Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/484d54-f468-479f-9758-e1ff8638634b/1/sEET-ptT1wSBoWPjjCsZ2dSnAsI.roa
File:                     sEET-ptT1wSBoWPjjCsZ2dSnAsI.roa (raw, json)
Hash identifier:          f9CQV7WSxI4NmikFhldnkXK2NLP+yhZAq8+zP2dx5cg=
Subject key identifier:   B0:41:13:FA:9B:53:D7:04:81:A1:63:E3:8C:2B:19:D9:D4:A7:02:C2
Certificate issuer:       /CN=aa67dfb882ae7d8e55d258651742f4e6ce437019
Certificate serial:       01942444D89AACEA25CC0B768CCEAC87885D
Authority key identifier: AA:67:DF:B8:82:AE:7D:8E:55:D2:58:65:17:42:F4:E6:CE:43:70:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qmffuIKufY5V0lhlF0L05s5DcBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/484d54-f468-479f-9758-e1ff8638634b/1/sEET-ptT1wSBoWPjjCsZ2dSnAsI.roa
Signing time:             Wed 01 Jan 2025 23:47:59 +0000
ROA not before:           Wed 01 Jan 2025 23:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31461
IP address blocks:        80.65.176.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/484d54-f468-479f-9758-e1ff8638634b/1/qmffuIKufY5V0lhlF0L05s5DcBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/484d54-f468-479f-9758-e1ff8638634b/1/qmffuIKufY5V0lhlF0L05s5DcBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qmffuIKufY5V0lhlF0L05s5DcBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:d8:9a:ac:ea:25:cc:0b:76:8c:ce:ac:87:88:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa67dfb882ae7d8e55d258651742f4e6ce437019
        Validity
            Not Before: Jan  1 23:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b04113fa9b53d70481a163e38c2b19d9d4a702c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c3:b2:ed:17:e9:46:57:c0:e1:0d:c8:89:73:
                    f9:43:79:9a:93:12:01:60:d6:29:ba:f7:ff:96:67:
                    d7:8a:eb:d7:04:09:0e:e0:ce:45:25:72:7c:bd:5e:
                    ab:cd:83:37:f0:14:35:72:c6:93:eb:14:1b:f4:65:
                    17:49:47:38:9e:8d:cb:5f:cd:34:a1:38:37:e8:ce:
                    33:8d:17:0f:2f:89:7f:aa:83:c0:75:4d:98:8b:fb:
                    46:a1:7b:55:19:4b:c9:38:5e:8f:e0:ba:b1:cc:e9:
                    38:54:aa:10:3f:5f:1b:52:4b:8f:bc:29:e6:4b:da:
                    8e:e0:83:68:73:b3:56:f9:14:49:69:cd:ac:be:24:
                    32:54:b1:49:d7:47:df:cb:20:1d:2b:57:23:78:17:
                    b5:a7:ca:8a:77:ef:ca:e1:93:68:5c:3d:3f:f7:8f:
                    17:36:53:14:fb:a0:7d:8d:97:fa:7e:d9:c8:52:55:
                    8a:97:d7:41:82:ee:48:02:ae:1c:02:3f:8a:5f:88:
                    a1:56:46:37:e7:d4:9c:a0:8a:8d:0b:15:07:5f:33:
                    80:e5:b1:98:9a:86:3c:49:44:ac:28:6c:57:55:83:
                    f1:d1:93:c0:44:2c:05:c2:b8:3b:c5:ce:fe:15:7b:
                    41:d3:5e:5c:06:a8:79:19:d3:14:fd:2b:77:21:0e:
                    b6:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:41:13:FA:9B:53:D7:04:81:A1:63:E3:8C:2B:19:D9:D4:A7:02:C2
            X509v3 Authority Key Identifier:
                keyid:AA:67:DF:B8:82:AE:7D:8E:55:D2:58:65:17:42:F4:E6:CE:43:70:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qmffuIKufY5V0lhlF0L05s5DcBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/484d54-f468-479f-9758-e1ff8638634b/1/sEET-ptT1wSBoWPjjCsZ2dSnAsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/484d54-f468-479f-9758-e1ff8638634b/1/qmffuIKufY5V0lhlF0L05s5DcBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.65.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         09:ac:02:2f:d4:0c:cd:3b:e6:2a:bf:ad:35:32:16:2d:44:aa:
         a3:37:21:35:8c:91:55:b0:18:a4:03:7e:e1:d8:69:59:0a:57:
         d0:e6:48:4d:14:05:20:45:55:b0:0b:31:0a:60:fe:72:ba:27:
         01:ab:af:20:01:cc:21:dd:7c:8f:10:95:af:82:b6:34:e9:3a:
         19:fa:a0:da:f4:35:8f:19:63:59:e5:fc:7a:78:4d:2e:62:74:
         e8:53:c5:a6:22:70:82:fd:92:71:98:81:15:2b:86:19:55:16:
         3c:fd:3f:5d:48:8a:3a:72:5d:c5:f4:3c:d4:60:d1:2a:bb:b2:
         da:ee:a7:a9:dd:62:e8:9d:14:47:8b:eb:ee:04:ca:a4:c9:b9:
         5f:9c:aa:88:dc:c5:96:66:b8:97:59:a3:51:e0:bc:7e:56:9b:
         ba:ba:51:1e:2d:58:95:e1:ec:f2:59:ac:54:10:21:da:14:a6:
         61:9f:d8:59:57:f7:a5:3d:ef:a8:3d:2f:79:e6:d5:b8:46:03:
         0c:95:f6:b4:df:30:1b:46:0c:7b:9c:67:23:36:48:45:f5:83:
         7a:dc:27:64:e8:0a:f8:ca:04:e4:14:5a:85:c6:d1:50:90:94:
         c5:1e:31:b2:9d:4a:9c:27:60:91:14:09:8d:dd:bb:ce:05:42:
         9e:d7:7e:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRNiarOolzAt2jM6sh4hdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNjdkZmI4ODJhZTdkOGU1NWQyNTg2NTE3NDJmNGU2Y2U0
MzcwMTkwHhcNMjUwMTAxMjM0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDQxMTNmYTliNTNkNzA0ODFhMTYzZTM4YzJiMTlkOWQ0YTcwMmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsOy7RfpRlfA4Q3IiXP5Q3makxIB
YNYpuvf/lmfXiuvXBAkO4M5FJXJ8vV6rzYM38BQ1csaT6xQb9GUXSUc4no3LX800
oTg36M4zjRcPL4l/qoPAdU2Yi/tGoXtVGUvJOF6P4LqxzOk4VKoQP18bUkuPvCnm
S9qO4INoc7NW+RRJac2sviQyVLFJ10ffyyAdK1cjeBe1p8qKd+/K4ZNoXD0/948X
NlMU+6B9jZf6ftnIUlWKl9dBgu5IAq4cAj+KX4ihVkY359ScoIqNCxUHXzOA5bGY
moY8SUSsKGxXVYPx0ZPARCwFwrg7xc7+FXtB015cBqh5GdMU/St3IQ626wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBBE/qbU9cEgaFj44wrGdnUpwLCMB8GA1UdIwQY
MBaAFKpn37iCrn2OVdJYZRdC9ObOQ3AZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW1mZnVJS3VmWTVWMGxobEYwTDA1czVEY0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC80ODRkNTQtZjQ2OC00NzlmLTk3NTgt
ZTFmZjg2Mzg2MzRiLzEvc0VFVC1wdFQxd1NCb1dQampDc1oyZFNuQXNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC80ODRkNTQtZjQ2OC00NzlmLTk3NTgtZTFmZjg2Mzg2MzRi
LzEvcW1mZnVJS3VmWTVWMGxobEYwTDA1czVEY0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUEGwMA0G
CSqGSIb3DQEBCwUAA4IBAQAJrAIv1AzNO+Yqv601MhYtRKqjNyE1jJFVsBikA37h
2GlZClfQ5khNFAUgRVWwCzEKYP5yuicBq68gAcwh3XyPEJWvgrY06ToZ+qDa9DWP
GWNZ5fx6eE0uYnToU8WmInCC/ZJxmIEVK4YZVRY8/T9dSIo6cl3F9DzUYNEqu7La
7qep3WLonRRHi+vuBMqkyblfnKqI3MWWZriXWaNR4Lx+Vpu6ulEeLViV4ezyWaxU
ECHaFKZhn9hZV/elPe+oPS955tW4RgMMlfa03zAbRgx7nGcjNkhF9YN63Cdk6Ar4
ygTkFFqFxtFQkJTFHjGynUqcJ2CRFAmN3bvOBUKe136+
-----END CERTIFICATE-----