Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/33051d-c2a0-4ac7-b7f3-90adec85dd85/1/sEGe1Jm7L1zx3Xq7rhoWfJ60zZk.roa
File:                     sEGe1Jm7L1zx3Xq7rhoWfJ60zZk.roa (raw, json)
Hash identifier:          BaafjWTQKzvCZayv53mdBg++GlKcPIuxkSPqgoSkWqo=
Subject key identifier:   B0:41:9E:D4:99:BB:2F:5C:F1:DD:7A:BB:AE:1A:16:7C:9E:B4:CD:99
Certificate issuer:       /CN=c017a4a82172b206afee1c13d296ee260385b571
Certificate serial:       018E805D0B1834910A4E09A21ACB7E4F5B29
Authority key identifier: C0:17:A4:A8:21:72:B2:06:AF:EE:1C:13:D2:96:EE:26:03:85:B5:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wBekqCFysgav7hwT0pbuJgOFtXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/33051d-c2a0-4ac7-b7f3-90adec85dd85/1/sEGe1Jm7L1zx3Xq7rhoWfJ60zZk.roa
Signing time:             Wed 27 Mar 2024 14:42:45 +0000
ROA not before:           Wed 27 Mar 2024 14:42:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200874
IP address blocks:        185.89.116.0/22 maxlen: 24
                          2a03:8320::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/33051d-c2a0-4ac7-b7f3-90adec85dd85/1/wBekqCFysgav7hwT0pbuJgOFtXE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/33051d-c2a0-4ac7-b7f3-90adec85dd85/1/wBekqCFysgav7hwT0pbuJgOFtXE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wBekqCFysgav7hwT0pbuJgOFtXE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:80:5d:0b:18:34:91:0a:4e:09:a2:1a:cb:7e:4f:5b:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c017a4a82172b206afee1c13d296ee260385b571
        Validity
            Not Before: Mar 27 14:42:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0419ed499bb2f5cf1dd7abbae1a167c9eb4cd99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:2a:5c:77:7e:be:42:cf:59:5a:94:c1:3d:0b:
                    a6:64:1f:f1:61:4a:06:5f:b4:c8:11:36:a0:d3:ec:
                    7e:6a:ba:36:85:97:a3:4f:06:26:de:ca:30:e0:75:
                    f1:cb:b4:b7:1e:3d:be:40:81:3b:11:fa:61:c7:0d:
                    5c:f1:17:cf:01:10:5d:9b:cf:72:fd:94:73:b9:5b:
                    39:85:fe:b6:74:8b:79:7f:60:59:06:92:16:a9:6c:
                    ab:70:70:4d:83:91:bc:17:b8:06:48:29:98:85:51:
                    6f:96:c2:08:2d:5f:03:c7:84:9b:45:71:22:19:c2:
                    59:4d:84:3f:44:2c:34:bd:45:3c:91:00:68:de:5b:
                    ad:0a:bc:28:70:46:24:8a:2c:ad:f6:31:17:01:eb:
                    1b:72:38:36:80:12:11:91:ea:75:1c:c1:b9:f5:90:
                    61:31:27:a0:e4:97:f9:a2:33:c4:3e:d0:b9:86:11:
                    23:97:57:b9:d0:4a:2a:32:0c:b0:37:18:b2:78:1c:
                    b4:36:e8:cd:74:f2:3c:07:17:32:8c:b4:66:1e:71:
                    53:03:04:b8:68:70:48:d4:78:09:25:86:71:d9:bd:
                    3b:54:1c:ac:b6:55:04:de:83:da:79:a3:5b:b3:4a:
                    20:b3:62:1b:d5:18:a6:9b:e2:4b:7f:50:d5:ce:2f:
                    ec:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:41:9E:D4:99:BB:2F:5C:F1:DD:7A:BB:AE:1A:16:7C:9E:B4:CD:99
            X509v3 Authority Key Identifier:
                keyid:C0:17:A4:A8:21:72:B2:06:AF:EE:1C:13:D2:96:EE:26:03:85:B5:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wBekqCFysgav7hwT0pbuJgOFtXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/33051d-c2a0-4ac7-b7f3-90adec85dd85/1/sEGe1Jm7L1zx3Xq7rhoWfJ60zZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/33051d-c2a0-4ac7-b7f3-90adec85dd85/1/wBekqCFysgav7hwT0pbuJgOFtXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.116.0/22
                IPv6:
                  2a03:8320::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:23:54:86:9e:bc:fb:ad:15:9a:1e:c5:07:c7:15:57:c5:1a:
         ae:99:e1:6a:68:92:0a:c8:33:f7:94:7b:f1:28:bc:8b:2d:11:
         0c:6d:4d:ca:74:4c:18:ec:ed:b1:3e:ee:a5:f6:33:a4:03:7c:
         81:72:43:fb:a7:15:42:e5:22:54:cc:93:d5:33:96:e7:18:21:
         73:f3:18:fe:2d:01:0c:dd:23:ea:6d:eb:21:50:7e:0f:a3:be:
         ed:2d:3c:a3:ef:b1:f5:8d:0e:48:2e:8d:81:b8:fd:34:0e:08:
         4a:f0:44:bc:4f:20:36:74:c7:0a:07:01:0d:6e:c9:02:af:00:
         6e:64:d4:24:bf:61:1b:5b:60:00:25:25:a8:04:83:4e:68:a1:
         59:3c:ab:65:3b:a3:06:de:1f:4c:e8:7b:3a:5e:63:74:56:8c:
         6e:d1:72:23:fa:8a:ca:15:ee:30:a0:01:e8:a0:52:ad:57:61:
         81:1e:45:55:30:8f:e1:bf:8d:ce:24:48:ac:f2:71:f3:75:1b:
         a0:41:5a:ec:b7:73:11:1b:a6:c0:d4:91:bc:48:00:22:77:fc:
         d5:a7:1e:fa:47:83:6a:9e:c6:0f:e3:3e:bc:ee:dd:c3:46:75:
         ef:a4:1f:3e:b8:96:ba:9a:21:7e:ae:6e:be:b7:a1:2b:35:4b:
         21:58:7c:52
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY6AXQsYNJEKTgmiGst+T1spMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwMTdhNGE4MjE3MmIyMDZhZmVlMWMxM2QyOTZlZTI2MDM4
NWI1NzEwHhcNMjQwMzI3MTQ0MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDQxOWVkNDk5YmIyZjVjZjFkZDdhYmJhZTFhMTY3YzllYjRjZDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ypcd36+Qs9ZWpTBPQumZB/xYUoG
X7TIETag0+x+aro2hZejTwYm3sow4HXxy7S3Hj2+QIE7Efphxw1c8RfPARBdm89y
/ZRzuVs5hf62dIt5f2BZBpIWqWyrcHBNg5G8F7gGSCmYhVFvlsIILV8Dx4SbRXEi
GcJZTYQ/RCw0vUU8kQBo3lutCrwocEYkiiyt9jEXAesbcjg2gBIRkep1HMG59ZBh
MSeg5Jf5ojPEPtC5hhEjl1e50EoqMgywNxiyeBy0NujNdPI8BxcyjLRmHnFTAwS4
aHBI1HgJJYZx2b07VBystlUE3oPaeaNbs0ogs2Ib1Rimm+JLf1DVzi/sgwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLBBntSZuy9c8d16u64aFnyetM2ZMB8GA1UdIwQY
MBaAFMAXpKghcrIGr+4cE9KW7iYDhbVxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0Jla3FDRnlzZ2F2N2h3VDBwYnVKZ09GdFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS8zMzA1MWQtYzJhMC00YWM3LWI3ZjMt
OTBhZGVjODVkZDg1LzEvc0VHZTFKbTdMMXp4M1hxN3Job1dmSjYwelprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS8zMzA1MWQtYzJhMC00YWM3LWI3ZjMtOTBhZGVjODVkZDg1
LzEvd0Jla3FDRnlzZ2F2N2h3VDBwYnVKZ09GdFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVl0MA0E
AgACMAcDBQAqA4MgMA0GCSqGSIb3DQEBCwUAA4IBAQBrI1SGnrz7rRWaHsUHxxVX
xRqumeFqaJIKyDP3lHvxKLyLLREMbU3KdEwY7O2xPu6l9jOkA3yBckP7pxVC5SJU
zJPVM5bnGCFz8xj+LQEM3SPqbeshUH4Po77tLTyj77H1jQ5ILo2BuP00DghK8ES8
TyA2dMcKBwENbskCrwBuZNQkv2EbW2AAJSWoBINOaKFZPKtlO6MG3h9M6Hs6XmN0
Voxu0XIj+orKFe4woAHooFKtV2GBHkVVMI/hv43OJEis8nHzdRugQVrst3MRG6bA
1JG8SAAid/zVpx76R4NqnsYP4z687t3DRnXvpB8+uJa6miF+rm6+t6ErNUshWHxS
-----END CERTIFICATE-----