Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/seIL0vnAYyeTJo2LQSsWd5V-KHE.roa
File:                     seIL0vnAYyeTJo2LQSsWd5V-KHE.roa (raw, json)
Hash identifier:          6WckopId4eGeWy507007k4cS/Lx1TUSn2KYAQorJ49s=
Subject key identifier:   B1:E2:0B:D2:F9:C0:63:27:93:26:8D:8B:41:2B:16:77:95:7E:28:71
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC42555430D21B2EA0F431AE23C773C50
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/seIL0vnAYyeTJo2LQSsWd5V-KHE.roa
Signing time:             Mon 01 Jan 2024 08:30:30 +0000
ROA not before:           Mon 01 Jan 2024 08:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a0b:b87:ffb0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:55:43:0d:21:b2:ea:0f:43:1a:e2:3c:77:3c:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1e20bd2f9c0632793268d8b412b1677957e2871
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:38:ea:40:01:4a:65:f5:eb:0f:ff:8b:93:0f:
                    05:02:19:bf:55:ec:dc:b6:ec:21:ad:a4:06:0c:eb:
                    4f:56:7c:8c:a0:8f:c8:b7:a3:5c:30:63:7d:11:91:
                    dc:28:4d:2c:be:c4:ad:cd:b8:23:d6:85:5f:54:89:
                    27:32:51:9d:e8:86:b2:04:e2:21:3e:82:91:f4:81:
                    95:bc:53:80:a9:4a:a1:eb:bc:17:49:66:89:d5:92:
                    40:ed:b8:21:84:ca:75:60:b6:36:55:0f:e8:45:7b:
                    ab:dc:8e:2d:66:c5:26:51:4f:58:82:c4:5f:61:85:
                    ff:a2:74:d1:4f:3e:ec:2c:dd:25:1d:0d:5e:e6:34:
                    92:bc:af:2d:a3:64:33:07:da:5c:54:5c:57:3b:1f:
                    50:80:33:4f:cb:02:42:4a:62:02:a4:3c:1b:71:af:
                    6c:1f:23:c2:d1:c0:a3:db:6b:98:af:f1:3b:2e:a5:
                    2c:89:ef:b7:c3:5d:e5:15:14:ad:e0:e4:7f:32:a3:
                    4d:95:02:f4:54:9f:ae:48:7d:3b:5a:a4:fc:88:2d:
                    b6:10:46:b5:67:a3:33:56:28:f3:70:9c:25:3e:53:
                    54:21:36:06:de:c9:26:dd:bb:0b:f0:9d:b9:92:ea:
                    07:92:18:a3:ef:40:ba:58:f0:3e:50:3e:fc:0c:14:
                    7f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:E2:0B:D2:F9:C0:63:27:93:26:8D:8B:41:2B:16:77:95:7E:28:71
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/seIL0vnAYyeTJo2LQSsWd5V-KHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ffb0::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:a1:81:e3:01:b2:fa:27:cd:99:35:35:b7:45:20:43:54:73:
         52:b6:51:14:0b:ae:0e:46:ec:06:de:cd:d3:f9:c7:f3:86:56:
         1c:d3:e8:c0:32:ff:aa:c3:92:98:81:8d:54:91:76:96:3a:d0:
         45:5d:20:f8:53:a5:c6:c6:b1:62:8c:84:31:42:19:80:82:1b:
         50:7b:e1:28:80:8b:87:88:af:d9:49:fe:ed:e8:b5:fe:f5:ab:
         a2:42:ff:00:ec:8d:49:4e:a3:a2:d1:7c:f4:d1:a1:e4:bd:a6:
         23:65:71:00:2c:0a:30:94:2c:17:b8:f9:d3:eb:29:05:22:71:
         b5:9d:89:72:32:b6:e3:f7:83:bc:cd:8e:33:a6:45:f6:41:42:
         ce:4b:f7:f7:76:3a:b0:73:58:24:b0:6a:8a:f1:09:04:a4:90:
         47:20:de:d1:07:ea:25:ec:7e:11:80:68:41:80:e0:49:23:dd:
         3e:a0:db:7d:ef:e1:23:57:d8:c2:61:ca:58:ac:2f:16:10:80:
         f7:28:69:4e:aa:57:46:bd:4b:92:ba:09:7b:ad:e9:f3:b2:1a:
         f6:8f:f9:f6:cd:87:62:8d:97:1e:5b:c6:2e:a9:0f:57:e5:c6:
         62:1e:e9:68:db:82:51:a4:54:9e:36:a6:aa:12:b3:a1:1b:b5:
         e8:93:41:80
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJVVDDSGy6g9DGuI8dzxQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWUyMGJkMmY5YzA2MzI3OTMyNjhkOGI0MTJiMTY3Nzk1N2UyODcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzjqQAFKZfXrD/+Lkw8FAhm/Vezc
tuwhraQGDOtPVnyMoI/It6NcMGN9EZHcKE0svsStzbgj1oVfVIknMlGd6IayBOIh
PoKR9IGVvFOAqUqh67wXSWaJ1ZJA7bghhMp1YLY2VQ/oRXur3I4tZsUmUU9YgsRf
YYX/onTRTz7sLN0lHQ1e5jSSvK8to2QzB9pcVFxXOx9QgDNPywJCSmICpDwbca9s
HyPC0cCj22uYr/E7LqUsie+3w13lFRSt4OR/MqNNlQL0VJ+uSH07WqT8iC22EEa1
Z6MzVijzcJwlPlNUITYG3skm3bsL8J25kuoHkhij70C6WPA+UD78DBR/awIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLHiC9L5wGMnkyaNi0ErFneVfihxMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvc2VJTDB2bkFZeWVUSm8yTFFTc1dkNVYtS0hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh/+w
MA0GCSqGSIb3DQEBCwUAA4IBAQAeoYHjAbL6J82ZNTW3RSBDVHNStlEUC64ORuwG
3s3T+cfzhlYc0+jAMv+qw5KYgY1UkXaWOtBFXSD4U6XGxrFijIQxQhmAghtQe+Eo
gIuHiK/ZSf7t6LX+9auiQv8A7I1JTqOi0Xz00aHkvaYjZXEALAowlCwXuPnT6ykF
InG1nYlyMrbj94O8zY4zpkX2QULOS/f3djqwc1gksGqK8QkEpJBHIN7RB+ol7H4R
gGhBgOBJI90+oNt97+EjV9jCYcpYrC8WEID3KGlOqldGvUuSugl7renzshr2j/n2
zYdijZceW8YuqQ9X5cZiHulo24JRpFSeNqaqErOhG7Xok0GA
-----END CERTIFICATE-----