Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/Ns8sXdG-J1aDJKkGSNJO7t9i-uU.roa
File:                     Ns8sXdG-J1aDJKkGSNJO7t9i-uU.roa (raw, json)
Hash identifier:          Pe//ZVJYngk/dxGYg/MmjbCl7LZ+F8IBGQzmyO68bi8=
Subject key identifier:   36:CF:2C:5D:D1:BE:27:56:83:24:A9:06:48:D2:4E:EE:DF:62:FA:E5
Certificate issuer:       /CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
Certificate serial:       018D311F01219F96B2AF8C4F3FF51082C01C
Authority key identifier: E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/Ns8sXdG-J1aDJKkGSNJO7t9i-uU.roa
Signing time:             Mon 22 Jan 2024 12:22:11 +0000
ROA not before:           Mon 22 Jan 2024 12:22:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42532
IP address blocks:        46.32.184.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:31:1f:01:21:9f:96:b2:af:8c:4f:3f:f5:10:82:c0:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
        Validity
            Not Before: Jan 22 12:22:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36cf2c5dd1be27568324a90648d24eeedf62fae5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:81:76:9b:b7:86:a2:c9:3b:ef:90:c3:fb:88:
                    0f:72:db:93:8e:bf:9c:12:af:d9:44:be:62:c5:d7:
                    b6:71:8f:34:7b:3e:09:25:b8:e9:d4:5c:6f:e3:f8:
                    23:81:63:72:56:88:94:fd:ed:22:6b:11:50:22:20:
                    6e:9a:b6:8e:aa:f0:e4:d3:b2:63:f7:5a:67:d1:86:
                    77:39:3c:51:69:99:65:c6:d6:a2:54:86:82:d7:a1:
                    f8:13:9f:6c:cf:70:a5:12:8e:84:f5:64:dd:9b:e3:
                    5e:ad:f1:6c:b3:24:e4:86:46:ba:be:19:5a:a3:48:
                    ff:c4:36:61:d5:37:17:6f:5b:96:ca:49:62:a2:06:
                    69:c3:bf:5e:2b:bf:d4:4c:48:e6:2e:cb:4f:a1:c0:
                    d8:80:f1:82:26:be:6e:1c:57:15:30:77:c5:81:14:
                    e4:6f:a1:ab:35:f0:94:4d:db:79:99:90:7d:45:f1:
                    b2:c8:8a:6c:e2:2f:47:4e:da:20:16:b3:60:0a:ad:
                    55:65:ca:ab:5e:d5:47:89:80:c7:38:a0:27:f5:78:
                    6d:20:76:76:14:9c:7c:ed:c2:ad:be:65:57:ec:dd:
                    82:c0:5c:53:0c:e4:8b:0b:c9:48:d5:3d:f7:1c:65:
                    f4:ca:53:d7:48:d8:5f:69:44:67:be:b1:15:30:65:
                    09:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:CF:2C:5D:D1:BE:27:56:83:24:A9:06:48:D2:4E:EE:DF:62:FA:E5
            X509v3 Authority Key Identifier:
                keyid:E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/Ns8sXdG-J1aDJKkGSNJO7t9i-uU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.32.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:39:e8:4d:d4:c8:a5:31:ab:f3:6b:bb:44:0d:47:3a:53:c2:
         bb:ac:cf:49:8b:b4:bc:cd:20:ee:95:45:0c:eb:ac:7d:48:15:
         b7:a1:db:62:d0:8e:04:76:61:bb:f0:f3:6f:6f:17:7b:94:4b:
         b8:e6:12:64:fd:91:a2:59:1d:9f:5c:dc:66:60:1a:8e:a1:93:
         bf:39:49:a8:22:e5:53:03:dc:f0:0a:48:0e:52:9b:e2:b6:7d:
         95:b3:05:60:78:b6:57:67:7e:a8:b8:35:6c:7f:d1:76:25:ee:
         60:68:69:4b:c5:54:cd:b9:5c:cd:3d:cb:d1:ed:7f:86:e5:3e:
         2a:06:02:f4:8f:27:f3:9f:1d:e4:50:66:fc:b6:90:e4:e4:02:
         95:42:32:93:cc:37:f1:91:76:be:3c:30:e0:37:43:46:30:4b:
         00:38:8a:8e:90:50:dc:a9:4b:71:4c:6f:b7:6f:6e:89:a1:65:
         b3:74:e5:c1:36:0d:09:e9:b1:de:33:46:0a:97:fb:01:c3:f8:
         af:0f:43:f3:a8:32:de:8a:40:c6:7a:0c:e8:0c:ae:77:e3:87:
         36:d1:42:5e:a7:62:e7:10:5a:90:35:30:97:7b:ca:50:68:ef:
         21:18:78:4e:18:e0:f1:99:02:3c:ba:01:50:b6:70:8b:b5:ac:
         48:18:f4:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0xHwEhn5ayr4xPP/UQgsAcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2VlMWVjZWQxOWY4YTBhM2E2MzViZmFhMjY0MjkzZTM0
Mzc3OTUwHhcNMjQwMTIyMTIyMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmNmMmM1ZGQxYmUyNzU2ODMyNGE5MDY0OGQyNGVlZWRmNjJmYWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkIF2m7eGosk775DD+4gPctuTjr+c
Eq/ZRL5ixde2cY80ez4JJbjp1Fxv4/gjgWNyVoiU/e0iaxFQIiBumraOqvDk07Jj
91pn0YZ3OTxRaZllxtaiVIaC16H4E59sz3ClEo6E9WTdm+NerfFssyTkhka6vhla
o0j/xDZh1TcXb1uWykliogZpw79eK7/UTEjmLstPocDYgPGCJr5uHFcVMHfFgRTk
b6GrNfCUTdt5mZB9RfGyyIps4i9HTtogFrNgCq1VZcqrXtVHiYDHOKAn9XhtIHZ2
FJx87cKtvmVX7N2CwFxTDOSLC8lI1T33HGX0ylPXSNhfaURnvrEVMGUJuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDbPLF3RvidWgySpBkjSTu7fYvrlMB8GA1UdIwQY
MBaAFON+4eztGfigo6Y1v6omQpPjQ3eVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMt
MzZlMzQ0YWJjOWQzLzEvTnM4c1hkRy1KMWFESktrR1NOSk83dDlpLXVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMtMzZlMzQ0YWJjOWQz
LzEvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLiC4MA0G
CSqGSIb3DQEBCwUAA4IBAQA4OehN1MilMavza7tEDUc6U8K7rM9Ji7S8zSDulUUM
66x9SBW3odti0I4EdmG78PNvbxd7lEu45hJk/ZGiWR2fXNxmYBqOoZO/OUmoIuVT
A9zwCkgOUpvitn2VswVgeLZXZ36ouDVsf9F2Je5gaGlLxVTNuVzNPcvR7X+G5T4q
BgL0jyfznx3kUGb8tpDk5AKVQjKTzDfxkXa+PDDgN0NGMEsAOIqOkFDcqUtxTG+3
b26JoWWzdOXBNg0J6bHeM0YKl/sBw/ivD0PzqDLeikDGegzoDK5344c20UJep2Ln
EFqQNTCXe8pQaO8hGHhOGODxmQI8ugFQtnCLtaxIGPQa
-----END CERTIFICATE-----