Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/_yLmE-cCUomFFqWm8PBv2fVsCVk.roa
File:                     _yLmE-cCUomFFqWm8PBv2fVsCVk.roa (raw, json)
Hash identifier:          q+iw+69GgvVVf9dJBFudgnT9ktUSJrWlP6QgBJwYCf0=
Subject key identifier:   FF:22:E6:13:E7:02:52:89:85:16:A5:A6:F0:F0:6F:D9:F5:6C:09:59
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       0196B1ED73514C4226167DB92F8B32FD70E0
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/_yLmE-cCUomFFqWm8PBv2fVsCVk.roa
Signing time:             Thu 08 May 2025 22:04:10 +0000
ROA not before:           Thu 08 May 2025 22:04:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5065
IP address blocks:        46.37.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 13:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b1:ed:73:51:4c:42:26:16:7d:b9:2f:8b:32:fd:70:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: May  8 22:04:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff22e613e70252898516a5a6f0f06fd9f56c0959
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:9f:a3:4c:41:b3:e7:c0:3b:6a:74:fb:67:60:
                    cb:4c:58:7c:4d:bd:cd:fa:78:d3:62:d6:94:ce:0e:
                    18:d3:50:ea:3c:63:fd:5b:46:5e:a2:b7:ad:c1:c3:
                    d2:15:cb:92:9b:79:c7:89:f3:b9:91:78:70:15:49:
                    09:26:a5:5a:6d:44:00:ee:f7:f5:75:20:e9:d8:06:
                    66:71:68:18:af:14:74:af:8f:7e:8b:c7:e2:68:23:
                    07:b7:6b:df:99:1d:a5:ba:3c:10:f1:30:84:0e:72:
                    19:29:ed:d0:28:6b:30:63:34:be:11:5b:6e:30:f9:
                    a6:11:39:c9:e7:7f:38:16:16:e9:40:c8:8d:72:95:
                    4f:8a:12:92:1a:de:0f:44:31:80:67:d2:c3:58:02:
                    69:e4:42:f8:50:7a:80:e0:85:57:12:b8:66:87:32:
                    6f:c3:6a:2e:06:73:7b:38:2b:f1:aa:6e:8e:03:ef:
                    96:bb:62:59:2d:1c:42:46:52:e8:0f:14:f0:5b:17:
                    fb:00:03:75:3c:08:61:a4:8e:ad:54:93:9d:1b:a8:
                    a3:28:73:41:20:09:c3:b1:c0:7e:c0:0c:67:33:f9:
                    3a:1e:3f:d8:d7:c7:a8:69:d4:5e:b6:21:43:ca:96:
                    41:35:4a:18:7e:65:ba:0d:bc:c6:a6:3e:67:4f:c8:
                    96:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:22:E6:13:E7:02:52:89:85:16:A5:A6:F0:F0:6F:D9:F5:6C:09:59
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/_yLmE-cCUomFFqWm8PBv2fVsCVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:14:8b:e3:95:d2:ea:b4:ed:94:8f:b8:67:c4:1e:63:28:58:
         36:26:31:14:dd:e0:0b:e5:41:b0:3b:68:c8:3b:65:c6:8e:0f:
         fa:b4:4d:80:33:9a:f3:cc:df:87:ce:ce:ba:1f:13:da:a8:80:
         1a:5d:e9:69:00:54:68:2d:41:83:1b:68:e3:09:b9:6b:13:fc:
         0e:a9:34:44:bd:1a:4c:1c:c2:6b:a6:43:73:e9:a4:d1:2d:23:
         72:04:55:d0:0a:ea:ed:ee:ab:f0:0c:6f:36:8e:89:3e:fc:15:
         99:78:3a:c2:ac:ec:f9:1e:1b:a1:24:d5:58:22:a3:cf:2c:9d:
         64:3a:99:53:0c:32:0c:11:33:06:f2:10:6d:64:f7:6d:2c:a2:
         4b:15:f0:f7:ed:62:a6:a1:99:80:05:af:59:da:d6:c9:ea:b0:
         65:86:6d:39:50:b0:eb:7b:98:79:03:41:28:74:1b:05:ec:4d:
         b9:f9:80:c4:d8:f4:21:a7:8a:95:cd:8b:9c:ba:ab:ff:6f:66:
         27:1e:49:25:af:2c:51:e9:3c:cb:91:97:c3:ad:84:ba:04:65:
         76:eb:9b:17:63:c4:2e:f7:2f:0f:19:96:a3:2b:e1:52:bc:67:
         fa:90:69:c8:92:0d:21:eb:be:3e:4a:bf:23:12:bd:bd:5e:99:
         b6:c3:81:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZax7XNRTEImFn25L4sy/XDgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwNTA4MjIwNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjIyZTYxM2U3MDI1Mjg5ODUxNmE1YTZmMGYwNmZkOWY1NmMwOTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtp+jTEGz58A7anT7Z2DLTFh8Tb3N
+njTYtaUzg4Y01DqPGP9W0ZeoretwcPSFcuSm3nHifO5kXhwFUkJJqVabUQA7vf1
dSDp2AZmcWgYrxR0r49+i8fiaCMHt2vfmR2lujwQ8TCEDnIZKe3QKGswYzS+EVtu
MPmmETnJ5384FhbpQMiNcpVPihKSGt4PRDGAZ9LDWAJp5EL4UHqA4IVXErhmhzJv
w2ouBnN7OCvxqm6OA++Wu2JZLRxCRlLoDxTwWxf7AAN1PAhhpI6tVJOdG6ijKHNB
IAnDscB+wAxnM/k6Hj/Y18eoadRetiFDypZBNUoYfmW6DbzGpj5nT8iWywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8i5hPnAlKJhRalpvDwb9n1bAlZMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvX3lMbUUtY0NVb21GRnFXbThQQnYyZlZzQ1ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiV/MA0G
CSqGSIb3DQEBCwUAA4IBAQBUFIvjldLqtO2Uj7hnxB5jKFg2JjEU3eAL5UGwO2jI
O2XGjg/6tE2AM5rzzN+Hzs66HxPaqIAaXelpAFRoLUGDG2jjCblrE/wOqTREvRpM
HMJrpkNz6aTRLSNyBFXQCurt7qvwDG82jok+/BWZeDrCrOz5HhuhJNVYIqPPLJ1k
OplTDDIMETMG8hBtZPdtLKJLFfD37WKmoZmABa9Z2tbJ6rBlhm05ULDre5h5A0Eo
dBsF7E25+YDE2PQhp4qVzYucuqv/b2YnHkklryxR6TzLkZfDrYS6BGV265sXY8Qu
9y8PGZajK+FSvGf6kGnIkg0h674+Sr8jEr29Xpm2w4El
-----END CERTIFICATE-----