Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/SEYzTL-ZbRpE-vf1oSxWomQ-uuY.roa
File:                     SEYzTL-ZbRpE-vf1oSxWomQ-uuY.roa (raw, json)
Hash identifier:          vXxcYqZphGsgWoLSUtlg4KY+w94dRswy9WeM04cuKaA=
Subject key identifier:   48:46:33:4C:BF:99:6D:1A:44:FA:F7:F5:A1:2C:56:A2:64:3E:BA:E6
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       019036D60688549528AE56A82E260C4CD36A
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/SEYzTL-ZbRpE-vf1oSxWomQ-uuY.roa
Signing time:             Thu 20 Jun 2024 18:08:34 +0000
ROA not before:           Thu 20 Jun 2024 18:08:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210797
IP address blocks:        185.57.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:36:d6:06:88:54:95:28:ae:56:a8:2e:26:0c:4c:d3:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jun 20 18:08:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4846334cbf996d1a44faf7f5a12c56a2643ebae6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:cf:98:81:2a:e2:d7:68:ec:3d:24:19:61:c6:
                    55:38:01:bd:63:3f:9b:4b:d3:c3:18:4d:ef:c7:4c:
                    34:79:d3:79:81:23:da:21:e3:aa:12:61:05:c9:36:
                    26:fa:7a:b6:cd:4b:b7:76:a2:f5:cf:90:5d:b3:b6:
                    1a:ef:c7:7d:d7:a7:ed:df:fc:0f:24:b1:55:f2:d0:
                    a7:ed:0c:dd:a3:d1:5a:cd:f9:0b:b4:b0:23:9b:f0:
                    c2:70:4d:61:80:cc:2f:79:19:6e:21:f9:05:f7:21:
                    ab:f2:6b:0e:1e:50:bb:e8:e9:40:2d:7d:85:23:08:
                    66:c9:82:bc:33:a4:57:75:70:f8:49:a3:cb:6f:3e:
                    8d:d1:40:73:73:d6:34:f7:dd:16:a5:f8:fe:c8:6e:
                    82:7e:b3:8b:be:a8:55:f8:b6:3f:cf:2b:0d:4c:07:
                    d9:ef:cb:ea:de:de:96:3c:e4:90:9e:8b:1e:a6:52:
                    19:bd:08:6c:4f:19:92:3a:20:27:46:09:a1:72:74:
                    2b:ed:da:e0:4c:07:8f:1f:f0:5b:31:8b:dc:95:13:
                    36:82:a3:11:5d:64:90:84:27:b9:26:38:b6:d8:39:
                    ef:28:ac:70:f9:6f:69:78:a4:b9:eb:8e:36:6a:f1:
                    12:8b:f7:b6:4d:36:dd:c7:60:43:d8:1d:3d:9e:0f:
                    a3:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:46:33:4C:BF:99:6D:1A:44:FA:F7:F5:A1:2C:56:A2:64:3E:BA:E6
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/SEYzTL-ZbRpE-vf1oSxWomQ-uuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:9e:58:94:6c:b1:92:b5:56:8a:28:87:10:42:06:ac:3d:1e:
         d7:c9:a7:4f:42:47:47:c0:93:47:b3:29:b5:a7:3a:0e:e5:13:
         ec:48:11:42:f0:e0:b0:c4:00:46:1d:1f:f2:32:97:a6:cb:ea:
         17:02:89:d7:41:29:08:6a:13:91:8e:93:a2:60:4a:ba:9c:36:
         5e:f6:d8:d7:c7:6c:33:b5:26:b9:f9:4f:62:76:c1:cd:1f:8f:
         2f:5f:d0:2a:c8:13:42:95:d6:c3:4b:8e:cf:ae:46:3d:a2:c0:
         45:c2:48:7a:44:bc:18:78:4e:1e:e3:ce:77:0a:68:48:bc:f2:
         65:17:95:e8:d2:a9:ad:55:da:a9:ff:01:ec:f3:c3:42:58:35:
         ab:7f:41:68:c1:bf:27:67:34:09:9c:d5:5e:9b:3b:b9:41:d8:
         4b:80:c1:e9:2b:fc:fb:b9:f0:b4:38:34:b6:69:50:9b:a2:03:
         dd:ed:30:d7:d1:5e:17:55:0b:2e:95:0a:d4:b8:40:0e:06:ee:
         8c:a6:97:2c:38:bf:23:df:0a:f2:7a:81:64:dc:e6:0c:7d:2a:
         93:58:48:22:5f:13:35:fa:ea:25:23:08:09:6f:11:4b:ff:db:
         e6:a3:9e:41:c1:7e:0a:bc:b8:eb:70:30:f0:8f:ea:7c:51:74:
         ac:d5:40:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZA21gaIVJUorlaoLiYMTNNqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjQwNjIwMTgwODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODQ2MzM0Y2JmOTk2ZDFhNDRmYWY3ZjVhMTJjNTZhMjY0M2ViYWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8+YgSri12jsPSQZYcZVOAG9Yz+b
S9PDGE3vx0w0edN5gSPaIeOqEmEFyTYm+nq2zUu3dqL1z5Bds7Ya78d916ft3/wP
JLFV8tCn7Qzdo9FazfkLtLAjm/DCcE1hgMwveRluIfkF9yGr8msOHlC76OlALX2F
IwhmyYK8M6RXdXD4SaPLbz6N0UBzc9Y0990Wpfj+yG6CfrOLvqhV+LY/zysNTAfZ
78vq3t6WPOSQnoseplIZvQhsTxmSOiAnRgmhcnQr7drgTAePH/BbMYvclRM2gqMR
XWSQhCe5Jji22DnvKKxw+W9peKS56442avESi/e2TTbdx2BD2B09ng+j/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEhGM0y/mW0aRPr39aEsVqJkPrrmMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvU0VZelRMLVpiUnBFLXZmMW9TeFdvbVEtdXVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTnmMA0G
CSqGSIb3DQEBCwUAA4IBAQBenliUbLGStVaKKIcQQgasPR7XyadPQkdHwJNHsym1
pzoO5RPsSBFC8OCwxABGHR/yMpemy+oXAonXQSkIahORjpOiYEq6nDZe9tjXx2wz
tSa5+U9idsHNH48vX9AqyBNCldbDS47PrkY9osBFwkh6RLwYeE4e4853CmhIvPJl
F5Xo0qmtVdqp/wHs88NCWDWrf0Fowb8nZzQJnNVemzu5QdhLgMHpK/z7ufC0ODS2
aVCbogPd7TDX0V4XVQsulQrUuEAOBu6MppcsOL8j3wryeoFk3OYMfSqTWEgiXxM1
+uolIwgJbxFL/9vmo55BwX4KvLjrcDDwj+p8UXSs1UBU
-----END CERTIFICATE-----