Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/vHHc1rYjeLS5tRcSyobhnibNJKo.roa
File:                     vHHc1rYjeLS5tRcSyobhnibNJKo.roa (raw, json)
Hash identifier:          vxhlBu/I7O2alnWz/l+vVxCLK+Xe8FgT8vzBeVXV1pc=
Subject key identifier:   BC:71:DC:D6:B6:23:78:B4:B9:B5:17:12:CA:86:E1:9E:26:CD:24:AA
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       018CC348C036D92CD7EB3492030B108377D6
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/vHHc1rYjeLS5tRcSyobhnibNJKo.roa
Signing time:             Mon 01 Jan 2024 04:29:34 +0000
ROA not before:           Mon 01 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397423
IP address blocks:        46.37.100.0/24 maxlen: 24
                          46.37.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c0:36:d9:2c:d7:eb:34:92:03:0b:10:83:77:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  1 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc71dcd6b62378b4b9b51712ca86e19e26cd24aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d9:28:73:39:a3:57:af:f6:d4:67:1b:fa:3c:
                    dc:41:49:9f:b9:58:1d:57:6a:5e:1c:30:fa:37:57:
                    b6:40:d2:18:f8:f4:1d:c4:ea:40:48:fe:c6:29:b0:
                    5d:f3:4e:39:3d:e2:dc:ad:d7:22:04:5d:1f:e7:1f:
                    f8:44:f9:73:7d:3e:1a:1d:87:b3:90:13:5e:da:34:
                    c6:8d:5a:05:1c:90:6d:26:95:62:d0:2e:a3:d0:5e:
                    c6:ab:93:0b:57:93:f9:6e:4b:c5:46:4f:16:56:52:
                    25:fc:8a:03:07:73:0f:ce:6d:a1:08:c6:3f:fe:59:
                    32:05:d6:34:18:b1:03:a9:f6:00:f1:01:e0:56:b2:
                    25:20:3f:e8:92:64:a9:5a:18:43:21:4b:68:e2:34:
                    e3:ed:db:45:0e:51:47:a2:10:b3:1a:f4:38:a8:4d:
                    0a:1f:e9:c1:c2:60:d2:50:66:2f:ef:85:81:46:97:
                    da:a5:97:36:bb:29:78:d0:16:16:17:3c:8c:c7:64:
                    34:ef:51:9e:15:ef:44:2d:a1:bb:fc:4b:1f:a3:aa:
                    75:e4:31:4d:df:96:2c:bc:de:9c:de:c6:ed:d4:44:
                    28:fb:28:af:55:60:f5:bb:43:65:cb:f4:04:43:66:
                    0f:98:05:9c:62:df:4e:6e:1b:7d:a8:a9:94:95:66:
                    97:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:71:DC:D6:B6:23:78:B4:B9:B5:17:12:CA:86:E1:9E:26:CD:24:AA
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/vHHc1rYjeLS5tRcSyobhnibNJKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.100.0/24
                  46.37.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:42:d0:f5:da:88:8b:90:f8:60:60:5d:67:f0:6f:9f:6e:93:
         11:75:c4:5f:7a:94:b6:43:81:86:2c:d4:75:8e:c2:b8:d1:9f:
         c6:73:77:02:dc:ba:43:a6:8c:94:17:a3:a5:66:5c:1e:78:58:
         1f:28:c3:35:ff:2c:90:a0:02:7d:36:90:83:4d:93:a5:c7:96:
         2f:9e:6d:3c:c7:8f:a7:61:dd:be:37:5e:7f:35:a5:9e:3c:25:
         c6:47:e3:35:87:b7:e9:ed:4a:ec:89:dc:39:df:43:fb:b7:2d:
         fa:5d:76:08:c6:1b:62:7c:03:1f:a5:c2:eb:10:2b:0f:dc:bd:
         ee:95:9f:f1:e6:4b:8f:64:65:0a:77:9f:49:9e:bf:f2:41:0a:
         4e:d3:cb:37:ea:26:8e:27:9c:5c:8a:7f:3d:e9:98:a0:ac:2f:
         35:58:c6:65:e6:02:bc:e3:91:a2:bf:a0:ed:b0:ba:f3:59:56:
         d5:07:7f:0c:e0:1c:90:4c:13:da:81:f7:55:88:07:e4:be:99:
         e1:d0:76:02:86:e7:ac:eb:b1:01:b9:34:0b:b6:34:e8:2b:b9:
         a2:35:60:43:17:54:98:86:f5:17:7f:e7:d7:c3:cb:44:cf:cb:
         e0:1b:95:f3:65:84:97:68:24:b8:d3:9d:e8:cb:cf:77:3f:66:
         dd:f5:1a:e3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSMA22SzX6zSSAwsQg3fWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjQwMTAxMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzcxZGNkNmI2MjM3OGI0YjliNTE3MTJjYTg2ZTE5ZTI2Y2QyNGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9koczmjV6/21Gcb+jzcQUmfuVgd
V2peHDD6N1e2QNIY+PQdxOpASP7GKbBd8045PeLcrdciBF0f5x/4RPlzfT4aHYez
kBNe2jTGjVoFHJBtJpVi0C6j0F7Gq5MLV5P5bkvFRk8WVlIl/IoDB3MPzm2hCMY/
/lkyBdY0GLEDqfYA8QHgVrIlID/okmSpWhhDIUto4jTj7dtFDlFHohCzGvQ4qE0K
H+nBwmDSUGYv74WBRpfapZc2uyl40BYWFzyMx2Q071GeFe9ELaG7/Esfo6p15DFN
35YsvN6c3sbt1EQo+yivVWD1u0Nly/QEQ2YPmAWcYt9Obht9qKmUlWaXiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLxx3Na2I3i0ubUXEsqG4Z4mzSSqMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvdkhIYzFyWWplTFM1dFJjU3lvYmhuaWJOSktvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALiVkAwQA
LiV3MA0GCSqGSIb3DQEBCwUAA4IBAQB3QtD12oiLkPhgYF1n8G+fbpMRdcRfepS2
Q4GGLNR1jsK40Z/Gc3cC3LpDpoyUF6OlZlweeFgfKMM1/yyQoAJ9NpCDTZOlx5Yv
nm08x4+nYd2+N15/NaWePCXGR+M1h7fp7Ursidw530P7ty36XXYIxhtifAMfpcLr
ECsP3L3ulZ/x5kuPZGUKd59Jnr/yQQpO08s36iaOJ5xcin896ZigrC81WMZl5gK8
45Giv6DtsLrzWVbVB38M4ByQTBPagfdViAfkvpnh0HYChues67EBuTQLtjToK7mi
NWBDF1SYhvUXf+fXw8tEz8vgG5XzZYSXaCS4053oy893P2bd9Rrj
-----END CERTIFICATE-----