Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/5gajPlkCmapWxDJAtSTO--UyqG4.roa
File:                     5gajPlkCmapWxDJAtSTO--UyqG4.roa (raw, json)
Hash identifier:          0C0fggM4MZZFtaowNgi1HR1yXoyS2DMyciGpl0Eyf80=
Subject key identifier:   E6:06:A3:3E:59:02:99:AA:56:C4:32:40:B5:24:CE:FB:E5:32:A8:6E
Certificate issuer:       /CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
Certificate serial:       018CC64B1D7F9D8B50C4EE9300E73C55CB5F
Authority key identifier: E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/5gajPlkCmapWxDJAtSTO--UyqG4.roa
Signing time:             Mon 01 Jan 2024 18:31:00 +0000
ROA not before:           Mon 01 Jan 2024 18:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202492
IP address blocks:        46.32.180.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 06:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:1d:7f:9d:8b:50:c4:ee:93:00:e7:3c:55:cb:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
        Validity
            Not Before: Jan  1 18:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e606a33e590299aa56c43240b524cefbe532a86e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:63:ef:a0:a3:64:10:19:4d:a3:81:b5:e0:69:
                    fe:53:a9:e5:db:97:13:55:ca:c0:a5:a6:1d:72:15:
                    da:0a:76:25:d9:64:0f:63:c5:cb:04:5d:eb:6e:fa:
                    fd:48:6e:56:0c:15:f3:70:30:62:7a:11:77:5c:e4:
                    bd:39:16:67:5d:b5:e3:2d:20:db:05:bb:55:f2:9d:
                    6f:f7:bf:e9:02:e2:20:b5:e8:84:d2:68:9f:38:43:
                    9c:cd:4e:b2:a5:81:d9:01:ce:ee:0a:74:e4:57:2b:
                    44:99:74:2e:42:a1:ca:3c:1f:67:ac:6b:b9:12:3c:
                    60:d8:46:10:57:d4:a3:b1:fc:39:42:73:8a:60:32:
                    c4:28:a7:f9:e6:0d:b1:39:27:61:53:80:c7:37:fc:
                    91:28:0b:06:97:1f:74:ea:2a:b4:5e:6b:fa:4f:24:
                    b0:1f:bf:cf:d2:30:b0:8c:54:d2:ac:88:8d:14:64:
                    82:50:46:3f:19:c0:c1:cf:93:c7:b5:17:ec:3f:a5:
                    65:c4:47:24:70:ad:bb:5e:15:64:68:eb:70:e5:fd:
                    d0:7c:5c:4f:12:b3:33:c1:42:6a:72:5e:08:f5:e5:
                    5e:69:42:2b:39:3b:c3:53:7e:2d:68:82:7a:40:52:
                    eb:ac:b9:36:82:30:a3:74:13:07:73:01:2e:54:ef:
                    63:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:06:A3:3E:59:02:99:AA:56:C4:32:40:B5:24:CE:FB:E5:32:A8:6E
            X509v3 Authority Key Identifier:
                keyid:E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/5gajPlkCmapWxDJAtSTO--UyqG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.32.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:19:a6:81:bf:ed:f8:37:d3:6a:53:7a:f4:4d:ff:97:af:7d:
         64:a0:0f:4a:98:69:1c:92:c4:f7:2b:0d:58:93:9f:7c:8b:a9:
         c6:1c:2e:e2:90:f6:fa:ba:0b:be:9c:20:f0:e6:5c:1a:a2:ec:
         10:a9:5a:15:ec:3d:a5:a1:27:42:b9:d9:d7:b4:2b:fe:54:5d:
         74:77:5a:b3:d8:29:67:28:5e:68:0f:6a:fa:70:f5:83:f5:05:
         a7:a3:fe:90:a4:d7:40:99:24:aa:11:19:6c:7c:bb:ba:a4:f7:
         2e:ae:8a:8e:29:b2:52:ac:1c:37:f1:57:2f:fb:ca:b0:5c:2e:
         2a:53:fb:c7:18:38:fc:69:68:04:07:a9:f5:90:88:76:45:b0:
         e6:b6:39:c6:ec:67:de:13:9c:af:e3:9e:de:9b:c8:82:34:65:
         87:52:62:d2:f4:45:3a:55:aa:07:1e:2b:fe:e4:23:6c:4c:95:
         05:4d:61:f7:97:72:32:73:ca:d5:c2:9d:0a:26:33:ef:a9:04:
         d4:70:48:3b:4a:e6:a4:66:5a:19:5a:90:fa:f4:8c:c1:04:dc:
         af:8b:91:70:93:46:57:04:72:df:44:f8:47:a1:35:a6:e2:f2:
         b3:7b:ec:f2:0b:1e:ff:74:51:5d:49:88:20:6d:1a:b6:59:0b:
         48:f6:46:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSx1/nYtQxO6TAOc8VctfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2VlMWVjZWQxOWY4YTBhM2E2MzViZmFhMjY0MjkzZTM0
Mzc3OTUwHhcNMjQwMTAxMTgzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjA2YTMzZTU5MDI5OWFhNTZjNDMyNDBiNTI0Y2VmYmU1MzJhODZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGPvoKNkEBlNo4G14Gn+U6nl25cT
VcrApaYdchXaCnYl2WQPY8XLBF3rbvr9SG5WDBXzcDBiehF3XOS9ORZnXbXjLSDb
BbtV8p1v97/pAuIgteiE0mifOEOczU6ypYHZAc7uCnTkVytEmXQuQqHKPB9nrGu5
Ejxg2EYQV9Sjsfw5QnOKYDLEKKf55g2xOSdhU4DHN/yRKAsGlx906iq0Xmv6TySw
H7/P0jCwjFTSrIiNFGSCUEY/GcDBz5PHtRfsP6VlxEckcK27XhVkaOtw5f3QfFxP
ErMzwUJqcl4I9eVeaUIrOTvDU34taIJ6QFLrrLk2gjCjdBMHcwEuVO9jlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYGoz5ZApmqVsQyQLUkzvvlMqhuMB8GA1UdIwQY
MBaAFON+4eztGfigo6Y1v6omQpPjQ3eVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMt
MzZlMzQ0YWJjOWQzLzEvNWdhalBsa0NtYXBXeERKQXRTVE8tLVV5cUc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMtMzZlMzQ0YWJjOWQz
LzEvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLiC0MA0G
CSqGSIb3DQEBCwUAA4IBAQBIGaaBv+34N9NqU3r0Tf+Xr31koA9KmGkcksT3Kw1Y
k598i6nGHC7ikPb6ugu+nCDw5lwaouwQqVoV7D2loSdCudnXtCv+VF10d1qz2Cln
KF5oD2r6cPWD9QWno/6QpNdAmSSqERlsfLu6pPcuroqOKbJSrBw38Vcv+8qwXC4q
U/vHGDj8aWgEB6n1kIh2RbDmtjnG7GfeE5yv457em8iCNGWHUmLS9EU6VaoHHiv+
5CNsTJUFTWH3l3Iyc8rVwp0KJjPvqQTUcEg7SuakZloZWpD69IzBBNyvi5Fwk0ZX
BHLfRPhHoTWm4vKze+zyCx7/dFFdSYggbRq2WQtI9kaP
-----END CERTIFICATE-----