Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/46431e-4951-4e1a-9195-68a4551f68a8/1/hBHiDeqXKu_F_jI2ihb85LIjfYE.roa
File:                     hBHiDeqXKu_F_jI2ihb85LIjfYE.roa (raw, json)
Hash identifier:          04PHS+ARirwYSDn81cEBc5yadsjFdazG19gNYuxU+gI=
Subject key identifier:   84:11:E2:0D:EA:97:2A:EF:C5:FE:32:36:8A:16:FC:E4:B2:23:7D:81
Certificate issuer:       /CN=ebf36087c3fcecfb006f518d7811b255ea57c90d
Certificate serial:       018CCA96E64AC5E7B501A340565DDD485AE0
Authority key identifier: EB:F3:60:87:C3:FC:EC:FB:00:6F:51:8D:78:11:B2:55:EA:57:C9:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6_Ngh8P87PsAb1GNeBGyVepXyQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/46431e-4951-4e1a-9195-68a4551f68a8/1/hBHiDeqXKu_F_jI2ihb85LIjfYE.roa
Signing time:             Tue 02 Jan 2024 14:32:16 +0000
ROA not before:           Tue 02 Jan 2024 14:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203712
IP address blocks:        37.18.132.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/46431e-4951-4e1a-9195-68a4551f68a8/1/6_Ngh8P87PsAb1GNeBGyVepXyQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/46431e-4951-4e1a-9195-68a4551f68a8/1/6_Ngh8P87PsAb1GNeBGyVepXyQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6_Ngh8P87PsAb1GNeBGyVepXyQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 10:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:96:e6:4a:c5:e7:b5:01:a3:40:56:5d:dd:48:5a:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebf36087c3fcecfb006f518d7811b255ea57c90d
        Validity
            Not Before: Jan  2 14:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8411e20dea972aefc5fe32368a16fce4b2237d81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:90:14:a9:a5:2b:22:9c:18:90:00:fc:0f:ac:
                    7e:33:2e:04:51:e7:a2:8d:2a:69:14:f4:36:6f:61:
                    53:32:db:2d:7f:ef:eb:7e:9f:4c:27:13:1b:c5:52:
                    bb:a2:9c:9d:5a:1d:60:34:bb:78:25:a0:f9:37:5b:
                    0f:57:0b:78:e7:9d:28:23:8b:e0:ca:99:81:3d:43:
                    99:46:cb:4e:d7:32:23:56:15:d8:20:a7:e4:e2:ce:
                    90:4e:c7:7b:3f:95:74:e3:4e:42:3c:df:54:05:4e:
                    e6:9f:cb:7b:72:02:8f:54:a3:97:88:44:ff:b2:ac:
                    f1:4d:d4:43:5a:bd:10:33:13:1f:55:4f:96:c3:23:
                    ba:28:6b:7a:fb:30:6c:52:73:a4:df:f1:7a:00:c8:
                    2a:dd:ff:f9:f4:9f:3a:e9:f4:93:90:9e:1c:42:7c:
                    4a:b2:86:79:c6:d8:d8:80:41:6c:1e:c3:d5:51:61:
                    be:cb:c4:d1:00:c1:87:53:92:3b:ba:a0:65:3c:77:
                    f5:e0:75:f6:51:5a:13:21:48:fb:3f:fc:2d:97:7c:
                    be:ac:d8:4e:a7:e4:04:05:8f:3d:81:0a:50:2a:98:
                    4a:a8:28:cd:a8:ac:d6:4e:7d:9d:51:bf:4c:02:c9:
                    b8:03:55:ce:13:cd:b3:20:4e:60:f9:5b:cd:4f:f1:
                    ca:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:11:E2:0D:EA:97:2A:EF:C5:FE:32:36:8A:16:FC:E4:B2:23:7D:81
            X509v3 Authority Key Identifier:
                keyid:EB:F3:60:87:C3:FC:EC:FB:00:6F:51:8D:78:11:B2:55:EA:57:C9:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6_Ngh8P87PsAb1GNeBGyVepXyQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/46431e-4951-4e1a-9195-68a4551f68a8/1/hBHiDeqXKu_F_jI2ihb85LIjfYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/46431e-4951-4e1a-9195-68a4551f68a8/1/6_Ngh8P87PsAb1GNeBGyVepXyQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.18.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:bb:de:e7:e2:33:63:c0:70:4b:f4:05:d2:35:97:fc:7f:b5:
         1c:23:9a:b8:76:96:3e:8b:55:c9:e0:c0:fc:96:d1:4f:52:82:
         e4:86:22:38:15:8e:55:db:f2:2b:8c:0d:4d:11:4f:0b:89:86:
         5d:46:d8:7a:1e:98:24:2b:fb:08:00:c7:a4:ae:b2:64:ef:52:
         f0:05:d8:00:e2:4e:7c:00:90:3c:44:35:63:0f:25:34:99:ff:
         b0:77:ec:e7:99:5a:b2:44:ef:3e:0c:12:6f:b7:2a:b2:98:3e:
         e5:79:8c:f9:26:c9:b4:c1:43:fa:ca:f4:54:5f:38:67:5e:12:
         e5:0b:af:fa:e8:f2:7f:11:7e:e1:c0:a4:b4:75:79:b5:74:58:
         f7:d5:f8:14:3e:71:14:d4:27:8a:58:d0:c1:ac:3f:de:fb:56:
         ac:3d:b6:bc:6a:50:4b:12:c2:24:5a:2b:86:79:c5:f5:2c:ea:
         25:7c:28:a5:26:93:02:94:b6:14:39:1c:78:f3:73:a6:79:db:
         92:5d:e1:84:22:c9:77:8e:b5:c0:ed:e2:e3:22:ff:b7:92:7a:
         7f:c3:d9:ea:1c:c1:d9:fc:80:8e:af:25:9d:eb:a0:52:89:c8:
         18:15:74:5f:97:f7:74:a0:ce:de:96:b4:ea:62:66:37:4e:a7:
         1a:7b:1d:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKluZKxee1AaNAVl3dSFrgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZjM2MDg3YzNmY2VjZmIwMDZmNTE4ZDc4MTFiMjU1ZWE1
N2M5MGQwHhcNMjQwMTAyMTQzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDExZTIwZGVhOTcyYWVmYzVmZTMyMzY4YTE2ZmNlNGIyMjM3ZDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZAUqaUrIpwYkAD8D6x+My4EUeei
jSppFPQ2b2FTMtstf+/rfp9MJxMbxVK7opydWh1gNLt4JaD5N1sPVwt4550oI4vg
ypmBPUOZRstO1zIjVhXYIKfk4s6QTsd7P5V0405CPN9UBU7mn8t7cgKPVKOXiET/
sqzxTdRDWr0QMxMfVU+WwyO6KGt6+zBsUnOk3/F6AMgq3f/59J866fSTkJ4cQnxK
soZ5xtjYgEFsHsPVUWG+y8TRAMGHU5I7uqBlPHf14HX2UVoTIUj7P/wtl3y+rNhO
p+QEBY89gQpQKphKqCjNqKzWTn2dUb9MAsm4A1XOE82zIE5g+VvNT/HKcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQR4g3qlyrvxf4yNooW/OSyI32BMB8GA1UdIwQY
MBaAFOvzYIfD/Oz7AG9RjXgRslXqV8kNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNl9OZ2g4UDg3UHNBYjFHTmVCR3lWZXBYeVEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80NjQzMWUtNDk1MS00ZTFhLTkxOTUt
NjhhNDU1MWY2OGE4LzEvaEJIaURlcVhLdV9GX2pJMmloYjg1TElqZllFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80NjQzMWUtNDk1MS00ZTFhLTkxOTUtNjhhNDU1MWY2OGE4
LzEvNl9OZ2g4UDg3UHNBYjFHTmVCR3lWZXBYeVEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJRKEMA0G
CSqGSIb3DQEBCwUAA4IBAQBwu97n4jNjwHBL9AXSNZf8f7UcI5q4dpY+i1XJ4MD8
ltFPUoLkhiI4FY5V2/IrjA1NEU8LiYZdRth6HpgkK/sIAMekrrJk71LwBdgA4k58
AJA8RDVjDyU0mf+wd+znmVqyRO8+DBJvtyqymD7leYz5Jsm0wUP6yvRUXzhnXhLl
C6/66PJ/EX7hwKS0dXm1dFj31fgUPnEU1CeKWNDBrD/e+1asPba8alBLEsIkWiuG
ecX1LOolfCilJpMClLYUORx483OmeduSXeGEIsl3jrXA7eLjIv+3knp/w9nqHMHZ
/ICOryWd66BSicgYFXRfl/d0oM7elrTqYmY3Tqcaex1m
-----END CERTIFICATE-----