Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/SEBOe8z2toxY-JUBJ5SpuUnL0VY.roa
File:                     SEBOe8z2toxY-JUBJ5SpuUnL0VY.roa (raw, json)
Hash identifier:          nJG739ZqErYaCrTNhe0CbQnFNqEVHg1oYVs2E5pwXBE=
Subject key identifier:   48:40:4E:7B:CC:F6:B6:8C:58:F8:95:01:27:94:A9:B9:49:CB:D1:56
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD515DD5BF3492F65BE82C83C3B58B
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/SEBOe8z2toxY-JUBJ5SpuUnL0VY.roa
Signing time:             Tue 02 Jan 2024 10:34:36 +0000
ROA not before:           Tue 02 Jan 2024 10:34:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213372
IP address blocks:        2a0e:b107:8e0::/44 maxlen: 48
                          2a10:2f00:128::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:38:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:51:5d:d5:bf:34:92:f6:5b:e8:2c:83:c3:b5:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48404e7bccf6b68c58f895012794a9b949cbd156
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c0:08:95:3a:92:29:f4:b1:b7:a2:e3:a3:4a:
                    e3:df:44:28:e6:53:2b:c5:5f:9b:9b:0b:f8:c6:16:
                    fb:89:b6:db:ea:68:d4:58:64:0d:85:f5:54:d6:08:
                    a8:c8:a8:82:6f:54:db:c0:87:b6:dd:a4:9c:7e:f3:
                    d7:7b:4b:7a:92:94:f0:2f:30:83:06:b7:d4:65:d3:
                    e0:43:c0:39:f4:7b:dc:c3:1f:da:99:65:ed:2a:10:
                    e9:e5:15:a9:18:e9:0a:b5:d8:80:ce:06:6a:6c:04:
                    2e:bd:83:c8:a8:21:79:e4:a9:28:3c:9f:18:d5:53:
                    91:e5:f2:41:df:53:06:33:37:70:69:97:d4:eb:ac:
                    b2:88:5c:88:c9:3b:26:56:8b:05:28:9c:fa:6d:8c:
                    cb:35:d3:e6:0b:4b:6c:31:8a:24:18:12:d4:02:ea:
                    98:da:1d:ab:0a:e1:53:6c:7e:89:78:86:a4:89:4d:
                    87:ba:53:13:2e:64:27:3e:c3:e9:16:14:2e:7d:c3:
                    d7:8f:86:62:24:0a:18:07:72:18:f7:4f:3f:76:21:
                    aa:0b:a0:25:19:8a:46:8c:7a:a5:9f:f8:2b:58:83:
                    ab:82:76:95:ed:11:80:93:6d:d5:41:65:0a:b3:af:
                    35:ad:58:38:df:6e:84:8d:f7:a3:52:72:ce:45:6c:
                    10:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:40:4E:7B:CC:F6:B6:8C:58:F8:95:01:27:94:A9:B9:49:CB:D1:56
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/SEBOe8z2toxY-JUBJ5SpuUnL0VY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:8e0::/44
                  2a10:2f00:128::/48

    Signature Algorithm: sha256WithRSAEncryption
         b8:99:70:de:92:bd:da:24:93:d4:c6:ca:96:cc:81:7d:b7:e1:
         42:70:0b:fe:ed:d1:e7:03:43:04:8f:9a:29:43:ef:d8:c8:c5:
         6d:82:d3:d8:9a:8a:be:c6:81:d2:97:c4:be:89:fb:c2:b8:49:
         35:c4:a6:80:3f:d7:00:b7:14:99:67:b9:b1:da:f6:a7:fb:1c:
         63:7e:79:35:20:00:ad:b3:17:56:57:a3:58:ea:d9:aa:3f:2b:
         ef:46:c1:d8:8d:e0:92:b0:e5:b1:1a:e0:60:67:8d:99:ff:78:
         e0:41:1d:03:8c:51:f6:7f:17:b1:51:3a:96:59:a1:a6:e6:49:
         9f:29:4f:78:4b:aa:a5:17:4e:20:14:1f:c1:c3:26:fb:34:8d:
         17:af:48:45:cc:ad:b5:f7:0a:b4:a0:26:41:0a:d8:05:c9:53:
         fa:1c:6b:af:6d:3f:a1:6d:4d:bc:9e:78:b2:c3:b6:9a:88:68:
         8a:65:70:b6:d2:38:1d:39:24:b8:89:bc:e6:a2:a3:4e:44:33:
         a4:ac:47:5a:53:3d:20:16:8a:0e:df:0d:5b:91:3e:38:45:e2:
         a3:65:1d:c8:0f:a2:f6:97:fb:1c:61:0f:a0:95:d5:89:8c:1b:
         f2:13:fc:40:7b:3d:8e:17:d5:cd:b6:bb:e7:bb:fb:fb:28:22:
         09:3b:e3:15
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvVFd1b80kvZb6CyDw7WLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODQwNGU3YmNjZjZiNjhjNThmODk1MDEyNzk0YTliOTQ5Y2JkMTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsAIlTqSKfSxt6Ljo0rj30Qo5lMr
xV+bmwv4xhb7ibbb6mjUWGQNhfVU1gioyKiCb1TbwIe23aScfvPXe0t6kpTwLzCD
BrfUZdPgQ8A59Hvcwx/amWXtKhDp5RWpGOkKtdiAzgZqbAQuvYPIqCF55KkoPJ8Y
1VOR5fJB31MGMzdwaZfU66yyiFyIyTsmVosFKJz6bYzLNdPmC0tsMYokGBLUAuqY
2h2rCuFTbH6JeIakiU2HulMTLmQnPsPpFhQufcPXj4ZiJAoYB3IY908/diGqC6Al
GYpGjHqln/grWIOrgnaV7RGAk23VQWUKs681rVg4326EjfejUnLORWwQCwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEhATnvM9raMWPiVASeUqblJy9FWMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvU0VCT2U4ejJ0b3hZLUpVQko1U3B1VW5MMFZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6xBwjg
AwcAKhAvAAEoMA0GCSqGSIb3DQEBCwUAA4IBAQC4mXDekr3aJJPUxsqWzIF9t+FC
cAv+7dHnA0MEj5opQ+/YyMVtgtPYmoq+xoHSl8S+ifvCuEk1xKaAP9cAtxSZZ7mx
2van+xxjfnk1IACtsxdWV6NY6tmqPyvvRsHYjeCSsOWxGuBgZ42Z/3jgQR0DjFH2
fxexUTqWWaGm5kmfKU94S6qlF04gFB/Bwyb7NI0Xr0hFzK219wq0oCZBCtgFyVP6
HGuvbT+hbU28nniyw7aaiGiKZXC20jgdOSS4ibzmoqNORDOkrEdaUz0gFooO3w1b
kT44ReKjZR3ID6L2l/scYQ+gldWJjBvyE/xAez2OF9XNtrvnu/v7KCIJO+MV
-----END CERTIFICATE-----