Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/r-SEcegHXv0xgVPmVK5FNkrtRLY.roa
File:                     r-SEcegHXv0xgVPmVK5FNkrtRLY.roa (raw, json)
Hash identifier:          v2dXKgRdYBORQji5ctYjWOfXCnsGc158HDC6A+NIWtM=
Subject key identifier:   AF:E4:84:71:E8:07:5E:FD:31:81:53:E6:54:AE:45:36:4A:ED:44:B6
Certificate issuer:       /CN=60fcd55b9130858d8ea583c0987dad00f614db39
Certificate serial:       019425FD5022779435B29DC6C064BF74D109
Authority key identifier: 60:FC:D5:5B:91:30:85:8D:8E:A5:83:C0:98:7D:AD:00:F6:14:DB:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/r-SEcegHXv0xgVPmVK5FNkrtRLY.roa
Signing time:             Thu 02 Jan 2025 07:49:05 +0000
ROA not before:           Thu 02 Jan 2025 07:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198584
IP address blocks:        185.253.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:50:22:77:94:35:b2:9d:c6:c0:64:bf:74:d1:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60fcd55b9130858d8ea583c0987dad00f614db39
        Validity
            Not Before: Jan  2 07:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=afe48471e8075efd318153e654ae45364aed44b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b2:e4:03:d1:2d:38:0d:82:93:3c:31:3a:28:
                    32:60:d8:97:d3:71:2a:89:4d:8a:a0:7c:94:90:db:
                    88:2e:7d:7b:22:8f:ed:90:a2:9f:df:93:75:f6:0a:
                    ce:63:03:37:a4:dc:cd:65:77:40:25:e2:b7:6d:49:
                    ea:7b:4d:10:73:30:08:a7:dc:75:69:96:fb:03:bb:
                    91:36:b6:9b:de:8a:58:76:3a:2c:41:3f:af:44:9a:
                    2e:53:1d:ff:a5:a0:12:2a:f4:d9:c2:2e:42:90:8e:
                    58:bb:84:2f:a3:99:3c:2d:d3:81:68:86:4f:ff:9b:
                    36:ea:6f:cb:0a:cd:89:31:78:31:5f:1b:4e:f1:b4:
                    c2:5a:51:64:16:0a:22:26:8e:39:a2:e3:d9:70:8b:
                    b1:7e:0c:1a:a3:fc:05:2a:18:bb:bc:c7:1e:23:4e:
                    03:aa:65:15:3d:51:74:47:1a:a7:9b:c7:e7:23:44:
                    f8:57:55:b6:e7:a3:a5:dd:64:b3:51:d2:12:52:e9:
                    97:75:6b:0b:67:5b:e4:ee:49:1a:c1:c1:d9:96:a7:
                    f4:f1:31:20:8c:67:f6:9f:bb:12:18:a6:ad:36:c8:
                    ab:b4:24:fc:2e:03:f5:b9:73:be:7e:aa:37:ac:5e:
                    52:68:88:3d:5a:60:30:c7:d3:8e:76:9e:2d:c9:38:
                    57:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:E4:84:71:E8:07:5E:FD:31:81:53:E6:54:AE:45:36:4A:ED:44:B6
            X509v3 Authority Key Identifier:
                keyid:60:FC:D5:5B:91:30:85:8D:8E:A5:83:C0:98:7D:AD:00:F6:14:DB:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/r-SEcegHXv0xgVPmVK5FNkrtRLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:90:80:1c:6e:16:b5:23:24:83:0e:7e:e9:39:9a:d8:b7:75:
         06:5f:68:40:1a:1f:0e:19:90:ac:0e:b2:9f:7d:a3:82:89:77:
         53:f7:5e:11:57:39:33:b0:22:e1:a2:0a:fd:35:24:8b:9b:10:
         95:7b:7d:2e:c5:c3:72:24:ae:4d:25:0b:7f:02:2e:4f:80:bc:
         11:12:db:84:4b:8d:06:e9:6a:35:38:91:5e:16:3e:13:a5:dc:
         09:45:19:81:16:93:64:bd:71:f7:a2:2c:d4:87:49:0d:97:2b:
         c5:d8:19:17:2c:5c:24:6d:c9:d9:e3:72:9d:a3:9c:b0:7d:94:
         a1:12:36:46:5a:49:43:dc:a5:73:a6:40:f6:8b:28:4c:05:22:
         5a:61:a4:e6:c0:05:ce:cc:2c:26:46:a1:25:b3:c9:e5:c3:c8:
         dd:73:41:8d:45:f5:06:d5:89:91:2a:ce:cc:e3:a4:75:37:10:
         04:75:d6:20:58:a4:e3:b4:ca:fc:e5:db:d1:6f:83:c0:64:3c:
         ce:96:d9:8e:6b:4c:79:f2:7f:05:6d:0d:87:4d:0c:de:e6:9f:
         88:7e:b5:53:ab:a7:11:51:e0:b0:b3:8b:17:df:0b:10:1f:67:
         96:65:fa:1c:86:64:93:7e:08:8d:d6:f1:d8:6b:17:a1:42:5e:
         ce:10:f3:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/VAid5Q1sp3GwGS/dNEJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZmNkNTViOTEzMDg1OGQ4ZWE1ODNjMDk4N2RhZDAwZjYx
NGRiMzkwHhcNMjUwMTAyMDc0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmU0ODQ3MWU4MDc1ZWZkMzE4MTUzZTY1NGFlNDUzNjRhZWQ0NGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqbLkA9EtOA2CkzwxOigyYNiX03Eq
iU2KoHyUkNuILn17Io/tkKKf35N19grOYwM3pNzNZXdAJeK3bUnqe00QczAIp9x1
aZb7A7uRNrab3opYdjosQT+vRJouUx3/paASKvTZwi5CkI5Yu4Qvo5k8LdOBaIZP
/5s26m/LCs2JMXgxXxtO8bTCWlFkFgoiJo45ouPZcIuxfgwao/wFKhi7vMceI04D
qmUVPVF0Rxqnm8fnI0T4V1W256Ol3WSzUdISUumXdWsLZ1vk7kkawcHZlqf08TEg
jGf2n7sSGKatNsirtCT8LgP1uXO+fqo3rF5SaIg9WmAwx9OOdp4tyThXZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK/khHHoB179MYFT5lSuRTZK7US2MB8GA1UdIwQY
MBaAFGD81VuRMIWNjqWDwJh9rQD2FNs5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVB6Vlc1RXdoWTJPcFlQQW1IMnRBUFlVMnprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84MjIzM2QtZWMwNy00MmZiLTg3OTkt
ZWQzMGI5YmIxMmQ1LzEvci1TRWNlZ0hYdjB4Z1ZQbVZLNUZOa3J0UkxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84MjIzM2QtZWMwNy00MmZiLTg3OTktZWQzMGI5YmIxMmQ1
LzEvWVB6Vlc1RXdoWTJPcFlQQW1IMnRBUFlVMnprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf0BMA0G
CSqGSIb3DQEBCwUAA4IBAQAykIAcbha1IySDDn7pOZrYt3UGX2hAGh8OGZCsDrKf
faOCiXdT914RVzkzsCLhogr9NSSLmxCVe30uxcNyJK5NJQt/Ai5PgLwREtuES40G
6Wo1OJFeFj4TpdwJRRmBFpNkvXH3oizUh0kNlyvF2BkXLFwkbcnZ43Kdo5ywfZSh
EjZGWklD3KVzpkD2iyhMBSJaYaTmwAXOzCwmRqEls8nlw8jdc0GNRfUG1YmRKs7M
46R1NxAEddYgWKTjtMr85dvRb4PAZDzOltmOa0x58n8FbQ2HTQze5p+IfrVTq6cR
UeCws4sX3wsQH2eWZfochmSTfgiN1vHYaxehQl7OEPOd
-----END CERTIFICATE-----