Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/SeKasSLXUFV43XPzgdDaUbopHLc.roa
File:                     SeKasSLXUFV43XPzgdDaUbopHLc.roa (raw, json)
Hash identifier:          Z1vcrYr9G2zVtLqFScS4/Dr0hEzYyCkDLvkqbB06bf8=
Subject key identifier:   49:E2:9A:B1:22:D7:50:55:78:DD:73:F3:81:D0:DA:51:BA:29:1C:B7
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01995D5F81A7975EC89A8ABE85DF1145C695
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/SeKasSLXUFV43XPzgdDaUbopHLc.roa
Signing time:             Thu 18 Sep 2025 15:09:24 +0000
ROA not before:           Thu 18 Sep 2025 15:09:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216039
IP address blocks:        45.12.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 22:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5d:5f:81:a7:97:5e:c8:9a:8a:be:85:df:11:45:c6:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Sep 18 15:09:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=49e29ab122d7505578dd73f381d0da51ba291cb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:b1:cf:11:e7:22:36:48:44:31:59:30:db:8f:
                    be:de:9d:b5:f7:ac:76:c6:af:7d:ce:8c:2e:0b:f6:
                    65:e9:61:1e:ce:19:e6:e2:c3:4c:b3:4c:8d:bf:1f:
                    88:b0:18:ce:bb:58:be:b7:12:48:bd:e1:ac:9c:de:
                    7b:cf:e4:d3:ef:ce:01:ce:47:94:08:94:d6:3e:26:
                    af:02:af:16:23:31:36:2b:fa:6c:f8:50:0e:5f:46:
                    24:46:5e:60:0e:bf:4a:9b:93:74:19:34:47:63:51:
                    0a:cf:a3:48:15:ee:24:c2:d3:34:d1:2e:f6:01:54:
                    10:43:bc:70:09:64:13:46:d1:77:d9:d0:f9:0e:13:
                    bf:5e:9b:ff:31:9f:21:1d:46:6e:d1:24:1f:75:2e:
                    6f:62:32:e4:e3:42:4c:00:8c:0b:7b:06:a4:13:19:
                    ed:de:d2:90:76:54:30:de:c5:7b:8c:3a:de:47:2c:
                    1c:60:3a:64:de:2f:23:33:82:c3:4e:e5:e1:72:f4:
                    b5:c6:5b:7a:c7:ee:5e:04:23:00:15:5e:d4:a7:44:
                    24:6e:4a:f6:25:9e:2d:94:c3:48:24:63:91:2a:5a:
                    be:36:9b:fd:9e:32:cc:12:e5:9c:31:05:93:32:77:
                    63:7f:61:8b:9e:ff:d8:f4:f8:ec:4d:cb:bc:c6:ba:
                    76:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:E2:9A:B1:22:D7:50:55:78:DD:73:F3:81:D0:DA:51:BA:29:1C:B7
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/SeKasSLXUFV43XPzgdDaUbopHLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:b0:42:c1:fc:14:25:5c:76:64:8e:97:57:ce:54:26:7f:e1:
         2e:ac:52:0f:db:7c:d8:ab:18:88:dd:ed:bc:da:41:4d:22:c8:
         a1:c4:47:86:40:53:03:c3:1a:cc:a5:b5:b4:98:8a:5d:a4:c6:
         22:02:43:c0:31:ef:f4:15:8a:cf:a0:33:d5:d4:5d:c0:2e:45:
         2d:1c:ee:ec:d3:a7:6a:f5:12:a0:ce:75:31:61:b8:eb:64:b4:
         b2:eb:a5:12:b7:81:db:70:5b:9f:1d:7f:72:1a:72:c6:b6:85:
         8e:db:00:5a:96:78:a5:28:c5:99:2e:05:2d:17:06:e2:8d:d6:
         ea:7a:cf:53:5d:08:ca:44:e3:d4:8b:f7:4f:ce:63:b5:be:ab:
         cc:10:b0:71:39:13:59:25:46:e1:13:78:71:da:07:51:2c:be:
         73:fa:bd:a6:0a:73:b6:18:18:5d:1e:0d:42:1f:44:32:e4:5a:
         a9:f7:d8:63:ab:32:bb:3b:ab:ca:da:a5:8f:2e:27:77:a9:56:
         34:16:9e:e8:05:6d:45:ed:ef:f2:fb:c0:c5:c0:aa:17:30:d6:
         16:2b:53:b0:0c:b2:57:40:b6:e1:fd:54:31:e8:c1:2f:43:c6:
         99:10:6c:de:f8:72:2a:8f:4f:c4:f3:ac:ef:ad:93:7f:03:8a:
         fe:27:01:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZldX4Gnl17Imoq+hd8RRcaVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwOTE4MTUwOTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWUyOWFiMTIyZDc1MDU1NzhkZDczZjM4MWQwZGE1MWJhMjkxY2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbHPEeciNkhEMVkw24++3p2196x2
xq99zowuC/Zl6WEezhnm4sNMs0yNvx+IsBjOu1i+txJIveGsnN57z+TT784BzkeU
CJTWPiavAq8WIzE2K/ps+FAOX0YkRl5gDr9Km5N0GTRHY1EKz6NIFe4kwtM00S72
AVQQQ7xwCWQTRtF32dD5DhO/Xpv/MZ8hHUZu0SQfdS5vYjLk40JMAIwLewakExnt
3tKQdlQw3sV7jDreRywcYDpk3i8jM4LDTuXhcvS1xlt6x+5eBCMAFV7Up0Qkbkr2
JZ4tlMNIJGORKlq+Npv9njLMEuWcMQWTMndjf2GLnv/Y9PjsTcu8xrp2DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEnimrEi11BVeN1z84HQ2lG6KRy3MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvU2VLYXNTTFhVRlY0M1hQemdkRGFVYm9wSExjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQxHMA0G
CSqGSIb3DQEBCwUAA4IBAQBIsELB/BQlXHZkjpdXzlQmf+EurFIP23zYqxiI3e28
2kFNIsihxEeGQFMDwxrMpbW0mIpdpMYiAkPAMe/0FYrPoDPV1F3ALkUtHO7s06dq
9RKgznUxYbjrZLSy66USt4HbcFufHX9yGnLGtoWO2wBalnilKMWZLgUtFwbijdbq
es9TXQjKROPUi/dPzmO1vqvMELBxORNZJUbhE3hx2gdRLL5z+r2mCnO2GBhdHg1C
H0Qy5Fqp99hjqzK7O6vK2qWPLid3qVY0Fp7oBW1F7e/y+8DFwKoXMNYWK1OwDLJX
QLbh/VQx6MEvQ8aZEGze+HIqj0/E86zvrZN/A4r+JwGy
-----END CERTIFICATE-----