Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/xb9HjZBV3NRacpRqWQc06PhEZsg.roa
File:                     xb9HjZBV3NRacpRqWQc06PhEZsg.roa (raw, json)
Hash identifier:          Sl0r2cmzeh9oiR4nG2poQA6C3HQ36gEn3ruESl8w/5o=
Subject key identifier:   C5:BF:47:8D:90:55:DC:D4:5A:72:94:6A:59:07:34:E8:F8:44:66:C8
Certificate issuer:       /CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
Certificate serial:       018CD71728B085AA59606CEE58DA564C4ADD
Authority key identifier: E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/xb9HjZBV3NRacpRqWQc06PhEZsg.roa
Signing time:             Fri 05 Jan 2024 00:47:48 +0000
ROA not before:           Fri 05 Jan 2024 00:47:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209360
IP address blocks:        46.32.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d7:17:28:b0:85:aa:59:60:6c:ee:58:da:56:4c:4a:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
        Validity
            Not Before: Jan  5 00:47:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5bf478d9055dcd45a72946a590734e8f84466c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ff:0b:d3:b6:cb:00:9a:5f:69:78:36:d5:9c:
                    02:37:65:9d:df:a6:7c:16:58:b1:e0:e2:86:bb:37:
                    dd:b8:12:fa:22:79:38:d3:99:25:cc:d3:62:99:ad:
                    31:06:ee:e7:70:a5:a8:9c:4a:08:ec:c2:6d:83:9b:
                    b3:bb:ca:5a:be:8e:61:c2:8e:9a:02:ea:ed:a7:90:
                    71:af:19:7a:57:41:e9:4e:8e:52:c5:2a:3a:5d:97:
                    ae:4a:b3:f1:a5:8c:b1:96:bd:cc:01:07:1d:31:aa:
                    ea:76:6f:67:3e:b2:86:3a:11:cf:48:7b:dd:aa:22:
                    cd:82:49:23:04:ce:14:80:0b:1d:0b:f6:fe:67:aa:
                    dd:8a:1e:2a:c0:e1:dc:ea:af:eb:ac:f9:d5:58:49:
                    78:92:c1:21:af:d6:c8:bd:7f:69:ac:cb:74:f4:6a:
                    0a:e2:46:ea:78:ad:10:2d:27:9d:99:4c:d7:50:7b:
                    11:14:4e:5b:27:1a:ad:ae:45:df:c3:84:79:59:69:
                    f3:6a:6e:42:15:04:4b:b3:b7:73:af:40:d1:dc:32:
                    8d:3b:b4:3c:21:a8:c9:ae:46:bb:c5:cc:d2:65:c0:
                    eb:e8:85:8f:71:31:01:e4:fb:f9:9e:ec:a9:ed:c8:
                    71:76:c5:2d:fa:d2:9c:61:dd:52:ee:3a:8b:08:ff:
                    cd:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:BF:47:8D:90:55:DC:D4:5A:72:94:6A:59:07:34:E8:F8:44:66:C8
            X509v3 Authority Key Identifier:
                keyid:E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/xb9HjZBV3NRacpRqWQc06PhEZsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.32.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:80:db:0e:94:be:ed:25:f4:42:a2:5b:4b:e8:51:28:9a:db:
         49:bd:19:a1:00:c9:a8:e5:a6:5e:f3:33:f5:74:64:37:0e:12:
         b2:7f:c0:92:f0:c9:16:43:d0:00:07:92:66:ce:87:56:c2:03:
         36:c6:7e:57:b8:02:2b:bd:a1:c4:30:0a:85:5a:0e:c9:d8:ff:
         61:2e:5a:63:45:23:c0:0f:db:7c:16:3b:5a:22:6c:d9:e0:9a:
         b6:01:08:04:1e:ed:3f:43:15:e1:b1:f4:69:dd:d7:76:96:21:
         cf:0f:76:2b:7a:73:bf:11:76:65:bf:26:9d:b5:0f:55:cf:31:
         99:4f:26:2c:e3:08:25:a7:87:ec:12:03:85:10:d6:35:27:3d:
         2f:7a:b0:7c:6b:e8:b0:2c:9b:17:58:da:03:1c:50:67:cc:7d:
         62:ff:49:da:e7:cc:82:1f:69:0f:09:a3:ce:3d:8e:3c:d3:f5:
         a2:9b:1b:38:91:71:77:25:38:56:59:15:14:0b:9c:64:2a:fa:
         65:22:9e:c0:85:30:71:e7:15:02:ea:dc:79:50:14:56:ff:c0:
         0d:40:aa:9b:4d:09:59:c8:6a:50:b5:4a:85:6c:f3:95:58:d5:
         4d:4e:0a:f8:2a:e3:b5:25:96:43:bb:64:aa:6b:76:b0:16:0e:
         a8:10:14:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzXFyiwhapZYGzuWNpWTErdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2VlMWVjZWQxOWY4YTBhM2E2MzViZmFhMjY0MjkzZTM0
Mzc3OTUwHhcNMjQwMTA1MDA0NzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWJmNDc4ZDkwNTVkY2Q0NWE3Mjk0NmE1OTA3MzRlOGY4NDQ2NmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvf8L07bLAJpfaXg21ZwCN2Wd36Z8
Flix4OKGuzfduBL6Ink405klzNNima0xBu7ncKWonEoI7MJtg5uzu8pavo5hwo6a
Aurtp5Bxrxl6V0HpTo5SxSo6XZeuSrPxpYyxlr3MAQcdMarqdm9nPrKGOhHPSHvd
qiLNgkkjBM4UgAsdC/b+Z6rdih4qwOHc6q/rrPnVWEl4ksEhr9bIvX9prMt09GoK
4kbqeK0QLSedmUzXUHsRFE5bJxqtrkXfw4R5WWnzam5CFQRLs7dzr0DR3DKNO7Q8
IajJrka7xczSZcDr6IWPcTEB5Pv5nuyp7chxdsUt+tKcYd1S7jqLCP/N7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMW/R42QVdzUWnKUalkHNOj4RGbIMB8GA1UdIwQY
MBaAFON+4eztGfigo6Y1v6omQpPjQ3eVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMt
MzZlMzQ0YWJjOWQzLzEveGI5SGpaQlYzTlJhY3BScVdRYzA2UGhFWnNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMtMzZlMzQ0YWJjOWQz
LzEvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiCxMA0G
CSqGSIb3DQEBCwUAA4IBAQBggNsOlL7tJfRColtL6FEomttJvRmhAMmo5aZe8zP1
dGQ3DhKyf8CS8MkWQ9AAB5JmzodWwgM2xn5XuAIrvaHEMAqFWg7J2P9hLlpjRSPA
D9t8FjtaImzZ4Jq2AQgEHu0/QxXhsfRp3dd2liHPD3YrenO/EXZlvyadtQ9VzzGZ
TyYs4wglp4fsEgOFENY1Jz0verB8a+iwLJsXWNoDHFBnzH1i/0na58yCH2kPCaPO
PY480/Wimxs4kXF3JThWWRUUC5xkKvplIp7AhTBx5xUC6tx5UBRW/8ANQKqbTQlZ
yGpQtUqFbPOVWNVNTgr4KuO1JZZDu2Sqa3awFg6oEBSL
-----END CERTIFICATE-----