Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/T8lM_UqhplA-167vdfCJ5xZjNPo.roa
File:                     T8lM_UqhplA-167vdfCJ5xZjNPo.roa (raw, json)
Hash identifier:          1/ENtHsGU45ZTM6cLZwlVfTR8SQkL6TtKC2hJLvF3TA=
Subject key identifier:   4F:C9:4C:FD:4A:A1:A6:50:3E:D7:AE:EF:75:F0:89:E7:16:63:34:FA
Certificate issuer:       /CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
Certificate serial:       018CC64B19F9E563611686B8EA713BE4DBD4
Authority key identifier: E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/T8lM_UqhplA-167vdfCJ5xZjNPo.roa
Signing time:             Mon 01 Jan 2024 18:30:59 +0000
ROA not before:           Mon 01 Jan 2024 18:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50959
IP address blocks:        46.32.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:19:f9:e5:63:61:16:86:b8:ea:71:3b:e4:db:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
        Validity
            Not Before: Jan  1 18:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fc94cfd4aa1a6503ed7aeef75f089e7166334fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:20:0b:bc:40:99:b8:8b:e2:1a:14:8a:5a:e3:
                    3a:18:1b:0d:0c:30:51:50:ae:62:50:52:f0:bd:2a:
                    b8:0e:ee:9e:e6:b5:ec:54:8d:a2:84:6e:7e:f4:b5:
                    17:90:b9:1f:92:1a:82:ac:c5:01:8e:96:8b:3f:32:
                    ff:d7:3a:4e:14:52:a7:90:c6:14:8c:99:00:28:86:
                    3f:fc:ca:0f:09:43:7a:fe:89:42:0a:43:33:76:b7:
                    6c:47:29:81:14:24:3e:47:62:04:36:4c:de:6b:9b:
                    ae:f4:a3:70:0d:7c:46:3c:d4:db:14:db:47:30:16:
                    d4:53:eb:de:10:22:5a:de:3e:02:86:0b:b9:a3:17:
                    c9:d3:b0:f2:3d:b7:f6:79:b2:f8:77:64:11:9a:28:
                    b7:57:bd:49:33:cb:6c:b6:12:25:b0:da:46:02:f5:
                    d1:d4:62:4a:23:1e:47:4f:41:20:e9:20:26:c3:7e:
                    c0:f2:8c:65:77:43:2c:bb:8f:ed:3d:98:01:3b:30:
                    89:88:95:21:d7:fc:93:50:86:13:98:24:3a:4c:46:
                    58:5a:4a:5c:4e:ce:ff:78:79:81:53:a3:e3:22:2e:
                    72:2a:0f:a2:e2:c4:80:0b:1d:08:b5:b4:3b:7f:5c:
                    f7:70:fb:f6:67:24:3a:aa:86:1b:88:c6:cf:d7:f8:
                    c6:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:C9:4C:FD:4A:A1:A6:50:3E:D7:AE:EF:75:F0:89:E7:16:63:34:FA
            X509v3 Authority Key Identifier:
                keyid:E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/T8lM_UqhplA-167vdfCJ5xZjNPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.32.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:fe:9d:a1:e8:37:8a:13:8a:01:3a:16:3b:3e:1b:3e:7d:b8:
         88:23:cc:04:12:39:af:cb:c9:9d:0a:9c:5b:55:53:b2:03:9a:
         42:ea:ba:5e:b1:da:a8:58:cc:e1:00:99:34:cc:e3:be:e6:9c:
         82:9e:ee:df:67:f7:24:8d:f9:d7:ad:22:39:96:81:b5:d9:fc:
         68:c8:7f:0c:e5:0a:7e:6d:4b:56:94:8c:4b:8b:d8:c3:93:99:
         2f:56:07:3d:68:cc:62:ac:4d:b8:81:05:80:38:dc:73:0a:87:
         ec:3e:00:92:11:64:82:c3:11:44:41:55:76:8c:cc:70:68:0a:
         cf:0d:76:70:8a:88:59:d7:11:52:b7:bd:49:12:3b:21:46:7c:
         5f:a7:31:de:fd:c1:71:75:10:30:61:3a:f5:b4:38:9a:51:31:
         bc:9f:fb:aa:73:08:95:c6:96:ed:2f:4a:11:b8:fb:71:b4:0b:
         45:d9:89:6b:0c:6f:53:89:65:5b:1b:99:11:ae:ba:68:50:24:
         54:b1:13:69:4e:21:fc:2c:08:1e:f5:9d:a5:bd:6b:26:b4:07:
         0c:af:30:5b:62:4d:5a:fc:de:62:20:14:f0:8e:eb:d7:55:95:
         2e:10:52:1a:f0:54:6f:f0:c5:35:e3:b5:01:75:77:de:61:df:
         e4:9c:d6:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSxn55WNhFoa46nE75NvUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2VlMWVjZWQxOWY4YTBhM2E2MzViZmFhMjY0MjkzZTM0
Mzc3OTUwHhcNMjQwMTAxMTgzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmM5NGNmZDRhYTFhNjUwM2VkN2FlZWY3NWYwODllNzE2NjMzNGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5yALvECZuIviGhSKWuM6GBsNDDBR
UK5iUFLwvSq4Du6e5rXsVI2ihG5+9LUXkLkfkhqCrMUBjpaLPzL/1zpOFFKnkMYU
jJkAKIY//MoPCUN6/olCCkMzdrdsRymBFCQ+R2IENkzea5uu9KNwDXxGPNTbFNtH
MBbUU+veECJa3j4Chgu5oxfJ07DyPbf2ebL4d2QRmii3V71JM8tsthIlsNpGAvXR
1GJKIx5HT0Eg6SAmw37A8oxld0Msu4/tPZgBOzCJiJUh1/yTUIYTmCQ6TEZYWkpc
Ts7/eHmBU6PjIi5yKg+i4sSACx0ItbQ7f1z3cPv2ZyQ6qoYbiMbP1/jGTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/JTP1KoaZQPteu73XwiecWYzT6MB8GA1UdIwQY
MBaAFON+4eztGfigo6Y1v6omQpPjQ3eVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMt
MzZlMzQ0YWJjOWQzLzEvVDhsTV9VcWhwbEEtMTY3dmRmQ0o1eFpqTlBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMtMzZlMzQ0YWJjOWQz
LzEvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiCtMA0G
CSqGSIb3DQEBCwUAA4IBAQAC/p2h6DeKE4oBOhY7Phs+fbiII8wEEjmvy8mdCpxb
VVOyA5pC6rpesdqoWMzhAJk0zOO+5pyCnu7fZ/ckjfnXrSI5loG12fxoyH8M5Qp+
bUtWlIxLi9jDk5kvVgc9aMxirE24gQWAONxzCofsPgCSEWSCwxFEQVV2jMxwaArP
DXZwiohZ1xFSt71JEjshRnxfpzHe/cFxdRAwYTr1tDiaUTG8n/uqcwiVxpbtL0oR
uPtxtAtF2YlrDG9TiWVbG5kRrrpoUCRUsRNpTiH8LAge9Z2lvWsmtAcMrzBbYk1a
/N5iIBTwjuvXVZUuEFIa8FRv8MU147UBdXfeYd/knNZp
-----END CERTIFICATE-----