Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/SE0pMMI9V_I2rJjxcQ_0GP0xigI.roa
File:                     SE0pMMI9V_I2rJjxcQ_0GP0xigI.roa (raw, json)
Hash identifier:          fa8dh5log1ymig2ba4jG+4x6a08QlyBZCgb9Jfk8QGE=
Subject key identifier:   48:4D:29:30:C2:3D:57:F2:36:AC:98:F1:71:0F:F4:18:FD:31:8A:02
Certificate issuer:       /CN=4364fe73419bc86d5f2e72b414b6b4d4379d5bf5
Certificate serial:       018CC2DAF70B164E11BDACD820A5EEC90BAA
Authority key identifier: 43:64:FE:73:41:9B:C8:6D:5F:2E:72:B4:14:B6:B4:D4:37:9D:5B:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q2T-c0GbyG1fLnK0FLa01DedW_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/SE0pMMI9V_I2rJjxcQ_0GP0xigI.roa
Signing time:             Mon 01 Jan 2024 02:29:39 +0000
ROA not before:           Mon 01 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206898
IP address blocks:        185.172.110.0/23 maxlen: 24
                          185.172.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/Q2T-c0GbyG1fLnK0FLa01DedW_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/Q2T-c0GbyG1fLnK0FLa01DedW_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q2T-c0GbyG1fLnK0FLa01DedW_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f7:0b:16:4e:11:bd:ac:d8:20:a5:ee:c9:0b:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4364fe73419bc86d5f2e72b414b6b4d4379d5bf5
        Validity
            Not Before: Jan  1 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=484d2930c23d57f236ac98f1710ff418fd318a02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:4e:01:5f:51:37:33:a2:1d:2b:51:60:99:4e:
                    b5:92:c9:b7:25:48:f1:62:5c:65:3f:af:ee:20:8b:
                    b9:ce:97:23:4f:9b:ce:8b:88:80:18:3e:2e:bb:be:
                    af:bd:0d:7c:4c:d3:9f:a9:fc:cc:02:ca:e6:3f:cc:
                    e8:87:7e:f0:84:66:bd:55:84:5b:09:db:88:a4:d2:
                    35:fd:4a:e3:47:00:70:ae:77:b6:7d:56:d8:13:9e:
                    c4:6d:f9:ce:73:dc:6c:73:a4:e9:05:0e:92:9f:18:
                    8e:13:d8:51:22:ea:0d:5c:ed:2c:98:21:dc:0e:f6:
                    32:6b:75:2a:13:61:a8:77:7c:8d:32:8b:bf:3d:5e:
                    fa:f8:c9:0a:d1:b6:8c:c0:3d:52:08:f0:84:b4:d5:
                    21:cf:d6:3e:ac:98:af:e3:4a:62:0d:e7:38:be:6e:
                    f2:70:40:27:40:36:ee:58:ea:ea:73:79:19:5e:33:
                    0a:8a:3c:43:6d:e1:41:22:24:14:93:ce:78:93:bc:
                    b5:74:41:79:96:1d:15:32:fb:0d:f3:7a:78:28:7a:
                    24:47:41:81:d7:33:d7:3f:79:6c:71:bb:f7:5b:64:
                    37:93:0e:c4:c4:e8:b4:08:3e:12:44:58:f5:c8:29:
                    9f:6a:53:6d:d8:5f:9c:35:fe:9d:71:6e:05:94:a6:
                    b3:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:4D:29:30:C2:3D:57:F2:36:AC:98:F1:71:0F:F4:18:FD:31:8A:02
            X509v3 Authority Key Identifier:
                keyid:43:64:FE:73:41:9B:C8:6D:5F:2E:72:B4:14:B6:B4:D4:37:9D:5B:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q2T-c0GbyG1fLnK0FLa01DedW_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/SE0pMMI9V_I2rJjxcQ_0GP0xigI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/Q2T-c0GbyG1fLnK0FLa01DedW_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a8:66:91:b9:5b:09:b2:77:5c:5c:3c:e6:ca:d7:70:2e:e1:fb:
         01:3d:8c:c7:73:39:89:42:dc:da:55:36:96:c7:0f:2e:ba:96:
         ed:91:a1:1a:58:e3:23:fe:3a:ed:b5:bb:80:a2:fe:8d:56:3c:
         b1:ca:80:4c:b3:e9:a9:6d:d1:79:99:b7:b1:83:9f:54:61:5c:
         c7:5e:8a:95:f8:55:be:67:b6:d5:8c:0a:e3:0d:ef:33:e1:6c:
         0a:4e:7a:be:c7:6b:a0:a9:62:c9:0e:de:0a:5e:7d:c7:8b:ad:
         74:ed:60:72:38:a9:6f:71:51:52:9f:7e:e4:b3:e9:62:18:b7:
         9a:f3:93:db:91:90:de:fe:05:b2:92:ca:21:a6:d1:86:60:a7:
         2c:7f:89:1e:91:ff:ef:28:ee:1c:0f:39:c0:e1:c5:d5:5f:56:
         e8:aa:34:0e:04:fc:12:7b:7c:4b:17:e2:24:23:ab:b9:27:2b:
         49:6c:48:31:34:17:7d:f8:fd:c2:a2:af:a3:5c:73:4c:23:ef:
         6d:25:22:e9:52:6a:36:ac:a7:c3:06:2e:7f:95:a0:7f:6e:f0:
         8c:32:ad:e5:d4:45:33:84:ff:39:e6:4a:37:6e:f9:a3:d4:83:
         b4:74:a6:01:4d:2b:e8:2c:b0:ed:e4:69:4a:d8:28:6a:03:ca:
         41:f4:da:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2vcLFk4RvazYIKXuyQuqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNjRmZTczNDE5YmM4NmQ1ZjJlNzJiNDE0YjZiNGQ0Mzc5
ZDViZjUwHhcNMjQwMTAxMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODRkMjkzMGMyM2Q1N2YyMzZhYzk4ZjE3MTBmZjQxOGZkMzE4YTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvk4BX1E3M6IdK1FgmU61ksm3JUjx
YlxlP6/uIIu5zpcjT5vOi4iAGD4uu76vvQ18TNOfqfzMAsrmP8zoh37whGa9VYRb
CduIpNI1/UrjRwBwrne2fVbYE57EbfnOc9xsc6TpBQ6SnxiOE9hRIuoNXO0smCHc
DvYya3UqE2God3yNMou/PV76+MkK0baMwD1SCPCEtNUhz9Y+rJiv40piDec4vm7y
cEAnQDbuWOrqc3kZXjMKijxDbeFBIiQUk854k7y1dEF5lh0VMvsN83p4KHokR0GB
1zPXP3lscbv3W2Q3kw7ExOi0CD4SRFj1yCmfalNt2F+cNf6dcW4FlKazfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEhNKTDCPVfyNqyY8XEP9Bj9MYoCMB8GA1UdIwQY
MBaAFENk/nNBm8htXy5ytBS2tNQ3nVv1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTJULWMwR2J5RzFmTG5LMEZMYTAxRGVkV19VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy8wYjE4MTUtNTNkNy00NTZkLTlmYjQt
NjcwMzA4ZDFlYzlkLzEvU0UwcE1NSTlWX0kyckpqeGNRXzBHUDB4aWdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy8wYjE4MTUtNTNkNy00NTZkLTlmYjQtNjcwMzA4ZDFlYzlk
LzEvUTJULWMwR2J5RzFmTG5LMEZMYTAxRGVkV19VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuaxuMA0G
CSqGSIb3DQEBCwUAA4IBAQCoZpG5Wwmyd1xcPObK13Au4fsBPYzHczmJQtzaVTaW
xw8uupbtkaEaWOMj/jrttbuAov6NVjyxyoBMs+mpbdF5mbexg59UYVzHXoqV+FW+
Z7bVjArjDe8z4WwKTnq+x2ugqWLJDt4KXn3Hi6107WByOKlvcVFSn37ks+liGLea
85PbkZDe/gWyksohptGGYKcsf4kekf/vKO4cDznA4cXVX1boqjQOBPwSe3xLF+Ik
I6u5JytJbEgxNBd9+P3Coq+jXHNMI+9tJSLpUmo2rKfDBi5/laB/bvCMMq3l1EUz
hP855ko3bvmj1IO0dKYBTSvoLLDt5GlK2ChqA8pB9NqQ
-----END CERTIFICATE-----