Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/bf09b7-71c4-499c-9fd6-5475135f1905/1/sefujDMF5lf6VBPRf5yt9NZgCbo.roa
File:                     sefujDMF5lf6VBPRf5yt9NZgCbo.roa (raw, json)
Hash identifier:          zo4oUB09XXtgt5XFY9ZeQdpiK9/oMzcXXR9HJAvXlt4=
Subject key identifier:   B1:E7:EE:8C:33:05:E6:57:FA:54:13:D1:7F:9C:AD:F4:D6:60:09:BA
Certificate issuer:       /CN=ee8a95327187c30880f5bbf3c37289ee311c5920
Certificate serial:       019425FDE7D28FF7CA494A9A79B61AB81B03
Authority key identifier: EE:8A:95:32:71:87:C3:08:80:F5:BB:F3:C3:72:89:EE:31:1C:59:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7oqVMnGHwwiA9bvzw3KJ7jEcWSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/bf09b7-71c4-499c-9fd6-5475135f1905/1/sefujDMF5lf6VBPRf5yt9NZgCbo.roa
Signing time:             Thu 02 Jan 2025 07:49:44 +0000
ROA not before:           Thu 02 Jan 2025 07:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199354
IP address blocks:        185.19.228.0/22 maxlen: 22
                          2a03:ffc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/bf09b7-71c4-499c-9fd6-5475135f1905/1/7oqVMnGHwwiA9bvzw3KJ7jEcWSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/bf09b7-71c4-499c-9fd6-5475135f1905/1/7oqVMnGHwwiA9bvzw3KJ7jEcWSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7oqVMnGHwwiA9bvzw3KJ7jEcWSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:e7:d2:8f:f7:ca:49:4a:9a:79:b6:1a:b8:1b:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee8a95327187c30880f5bbf3c37289ee311c5920
        Validity
            Not Before: Jan  2 07:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1e7ee8c3305e657fa5413d17f9cadf4d66009ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:62:a7:96:db:53:4c:61:b6:54:9d:e1:78:f8:
                    07:76:e6:05:b7:fb:54:3e:5a:13:c8:3d:6b:27:c0:
                    a1:94:e4:fd:2a:bf:0a:55:ff:01:79:00:07:73:ed:
                    fa:08:3a:5d:45:03:ce:57:34:c5:0d:ed:7a:3c:f8:
                    90:2e:84:d8:f7:c5:49:5d:f6:14:f8:e2:ba:2d:3f:
                    97:c0:fd:2e:0d:0d:74:49:08:d7:a2:6d:e6:c2:f4:
                    35:96:00:ae:12:92:59:1b:f2:23:c9:33:28:95:86:
                    4f:2c:27:6c:4b:46:5a:63:51:f7:92:2a:10:b2:36:
                    7f:c2:27:62:73:b3:04:01:b5:28:e7:4e:63:64:a2:
                    c4:50:a3:92:a9:c8:08:c4:b7:81:8a:c7:64:a3:86:
                    08:1a:33:0f:06:ab:41:14:9d:48:a3:1b:ce:1d:4b:
                    06:23:e1:10:02:99:74:eb:7f:cd:59:68:b4:4f:24:
                    ed:18:79:db:62:42:ac:c4:6f:31:d3:e6:88:14:cf:
                    aa:b1:7c:2e:56:a6:c8:61:3b:a9:04:79:96:63:03:
                    1c:9c:8e:0a:84:ff:d1:b7:b2:fa:97:d2:76:c9:ab:
                    cf:e4:b1:02:f4:6e:a5:b8:a0:cb:ea:04:94:e9:40:
                    59:e7:c8:be:b6:3f:e3:3d:b3:b7:91:76:75:44:0c:
                    58:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:E7:EE:8C:33:05:E6:57:FA:54:13:D1:7F:9C:AD:F4:D6:60:09:BA
            X509v3 Authority Key Identifier:
                keyid:EE:8A:95:32:71:87:C3:08:80:F5:BB:F3:C3:72:89:EE:31:1C:59:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7oqVMnGHwwiA9bvzw3KJ7jEcWSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/bf09b7-71c4-499c-9fd6-5475135f1905/1/sefujDMF5lf6VBPRf5yt9NZgCbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/bf09b7-71c4-499c-9fd6-5475135f1905/1/7oqVMnGHwwiA9bvzw3KJ7jEcWSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.228.0/22
                IPv6:
                  2a03:ffc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         87:20:24:3d:07:dc:a6:9c:c3:c3:72:eb:66:20:50:9c:5a:2e:
         43:ff:f6:78:88:a1:26:ec:76:16:0f:e2:29:4d:40:45:8c:06:
         b6:b1:06:65:02:29:63:51:75:de:63:2a:66:fe:92:96:15:0d:
         05:e1:da:e4:3a:46:2a:ff:c5:da:e5:ce:da:7c:3e:68:cf:d3:
         f0:7a:41:66:00:d9:59:34:73:ab:23:10:af:52:a4:96:cf:a9:
         f2:a6:94:0a:6b:f0:32:e1:de:ec:c2:65:5e:55:2d:85:89:5a:
         f3:6d:68:68:3b:4a:80:06:5d:de:db:2a:d8:fc:72:2c:02:b4:
         27:44:4d:16:10:f2:82:01:2e:f5:14:f6:03:09:48:5e:d6:8f:
         bd:b8:b8:4a:1a:ae:f6:42:a8:9d:eb:63:9e:4d:dd:6a:62:33:
         45:84:af:df:4f:ef:ad:07:02:fd:0f:0c:4f:41:71:09:41:00:
         7c:b3:25:fe:ac:c1:4b:f0:74:3c:d0:4f:38:99:4f:45:9a:89:
         05:2b:94:a1:52:98:05:7c:c3:87:68:2a:d7:0c:53:80:20:8b:
         2c:c9:a3:4f:30:ba:a9:30:46:5f:67:e7:12:38:04:d5:23:2b:
         c9:56:09:42:d3:3b:94:40:66:28:a5:72:6c:b1:33:69:aa:a1:
         03:e5:e1:d1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/efSj/fKSUqaebYauBsDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlOGE5NTMyNzE4N2MzMDg4MGY1YmJmM2MzNzI4OWVlMzEx
YzU5MjAwHhcNMjUwMTAyMDc0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWU3ZWU4YzMzMDVlNjU3ZmE1NDEzZDE3ZjljYWRmNGQ2NjAwOWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmKnlttTTGG2VJ3hePgHduYFt/tU
PloTyD1rJ8ChlOT9Kr8KVf8BeQAHc+36CDpdRQPOVzTFDe16PPiQLoTY98VJXfYU
+OK6LT+XwP0uDQ10SQjXom3mwvQ1lgCuEpJZG/IjyTMolYZPLCdsS0ZaY1H3kioQ
sjZ/widic7MEAbUo505jZKLEUKOSqcgIxLeBisdko4YIGjMPBqtBFJ1IoxvOHUsG
I+EQApl063/NWWi0TyTtGHnbYkKsxG8x0+aIFM+qsXwuVqbIYTupBHmWYwMcnI4K
hP/Rt7L6l9J2yavP5LEC9G6luKDL6gSU6UBZ58i+tj/jPbO3kXZ1RAxYYwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLHn7owzBeZX+lQT0X+crfTWYAm6MB8GA1UdIwQY
MBaAFO6KlTJxh8MIgPW788Nyie4xHFkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN29xVk1uR0h3d2lBOWJ2enczS0o3akVjV1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9iZjA5YjctNzFjNC00OTljLTlmZDYt
NTQ3NTEzNWYxOTA1LzEvc2VmdWpETUY1bGY2VkJQUmY1eXQ5TlpnQ2JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9iZjA5YjctNzFjNC00OTljLTlmZDYtNTQ3NTEzNWYxOTA1
LzEvN29xVk1uR0h3d2lBOWJ2enczS0o3akVjV1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRPkMA0E
AgACMAcDBQAqA//AMA0GCSqGSIb3DQEBCwUAA4IBAQCHICQ9B9ymnMPDcutmIFCc
Wi5D//Z4iKEm7HYWD+IpTUBFjAa2sQZlAiljUXXeYypm/pKWFQ0F4drkOkYq/8Xa
5c7afD5oz9PwekFmANlZNHOrIxCvUqSWz6nyppQKa/Ay4d7swmVeVS2FiVrzbWho
O0qABl3e2yrY/HIsArQnRE0WEPKCAS71FPYDCUhe1o+9uLhKGq72Qqid62OeTd1q
YjNFhK/fT++tBwL9DwxPQXEJQQB8syX+rMFL8HQ80E84mU9FmokFK5ShUpgFfMOH
aCrXDFOAIIssyaNPMLqpMEZfZ+cSOATVIyvJVglC0zuUQGYopXJssTNpqqED5eHR
-----END CERTIFICATE-----