Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/TxnmQLTJ7RG9p8EWlmGMzoVFKYM.roa
File:                     TxnmQLTJ7RG9p8EWlmGMzoVFKYM.roa (raw, json)
Hash identifier:          ya4Fhh2AAgBvWI3PefXXRZJhuG79XQoe+sEudA3lm48=
Subject key identifier:   4F:19:E6:40:B4:C9:ED:11:BD:A7:C1:16:96:61:8C:CE:85:45:29:83
Certificate issuer:       /CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
Certificate serial:       019423D713EC32B7291E20CF2FD64979697D
Authority key identifier: E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/TxnmQLTJ7RG9p8EWlmGMzoVFKYM.roa
Signing time:             Wed 01 Jan 2025 21:48:05 +0000
ROA not before:           Wed 01 Jan 2025 21:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216259
IP address blocks:        46.32.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 07:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:13:ec:32:b7:29:1e:20:cf:2f:d6:49:79:69:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
        Validity
            Not Before: Jan  1 21:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f19e640b4c9ed11bda7c11696618cce85452983
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:0b:5c:f7:b1:2e:1a:9f:37:55:23:0d:67:c0:
                    57:aa:b9:c1:a9:29:6a:5b:1f:8c:f2:cc:64:d1:01:
                    53:fd:a3:d8:11:c4:2c:2c:74:d2:f3:c3:9b:5e:70:
                    9b:55:2b:38:da:e6:d2:f3:39:49:1f:02:bf:9c:25:
                    67:1d:7d:e0:6d:7a:ba:a9:2b:a4:fd:73:08:15:72:
                    1e:0c:5c:6e:48:ff:08:06:f5:e4:b2:95:29:f1:45:
                    42:ad:2e:de:6e:e7:3c:b9:58:00:69:66:9a:ee:3c:
                    c2:a5:a9:ec:cc:47:2f:2d:bb:0b:83:29:93:8d:dd:
                    d0:7b:b6:2e:d7:5c:5a:94:99:ec:bf:43:19:2d:7e:
                    0d:c1:52:40:13:02:e6:66:47:b5:40:69:a0:0c:06:
                    50:a9:37:17:df:20:05:c4:cb:23:ed:6c:fe:73:33:
                    bb:d6:6d:4e:75:98:80:0b:ad:d6:d0:c3:40:f2:42:
                    36:05:62:68:62:33:47:58:fb:df:cf:95:00:39:75:
                    98:d3:2f:a3:30:eb:76:18:89:65:49:21:92:91:1b:
                    76:f5:66:d7:5d:6d:6e:cf:2e:f3:e8:10:96:d7:a9:
                    61:06:35:3c:c1:fd:f8:d1:6c:d9:84:81:49:1e:93:
                    10:bb:bd:24:a0:92:ab:bb:70:6e:a0:8d:3d:b4:6c:
                    46:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:19:E6:40:B4:C9:ED:11:BD:A7:C1:16:96:61:8C:CE:85:45:29:83
            X509v3 Authority Key Identifier:
                keyid:E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/TxnmQLTJ7RG9p8EWlmGMzoVFKYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.32.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:8c:55:e8:e2:4c:9d:55:16:cf:7f:69:54:1e:62:9a:5f:1e:
         4c:7d:49:00:7c:92:14:4c:11:9c:8c:ef:fa:c9:15:99:d1:4b:
         f7:3b:73:09:bc:6a:6e:67:4f:ac:7a:85:fd:b6:9f:e6:ce:58:
         b3:5d:2b:5a:8f:7a:47:27:ed:c6:5e:37:34:a3:9e:34:99:f2:
         06:22:65:af:b7:71:fc:21:15:cc:02:a2:be:c7:c9:5c:a4:69:
         68:78:2c:13:54:3e:a0:1d:17:1f:34:d0:8b:95:42:cf:78:ca:
         84:90:af:b4:ad:bd:29:f7:f5:9d:39:1b:36:47:06:a7:4a:ac:
         2d:ca:c7:6d:b1:47:b4:04:4b:a9:b5:c8:d8:20:5e:c5:7d:d5:
         5a:12:82:35:c0:d9:c5:5f:a7:c1:44:02:60:d0:aa:e3:79:a5:
         98:de:b3:b8:f4:bf:d5:85:59:8c:fd:1c:f5:85:d6:9c:d0:91:
         57:a6:88:d8:76:49:ed:ef:32:1e:21:82:b3:2c:9d:7f:48:79:
         2d:f8:00:10:cb:f2:12:a7:fc:dc:cb:2a:74:a8:5e:ea:2d:0f:
         10:56:8b:b5:07:16:1d:b9:c7:aa:89:72:0b:66:62:45:64:86:
         35:51:7b:6d:ed:c7:59:e7:06:16:7c:6f:08:85:8d:5d:26:fd:
         60:6a:de:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1xPsMrcpHiDPL9ZJeWl9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2VlMWVjZWQxOWY4YTBhM2E2MzViZmFhMjY0MjkzZTM0
Mzc3OTUwHhcNMjUwMTAxMjE0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjE5ZTY0MGI0YzllZDExYmRhN2MxMTY5NjYxOGNjZTg1NDUyOTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAywtc97EuGp83VSMNZ8BXqrnBqSlq
Wx+M8sxk0QFT/aPYEcQsLHTS88ObXnCbVSs42ubS8zlJHwK/nCVnHX3gbXq6qSuk
/XMIFXIeDFxuSP8IBvXkspUp8UVCrS7ebuc8uVgAaWaa7jzCpanszEcvLbsLgymT
jd3Qe7Yu11xalJnsv0MZLX4NwVJAEwLmZke1QGmgDAZQqTcX3yAFxMsj7Wz+czO7
1m1OdZiAC63W0MNA8kI2BWJoYjNHWPvfz5UAOXWY0y+jMOt2GIllSSGSkRt29WbX
XW1uzy7z6BCW16lhBjU8wf340WzZhIFJHpMQu70koJKru3BuoI09tGxG/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8Z5kC0ye0RvafBFpZhjM6FRSmDMB8GA1UdIwQY
MBaAFON+4eztGfigo6Y1v6omQpPjQ3eVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMt
MzZlMzQ0YWJjOWQzLzEvVHhubVFMVEo3Ukc5cDhFV2xtR016b1ZGS1lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMtMzZlMzQ0YWJjOWQz
LzEvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiCvMA0G
CSqGSIb3DQEBCwUAA4IBAQA5jFXo4kydVRbPf2lUHmKaXx5MfUkAfJIUTBGcjO/6
yRWZ0Uv3O3MJvGpuZ0+seoX9tp/mzlizXStaj3pHJ+3GXjc0o540mfIGImWvt3H8
IRXMAqK+x8lcpGloeCwTVD6gHRcfNNCLlULPeMqEkK+0rb0p9/WdORs2RwanSqwt
ysdtsUe0BEuptcjYIF7FfdVaEoI1wNnFX6fBRAJg0KrjeaWY3rO49L/VhVmM/Rz1
hdac0JFXpojYdknt7zIeIYKzLJ1/SHkt+AAQy/ISp/zcyyp0qF7qLQ8QVou1BxYd
uceqiXILZmJFZIY1UXtt7cdZ5wYWfG8IhY1dJv1gat5n
-----END CERTIFICATE-----