Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/SEZpmSrX6vARHTjU6bQft5yhYek.roa
File:                     SEZpmSrX6vARHTjU6bQft5yhYek.roa (raw, json)
Hash identifier:          3iFf4a/FUMveZzwp8geF1uzxd9LX6N/jU199hKwoC50=
Subject key identifier:   48:46:69:99:2A:D7:EA:F0:11:1D:38:D4:E9:B4:1F:B7:9C:A1:61:E9
Certificate issuer:       /CN=51ecf9babc9ca6bae9085ce292fb1c2cc18d344f
Certificate serial:       018F64156C6B55AC11B27284CD7B460FC31B
Authority key identifier: 51:EC:F9:BA:BC:9C:A6:BA:E9:08:5C:E2:92:FB:1C:2C:C1:8D:34:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uez5urycprrpCFzikvscLMGNNE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/SEZpmSrX6vARHTjU6bQft5yhYek.roa
Signing time:             Fri 10 May 2024 19:57:56 +0000
ROA not before:           Fri 10 May 2024 19:57:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        45.158.62.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/Uez5urycprrpCFzikvscLMGNNE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/Uez5urycprrpCFzikvscLMGNNE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uez5urycprrpCFzikvscLMGNNE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:64:15:6c:6b:55:ac:11:b2:72:84:cd:7b:46:0f:c3:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51ecf9babc9ca6bae9085ce292fb1c2cc18d344f
        Validity
            Not Before: May 10 19:57:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=484669992ad7eaf0111d38d4e9b41fb79ca161e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:aa:9a:9e:72:71:69:7e:6a:b1:60:61:fc:e6:
                    cd:72:86:96:7c:a7:c5:e9:72:ad:fe:ac:da:c2:fb:
                    f9:76:9c:ad:ae:02:3b:11:b4:ee:c1:40:b1:28:c4:
                    1e:4a:fa:49:f1:66:65:42:fd:75:79:a0:6f:f7:2e:
                    26:46:87:d4:46:83:de:f3:35:0f:82:20:61:ad:a2:
                    81:6d:50:41:2b:f8:40:b6:ed:e6:2d:a4:be:91:dc:
                    31:04:a6:32:69:33:7b:3a:df:f1:8f:fb:7a:10:9b:
                    7b:17:b9:0d:6f:40:4a:b5:b9:29:45:c2:e3:eb:14:
                    b8:6d:f5:ea:67:ab:75:26:f5:2a:82:d5:49:ab:af:
                    10:87:c5:07:26:f3:93:f7:af:2a:73:2a:b1:3c:41:
                    91:7f:9d:b2:59:ff:d0:b7:77:76:90:f8:99:23:9d:
                    03:63:09:e7:3e:a6:ee:f4:cb:fb:d4:31:1c:e3:71:
                    d7:3f:86:5d:fb:c7:60:a8:f4:50:f6:7c:60:39:01:
                    6c:1c:12:b8:ed:fe:32:20:0b:2f:2b:02:7a:d1:a8:
                    f5:97:c3:8b:9e:54:d1:2b:b5:60:d8:cc:8f:62:9c:
                    d1:9e:4a:2f:ab:29:0d:5e:ed:04:0c:a4:43:c4:34:
                    ab:b1:80:c4:78:51:11:b9:d8:b1:3d:fc:6d:51:ee:
                    cc:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:46:69:99:2A:D7:EA:F0:11:1D:38:D4:E9:B4:1F:B7:9C:A1:61:E9
            X509v3 Authority Key Identifier:
                keyid:51:EC:F9:BA:BC:9C:A6:BA:E9:08:5C:E2:92:FB:1C:2C:C1:8D:34:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uez5urycprrpCFzikvscLMGNNE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/SEZpmSrX6vARHTjU6bQft5yhYek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/Uez5urycprrpCFzikvscLMGNNE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:a8:f7:26:b1:d7:fd:47:10:c1:31:63:e8:82:f4:de:e8:20:
         1e:77:43:dc:41:bf:3b:48:66:15:b4:2d:33:36:a6:c0:85:9a:
         62:ed:ed:16:dd:c5:ba:20:44:9a:9a:d0:ce:e8:cb:d4:6e:a4:
         4e:51:de:a6:1a:4b:3f:89:c1:9b:72:7a:d0:6b:05:fe:b7:31:
         dd:68:9c:13:34:8b:aa:af:55:36:58:af:52:11:c9:5b:16:5e:
         ea:2e:84:b8:df:31:2b:54:cc:38:0f:32:33:1b:1e:73:e0:a2:
         ca:a4:e6:f4:b0:68:ca:f5:00:3d:cb:d3:29:d5:27:b7:06:e8:
         65:38:21:7d:15:ba:c7:c5:75:6b:42:aa:ef:6f:9f:3f:b1:39:
         5d:9d:4b:43:21:d9:67:48:17:1b:68:91:c4:70:0c:aa:f8:ed:
         af:30:04:7d:c2:29:23:fb:06:d2:87:53:f5:3d:04:03:4e:08:
         41:5a:6d:33:e1:d1:5b:97:38:ea:4e:d8:88:42:03:42:5e:bc:
         c7:02:55:7a:cd:eb:3c:06:3a:d7:70:d8:3e:30:79:12:3a:61:
         e8:f9:9d:86:e4:ba:df:22:0c:78:87:d8:93:fa:e4:57:3f:13:
         9c:2d:e1:7c:5b:b5:dd:b9:1f:b7:ba:1c:ef:4e:66:9f:15:e1:
         ea:05:9f:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9kFWxrVawRsnKEzXtGD8MbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxZWNmOWJhYmM5Y2E2YmFlOTA4NWNlMjkyZmIxYzJjYzE4
ZDM0NGYwHhcNMjQwNTEwMTk1NzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODQ2Njk5OTJhZDdlYWYwMTExZDM4ZDRlOWI0MWZiNzljYTE2MWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1aqannJxaX5qsWBh/ObNcoaWfKfF
6XKt/qzawvv5dpytrgI7EbTuwUCxKMQeSvpJ8WZlQv11eaBv9y4mRofURoPe8zUP
giBhraKBbVBBK/hAtu3mLaS+kdwxBKYyaTN7Ot/xj/t6EJt7F7kNb0BKtbkpRcLj
6xS4bfXqZ6t1JvUqgtVJq68Qh8UHJvOT968qcyqxPEGRf52yWf/Qt3d2kPiZI50D
YwnnPqbu9Mv71DEc43HXP4Zd+8dgqPRQ9nxgOQFsHBK47f4yIAsvKwJ60aj1l8OL
nlTRK7Vg2MyPYpzRnkovqykNXu0EDKRDxDSrsYDEeFERudixPfxtUe7MlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEhGaZkq1+rwER041Om0H7ecoWHpMB8GA1UdIwQY
MBaAFFHs+bq8nKa66Qhc4pL7HCzBjTRPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWV6NXVyeWNwcnJwQ0Z6aWt2c2NMTUdOTkU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9mYjA0YzgtNzA1Ny00NWI3LWEzNGMt
ZGNmYzZhOWUwZGM3LzEvU0VacG1Tclg2dkFSSFRqVTZiUWZ0NXloWWVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9mYjA0YzgtNzA1Ny00NWI3LWEzNGMtZGNmYzZhOWUwZGM3
LzEvVWV6NXVyeWNwcnJwQ0Z6aWt2c2NMTUdOTkU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZ4+MA0G
CSqGSIb3DQEBCwUAA4IBAQBiqPcmsdf9RxDBMWPogvTe6CAed0PcQb87SGYVtC0z
NqbAhZpi7e0W3cW6IESamtDO6MvUbqROUd6mGks/icGbcnrQawX+tzHdaJwTNIuq
r1U2WK9SEclbFl7qLoS43zErVMw4DzIzGx5z4KLKpOb0sGjK9QA9y9Mp1Se3Buhl
OCF9FbrHxXVrQqrvb58/sTldnUtDIdlnSBcbaJHEcAyq+O2vMAR9wikj+wbSh1P1
PQQDTghBWm0z4dFblzjqTtiIQgNCXrzHAlV6zes8BjrXcNg+MHkSOmHo+Z2G5Lrf
Igx4h9iT+uRXPxOcLeF8W7XduR+3uhzvTmafFeHqBZ/k
-----END CERTIFICATE-----