Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/a273e8-67dc-4782-9a34-4aeb6a795511/1/SeQR4rtfAavpmT9bp6VCbI-Y4mA.roa
File:                     SeQR4rtfAavpmT9bp6VCbI-Y4mA.roa (raw, json)
Hash identifier:          AX7MGwk2aniY7SnwAufyI55Fi8RsYokkeCW8ZWeoW/k=
Subject key identifier:   49:E4:11:E2:BB:5F:01:AB:E9:99:3F:5B:A7:A5:42:6C:8F:98:E2:60
Certificate issuer:       /CN=b17050d8caf09a91d00f1c090a0b752cd1b3d57c
Certificate serial:       018CC5DC5BC9CF307AEA1C708FFD70176D00
Authority key identifier: B1:70:50:D8:CA:F0:9A:91:D0:0F:1C:09:0A:0B:75:2C:D1:B3:D5:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sXBQ2MrwmpHQDxwJCgt1LNGz1Xw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/a273e8-67dc-4782-9a34-4aeb6a795511/1/SeQR4rtfAavpmT9bp6VCbI-Y4mA.roa
Signing time:             Mon 01 Jan 2024 16:30:02 +0000
ROA not before:           Mon 01 Jan 2024 16:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.53.16.0/22 maxlen: 22
                          2a04:c980::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/a273e8-67dc-4782-9a34-4aeb6a795511/1/sXBQ2MrwmpHQDxwJCgt1LNGz1Xw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/a273e8-67dc-4782-9a34-4aeb6a795511/1/sXBQ2MrwmpHQDxwJCgt1LNGz1Xw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sXBQ2MrwmpHQDxwJCgt1LNGz1Xw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:5b:c9:cf:30:7a:ea:1c:70:8f:fd:70:17:6d:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b17050d8caf09a91d00f1c090a0b752cd1b3d57c
        Validity
            Not Before: Jan  1 16:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49e411e2bb5f01abe9993f5ba7a5426c8f98e260
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:aa:31:50:26:81:14:e6:18:12:81:e6:31:68:
                    c6:30:a7:7d:a6:6c:f1:b5:94:4c:96:73:65:80:50:
                    15:a1:38:86:38:12:11:34:12:cd:6c:35:95:6e:b0:
                    3a:af:60:0f:d4:79:5f:f4:be:e1:37:94:0b:63:0c:
                    87:f4:4a:32:6d:c5:d8:5a:ba:8b:58:d7:fa:77:95:
                    e7:bf:4a:f5:0f:6a:5d:bb:34:fb:af:4f:a0:16:c9:
                    9b:a9:52:0c:d7:f0:71:08:98:aa:26:b4:0d:0d:25:
                    cd:90:d0:6f:cb:81:74:f6:52:9c:bd:36:26:c6:e1:
                    11:f0:8b:dd:27:e7:3e:2a:44:7a:d4:0a:a4:4b:ab:
                    07:c9:74:ff:ff:39:fd:f3:ba:6b:1d:17:7a:8a:7a:
                    22:8f:6c:a2:fb:66:82:7b:e7:51:6d:62:c2:02:76:
                    3c:76:da:02:a5:45:01:28:b4:6b:6f:66:a7:64:e5:
                    53:15:13:d3:a6:b0:c7:45:ef:b3:0d:2b:7c:37:df:
                    84:03:eb:48:86:50:50:c8:0b:0c:aa:a1:07:04:7b:
                    8e:3c:88:11:f6:a9:fb:f9:d7:b2:66:b0:0d:93:26:
                    3d:fe:3c:4d:b1:10:19:96:73:e4:57:13:93:2f:3b:
                    d4:df:4f:57:a4:80:a4:cc:68:c0:57:fc:c5:53:26:
                    13:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:E4:11:E2:BB:5F:01:AB:E9:99:3F:5B:A7:A5:42:6C:8F:98:E2:60
            X509v3 Authority Key Identifier:
                keyid:B1:70:50:D8:CA:F0:9A:91:D0:0F:1C:09:0A:0B:75:2C:D1:B3:D5:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sXBQ2MrwmpHQDxwJCgt1LNGz1Xw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/a273e8-67dc-4782-9a34-4aeb6a795511/1/SeQR4rtfAavpmT9bp6VCbI-Y4mA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/a273e8-67dc-4782-9a34-4aeb6a795511/1/sXBQ2MrwmpHQDxwJCgt1LNGz1Xw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.53.16.0/22
                IPv6:
                  2a04:c980::/29

    Signature Algorithm: sha256WithRSAEncryption
         85:f5:d3:1f:4d:bb:99:77:79:a0:0c:7c:75:74:76:13:a5:e7:
         9d:04:fd:f3:d1:3b:b2:db:e2:21:27:17:24:34:10:3d:db:12:
         69:5f:c3:5b:8c:87:2f:f3:c8:6c:05:c4:cb:d4:19:64:97:07:
         db:fb:4b:bf:b8:eb:ab:73:77:26:1b:70:51:7e:88:ad:65:bc:
         97:5a:ac:89:ff:ab:24:57:de:90:19:f3:68:40:da:66:4d:e9:
         37:22:a1:b8:08:a0:ed:56:13:19:b8:51:09:45:87:df:a1:be:
         b5:82:21:9d:c8:8c:ea:e7:3c:69:1a:58:13:d6:9f:bf:a9:30:
         7f:f4:8e:d9:1c:12:36:5b:f5:dd:d2:7a:e5:4c:86:29:0e:55:
         30:5c:1a:0e:31:63:29:d3:5e:b4:de:2d:67:52:d9:98:4e:da:
         65:43:16:44:cb:1f:a0:72:03:17:97:ca:ed:de:6f:43:48:15:
         c4:8c:27:f6:37:c0:7c:32:61:93:3e:64:39:e6:e6:07:2e:3a:
         de:81:b4:99:c0:ff:db:93:3e:28:fa:3f:8f:fa:1d:4d:35:fb:
         78:21:c1:ff:18:ea:1a:c1:de:73:c7:d6:16:1d:7e:78:c4:a6:
         09:88:38:3b:d9:f3:8d:8a:1e:12:08:88:61:f4:ca:ab:6c:ff:
         ba:42:7d:28
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3FvJzzB66hxwj/1wF20AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNzA1MGQ4Y2FmMDlhOTFkMDBmMWMwOTBhMGI3NTJjZDFi
M2Q1N2MwHhcNMjQwMTAxMTYzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWU0MTFlMmJiNWYwMWFiZTk5OTNmNWJhN2E1NDI2YzhmOThlMjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76oxUCaBFOYYEoHmMWjGMKd9pmzx
tZRMlnNlgFAVoTiGOBIRNBLNbDWVbrA6r2AP1Hlf9L7hN5QLYwyH9EoybcXYWrqL
WNf6d5Xnv0r1D2pduzT7r0+gFsmbqVIM1/BxCJiqJrQNDSXNkNBvy4F09lKcvTYm
xuER8IvdJ+c+KkR61AqkS6sHyXT//zn987prHRd6inoij2yi+2aCe+dRbWLCAnY8
dtoCpUUBKLRrb2anZOVTFRPTprDHRe+zDSt8N9+EA+tIhlBQyAsMqqEHBHuOPIgR
9qn7+deyZrANkyY9/jxNsRAZlnPkVxOTLzvU309XpICkzGjAV/zFUyYTQwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEnkEeK7XwGr6Zk/W6elQmyPmOJgMB8GA1UdIwQY
MBaAFLFwUNjK8JqR0A8cCQoLdSzRs9V8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1hCUTJNcndtcEhRRHh3SkNndDFMTkd6MVh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9hMjczZTgtNjdkYy00NzgyLTlhMzQt
NGFlYjZhNzk1NTExLzEvU2VRUjRydGZBYXZwbVQ5YnA2VkNiSS1ZNG1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9hMjczZTgtNjdkYy00NzgyLTlhMzQtNGFlYjZhNzk1NTEx
LzEvc1hCUTJNcndtcEhRRHh3SkNndDFMTkd6MVh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTUQMA0E
AgACMAcDBQMqBMmAMA0GCSqGSIb3DQEBCwUAA4IBAQCF9dMfTbuZd3mgDHx1dHYT
peedBP3z0Tuy2+IhJxckNBA92xJpX8NbjIcv88hsBcTL1Blklwfb+0u/uOurc3cm
G3BRfoitZbyXWqyJ/6skV96QGfNoQNpmTek3IqG4CKDtVhMZuFEJRYffob61giGd
yIzq5zxpGlgT1p+/qTB/9I7ZHBI2W/Xd0nrlTIYpDlUwXBoOMWMp01603i1nUtmY
TtplQxZEyx+gcgMXl8rt3m9DSBXEjCf2N8B8MmGTPmQ55uYHLjregbSZwP/bkz4o
+j+P+h1NNft4IcH/GOoawd5zx9YWHX54xKYJiDg72fONih4SCIhh9MqrbP+6Qn0o
-----END CERTIFICATE-----