Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/32Hv_gu1_sTfbGUS6HVPxfiasjc.roa
File:                     32Hv_gu1_sTfbGUS6HVPxfiasjc.roa (raw, json)
Hash identifier:          DqVz9Dmem3xAlvx7//yeMqor+cTczo4RWpysmG4L9kM=
Subject key identifier:   DF:61:EF:FE:0B:B5:FE:C4:DF:6C:65:12:E8:75:4F:C5:F8:9A:B2:37
Certificate issuer:       /CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
Certificate serial:       018CC8710465DCFCE3FF6EB70C2ACA80D1B9
Authority key identifier: 79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/32Hv_gu1_sTfbGUS6HVPxfiasjc.roa
Signing time:             Tue 02 Jan 2024 04:31:39 +0000
ROA not before:           Tue 02 Jan 2024 04:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43370
IP address blocks:        37.46.48.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:04:65:dc:fc:e3:ff:6e:b7:0c:2a:ca:80:d1:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
        Validity
            Not Before: Jan  2 04:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df61effe0bb5fec4df6c6512e8754fc5f89ab237
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:fc:e5:f2:3b:8a:75:2b:3a:d2:6f:97:f4:4b:
                    87:8c:a1:b7:47:3b:f0:d7:a1:6e:2a:a5:e1:f0:cc:
                    21:b3:9c:cc:07:ac:da:e5:00:54:4a:b2:ee:2e:8c:
                    34:92:6b:16:71:10:db:c2:44:da:4d:5e:bd:db:9a:
                    62:c3:d8:6d:e4:06:2f:fc:cf:8b:57:03:cd:a1:12:
                    d7:7a:2f:9e:e7:f7:a2:4a:84:6e:84:93:a5:99:d7:
                    cb:20:7e:ba:d9:01:b9:61:af:99:34:f4:9b:55:bc:
                    fa:39:0a:89:05:ce:48:b1:f4:46:c6:3d:df:94:35:
                    46:30:89:82:e3:21:a3:6d:79:b5:db:fe:a2:2f:b2:
                    66:9f:e2:8c:19:80:e6:b6:7b:51:2b:33:50:85:db:
                    1e:66:58:d0:46:0f:28:bd:33:df:21:b9:ae:6b:94:
                    8b:64:18:75:df:1d:22:02:90:cf:3a:23:6e:f6:45:
                    d9:7b:c5:46:14:2a:15:32:eb:1a:8d:bd:38:8f:02:
                    7d:49:1c:e5:71:07:bf:b2:41:d5:62:ee:a6:09:87:
                    a5:af:2b:53:fd:7c:c2:b9:27:1c:6b:6b:ba:1c:0e:
                    76:17:02:f3:f1:ee:41:52:7a:3b:c0:85:c8:cc:d4:
                    42:c2:2a:e7:6a:4d:53:db:6a:4f:e5:74:a7:ae:42:
                    47:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:61:EF:FE:0B:B5:FE:C4:DF:6C:65:12:E8:75:4F:C5:F8:9A:B2:37
            X509v3 Authority Key Identifier:
                keyid:79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/32Hv_gu1_sTfbGUS6HVPxfiasjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.46.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4a:4d:24:8c:c3:da:64:fb:42:c5:b4:40:29:33:be:ec:60:70:
         ef:d1:bf:7c:bd:c7:80:01:a5:14:84:b2:a1:10:87:6b:b8:69:
         44:42:01:55:3e:9f:3e:1e:8c:f0:d3:5c:ec:d1:cf:ce:e7:a0:
         32:f4:61:20:9c:37:86:57:2b:e2:de:2d:8c:5f:92:67:a9:2d:
         c1:c4:f5:7f:15:e2:f4:98:a8:94:aa:4d:25:39:c5:e2:ce:47:
         34:9a:1b:bf:3a:28:c3:c6:59:2e:0e:0b:91:c4:14:9a:12:bc:
         cd:b6:e6:f0:0a:f5:5d:28:6a:69:b5:2a:4d:ca:49:8b:bd:3d:
         37:08:9a:b3:3a:71:f4:75:10:c8:20:ca:02:2c:14:5d:c7:90:
         ea:98:8b:a1:7d:dc:0b:35:28:33:5f:d4:65:65:3e:2d:c8:1a:
         43:3a:15:2a:97:12:1f:b3:32:d4:61:cb:90:af:38:df:74:03:
         ec:ce:95:79:87:69:40:cd:6d:f5:50:54:96:ff:86:b8:7f:21:
         43:6e:b5:2f:ba:ab:85:06:95:7a:fc:9b:5b:b8:4b:23:71:e8:
         86:bd:7a:da:23:cf:4b:ec:ef:dd:7e:87:ad:ef:8f:06:14:21:
         e2:6b:f3:bf:d3:91:29:e1:61:c9:fe:43:40:27:1a:74:f2:f2:
         9c:70:f1:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcQRl3Pzj/263DCrKgNG5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5Nzk4NjNjZWE4MmFlYjhlOWRmMzg0YjM5YWE1MTc2ZjRi
Y2ZhNjEwHhcNMjQwMTAyMDQzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjYxZWZmZTBiYjVmZWM0ZGY2YzY1MTJlODc1NGZjNWY4OWFiMjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vzl8juKdSs60m+X9EuHjKG3Rzvw
16FuKqXh8Mwhs5zMB6za5QBUSrLuLow0kmsWcRDbwkTaTV6925piw9ht5AYv/M+L
VwPNoRLXei+e5/eiSoRuhJOlmdfLIH662QG5Ya+ZNPSbVbz6OQqJBc5IsfRGxj3f
lDVGMImC4yGjbXm12/6iL7Jmn+KMGYDmtntRKzNQhdseZljQRg8ovTPfIbmua5SL
ZBh13x0iApDPOiNu9kXZe8VGFCoVMusajb04jwJ9SRzlcQe/skHVYu6mCYelrytT
/XzCuScca2u6HA52FwLz8e5BUno7wIXIzNRCwirnak1T22pP5XSnrkJHgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN9h7/4Ltf7E32xlEuh1T8X4mrI3MB8GA1UdIwQY
MBaAFHl5hjzqgq646d84SzmqUXb0vPphMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEt
ZGU0YWNmNDQ3ZmFlLzEvMzJIdl9ndTFfc1RmYkdVUzZIVlB4Zmlhc2pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEtZGU0YWNmNDQ3ZmFl
LzEvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJS4wMA0G
CSqGSIb3DQEBCwUAA4IBAQBKTSSMw9pk+0LFtEApM77sYHDv0b98vceAAaUUhLKh
EIdruGlEQgFVPp8+Hozw01zs0c/O56Ay9GEgnDeGVyvi3i2MX5JnqS3BxPV/FeL0
mKiUqk0lOcXizkc0mhu/OijDxlkuDguRxBSaErzNtubwCvVdKGpptSpNykmLvT03
CJqzOnH0dRDIIMoCLBRdx5DqmIuhfdwLNSgzX9RlZT4tyBpDOhUqlxIfszLUYcuQ
rzjfdAPszpV5h2lAzW31UFSW/4a4fyFDbrUvuquFBpV6/JtbuEsjceiGvXraI89L
7O/dfoet748GFCHia/O/05Ep4WHJ/kNAJxp08vKccPHV
-----END CERTIFICATE-----