Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/270b89-7c47-4263-86a0-0073c2b7a7ee/1/HrSejbS-39NivWEqBB6_ezmUBgQ.roa
File:                     HrSejbS-39NivWEqBB6_ezmUBgQ.roa (raw, json)
Hash identifier:          8T3MTXu6asTJ46RNeuQMt6iMOXHZ2zW1uZEJeSesDDw=
Subject key identifier:   1E:B4:9E:8D:B4:BE:DF:D3:62:BD:61:2A:04:1E:BF:7B:39:94:06:04
Certificate issuer:       /CN=4e4f665d46d6a2abf0521e5cb1f7c451ca337a87
Certificate serial:       0194AB8F5AF69713F80CB85B67B231028313
Authority key identifier: 4E:4F:66:5D:46:D6:A2:AB:F0:52:1E:5C:B1:F7:C4:51:CA:33:7A:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tk9mXUbWoqvwUh5csffEUcozeoc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/270b89-7c47-4263-86a0-0073c2b7a7ee/1/HrSejbS-39NivWEqBB6_ezmUBgQ.roa
Signing time:             Tue 28 Jan 2025 06:18:06 +0000
ROA not before:           Tue 28 Jan 2025 06:18:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48952
IP address blocks:        185.161.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/270b89-7c47-4263-86a0-0073c2b7a7ee/1/Tk9mXUbWoqvwUh5csffEUcozeoc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/270b89-7c47-4263-86a0-0073c2b7a7ee/1/Tk9mXUbWoqvwUh5csffEUcozeoc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tk9mXUbWoqvwUh5csffEUcozeoc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ab:8f:5a:f6:97:13:f8:0c:b8:5b:67:b2:31:02:83:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e4f665d46d6a2abf0521e5cb1f7c451ca337a87
        Validity
            Not Before: Jan 28 06:18:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1eb49e8db4bedfd362bd612a041ebf7b39940604
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:4a:4f:2a:3b:b3:a3:ad:8c:3f:ce:19:e8:53:
                    28:24:a2:d3:e4:a4:7e:f8:67:a4:18:c6:72:e7:f6:
                    03:b0:81:50:fd:90:83:f1:8c:99:0b:b1:9e:72:09:
                    e1:c8:c2:24:fc:9d:20:b6:b3:73:4f:56:99:31:74:
                    8b:a7:8c:64:e1:2f:ee:5e:31:25:0a:46:e6:b3:c9:
                    2d:de:5d:11:61:f4:65:08:51:3f:36:73:ed:8d:c0:
                    67:cf:ed:71:81:7b:ef:bd:c8:0e:1e:90:dd:f1:42:
                    16:d7:2e:bc:4e:eb:43:dd:2f:68:40:a3:1d:86:60:
                    92:67:6d:ca:95:e9:59:2c:97:5d:5c:31:71:ff:16:
                    ad:7d:54:4b:f8:6e:a7:26:30:32:b0:24:40:7c:69:
                    db:cb:31:5f:a2:b0:79:3e:c5:c6:c7:8f:30:df:fa:
                    55:eb:06:b4:34:91:d4:d9:8d:91:59:35:1e:2b:d8:
                    bb:be:a2:88:de:b8:28:f9:be:89:00:e7:28:e2:69:
                    c1:3b:16:17:f9:75:42:88:15:39:2a:58:90:90:b4:
                    b3:60:f3:ba:c2:5e:81:11:a7:be:49:46:56:34:7d:
                    3a:96:a3:41:38:0e:f4:88:8e:4f:e2:ef:ad:ad:a9:
                    b9:e4:67:81:40:ad:82:e8:3c:17:0a:5e:1b:63:12:
                    66:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:B4:9E:8D:B4:BE:DF:D3:62:BD:61:2A:04:1E:BF:7B:39:94:06:04
            X509v3 Authority Key Identifier:
                keyid:4E:4F:66:5D:46:D6:A2:AB:F0:52:1E:5C:B1:F7:C4:51:CA:33:7A:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tk9mXUbWoqvwUh5csffEUcozeoc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/270b89-7c47-4263-86a0-0073c2b7a7ee/1/HrSejbS-39NivWEqBB6_ezmUBgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/270b89-7c47-4263-86a0-0073c2b7a7ee/1/Tk9mXUbWoqvwUh5csffEUcozeoc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:52:15:e9:ed:dd:27:e4:a2:63:19:88:f7:b5:42:ea:1b:27:
         fa:86:96:9c:a1:98:d1:a2:da:55:e8:2b:f9:04:0a:d2:ea:f5:
         c3:53:fe:f0:0b:b1:69:5d:ba:06:c7:fa:da:2e:18:dc:59:7c:
         9d:c7:0d:8f:cd:23:a9:39:0e:da:ab:16:57:be:1c:67:90:41:
         6c:3b:32:56:07:2e:82:f5:be:5a:62:92:6a:7b:42:e1:af:35:
         d4:91:5a:49:b4:59:d8:75:72:f6:20:a7:d1:41:80:6e:d6:04:
         43:dd:ce:8a:45:0e:ff:51:90:3d:0d:15:86:c0:4e:4a:1f:6a:
         45:f6:56:5f:34:57:b8:d9:8d:b0:6b:30:c8:15:88:1b:04:b7:
         cd:0f:27:57:49:2f:77:ad:21:c6:64:6f:91:64:52:41:54:f1:
         ca:82:a5:31:0f:e4:fd:45:ec:30:70:4a:a7:26:a7:a1:23:1e:
         da:c7:b8:be:e7:f4:72:7a:c6:5e:a4:d0:ee:6f:f8:82:1c:a4:
         58:b9:f1:28:b7:cf:d2:41:cd:40:ec:c6:92:f2:6e:88:2f:5f:
         21:3b:eb:93:66:3f:34:9a:36:99:f5:54:af:8c:fa:0d:7d:c7:
         66:2f:b6:7d:69:13:1b:3b:a4:53:07:e9:70:6d:58:e1:5e:03:
         75:3a:d9:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSrj1r2lxP4DLhbZ7IxAoMTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNGY2NjVkNDZkNmEyYWJmMDUyMWU1Y2IxZjdjNDUxY2Ez
MzdhODcwHhcNMjUwMTI4MDYxODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWI0OWU4ZGI0YmVkZmQzNjJiZDYxMmEwNDFlYmY3YjM5OTQwNjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukpPKjuzo62MP84Z6FMoJKLT5KR+
+GekGMZy5/YDsIFQ/ZCD8YyZC7GecgnhyMIk/J0gtrNzT1aZMXSLp4xk4S/uXjEl
Ckbms8kt3l0RYfRlCFE/NnPtjcBnz+1xgXvvvcgOHpDd8UIW1y68TutD3S9oQKMd
hmCSZ23KlelZLJddXDFx/xatfVRL+G6nJjAysCRAfGnbyzFforB5PsXGx48w3/pV
6wa0NJHU2Y2RWTUeK9i7vqKI3rgo+b6JAOco4mnBOxYX+XVCiBU5KliQkLSzYPO6
wl6BEae+SUZWNH06lqNBOA70iI5P4u+tram55GeBQK2C6DwXCl4bYxJm1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB60no20vt/TYr1hKgQev3s5lAYEMB8GA1UdIwQY
MBaAFE5PZl1G1qKr8FIeXLH3xFHKM3qHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGs5bVhVYldvcXZ3VWg1Y3NmZkVVY296ZW9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8yNzBiODktN2M0Ny00MjYzLTg2YTAt
MDA3M2MyYjdhN2VlLzEvSHJTZWpiUy0zOU5pdldFcUJCNl9lem1VQmdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8yNzBiODktN2M0Ny00MjYzLTg2YTAtMDA3M2MyYjdhN2Vl
LzEvVGs5bVhVYldvcXZ3VWg1Y3NmZkVVY296ZW9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaEoMA0G
CSqGSIb3DQEBCwUAA4IBAQBHUhXp7d0n5KJjGYj3tULqGyf6hpacoZjRotpV6Cv5
BArS6vXDU/7wC7FpXboGx/raLhjcWXydxw2PzSOpOQ7aqxZXvhxnkEFsOzJWBy6C
9b5aYpJqe0LhrzXUkVpJtFnYdXL2IKfRQYBu1gRD3c6KRQ7/UZA9DRWGwE5KH2pF
9lZfNFe42Y2wazDIFYgbBLfNDydXSS93rSHGZG+RZFJBVPHKgqUxD+T9RewwcEqn
JqehIx7ax7i+5/RyesZepNDub/iCHKRYufEot8/SQc1A7MaS8m6IL18hO+uTZj80
mjaZ9VSvjPoNfcdmL7Z9aRMbO6RTB+lwbVjhXgN1OtmJ
-----END CERTIFICATE-----