Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/EFuxyCYga5KedfhIetzIM8Wqp3Y.roa
File:                     EFuxyCYga5KedfhIetzIM8Wqp3Y.roa (raw, json)
Hash identifier:          O+IR1hZ8a8RGzU0SmSAJy1+brABxzqq2amGl3toGZFo=
Subject key identifier:   10:5B:B1:C8:26:20:6B:92:9E:75:F8:48:7A:DC:C8:33:C5:AA:A7:76
Certificate issuer:       /CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
Certificate serial:       019423D70E3623C4749D4118B1444F589848
Authority key identifier: E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/EFuxyCYga5KedfhIetzIM8Wqp3Y.roa
Signing time:             Wed 01 Jan 2025 21:48:03 +0000
ROA not before:           Wed 01 Jan 2025 21:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42532
IP address blocks:        46.32.184.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:0e:36:23:c4:74:9d:41:18:b1:44:4f:58:98:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
        Validity
            Not Before: Jan  1 21:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=105bb1c826206b929e75f8487adcc833c5aaa776
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:31:3d:fb:f6:20:0f:7e:fa:81:89:5e:30:39:
                    3c:e0:9d:e3:7c:89:76:68:17:1a:2d:e9:ab:d9:fe:
                    ff:8e:ad:19:94:c5:4c:f4:e8:d9:b8:8f:b4:35:46:
                    d9:c6:76:23:77:5c:aa:67:ee:a7:d6:f6:62:86:fc:
                    33:6d:24:ba:a8:89:5d:af:84:13:fa:7f:cd:3c:76:
                    8d:3a:f8:01:23:88:de:0c:3f:a7:b3:a1:90:6c:d5:
                    79:7c:70:60:0a:1b:61:94:2d:ad:68:e3:43:a5:1d:
                    37:8e:ee:5f:33:9e:c9:c7:a8:28:cf:92:92:e7:11:
                    cb:06:eb:a9:60:b2:57:49:19:d4:f2:b0:7f:52:5b:
                    bf:38:40:e8:27:8e:12:7d:8e:20:80:8a:4c:c7:a9:
                    d1:b5:71:bc:f8:8f:23:c3:7e:b2:d3:9d:6b:12:73:
                    3f:72:39:ca:f6:1c:11:1b:00:15:14:c5:75:46:07:
                    34:19:64:1f:f7:02:c6:a6:29:58:3b:a8:ec:8d:75:
                    66:68:ec:c2:47:58:9d:31:9a:21:85:d3:74:b5:cc:
                    a1:7c:12:0d:6b:e1:1a:19:12:2e:64:6d:45:b8:7c:
                    82:60:68:1d:65:07:8f:3f:ef:41:38:0e:b9:d0:86:
                    b3:a2:74:5c:48:d6:3b:4f:7b:b4:3c:e2:44:e9:64:
                    00:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:5B:B1:C8:26:20:6B:92:9E:75:F8:48:7A:DC:C8:33:C5:AA:A7:76
            X509v3 Authority Key Identifier:
                keyid:E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/EFuxyCYga5KedfhIetzIM8Wqp3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.32.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:90:7b:5d:f2:c1:96:99:d6:a1:00:35:2c:f4:d8:42:54:4c:
         82:37:2a:b1:06:d4:ab:27:e5:eb:d9:70:5c:e7:f7:6b:d5:7f:
         8c:83:17:5f:97:8d:62:c8:9a:92:24:72:66:32:17:57:ee:e3:
         4b:ef:2f:44:9f:19:cd:8f:05:3c:16:52:3c:29:20:26:a9:7f:
         6f:42:48:b1:08:30:88:a3:34:8a:c2:2d:02:c4:21:aa:37:eb:
         8f:6c:08:b5:8f:be:34:13:10:7e:25:6e:88:8a:67:a5:75:39:
         35:b2:82:c6:86:f9:bd:c1:c6:79:18:30:a8:06:13:d7:f8:83:
         88:b7:b7:7d:99:b7:5a:c4:90:a5:cb:d8:36:48:3e:41:f0:b5:
         77:60:69:b5:08:c7:33:22:56:e7:06:d4:7b:64:fc:6d:2f:45:
         67:e6:39:e0:b2:1d:98:3a:82:12:b3:e7:d0:69:93:5b:92:33:
         9d:19:57:97:0a:34:88:6c:0d:35:c0:dc:12:4b:1b:79:fc:85:
         a7:4b:7b:58:57:ff:07:93:ec:d3:16:18:a7:54:60:a4:53:b0:
         93:c3:9d:5b:32:b3:0d:9e:5a:ac:fb:1b:08:5b:07:f5:9c:ff:
         64:d1:a4:a8:79:56:03:66:2d:8d:ed:31:37:2e:e5:0a:b5:63:
         d5:f7:6e:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1w42I8R0nUEYsURPWJhIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2VlMWVjZWQxOWY4YTBhM2E2MzViZmFhMjY0MjkzZTM0
Mzc3OTUwHhcNMjUwMTAxMjE0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDViYjFjODI2MjA2YjkyOWU3NWY4NDg3YWRjYzgzM2M1YWFhNzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojE9+/YgD376gYleMDk84J3jfIl2
aBcaLemr2f7/jq0ZlMVM9OjZuI+0NUbZxnYjd1yqZ+6n1vZihvwzbSS6qIldr4QT
+n/NPHaNOvgBI4jeDD+ns6GQbNV5fHBgChthlC2taONDpR03ju5fM57Jx6goz5KS
5xHLBuupYLJXSRnU8rB/Ulu/OEDoJ44SfY4ggIpMx6nRtXG8+I8jw36y051rEnM/
cjnK9hwRGwAVFMV1Rgc0GWQf9wLGpilYO6jsjXVmaOzCR1idMZohhdN0tcyhfBIN
a+EaGRIuZG1FuHyCYGgdZQePP+9BOA650IazonRcSNY7T3u0POJE6WQAKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBBbscgmIGuSnnX4SHrcyDPFqqd2MB8GA1UdIwQY
MBaAFON+4eztGfigo6Y1v6omQpPjQ3eVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMt
MzZlMzQ0YWJjOWQzLzEvRUZ1eHlDWWdhNUtlZGZoSWV0eklNOFdxcDNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMtMzZlMzQ0YWJjOWQz
LzEvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLiC4MA0G
CSqGSIb3DQEBCwUAA4IBAQBhkHtd8sGWmdahADUs9NhCVEyCNyqxBtSrJ+Xr2XBc
5/dr1X+Mgxdfl41iyJqSJHJmMhdX7uNL7y9EnxnNjwU8FlI8KSAmqX9vQkixCDCI
ozSKwi0CxCGqN+uPbAi1j740ExB+JW6IimeldTk1soLGhvm9wcZ5GDCoBhPX+IOI
t7d9mbdaxJCly9g2SD5B8LV3YGm1CMczIlbnBtR7ZPxtL0Vn5jngsh2YOoISs+fQ
aZNbkjOdGVeXCjSIbA01wNwSSxt5/IWnS3tYV/8Hk+zTFhinVGCkU7CTw51bMrMN
nlqs+xsIWwf1nP9k0aSoeVYDZi2N7TE3LuUKtWPV924q
-----END CERTIFICATE-----