJo7Kwg2q
Q/CEKUiiw5MHNFnmpHQScZ2bbhy4ShemxWi+OV4Sng2apoUMhLAT3Eq1izrayNvq
QnFB5bduifsnX4V2CNwdlIRLnaA6eUecV9sZOSXlXJZKAkqW1g5W
-----END CERTIFICATE-----