Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/MeTZYkmW5YPhJmBbaFSWUH5meC4.roa
File:                     MeTZYkmW5YPhJmBbaFSWUH5meC4.roa (raw, json)
Hash identifier:          ozRj2hwZp4lOLGAV33JpQdxI9xS7NvXcHOIOemOlLLI=
Subject key identifier:   31:E4:D9:62:49:96:E5:83:E1:26:60:5B:68:54:96:50:7E:66:78:2E
Certificate issuer:       /CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
Certificate serial:       018CC64B1C3571ABF6F676E23207876CA697
Authority key identifier: E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/MeTZYkmW5YPhJmBbaFSWUH5meC4.roa
Signing time:             Mon 01 Jan 2024 18:30:59 +0000
ROA not before:           Mon 01 Jan 2024 18:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196925
IP address blocks:        46.32.169.0/24 maxlen: 24
                          46.32.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:1c:35:71:ab:f6:f6:76:e2:32:07:87:6c:a6:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
        Validity
            Not Before: Jan  1 18:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31e4d9624996e583e126605b685496507e66782e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:0f:4c:45:3a:86:b2:fe:e5:c4:f7:80:69:93:
                    f7:65:76:a0:29:16:87:3f:b3:7c:da:05:4f:cd:e6:
                    17:49:97:3d:72:b7:01:cd:69:36:7d:61:09:d3:51:
                    21:a0:7b:f0:9d:5d:23:91:fa:e4:51:30:df:96:44:
                    68:41:a2:f8:70:f2:68:c0:49:2f:7c:f1:c3:30:96:
                    13:5f:a3:fb:57:64:06:03:19:e7:06:3d:57:ab:9c:
                    99:56:0c:c4:1d:dd:c2:e8:50:fe:51:c8:b7:93:4a:
                    f8:8b:1b:0a:a1:fb:32:99:f9:d5:23:80:49:79:d3:
                    fd:d1:25:7c:f6:9f:52:33:e6:fc:4b:f2:37:22:e4:
                    53:a6:bc:14:84:b6:57:8e:35:77:98:f0:4b:7c:e4:
                    c5:5a:fd:6b:91:aa:ff:0e:c7:15:b2:dc:9b:ef:b2:
                    22:7f:73:e4:63:e0:90:58:34:5f:ee:51:41:96:10:
                    d2:2a:38:08:ef:03:bf:7b:c3:8f:3c:3d:e5:13:44:
                    ae:5d:e7:54:a1:2e:46:9c:ff:9c:aa:9d:63:37:88:
                    57:3c:8b:56:4c:4d:69:c5:6b:9d:17:4f:98:9c:db:
                    7a:7c:a3:ef:24:c6:34:a1:32:4a:61:a6:92:fe:ab:
                    af:c7:0a:6d:04:3a:44:af:73:c3:e9:fe:bf:9d:51:
                    7e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:E4:D9:62:49:96:E5:83:E1:26:60:5B:68:54:96:50:7E:66:78:2E
            X509v3 Authority Key Identifier:
                keyid:E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/MeTZYkmW5YPhJmBbaFSWUH5meC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.32.169.0/24
                  46.32.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:f9:bb:a7:3a:d2:01:9c:42:5a:1c:f7:38:d2:66:85:20:ca:
         51:9a:60:0f:e9:dd:94:93:ba:ee:79:16:6c:ce:c4:fa:38:66:
         80:c7:a0:08:6e:6c:5e:07:d7:cc:a9:8b:34:89:21:5e:cd:fc:
         00:12:19:39:63:86:af:9c:36:da:dd:c7:9a:3e:12:07:b4:03:
         5f:8d:9b:3a:e8:ec:a8:94:90:db:3b:4c:6e:4a:57:9f:48:df:
         d6:ec:6e:61:0c:eb:c7:c9:53:ed:29:bf:55:ac:27:4b:65:63:
         4e:04:84:20:2b:04:9b:f2:17:50:8f:ce:6c:7f:6a:71:ad:24:
         2e:b6:aa:24:e8:51:2d:1c:36:49:32:dd:2a:6c:29:b7:81:10:
         12:b5:25:c9:8b:1e:2e:c7:39:40:04:90:26:50:4a:9f:2c:5e:
         ff:dc:09:f3:d5:7b:9d:5d:08:b8:f4:b4:0d:8a:99:71:3d:1c:
         79:cd:a3:ea:da:91:da:94:71:fb:64:d9:41:b0:dc:23:e4:73:
         d7:9a:67:22:2e:f6:9f:35:36:86:15:26:f3:d8:39:5a:86:0c:
         32:8c:09:f1:ef:6f:f4:88:51:89:40:9b:81:b7:97:59:cb:1f:
         fb:c8:19:c9:97:82:68:8e:c7:bb:e2:ca:9a:6d:9a:ba:c9:df:
         89:be:3f:25
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSxw1cav29nbiMgeHbKaXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2VlMWVjZWQxOWY4YTBhM2E2MzViZmFhMjY0MjkzZTM0
Mzc3OTUwHhcNMjQwMTAxMTgzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWU0ZDk2MjQ5OTZlNTgzZTEyNjYwNWI2ODU0OTY1MDdlNjY3ODJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQ9MRTqGsv7lxPeAaZP3ZXagKRaH
P7N82gVPzeYXSZc9crcBzWk2fWEJ01EhoHvwnV0jkfrkUTDflkRoQaL4cPJowEkv
fPHDMJYTX6P7V2QGAxnnBj1Xq5yZVgzEHd3C6FD+Uci3k0r4ixsKofsymfnVI4BJ
edP90SV89p9SM+b8S/I3IuRTprwUhLZXjjV3mPBLfOTFWv1rkar/DscVstyb77Ii
f3PkY+CQWDRf7lFBlhDSKjgI7wO/e8OPPD3lE0SuXedUoS5GnP+cqp1jN4hXPItW
TE1pxWudF0+YnNt6fKPvJMY0oTJKYaaS/quvxwptBDpEr3PD6f6/nVF+tQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDHk2WJJluWD4SZgW2hUllB+ZnguMB8GA1UdIwQY
MBaAFON+4eztGfigo6Y1v6omQpPjQ3eVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMt
MzZlMzQ0YWJjOWQzLzEvTWVUWllrbVc1WVBoSm1CYmFGU1dVSDVtZUM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMtMzZlMzQ0YWJjOWQz
LzEvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALiCpAwQA
LiCyMA0GCSqGSIb3DQEBCwUAA4IBAQBH+bunOtIBnEJaHPc40maFIMpRmmAP6d2U
k7rueRZszsT6OGaAx6AIbmxeB9fMqYs0iSFezfwAEhk5Y4avnDba3ceaPhIHtANf
jZs66OyolJDbO0xuSlefSN/W7G5hDOvHyVPtKb9VrCdLZWNOBIQgKwSb8hdQj85s
f2pxrSQutqok6FEtHDZJMt0qbCm3gRAStSXJix4uxzlABJAmUEqfLF7/3Anz1Xud
XQi49LQNiplxPRx5zaPq2pHalHH7ZNlBsNwj5HPXmmciLvafNTaGFSbz2Dlahgwy
jAnx72/0iFGJQJuBt5dZyx/7yBnJl4Jojse74sqabZq6yd+Jvj8l
-----END CERTIFICATE-----