Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/6719cd-864a-42f0-818f-dd4804840dd6/1/Seb5rPab5xtCbQegNJU_L3HuXOE.roa
File:                     Seb5rPab5xtCbQegNJU_L3HuXOE.roa (raw, json)
Hash identifier:          yZk8kPZ9OKX3DHzQOAO4BANuXdUjoCHf+djtzQySF2o=
Subject key identifier:   49:E6:F9:AC:F6:9B:E7:1B:42:6D:07:A0:34:95:3F:2F:71:EE:5C:E1
Certificate issuer:       /CN=16655e5595f5a3c071c12b179db9279dc7db0913
Certificate serial:       0191E66A687188503424BC9FD17B9F4FCA75
Authority key identifier: 16:65:5E:55:95:F5:A3:C0:71:C1:2B:17:9D:B9:27:9D:C7:DB:09:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FmVeVZX1o8BxwSsXnbknncfbCRM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/6719cd-864a-42f0-818f-dd4804840dd6/1/Seb5rPab5xtCbQegNJU_L3HuXOE.roa
Signing time:             Thu 12 Sep 2024 13:26:58 +0000
ROA not before:           Thu 12 Sep 2024 13:26:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42198
IP address blocks:        194.26.237.0/24 maxlen: 24
                          2a11:c7c1:deec::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/6719cd-864a-42f0-818f-dd4804840dd6/1/FmVeVZX1o8BxwSsXnbknncfbCRM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/6719cd-864a-42f0-818f-dd4804840dd6/1/FmVeVZX1o8BxwSsXnbknncfbCRM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FmVeVZX1o8BxwSsXnbknncfbCRM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e6:6a:68:71:88:50:34:24:bc:9f:d1:7b:9f:4f:ca:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16655e5595f5a3c071c12b179db9279dc7db0913
        Validity
            Not Before: Sep 12 13:26:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49e6f9acf69be71b426d07a034953f2f71ee5ce1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:cb:ac:d0:d6:4a:0e:cc:ea:67:ea:98:42:9b:
                    fc:87:ff:0f:00:69:09:16:b2:f1:f2:d1:ed:67:67:
                    9e:ae:d5:8a:50:18:32:5e:60:de:66:ea:70:4a:cb:
                    14:a5:b3:af:b2:b3:8f:4b:7f:73:15:3e:58:4d:60:
                    aa:d3:5d:59:ed:66:9a:85:93:77:46:64:aa:00:2b:
                    53:64:72:aa:de:43:60:6f:92:52:01:43:c5:41:5c:
                    8f:8c:de:ff:49:ac:05:1e:36:c2:76:38:a8:2c:29:
                    db:4a:d2:61:95:d4:9c:f0:ce:79:86:f4:92:2d:f7:
                    8e:ad:56:eb:3b:2e:a8:0f:ad:ab:d8:08:55:60:82:
                    85:a3:88:c7:6d:65:a9:75:61:33:d5:8f:48:a2:f2:
                    81:d8:e3:af:cf:51:d6:9d:b6:75:fd:bd:1e:db:73:
                    58:a1:e1:1d:3a:93:15:8b:d8:cf:7e:b0:23:ff:06:
                    a7:4f:b4:75:3c:8a:2f:a2:73:9c:61:9a:a9:0b:5d:
                    83:64:0d:30:5d:61:69:e8:88:70:39:2d:e8:49:4a:
                    09:3a:85:e9:71:20:73:dd:f2:7e:9a:61:07:67:2a:
                    f7:e2:23:63:2a:fc:e1:4a:1d:98:86:ff:6b:c3:74:
                    b0:37:38:f2:bf:6e:d5:02:db:7f:ae:d3:cf:96:01:
                    c2:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:E6:F9:AC:F6:9B:E7:1B:42:6D:07:A0:34:95:3F:2F:71:EE:5C:E1
            X509v3 Authority Key Identifier:
                keyid:16:65:5E:55:95:F5:A3:C0:71:C1:2B:17:9D:B9:27:9D:C7:DB:09:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FmVeVZX1o8BxwSsXnbknncfbCRM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/6719cd-864a-42f0-818f-dd4804840dd6/1/Seb5rPab5xtCbQegNJU_L3HuXOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/6719cd-864a-42f0-818f-dd4804840dd6/1/FmVeVZX1o8BxwSsXnbknncfbCRM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.237.0/24
                IPv6:
                  2a11:c7c1:deec::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:6d:b7:67:b9:77:aa:86:69:06:d8:9f:16:d2:97:5f:95:59:
         fc:68:0f:40:1e:50:23:20:55:4c:d6:90:3a:7c:16:3c:1f:87:
         32:5e:62:eb:1d:df:0f:e9:1b:44:07:cd:18:7e:be:03:8d:e0:
         7c:11:d9:ed:d5:41:da:66:03:7f:7b:c9:7f:cd:1e:60:58:62:
         77:7e:bd:58:e7:c5:44:67:fa:81:84:0d:b6:ec:cd:2c:aa:e8:
         02:23:a9:1d:92:e4:3b:c5:e8:46:e7:a3:9a:15:a0:1a:cf:c8:
         0d:ee:a6:15:79:65:09:e4:a6:2a:44:7f:45:cf:8c:84:47:b4:
         65:6e:d8:e0:6b:65:11:1c:8d:1f:ee:35:5b:f3:55:f7:99:dd:
         79:79:22:38:39:93:64:b4:21:29:7b:6c:2a:89:76:cb:0e:cf:
         04:b2:2c:f0:3e:37:c6:55:d6:47:0e:ce:f4:3d:82:7e:db:a9:
         bf:ab:c5:9d:5c:dd:ea:12:d5:57:26:d1:5d:51:27:43:f3:cc:
         e5:e4:3c:3c:65:f8:c7:4c:64:43:2c:8d:11:71:6f:81:76:46:
         e0:46:2f:e7:d6:b6:f2:7e:32:50:d3:be:73:f7:5e:51:83:f2:
         40:24:7b:38:cb:49:cd:a8:57:ff:ec:9f:99:ef:91:2a:c2:7c:
         42:e7:36:e2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZHmamhxiFA0JLyf0XufT8p1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2NjU1ZTU1OTVmNWEzYzA3MWMxMmIxNzlkYjkyNzlkYzdk
YjA5MTMwHhcNMjQwOTEyMTMyNjU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWU2ZjlhY2Y2OWJlNzFiNDI2ZDA3YTAzNDk1M2YyZjcxZWU1Y2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcus0NZKDszqZ+qYQpv8h/8PAGkJ
FrLx8tHtZ2eertWKUBgyXmDeZupwSssUpbOvsrOPS39zFT5YTWCq011Z7WaahZN3
RmSqACtTZHKq3kNgb5JSAUPFQVyPjN7/SawFHjbCdjioLCnbStJhldSc8M55hvSS
LfeOrVbrOy6oD62r2AhVYIKFo4jHbWWpdWEz1Y9IovKB2OOvz1HWnbZ1/b0e23NY
oeEdOpMVi9jPfrAj/wanT7R1PIovonOcYZqpC12DZA0wXWFp6IhwOS3oSUoJOoXp
cSBz3fJ+mmEHZyr34iNjKvzhSh2Yhv9rw3SwNzjyv27VAtt/rtPPlgHCXwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEnm+az2m+cbQm0HoDSVPy9x7lzhMB8GA1UdIwQY
MBaAFBZlXlWV9aPAccErF525J53H2wkTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm1WZVZaWDFvOEJ4d1NzWG5ia25uY2ZiQ1JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC82NzE5Y2QtODY0YS00MmYwLTgxOGYt
ZGQ0ODA0ODQwZGQ2LzEvU2ViNXJQYWI1eHRDYlFlZ05KVV9MM0h1WE9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC82NzE5Y2QtODY0YS00MmYwLTgxOGYtZGQ0ODA0ODQwZGQ2
LzEvRm1WZVZaWDFvOEJ4d1NzWG5ia25uY2ZiQ1JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwhrtMA8E
AgACMAkDBwAqEcfB3uwwDQYJKoZIhvcNAQELBQADggEBABRtt2e5d6qGaQbYnxbS
l1+VWfxoD0AeUCMgVUzWkDp8FjwfhzJeYusd3w/pG0QHzRh+vgON4HwR2e3VQdpm
A397yX/NHmBYYnd+vVjnxURn+oGEDbbszSyq6AIjqR2S5DvF6Ebno5oVoBrPyA3u
phV5ZQnkpipEf0XPjIRHtGVu2OBrZREcjR/uNVvzVfeZ3Xl5Ijg5k2S0ISl7bCqJ
dssOzwSyLPA+N8ZV1kcOzvQ9gn7bqb+rxZ1c3eoS1Vcm0V1RJ0PzzOXkPDxl+MdM
ZEMsjRFxb4F2RuBGL+fWtvJ+MlDTvnP3XlGD8kAkezjLSc2oV//sn5nvkSrCfELn
NuI=
-----END CERTIFICATE-----