Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/vAF6sleE-od_mzkjUN7qaU3Blm8.roa
File:                     vAF6sleE-od_mzkjUN7qaU3Blm8.roa (raw, json)
Hash identifier:          MAHiZDHbKlUdrozq8vby5YgZPE3FjM6MPm9MJSQ49NA=
Subject key identifier:   BC:01:7A:B2:57:84:FA:87:7F:9B:39:23:50:DE:EA:69:4D:C1:96:6F
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       018CC348B85AB078568EE8B795CE133B7780
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/vAF6sleE-od_mzkjUN7qaU3Blm8.roa
Signing time:             Mon 01 Jan 2024 04:29:32 +0000
ROA not before:           Mon 01 Jan 2024 04:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47436
IP address blocks:        46.37.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b8:5a:b0:78:56:8e:e8:b7:95:ce:13:3b:77:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  1 04:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc017ab25784fa877f9b392350deea694dc1966f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:4c:41:ba:2c:07:3d:87:23:cb:df:50:e4:a6:
                    a1:7a:08:82:82:0d:66:42:76:a8:11:9f:57:dd:cf:
                    2a:13:5b:3f:4e:2c:27:a1:5d:50:54:7c:2f:9b:ac:
                    5b:6b:c3:8f:3f:b3:fa:21:d6:a1:0a:46:04:af:dd:
                    ad:b2:32:88:12:30:3d:d3:e7:86:7c:b8:6f:4b:19:
                    ae:4a:85:c2:13:85:fb:24:d7:d9:12:10:4c:ba:e8:
                    b5:a6:64:e3:81:df:49:ae:7c:f1:b6:8f:d1:cd:87:
                    e3:33:7d:06:4e:15:82:f7:cd:a2:04:f8:21:0a:fa:
                    3d:64:b7:c1:00:ff:d4:78:65:78:fd:a4:3b:66:7b:
                    2b:33:61:7b:1c:09:c5:f7:93:25:d1:f1:67:e6:87:
                    40:7c:77:f8:b3:79:c0:41:84:d0:ed:fc:44:ec:73:
                    a6:1b:0f:c3:eb:30:f9:60:d8:65:70:7e:a8:a9:cd:
                    18:58:61:8a:72:5e:19:2f:70:5b:f1:b4:80:3b:3a:
                    f8:90:fa:6b:a9:fb:e3:f8:91:08:6d:f4:c5:9e:07:
                    8b:2e:01:80:b2:2e:99:d7:af:df:77:ef:42:a2:07:
                    fe:2c:23:ec:cf:b3:ef:b0:60:fb:7f:76:e7:f6:49:
                    4d:1d:a2:5a:00:59:5b:71:ea:2c:8e:1a:91:cc:e2:
                    d1:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:01:7A:B2:57:84:FA:87:7F:9B:39:23:50:DE:EA:69:4D:C1:96:6F
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/vAF6sleE-od_mzkjUN7qaU3Blm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:b6:ff:10:30:a1:40:a5:74:cc:fb:83:8d:87:ee:31:99:60:
         33:b7:55:a2:dd:f1:e4:b5:2a:ad:5d:7c:f5:61:10:17:e0:ed:
         09:10:a9:ad:58:58:1e:17:85:28:0c:fa:6c:34:d7:85:64:d8:
         f6:9f:bd:61:52:6f:d9:d5:f9:a5:ba:ca:37:25:be:9c:a8:a7:
         17:a7:0f:22:2b:b0:8f:b2:98:cc:26:eb:83:5c:56:27:45:e2:
         2d:aa:ce:a6:20:bd:d1:be:90:c3:b5:81:71:26:b8:13:f9:5b:
         96:27:2c:d7:29:8e:89:ef:45:0f:a2:b4:6c:64:cb:57:45:af:
         5b:da:7e:e0:53:b1:64:cb:5e:07:0e:8a:ea:5b:18:9d:59:70:
         88:ce:31:39:b9:f8:2e:0c:c4:71:6e:23:e3:c2:b7:59:6e:6e:
         98:92:85:68:de:82:9f:4c:fb:94:34:c9:a1:29:42:cb:54:8d:
         03:49:df:a5:72:a6:d3:25:28:c8:f5:56:9e:7f:d8:0b:02:6e:
         8c:a4:a4:90:35:30:be:29:8c:7f:9a:00:5e:e1:bc:fe:80:ed:
         84:51:c9:4d:f3:2f:49:3a:b6:2d:e5:9d:99:5f:40:4f:6f:26:
         aa:d6:74:67:cf:8e:b8:62:7e:25:21:9d:c4:e5:94:ce:2b:b6:
         cc:86:02:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSLhasHhWjui3lc4TO3eAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjQwMTAxMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzAxN2FiMjU3ODRmYTg3N2Y5YjM5MjM1MGRlZWE2OTRkYzE5NjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0xBuiwHPYcjy99Q5KahegiCgg1m
QnaoEZ9X3c8qE1s/TiwnoV1QVHwvm6xba8OPP7P6IdahCkYEr92tsjKIEjA90+eG
fLhvSxmuSoXCE4X7JNfZEhBMuui1pmTjgd9Jrnzxto/RzYfjM30GThWC982iBPgh
Cvo9ZLfBAP/UeGV4/aQ7ZnsrM2F7HAnF95Ml0fFn5odAfHf4s3nAQYTQ7fxE7HOm
Gw/D6zD5YNhlcH6oqc0YWGGKcl4ZL3Bb8bSAOzr4kPprqfvj+JEIbfTFngeLLgGA
si6Z16/fd+9Cogf+LCPsz7PvsGD7f3bn9klNHaJaAFlbceosjhqRzOLR5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLwBerJXhPqHf5s5I1De6mlNwZZvMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvdkFGNnNsZUUtb2RfbXpralVON3FhVTNCbG04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiV1MA0G
CSqGSIb3DQEBCwUAA4IBAQBOtv8QMKFApXTM+4ONh+4xmWAzt1Wi3fHktSqtXXz1
YRAX4O0JEKmtWFgeF4UoDPpsNNeFZNj2n71hUm/Z1fmluso3Jb6cqKcXpw8iK7CP
spjMJuuDXFYnReItqs6mIL3RvpDDtYFxJrgT+VuWJyzXKY6J70UPorRsZMtXRa9b
2n7gU7Fky14HDorqWxidWXCIzjE5ufguDMRxbiPjwrdZbm6YkoVo3oKfTPuUNMmh
KULLVI0DSd+lcqbTJSjI9Vaef9gLAm6MpKSQNTC+KYx/mgBe4bz+gO2EUclN8y9J
OrYt5Z2ZX0BPbyaq1nRnz464Yn4lIZ3E5ZTOK7bMhgIM
-----END CERTIFICATE-----