Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/945305-0a63-4c2f-aaff-cb220b719e78/1/seIhFRmMwkOMErsm7BXGkzwnfpE.roa
File:                     seIhFRmMwkOMErsm7BXGkzwnfpE.roa (raw, json)
Hash identifier:          KCB88pr9AlGPXbMWAA7s+KypGMAzX8KxQd6KOYmgIF0=
Subject key identifier:   B1:E2:21:15:19:8C:C2:43:8C:12:BB:26:EC:15:C6:93:3C:27:7E:91
Certificate issuer:       /CN=205945443c5b25e4dcf6203f061ac04d36871554
Certificate serial:       018CC9BBE62A9F47DDBE635D2354A2261798
Authority key identifier: 20:59:45:44:3C:5B:25:E4:DC:F6:20:3F:06:1A:C0:4D:36:87:15:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IFlFRDxbJeTc9iA_BhrATTaHFVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/945305-0a63-4c2f-aaff-cb220b719e78/1/seIhFRmMwkOMErsm7BXGkzwnfpE.roa
Signing time:             Tue 02 Jan 2024 10:33:03 +0000
ROA not before:           Tue 02 Jan 2024 10:33:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204082
IP address blocks:        2001:67c:2f88::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/945305-0a63-4c2f-aaff-cb220b719e78/1/IFlFRDxbJeTc9iA_BhrATTaHFVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/945305-0a63-4c2f-aaff-cb220b719e78/1/IFlFRDxbJeTc9iA_BhrATTaHFVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IFlFRDxbJeTc9iA_BhrATTaHFVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:e6:2a:9f:47:dd:be:63:5d:23:54:a2:26:17:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=205945443c5b25e4dcf6203f061ac04d36871554
        Validity
            Not Before: Jan  2 10:33:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1e22115198cc2438c12bb26ec15c6933c277e91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:d0:04:1b:71:f6:e5:cf:68:8c:92:42:e7:35:
                    26:62:67:76:c8:53:a4:77:d6:e8:58:83:94:ac:9e:
                    a9:e7:bd:e5:e6:63:ce:54:d6:bd:54:93:b1:45:45:
                    84:3f:c8:5a:7d:aa:24:90:f4:ea:ae:a8:2d:fd:a8:
                    9c:5b:85:e6:ea:1e:7d:fc:31:a4:69:a5:c3:59:ce:
                    1a:82:a7:31:b8:d6:76:c0:28:a8:ba:92:ae:b5:bd:
                    96:61:3c:80:0a:60:8c:83:41:62:a8:b6:40:0c:bb:
                    30:6b:91:f7:77:2b:60:80:25:a4:57:d5:44:b7:50:
                    0b:f7:6f:37:90:22:69:e3:77:b6:de:4a:6d:2f:2b:
                    77:d8:63:3d:64:90:65:7e:5c:82:2c:56:57:08:58:
                    2d:f2:eb:70:84:de:9e:e1:0d:e5:1d:64:c9:8f:27:
                    48:de:d2:fa:76:9e:62:f7:d5:e9:ef:4e:6e:4f:ab:
                    cd:3c:54:c0:64:14:26:9d:38:49:c8:d4:b2:3e:49:
                    34:8a:35:42:0e:a9:e9:f0:09:a8:69:9d:4e:55:2c:
                    0b:6b:0e:7b:1d:c2:21:89:72:86:43:95:26:09:a7:
                    5b:33:2e:91:eb:d4:02:d8:c3:4f:a4:8d:7c:9c:94:
                    0b:7c:ab:86:52:31:dd:e6:98:9d:4e:ec:0f:37:57:
                    e2:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:E2:21:15:19:8C:C2:43:8C:12:BB:26:EC:15:C6:93:3C:27:7E:91
            X509v3 Authority Key Identifier:
                keyid:20:59:45:44:3C:5B:25:E4:DC:F6:20:3F:06:1A:C0:4D:36:87:15:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IFlFRDxbJeTc9iA_BhrATTaHFVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/945305-0a63-4c2f-aaff-cb220b719e78/1/seIhFRmMwkOMErsm7BXGkzwnfpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/945305-0a63-4c2f-aaff-cb220b719e78/1/IFlFRDxbJeTc9iA_BhrATTaHFVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2f88::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:67:9f:f0:a5:fa:89:8d:42:94:90:22:c9:96:d4:f3:06:78:
         3f:f1:5f:b0:38:0e:98:d3:a1:6d:5f:74:fe:60:dc:d3:2c:06:
         10:96:ad:7b:2b:b8:67:f8:da:a2:5f:bd:e2:f9:09:de:85:dc:
         e4:e6:47:66:09:32:75:e2:75:94:36:10:9c:af:d2:a1:3b:2f:
         81:51:2a:a8:3c:1c:77:19:a7:b4:3c:6f:17:9e:8e:c9:7a:b2:
         ae:ad:d6:a4:cc:46:12:7d:39:22:69:6a:56:25:a9:7e:a4:c7:
         5a:b2:24:a0:1d:ee:57:56:95:af:f5:27:54:d7:c6:9a:2c:9f:
         41:60:02:f3:83:c3:c7:3e:bc:26:90:02:8e:f5:f2:b8:1e:f3:
         22:e4:36:e3:c4:c5:ae:c8:6b:a1:59:28:64:2a:1d:56:84:84:
         0f:55:c1:86:5f:ec:03:dd:81:86:20:2f:bc:bd:cd:96:fa:9c:
         45:4a:d2:ab:e0:33:c6:73:17:c3:07:db:f4:e3:8c:c3:78:61:
         3e:f7:cb:27:f3:54:cb:48:45:5b:2e:b7:4d:b1:70:8b:ac:75:
         ab:aa:cf:00:9c:c5:7e:4d:c7:65:7f:f1:7d:f8:9f:99:cc:7f:
         82:af:31:e1:08:3e:a8:e0:ee:09:08:f5:75:38:b8:96:8b:05:
         cb:10:96:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJu+Yqn0fdvmNdI1SiJheYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNTk0NTQ0M2M1YjI1ZTRkY2Y2MjAzZjA2MWFjMDRkMzY4
NzE1NTQwHhcNMjQwMTAyMTAzMzAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWUyMjExNTE5OGNjMjQzOGMxMmJiMjZlYzE1YzY5MzNjMjc3ZTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdAEG3H25c9ojJJC5zUmYmd2yFOk
d9boWIOUrJ6p573l5mPOVNa9VJOxRUWEP8hafaokkPTqrqgt/aicW4Xm6h59/DGk
aaXDWc4agqcxuNZ2wCioupKutb2WYTyACmCMg0FiqLZADLswa5H3dytggCWkV9VE
t1AL9283kCJp43e23kptLyt32GM9ZJBlflyCLFZXCFgt8utwhN6e4Q3lHWTJjydI
3tL6dp5i99Xp705uT6vNPFTAZBQmnThJyNSyPkk0ijVCDqnp8AmoaZ1OVSwLaw57
HcIhiXKGQ5UmCadbMy6R69QC2MNPpI18nJQLfKuGUjHd5pidTuwPN1fihwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLHiIRUZjMJDjBK7JuwVxpM8J36RMB8GA1UdIwQY
MBaAFCBZRUQ8WyXk3PYgPwYawE02hxVUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUZsRlJEeGJKZVRjOWlBX0JockFUVGFIRlZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC85NDUzMDUtMGE2My00YzJmLWFhZmYt
Y2IyMjBiNzE5ZTc4LzEvc2VJaEZSbU13a09NRXJzbTdCWEdrenduZnBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC85NDUzMDUtMGE2My00YzJmLWFhZmYtY2IyMjBiNzE5ZTc4
LzEvSUZsRlJEeGJKZVRjOWlBX0JockFUVGFIRlZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC+I
MA0GCSqGSIb3DQEBCwUAA4IBAQB0Z5/wpfqJjUKUkCLJltTzBng/8V+wOA6Y06Ft
X3T+YNzTLAYQlq17K7hn+NqiX73i+Qnehdzk5kdmCTJ14nWUNhCcr9KhOy+BUSqo
PBx3Gae0PG8Xno7JerKurdakzEYSfTkiaWpWJal+pMdasiSgHe5XVpWv9SdU18aa
LJ9BYALzg8PHPrwmkAKO9fK4HvMi5DbjxMWuyGuhWShkKh1WhIQPVcGGX+wD3YGG
IC+8vc2W+pxFStKr4DPGcxfDB9v044zDeGE+98sn81TLSEVbLrdNsXCLrHWrqs8A
nMV+Tcdlf/F9+J+ZzH+CrzHhCD6o4O4JCPV1OLiWiwXLEJab
-----END CERTIFICATE-----