Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/sebyor6upBoiHgbxsrkZxw7Vey0.roa
File:                     sebyor6upBoiHgbxsrkZxw7Vey0.roa (raw, json)
Hash identifier:          DtPsXiVyhLLqXKtLDteGJryb2rrevAa/dyXKJS9Y6mc=
Subject key identifier:   B1:E6:F2:A2:BE:AE:A4:1A:22:1E:06:F1:B2:B9:19:C7:0E:D5:7B:2D
Certificate issuer:       /CN=5a376c8008d6abd962341563dd2a4dccaf153cba
Certificate serial:       019424454B4B7CA2234211E9BA37536E3743
Authority key identifier: 5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/sebyor6upBoiHgbxsrkZxw7Vey0.roa
Signing time:             Wed 01 Jan 2025 23:48:28 +0000
ROA not before:           Wed 01 Jan 2025 23:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12676
IP address blocks:        185.87.21.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:4b:4b:7c:a2:23:42:11:e9:ba:37:53:6e:37:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a376c8008d6abd962341563dd2a4dccaf153cba
        Validity
            Not Before: Jan  1 23:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1e6f2a2beaea41a221e06f1b2b919c70ed57b2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:4a:b2:a7:98:ce:a3:cc:d4:95:7f:30:c7:4a:
                    de:3d:4f:d8:57:44:43:ef:78:8d:08:68:2c:b5:bf:
                    ec:16:9a:f8:e7:30:79:d1:93:e5:c8:96:d8:f6:3c:
                    ba:9c:51:52:9e:e8:41:89:51:7c:d4:f0:dd:48:44:
                    93:79:49:1d:63:ca:1f:7a:a7:bd:b5:34:fc:53:1d:
                    d5:5b:ae:43:16:33:48:2d:ca:40:4f:80:5b:de:73:
                    57:6a:cb:c5:5b:37:12:31:16:d4:18:31:d5:eb:76:
                    a0:1c:14:6b:76:93:4c:5e:73:81:0d:bd:a9:77:9e:
                    79:e2:1c:ad:ab:f5:a3:07:89:b6:55:d8:a5:11:7b:
                    ef:24:f5:2c:c7:09:09:8e:d7:cf:f5:e2:b3:49:cf:
                    54:be:33:54:50:0d:1f:fd:c4:5e:89:33:9a:4c:35:
                    1c:e9:48:2c:de:52:ae:23:26:85:0d:a7:ff:87:79:
                    cf:77:5c:97:de:39:a6:df:3e:98:b2:ff:91:d5:99:
                    8d:7f:e1:63:2e:c4:5f:f9:95:9c:aa:10:c0:37:30:
                    b3:8d:87:b9:cd:d4:ea:ac:b9:4c:28:94:ca:e9:75:
                    25:fd:31:1f:52:74:b0:d1:86:d8:0c:da:6b:11:2c:
                    cc:9b:b1:bf:c6:07:4d:21:ef:5f:cd:9c:b6:0e:53:
                    47:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:E6:F2:A2:BE:AE:A4:1A:22:1E:06:F1:B2:B9:19:C7:0E:D5:7B:2D
            X509v3 Authority Key Identifier:
                keyid:5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/sebyor6upBoiHgbxsrkZxw7Vey0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         db:f4:e8:5d:86:0d:84:ac:dd:57:f9:cb:fc:be:37:e9:27:fa:
         63:25:6b:49:24:5c:71:6b:57:43:09:60:cc:02:f2:1b:00:47:
         66:0c:fe:8a:18:4b:65:15:b6:2d:86:2e:e1:d3:e4:6f:45:36:
         54:ba:bf:17:b2:4f:79:0d:be:01:e8:0e:af:4e:88:4a:15:27:
         75:c4:30:57:4f:11:0b:82:c6:d9:da:f1:e4:7c:21:91:4d:45:
         8a:11:1f:44:78:bc:ff:75:e9:1f:a7:4e:ab:ba:bd:81:2e:03:
         c3:1c:8b:42:d2:76:c4:39:0f:9d:65:e6:20:0a:e1:90:b4:3e:
         f6:be:c0:9f:c5:5f:4f:6c:66:a5:c3:c8:e9:11:e6:76:89:37:
         16:f3:1c:47:79:dc:95:c2:70:4c:c9:12:6c:84:e5:d4:e7:43:
         bb:b9:c4:65:58:cb:01:2b:69:4d:66:30:e6:20:57:c7:da:82:
         d8:86:b3:9e:1f:14:b2:be:5d:48:ca:49:ea:d5:4c:d1:4c:87:
         b9:ea:b8:bd:87:83:26:07:b8:45:b0:35:44:66:9f:67:ae:d6:
         95:e4:37:f3:b3:b9:d7:f0:85:04:52:2d:a6:dd:4a:61:da:67:
         be:a5:e9:1d:5c:52:0d:00:45:a4:7b:04:10:e4:8a:0b:e9:98:
         f4:34:ac:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRUtLfKIjQhHpujdTbjdDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMzc2YzgwMDhkNmFiZDk2MjM0MTU2M2RkMmE0ZGNjYWYx
NTNjYmEwHhcNMjUwMTAxMjM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWU2ZjJhMmJlYWVhNDFhMjIxZTA2ZjFiMmI5MTljNzBlZDU3YjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Uqyp5jOo8zUlX8wx0rePU/YV0RD
73iNCGgstb/sFpr45zB50ZPlyJbY9jy6nFFSnuhBiVF81PDdSESTeUkdY8ofeqe9
tTT8Ux3VW65DFjNILcpAT4Bb3nNXasvFWzcSMRbUGDHV63agHBRrdpNMXnOBDb2p
d5554hytq/WjB4m2VdilEXvvJPUsxwkJjtfP9eKzSc9UvjNUUA0f/cReiTOaTDUc
6Ugs3lKuIyaFDaf/h3nPd1yX3jmm3z6Ysv+R1ZmNf+FjLsRf+ZWcqhDANzCzjYe5
zdTqrLlMKJTK6XUl/TEfUnSw0YbYDNprESzMm7G/xgdNIe9fzZy2DlNHNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHm8qK+rqQaIh4G8bK5GccO1XstMB8GA1UdIwQY
MBaAFFo3bIAI1qvZYjQVY90qTcyvFTy6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2pkc2dBaldxOWxpTkJWajNTcE56SzhWUExvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9jYWE3NDMtMWMxMy00YTI1LTlmNmEt
NjViZTU1MDMxNjVkLzEvc2VieW9yNnVwQm9pSGdieHNya1p4dzdWZXkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9jYWE3NDMtMWMxMy00YTI1LTlmNmEtNjViZTU1MDMxNjVk
LzEvV2pkc2dBaldxOWxpTkJWajNTcE56SzhWUExvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVcVMA0G
CSqGSIb3DQEBCwUAA4IBAQDb9Ohdhg2ErN1X+cv8vjfpJ/pjJWtJJFxxa1dDCWDM
AvIbAEdmDP6KGEtlFbYthi7h0+RvRTZUur8Xsk95Db4B6A6vTohKFSd1xDBXTxEL
gsbZ2vHkfCGRTUWKER9EeLz/dekfp06rur2BLgPDHItC0nbEOQ+dZeYgCuGQtD72
vsCfxV9PbGalw8jpEeZ2iTcW8xxHedyVwnBMyRJshOXU50O7ucRlWMsBK2lNZjDm
IFfH2oLYhrOeHxSyvl1Iyknq1UzRTIe56ri9h4MmB7hFsDVEZp9nrtaV5Dfzs7nX
8IUEUi2m3Uph2me+pekdXFINAEWkewQQ5IoL6Zj0NKzp
-----END CERTIFICATE-----