Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/whuRIs3XJwoD3CPK7IjYemtKkcc.roa
File:                     whuRIs3XJwoD3CPK7IjYemtKkcc.roa (raw, json)
Hash identifier:          vpzcMgbqR7vLONkMz2+LK7l3u0PFr7n9w/S8IUL7JTk=
Subject key identifier:   C2:1B:91:22:CD:D7:27:0A:03:DC:23:CA:EC:88:D8:7A:6B:4A:91:C7
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       0190C152E83EE2E7C11CD34471B8C95328E9
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/whuRIs3XJwoD3CPK7IjYemtKkcc.roa
Signing time:             Wed 17 Jul 2024 15:32:34 +0000
ROA not before:           Wed 17 Jul 2024 15:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395374
IP address blocks:        46.37.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c1:52:e8:3e:e2:e7:c1:1c:d3:44:71:b8:c9:53:28:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jul 17 15:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c21b9122cdd7270a03dc23caec88d87a6b4a91c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:70:5f:6f:1f:f5:51:28:f2:fb:ee:79:a7:12:
                    5e:a5:a5:62:12:5c:d7:80:c9:ff:a6:43:41:b1:96:
                    f2:d5:84:31:29:40:2b:c9:a6:fd:36:27:b4:8f:70:
                    1a:57:ef:39:8f:85:2f:a1:ce:9c:1a:21:11:3a:74:
                    f5:56:8d:a3:f0:53:f6:e4:87:80:23:91:dd:06:e1:
                    99:f5:bb:2d:f1:fd:ae:8c:60:bc:c9:26:c1:f3:a7:
                    42:20:2f:38:a4:a3:46:fc:54:1a:63:e7:2f:43:84:
                    27:df:15:d1:47:34:a1:cc:62:08:f0:8f:7d:f0:ee:
                    ca:60:d1:33:bb:35:fa:e1:16:f7:5f:4b:7b:93:a4:
                    f8:3e:27:ad:36:2d:4a:a3:78:d2:8a:05:44:e6:68:
                    17:3e:a9:45:7d:53:9d:74:cc:9c:ee:ea:02:d0:a4:
                    e0:47:4d:f2:95:b5:4e:65:e3:df:20:cf:9f:ab:8b:
                    04:3e:6c:ee:b2:32:ac:48:d9:9f:11:48:db:38:b1:
                    6f:5a:ec:e0:ed:24:69:66:98:c2:6e:34:53:5c:78:
                    67:4e:25:95:92:ca:9d:04:dd:be:9b:fe:77:0a:3f:
                    8f:95:20:95:bf:29:d5:a8:1e:8e:e6:6b:86:65:c0:
                    ef:32:00:94:bb:3c:f5:d2:66:73:fe:91:66:a8:d3:
                    c3:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:1B:91:22:CD:D7:27:0A:03:DC:23:CA:EC:88:D8:7A:6B:4A:91:C7
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/whuRIs3XJwoD3CPK7IjYemtKkcc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:4c:f6:a1:0a:e2:4e:0e:23:2e:8d:13:25:51:75:e1:c7:cb:
         23:ca:62:7b:c0:db:19:0f:66:37:b9:bc:89:23:24:4b:86:e4:
         88:89:06:55:d8:39:6b:e0:f3:aa:fa:9a:3e:93:ea:a6:cf:19:
         4d:22:86:d3:0c:8b:de:12:86:48:1d:a2:23:96:9f:15:bc:19:
         c3:c8:3f:eb:12:38:bc:3f:29:21:52:d0:e2:79:dc:00:1c:d0:
         e0:20:4b:4e:fa:e7:af:b1:ff:eb:08:c9:4c:d0:96:21:07:d6:
         cf:50:1b:9e:02:ac:74:2b:e1:9c:40:76:6f:95:25:a9:d8:ed:
         88:4b:49:a9:09:d5:b6:43:b4:5a:b0:65:47:12:cc:ee:cd:68:
         19:78:5f:bc:9f:e0:3f:0c:c2:d0:e4:d2:32:85:0a:39:39:5b:
         42:95:56:d8:11:29:20:a5:b0:a5:09:d0:b9:a6:c2:c6:68:68:
         38:94:2d:ca:bf:e9:9a:11:c3:9c:42:d0:60:90:3f:46:f3:56:
         14:c3:d4:e9:35:ff:44:d0:28:6a:b2:94:f2:f5:64:74:43:a5:
         1c:3b:23:ea:24:49:63:35:72:56:25:3f:25:e1:c6:74:2c:49:
         36:96:65:48:b6:c8:ea:1c:47:55:e6:31:0c:64:85:c5:20:02:
         1e:03:f2:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDBUug+4ufBHNNEcbjJUyjpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjQwNzE3MTUzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjFiOTEyMmNkZDcyNzBhMDNkYzIzY2FlYzg4ZDg3YTZiNGE5MWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHBfbx/1USjy++55pxJepaViElzX
gMn/pkNBsZby1YQxKUAryab9Nie0j3AaV+85j4Uvoc6cGiEROnT1Vo2j8FP25IeA
I5HdBuGZ9bst8f2ujGC8ySbB86dCIC84pKNG/FQaY+cvQ4Qn3xXRRzShzGII8I99
8O7KYNEzuzX64Rb3X0t7k6T4PietNi1Ko3jSigVE5mgXPqlFfVOddMyc7uoC0KTg
R03ylbVOZePfIM+fq4sEPmzusjKsSNmfEUjbOLFvWuzg7SRpZpjCbjRTXHhnTiWV
ksqdBN2+m/53Cj+PlSCVvynVqB6O5muGZcDvMgCUuzz10mZz/pFmqNPDbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMIbkSLN1ycKA9wjyuyI2HprSpHHMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvd2h1UklzM1hKd29EM0NQSzdJalllbXRLa2NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVsMA0G
CSqGSIb3DQEBCwUAA4IBAQB+TPahCuJODiMujRMlUXXhx8sjymJ7wNsZD2Y3ubyJ
IyRLhuSIiQZV2Dlr4POq+po+k+qmzxlNIobTDIveEoZIHaIjlp8VvBnDyD/rEji8
PykhUtDiedwAHNDgIEtO+uevsf/rCMlM0JYhB9bPUBueAqx0K+GcQHZvlSWp2O2I
S0mpCdW2Q7RasGVHEszuzWgZeF+8n+A/DMLQ5NIyhQo5OVtClVbYESkgpbClCdC5
psLGaGg4lC3Kv+maEcOcQtBgkD9G81YUw9TpNf9E0ChqspTy9WR0Q6UcOyPqJElj
NXJWJT8l4cZ0LEk2lmVItsjqHEdV5jEMZIXFIAIeA/Jz
-----END CERTIFICATE-----