Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/seBX4zd3kP7PUyXY4xg3iK9P4pk.roa
File:                     seBX4zd3kP7PUyXY4xg3iK9P4pk.roa (raw, json)
Hash identifier:          EAZe7QY4ntNaDD3BUuGrFHmMzdOLF1a7bxSh0i4dCUs=
Subject key identifier:   B1:E0:57:E3:37:77:90:FE:CF:53:25:D8:E3:18:37:88:AF:4F:E2:99
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       018CC5012091E8C7E9A2402DC478C3587A7B
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/seBX4zd3kP7PUyXY4xg3iK9P4pk.roa
Signing time:             Mon 01 Jan 2024 12:30:34 +0000
ROA not before:           Mon 01 Jan 2024 12:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215933
IP address blocks:        45.157.35.0/24 maxlen: 24
                          45.130.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:20:91:e8:c7:e9:a2:40:2d:c4:78:c3:58:7a:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jan  1 12:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1e057e3377790fecf5325d8e3183788af4fe299
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:44:e9:ab:69:8f:53:50:e7:b8:7e:ea:37:d4:
                    b3:86:6b:5a:54:82:a2:d5:fe:6e:a6:a8:fc:db:c3:
                    86:7c:1a:67:ad:0a:4d:65:63:82:3a:06:22:6e:1a:
                    f0:d1:d2:87:dc:ab:db:58:61:6a:83:88:3a:1d:4f:
                    f3:7b:a4:ef:73:79:a7:52:f8:0b:58:99:47:45:d6:
                    ec:17:e7:67:61:90:1a:69:93:ff:c1:64:3a:b6:8a:
                    49:4f:aa:11:72:5c:f7:66:ed:1f:3e:a1:5e:d2:62:
                    52:9c:57:53:6e:ae:13:8b:50:1e:f9:2c:d3:16:1f:
                    80:fa:4b:00:33:0a:71:fd:45:dd:02:ce:f2:30:ea:
                    33:40:5b:ef:18:aa:a2:7e:c8:4b:07:cf:68:9f:41:
                    a2:36:43:a4:9d:16:a6:bf:09:8e:27:2b:9d:d5:b9:
                    b8:ca:cc:ec:08:8a:5e:fb:85:6b:a1:b0:c9:25:61:
                    75:41:50:d3:bf:3d:88:c2:92:7b:0f:61:5c:e4:8d:
                    60:25:ed:16:05:cc:b5:df:5d:49:a3:fd:89:b1:65:
                    e3:1d:c2:66:5c:00:0d:a3:3d:92:63:7a:78:39:dc:
                    98:da:f9:1c:ef:99:38:d1:71:39:6d:a2:77:ce:5f:
                    63:00:4e:6a:3d:f4:ef:d2:45:fc:1d:3f:0d:2f:98:
                    ff:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:E0:57:E3:37:77:90:FE:CF:53:25:D8:E3:18:37:88:AF:4F:E2:99
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/seBX4zd3kP7PUyXY4xg3iK9P4pk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.53.0/24
                  45.157.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:db:86:7c:19:1e:06:ad:1b:84:1b:87:cb:dd:36:5c:c8:b3:
         2c:e0:0c:cd:77:84:fe:4e:4c:2b:40:1e:e3:99:80:c5:ae:73:
         af:6f:2c:fc:a2:87:38:b0:8c:88:f0:bd:9a:63:fa:5d:06:12:
         52:1b:4b:68:0f:82:3f:a7:85:b8:d0:55:ea:4d:75:fd:d2:d5:
         27:e8:2a:02:94:c6:48:0a:0a:25:8b:18:a1:a5:87:6b:30:23:
         86:a7:6c:98:ff:36:36:85:ae:1b:dc:fd:e2:dd:01:75:4d:da:
         be:17:50:89:40:f5:23:fe:2b:b9:39:8b:a0:1a:5d:43:81:ee:
         87:4f:a0:09:56:12:ac:e0:b6:37:f2:33:2d:91:97:c5:12:cd:
         cc:1a:af:9b:38:47:c2:ad:d4:d2:f0:ec:9e:cf:fc:27:10:5c:
         16:1b:8b:35:c5:18:16:bf:ed:04:d9:9a:22:32:74:60:09:88:
         e7:1a:84:a5:e8:10:48:9e:04:bd:80:4b:22:23:5a:d3:df:61:
         b4:70:f8:10:63:f2:54:1e:26:a9:3d:43:e8:14:1d:ab:40:33:
         36:1a:4d:c7:2a:27:d1:c3:6b:07:79:25:5d:d9:68:61:fc:ec:
         54:aa:e8:f2:04:ac:db:8e:1d:86:af:c1:e2:aa:4a:f9:69:c6:
         73:a2:ad:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFASCR6MfpokAtxHjDWHp7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwMTAxMTIzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWUwNTdlMzM3Nzc5MGZlY2Y1MzI1ZDhlMzE4Mzc4OGFmNGZlMjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkTpq2mPU1DnuH7qN9SzhmtaVIKi
1f5upqj828OGfBpnrQpNZWOCOgYibhrw0dKH3KvbWGFqg4g6HU/ze6Tvc3mnUvgL
WJlHRdbsF+dnYZAaaZP/wWQ6topJT6oRclz3Zu0fPqFe0mJSnFdTbq4Ti1Ae+SzT
Fh+A+ksAMwpx/UXdAs7yMOozQFvvGKqifshLB89on0GiNkOknRamvwmOJyud1bm4
yszsCIpe+4VrobDJJWF1QVDTvz2IwpJ7D2Fc5I1gJe0WBcy1311Jo/2JsWXjHcJm
XAANoz2SY3p4OdyY2vkc75k40XE5baJ3zl9jAE5qPfTv0kX8HT8NL5j/CwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLHgV+M3d5D+z1Ml2OMYN4ivT+KZMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvc2VCWDR6ZDNrUDdQVXlYWTR4ZzNpSzlQNHBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYI1AwQA
LZ0jMA0GCSqGSIb3DQEBCwUAA4IBAQC724Z8GR4GrRuEG4fL3TZcyLMs4AzNd4T+
TkwrQB7jmYDFrnOvbyz8ooc4sIyI8L2aY/pdBhJSG0toD4I/p4W40FXqTXX90tUn
6CoClMZICgolixihpYdrMCOGp2yY/zY2ha4b3P3i3QF1Tdq+F1CJQPUj/iu5OYug
Gl1Dge6HT6AJVhKs4LY38jMtkZfFEs3MGq+bOEfCrdTS8Oyez/wnEFwWG4s1xRgW
v+0E2ZoiMnRgCYjnGoSl6BBIngS9gEsiI1rT32G0cPgQY/JUHiapPUPoFB2rQDM2
Gk3HKifRw2sHeSVd2Whh/OxUqujyBKzbjh2Gr8Hiqkr5acZzoq3s
-----END CERTIFICATE-----