Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/1-cJ8w2iHp70O5B8TsK_tgZNaEvI.roa
File:                     1-cJ8w2iHp70O5B8TsK_tgZNaEvI.roa (raw, json)
Hash identifier:          Ud7cRar0B9XyVC8jqxB0RT8oazOeh/Uf1Jodq/4+3HM=
Subject key identifier:   F9:C2:7C:C3:68:87:A7:BD:0E:E4:1F:13:B0:AF:ED:81:93:5A:12:F2
Certificate issuer:       /CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
Certificate serial:       019234BA797C9DAAF50DD952D2F416FA845A
Authority key identifier: E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/1-cJ8w2iHp70O5B8TsK_tgZNaEvI.roa
Signing time:             Fri 27 Sep 2024 18:24:48 +0000
ROA not before:           Fri 27 Sep 2024 18:24:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215284
IP address blocks:        46.32.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:34:ba:79:7c:9d:aa:f5:0d:d9:52:d2:f4:16:fa:84:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
        Validity
            Not Before: Sep 27 18:24:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9c27cc36887a7bd0ee41f13b0afed81935a12f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:f6:1a:56:59:bb:a3:64:8d:6c:d3:c5:80:a2:
                    e3:c1:c2:c3:07:7e:61:61:b0:95:b0:ac:8d:93:09:
                    30:89:3c:f4:b3:f9:70:f1:9a:d3:d5:70:10:f7:98:
                    3c:9e:3d:9d:cc:99:7f:77:86:23:a9:8d:ee:9c:3c:
                    df:ab:07:fa:34:2a:a6:bf:71:f3:af:90:89:c0:c8:
                    95:f9:63:1e:9b:94:13:84:50:13:7f:1c:0c:1c:89:
                    e8:1f:96:de:f2:17:ef:1f:56:4f:91:96:c2:aa:67:
                    da:b3:b0:ce:73:64:69:d0:78:ed:dd:34:b1:fe:a9:
                    77:7c:eb:75:79:06:28:e8:5f:c2:10:ef:f5:fa:9f:
                    7f:50:bb:b6:70:b0:7d:fb:4d:5f:6c:5a:6b:5b:25:
                    96:d8:b6:04:a4:95:84:f3:d0:ca:f5:52:7f:18:52:
                    1d:e6:3e:90:f0:ba:8a:db:e9:c9:e4:37:25:02:cc:
                    38:f7:fb:02:8c:c3:ab:0e:87:b3:83:8f:2a:c3:9f:
                    c8:da:99:46:06:ae:da:1a:9d:05:66:45:0a:34:fb:
                    6b:18:d5:d9:53:30:68:6c:1e:f9:c0:ee:af:9f:a4:
                    8d:4e:55:ba:f6:b1:46:ab:b1:0a:81:03:90:86:20:
                    7d:fe:95:21:e1:18:10:05:2b:c1:f6:3c:7f:13:04:
                    87:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:C2:7C:C3:68:87:A7:BD:0E:E4:1F:13:B0:AF:ED:81:93:5A:12:F2
            X509v3 Authority Key Identifier:
                keyid:E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/1-cJ8w2iHp70O5B8TsK_tgZNaEvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.32.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:89:b9:bf:c2:57:6e:15:ad:bb:c7:78:40:b0:d4:8d:b4:d4:
         fb:ad:93:b1:b9:34:c7:52:74:7a:ac:57:81:b7:b4:6c:db:ce:
         8f:ef:68:e8:04:74:82:35:df:f6:c0:8b:c9:ca:cf:a3:80:cb:
         0b:03:9f:03:41:6c:69:60:5c:cc:0a:b9:c6:03:c6:02:49:58:
         d8:48:4a:6d:51:40:8f:67:5a:90:12:b7:6a:23:48:43:1f:47:
         6d:fb:5e:30:d7:59:d8:c7:50:a9:e4:3e:60:05:b9:9b:46:d0:
         3a:f9:c8:1a:66:9f:54:be:09:9c:d1:fb:0a:c3:85:65:ec:d0:
         c2:bd:9f:6b:cd:34:b0:df:64:ec:24:35:9d:bf:9d:04:df:d1:
         8d:61:77:b4:4c:f8:fc:83:78:bb:3b:8f:2a:33:9b:fe:d1:1c:
         12:28:b8:db:b5:a9:cf:e8:b4:63:08:f8:43:9e:5b:94:f7:60:
         11:ec:3c:89:18:22:ce:1f:a3:68:cd:9c:f7:11:a7:76:40:05:
         5c:03:d0:be:4e:a6:4a:06:e4:ae:4e:25:9c:9d:ff:04:15:ec:
         55:9b:b5:8b:a2:74:a3:9f:48:80:98:c6:49:2f:b3:b0:f4:78:
         b3:a2:9d:21:fe:34:79:35:6e:5f:06:d5:17:28:7b:de:08:ca:
         5e:f3:88:04
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZI0unl8nar1DdlS0vQW+oRaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2VlMWVjZWQxOWY4YTBhM2E2MzViZmFhMjY0MjkzZTM0
Mzc3OTUwHhcNMjQwOTI3MTgyNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWMyN2NjMzY4ODdhN2JkMGVlNDFmMTNiMGFmZWQ4MTkzNWExMmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YaVlm7o2SNbNPFgKLjwcLDB35h
YbCVsKyNkwkwiTz0s/lw8ZrT1XAQ95g8nj2dzJl/d4YjqY3unDzfqwf6NCqmv3Hz
r5CJwMiV+WMem5QThFATfxwMHInoH5be8hfvH1ZPkZbCqmfas7DOc2Rp0Hjt3TSx
/ql3fOt1eQYo6F/CEO/1+p9/ULu2cLB9+01fbFprWyWW2LYEpJWE89DK9VJ/GFId
5j6Q8LqK2+nJ5DclAsw49/sCjMOrDoezg48qw5/I2plGBq7aGp0FZkUKNPtrGNXZ
UzBobB75wO6vn6SNTlW69rFGq7EKgQOQhiB9/pUh4RgQBSvB9jx/EwSHuwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPnCfMNoh6e9DuQfE7Cv7YGTWhLyMB8GA1UdIwQY
MBaAFON+4eztGfigo6Y1v6omQpPjQ3eVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMt
MzZlMzQ0YWJjOWQzLzEvMS1jSjh3MmlIcDcwTzVCOFRzS190Z1pOYUV2SS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjgvNmQ1ZDc1LTRkMWUtNDY5Ny1iMWQzLTM2ZTM0NGFiYzlk
My8xLzQzN2g3TzBaLUtDanBqV19xaVpDay1ORGQ1VS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC4gvDAN
BgkqhkiG9w0BAQsFAAOCAQEABIm5v8JXbhWtu8d4QLDUjbTU+62Tsbk0x1J0eqxX
gbe0bNvOj+9o6AR0gjXf9sCLycrPo4DLCwOfA0FsaWBczAq5xgPGAklY2EhKbVFA
j2dakBK3aiNIQx9HbfteMNdZ2MdQqeQ+YAW5m0bQOvnIGmafVL4JnNH7CsOFZezQ
wr2fa800sN9k7CQ1nb+dBN/RjWF3tEz4/IN4uzuPKjOb/tEcEii427Wpz+i0Ywj4
Q55blPdgEew8iRgizh+jaM2c9xGndkAFXAPQvk6mSgbkrk4lnJ3/BBXsVZu1i6J0
o59IgJjGSS+zsPR4s6KdIf40eTVuXwbVFyh73gjKXvOIBA==
-----END CERTIFICATE-----