Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/mQiDUNcITxN36MK8F9Vwmi8fo4o.roa
File:                     mQiDUNcITxN36MK8F9Vwmi8fo4o.roa (raw, json)
Hash identifier:          xO51QS8O43duxZ5R/yFhW3YN8oUTC/nXiBxs39X0KSE=
Subject key identifier:   99:08:83:50:D7:08:4F:13:77:E8:C2:BC:17:D5:70:9A:2F:1F:A3:8A
Certificate issuer:       /CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
Certificate serial:       018F10A5706672231C734F0F1C84183C2DE9
Authority key identifier: E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/mQiDUNcITxN36MK8F9Vwmi8fo4o.roa
Signing time:             Wed 24 Apr 2024 15:07:08 +0000
ROA not before:           Wed 24 Apr 2024 15:07:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204986
IP address blocks:        46.32.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 06:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:10:a5:70:66:72:23:1c:73:4f:0f:1c:84:18:3c:2d:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
        Validity
            Not Before: Apr 24 15:07:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99088350d7084f1377e8c2bc17d5709a2f1fa38a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:d2:f4:13:cf:f6:64:92:05:61:36:b8:33:2d:
                    45:d2:2e:05:81:23:f7:d2:16:72:43:31:0b:9b:d3:
                    35:a7:7c:3d:f5:37:13:82:06:65:97:88:ce:7d:cd:
                    09:9e:b1:80:f5:1d:b2:2b:8c:ac:93:df:a5:1c:4e:
                    88:f4:b2:67:eb:3a:0f:81:d7:ff:2a:a1:bc:5e:1c:
                    61:c8:e2:5a:c8:55:02:ec:7b:60:bc:00:3b:0c:5b:
                    36:d8:45:14:ec:8d:b5:12:a1:60:08:54:7d:e5:81:
                    4d:ea:e8:c4:7b:9d:b0:37:ef:24:32:c5:07:5e:8a:
                    57:92:9d:00:59:39:47:e6:bc:28:9b:65:8e:34:a9:
                    7d:7e:3f:57:3d:75:94:a1:98:09:29:3d:ae:e9:2b:
                    71:13:5a:e9:b5:b7:dc:ce:3f:34:57:6b:75:a4:41:
                    7e:56:d3:ea:43:a4:4d:5a:7f:ab:97:f0:49:aa:2d:
                    dc:1c:87:4a:97:14:35:89:7e:83:02:ce:34:c5:ec:
                    41:a1:75:4e:ef:76:66:33:81:aa:bf:9b:23:c9:1f:
                    44:eb:eb:fb:fa:bd:3f:35:e8:63:9e:78:64:4e:95:
                    f7:0c:20:8f:3b:cf:2c:b1:20:26:7a:44:44:86:3c:
                    dd:c1:24:b1:80:2b:79:a3:9c:be:de:8c:0c:aa:b9:
                    3b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:08:83:50:D7:08:4F:13:77:E8:C2:BC:17:D5:70:9A:2F:1F:A3:8A
            X509v3 Authority Key Identifier:
                keyid:E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/mQiDUNcITxN36MK8F9Vwmi8fo4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.32.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:1a:79:ea:14:38:6c:64:c6:75:5d:c9:bf:eb:3f:f8:d7:28:
         cf:eb:0c:08:23:86:54:89:58:3e:5c:29:ee:68:04:b9:a3:73:
         e0:fa:92:a5:01:5b:c3:a7:4c:6f:bf:f0:48:c6:bd:70:ef:38:
         36:a3:7b:1f:ec:f9:0d:1b:96:9c:bc:47:ef:ba:53:57:ab:26:
         d8:bd:35:35:65:70:b1:40:5d:a3:d0:13:fe:78:a8:b4:49:7e:
         d1:2e:d8:c4:67:77:c7:c5:79:a1:83:16:03:64:92:89:ec:cb:
         da:40:4d:77:aa:8f:ea:96:ab:1e:53:e1:df:0e:31:62:02:a4:
         7e:b5:5d:80:1a:9b:0f:f6:1b:f4:f3:dd:d2:51:40:e3:cb:6d:
         71:98:a5:a7:45:1d:93:87:b9:06:dc:da:a5:39:7d:7e:dc:93:
         ff:e5:2c:0c:1a:f4:15:a1:c0:54:be:16:55:c6:fc:f4:d6:2d:
         8b:42:4e:7a:db:b5:03:c5:95:f6:9c:29:3b:43:7e:9f:f4:bc:
         89:51:a3:0d:99:cc:bb:01:19:f5:dc:68:06:4a:cd:cc:09:dd:
         bf:0a:19:9a:c9:c1:da:a2:ad:41:d3:1d:b8:60:8e:62:44:d4:
         dd:96:d7:dc:90:b2:25:83:1d:6d:d9:73:9e:70:ea:77:0c:81:
         4e:a4:10:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8QpXBmciMcc08PHIQYPC3pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2VlMWVjZWQxOWY4YTBhM2E2MzViZmFhMjY0MjkzZTM0
Mzc3OTUwHhcNMjQwNDI0MTUwNzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTA4ODM1MGQ3MDg0ZjEzNzdlOGMyYmMxN2Q1NzA5YTJmMWZhMzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdL0E8/2ZJIFYTa4My1F0i4FgSP3
0hZyQzELm9M1p3w99TcTggZll4jOfc0JnrGA9R2yK4ysk9+lHE6I9LJn6zoPgdf/
KqG8XhxhyOJayFUC7HtgvAA7DFs22EUU7I21EqFgCFR95YFN6ujEe52wN+8kMsUH
XopXkp0AWTlH5rwom2WONKl9fj9XPXWUoZgJKT2u6StxE1rptbfczj80V2t1pEF+
VtPqQ6RNWn+rl/BJqi3cHIdKlxQ1iX6DAs40xexBoXVO73ZmM4Gqv5sjyR9E6+v7
+r0/NehjnnhkTpX3DCCPO88ssSAmekREhjzdwSSxgCt5o5y+3owMqrk7EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJkIg1DXCE8Td+jCvBfVcJovH6OKMB8GA1UdIwQY
MBaAFON+4eztGfigo6Y1v6omQpPjQ3eVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMt
MzZlMzQ0YWJjOWQzLzEvbVFpRFVOY0lUeE4zNk1LOEY5VndtaThmbzRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMtMzZlMzQ0YWJjOWQz
LzEvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiCzMA0G
CSqGSIb3DQEBCwUAA4IBAQAnGnnqFDhsZMZ1Xcm/6z/41yjP6wwII4ZUiVg+XCnu
aAS5o3Pg+pKlAVvDp0xvv/BIxr1w7zg2o3sf7PkNG5acvEfvulNXqybYvTU1ZXCx
QF2j0BP+eKi0SX7RLtjEZ3fHxXmhgxYDZJKJ7MvaQE13qo/qlqseU+HfDjFiAqR+
tV2AGpsP9hv0893SUUDjy21xmKWnRR2Th7kG3NqlOX1+3JP/5SwMGvQVocBUvhZV
xvz01i2LQk5627UDxZX2nCk7Q36f9LyJUaMNmcy7ARn13GgGSs3MCd2/ChmaycHa
oq1B0x24YI5iRNTdltfckLIlgx1t2XOecOp3DIFOpBD9
-----END CERTIFICATE-----