Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/IeSERaf_EXlONlXFBVBh67ioSvU.roa
File:                     IeSERaf_EXlONlXFBVBh67ioSvU.roa (raw, json)
Hash identifier:          qy8EDhNuNcLevsYTpWqxS3R/Yq5zCO2lArxij0H2EYc=
Subject key identifier:   21:E4:84:45:A7:FF:11:79:4E:36:55:C5:05:50:61:EB:B8:A8:4A:F5
Certificate issuer:       /CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
Certificate serial:       018CC64B1E8835037E3ADAE4A46275F59138
Authority key identifier: E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/IeSERaf_EXlONlXFBVBh67ioSvU.roa
Signing time:             Mon 01 Jan 2024 18:31:00 +0000
ROA not before:           Mon 01 Jan 2024 18:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211790
IP address blocks:        46.32.168.0/24 maxlen: 24
                          46.32.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 15:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:1e:88:35:03:7e:3a:da:e4:a4:62:75:f5:91:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
        Validity
            Not Before: Jan  1 18:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21e48445a7ff11794e3655c5055061ebb8a84af5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:25:2d:0a:6e:cf:eb:22:34:34:62:10:8f:cc:
                    6e:15:95:6b:3e:c2:30:b4:11:6c:61:e6:13:d9:2e:
                    43:30:6a:de:ae:fe:0c:9a:b0:a7:ac:c9:f5:c4:89:
                    1c:cb:53:a3:53:9b:5b:4f:10:0c:79:0d:22:e8:31:
                    f2:ca:e0:09:88:ae:7e:04:49:e4:2a:4f:b2:e5:de:
                    59:8d:c5:d2:b3:77:90:60:fb:33:47:8c:59:ea:80:
                    5d:1d:df:40:f0:d2:ca:1e:86:c7:d5:9f:43:94:aa:
                    9e:3b:95:2b:1b:41:39:66:e7:4e:54:45:b1:b7:5b:
                    cd:aa:f0:ca:a3:a2:cf:6a:7d:71:06:1d:dd:2e:65:
                    8a:a4:c5:15:32:9e:d4:90:7a:50:e8:fd:09:22:73:
                    fe:b1:a7:3a:36:17:49:3e:9f:16:81:cd:ff:04:c3:
                    31:75:56:8f:4b:01:00:ba:3e:f8:91:e3:1e:31:a5:
                    5d:1f:d7:d1:73:21:2e:97:67:68:78:c9:30:56:66:
                    80:13:d9:77:4e:12:d3:be:b4:67:ff:60:c1:15:15:
                    d4:c0:ce:ac:bb:b4:12:ff:82:ff:ad:8a:d3:7f:b8:
                    0a:98:f6:fb:b4:16:cf:ba:40:53:8a:0d:fe:f3:41:
                    cc:84:67:43:14:0f:01:d2:df:00:01:e7:5d:a8:7b:
                    52:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:E4:84:45:A7:FF:11:79:4E:36:55:C5:05:50:61:EB:B8:A8:4A:F5
            X509v3 Authority Key Identifier:
                keyid:E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/IeSERaf_EXlONlXFBVBh67ioSvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.32.168.0/24
                  46.32.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:6c:fa:94:b7:86:f3:11:04:af:fc:e5:8e:d5:3e:9c:6c:a0:
         75:83:35:ce:8f:7b:77:78:c6:1a:9b:e0:44:eb:0d:51:5c:6d:
         4f:7d:55:f8:af:49:e5:d5:7f:73:34:34:d4:fc:28:02:9a:37:
         67:1f:e3:ec:f2:80:c9:ef:8a:84:bc:97:12:47:65:b0:a5:36:
         bc:bf:7e:d2:d5:72:5e:83:21:63:b4:7d:2f:64:73:ce:10:d1:
         7b:38:75:24:e1:c3:38:9a:b7:2d:39:e7:2e:91:35:7b:0e:cf:
         cb:ed:be:da:df:ac:71:30:93:0c:ab:27:ca:04:73:af:b2:bd:
         88:98:da:ef:e1:6e:9b:66:ca:c3:c4:0c:20:ce:82:cc:00:c7:
         ed:a5:64:bb:6c:cf:67:1d:2c:0d:66:00:f3:9b:9c:5c:fb:01:
         37:58:16:59:fc:7c:49:27:9d:41:2e:6e:f0:9f:e4:9c:c7:4b:
         78:eb:4a:32:11:0c:51:69:88:3b:bd:6a:42:c1:6a:c4:ab:6e:
         15:5e:d3:e0:40:ba:63:72:4f:d1:db:ed:62:d1:54:a6:d9:ca:
         b1:8c:fe:3a:bd:c5:aa:86:11:59:c5:52:2d:31:69:02:e1:2c:
         21:c0:bd:77:a5:81:d5:e7:1c:1e:db:8a:86:25:29:38:91:61:
         e2:8f:7c:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSx6INQN+OtrkpGJ19ZE4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2VlMWVjZWQxOWY4YTBhM2E2MzViZmFhMjY0MjkzZTM0
Mzc3OTUwHhcNMjQwMTAxMTgzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWU0ODQ0NWE3ZmYxMTc5NGUzNjU1YzUwNTUwNjFlYmI4YTg0YWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriUtCm7P6yI0NGIQj8xuFZVrPsIw
tBFsYeYT2S5DMGrerv4MmrCnrMn1xIkcy1OjU5tbTxAMeQ0i6DHyyuAJiK5+BEnk
Kk+y5d5ZjcXSs3eQYPszR4xZ6oBdHd9A8NLKHobH1Z9DlKqeO5UrG0E5ZudOVEWx
t1vNqvDKo6LPan1xBh3dLmWKpMUVMp7UkHpQ6P0JInP+sac6NhdJPp8Wgc3/BMMx
dVaPSwEAuj74keMeMaVdH9fRcyEul2doeMkwVmaAE9l3ThLTvrRn/2DBFRXUwM6s
u7QS/4L/rYrTf7gKmPb7tBbPukBTig3+80HMhGdDFA8B0t8AAeddqHtSrwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCHkhEWn/xF5TjZVxQVQYeu4qEr1MB8GA1UdIwQY
MBaAFON+4eztGfigo6Y1v6omQpPjQ3eVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMt
MzZlMzQ0YWJjOWQzLzEvSWVTRVJhZl9FWGxPTmxYRkJWQmg2N2lvU3ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMtMzZlMzQ0YWJjOWQz
LzEvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALiCoAwQA
LiCwMA0GCSqGSIb3DQEBCwUAA4IBAQBNbPqUt4bzEQSv/OWO1T6cbKB1gzXOj3t3
eMYam+BE6w1RXG1PfVX4r0nl1X9zNDTU/CgCmjdnH+Ps8oDJ74qEvJcSR2WwpTa8
v37S1XJegyFjtH0vZHPOENF7OHUk4cM4mrctOecukTV7Ds/L7b7a36xxMJMMqyfK
BHOvsr2ImNrv4W6bZsrDxAwgzoLMAMftpWS7bM9nHSwNZgDzm5xc+wE3WBZZ/HxJ
J51BLm7wn+Scx0t460oyEQxRaYg7vWpCwWrEq24VXtPgQLpjck/R2+1i0VSm2cqx
jP46vcWqhhFZxVItMWkC4SwhwL13pYHV5xwe24qGJSk4kWHij3zv
-----END CERTIFICATE-----