Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/SeineHGKvZdajOYTOk5C_QbLtYg.roa
File:                     SeineHGKvZdajOYTOk5C_QbLtYg.roa (raw, json)
Hash identifier:          R8q8O+6260Jl5l/umUYRVn1fsOpX6Uo1tkXH6vBiEOw=
Subject key identifier:   49:E8:A7:78:71:8A:BD:97:5A:8C:E6:13:3A:4E:42:FD:06:CB:B5:88
Certificate issuer:       /CN=874bf8070cee4305d1a389e910fb5102bbcc1941
Certificate serial:       0192D0365E43AECB6D9A0AD5CEAF065B449F
Authority key identifier: 87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/SeineHGKvZdajOYTOk5C_QbLtYg.roa
Signing time:             Sun 27 Oct 2024 23:01:16 +0000
ROA not before:           Sun 27 Oct 2024 23:01:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     249
IP address blocks:        85.237.80.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d0:36:5e:43:ae:cb:6d:9a:0a:d5:ce:af:06:5b:44:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=874bf8070cee4305d1a389e910fb5102bbcc1941
        Validity
            Not Before: Oct 27 23:01:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49e8a778718abd975a8ce6133a4e42fd06cbb588
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:11:33:18:a1:ba:ae:db:fd:14:45:25:a0:47:
                    b2:b2:cb:be:0e:f5:60:ca:63:e4:21:9a:3d:12:16:
                    fc:6d:65:18:69:d0:63:ac:a2:50:95:80:e1:a8:f1:
                    57:c3:52:d8:c6:0c:31:2d:89:fb:ca:ce:32:63:10:
                    d6:64:5d:83:78:25:2d:0d:0c:fd:cb:e3:35:7e:e7:
                    46:8a:03:81:d9:d4:7b:7a:f2:27:c0:95:b3:0e:6a:
                    fd:29:f0:60:c7:17:6b:c9:8a:2d:00:c6:e4:7e:10:
                    68:d9:e1:4a:61:19:59:eb:ef:85:d5:26:a7:0d:50:
                    73:76:c7:c0:6d:02:df:7f:f5:d2:c8:33:16:4d:c7:
                    88:31:14:dd:97:24:66:e1:a7:8c:db:26:cd:c8:71:
                    64:69:41:5d:57:f7:6b:81:b9:b1:56:dd:93:66:74:
                    22:28:9a:79:0a:90:fb:12:58:37:ba:7a:a0:39:59:
                    17:6b:5e:c9:c0:7c:28:58:bb:ff:6e:c3:b2:4d:b9:
                    56:20:51:0e:75:a9:ab:5d:8b:40:9c:23:c4:2c:4e:
                    40:3a:f9:cb:48:78:3c:d1:0a:97:fc:87:8e:af:16:
                    f7:cf:fd:e5:16:d8:e2:3b:b0:d0:d6:05:89:08:ee:
                    bd:9f:9a:80:ab:dd:4c:7c:40:10:37:e9:be:1a:b7:
                    5d:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:E8:A7:78:71:8A:BD:97:5A:8C:E6:13:3A:4E:42:FD:06:CB:B5:88
            X509v3 Authority Key Identifier:
                keyid:87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/SeineHGKvZdajOYTOk5C_QbLtYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:29:45:7d:b7:52:41:e9:10:c3:c0:8b:b0:0b:ec:3a:70:00:
         a4:9e:1c:3b:c8:a8:92:e3:55:38:59:d6:b1:9b:27:44:76:ee:
         47:a8:d0:34:bb:01:a7:ec:e2:82:1c:5a:a0:1a:9e:d6:0f:58:
         8e:91:40:3f:c7:9d:e7:ac:fc:52:65:6e:82:41:5f:c7:35:04:
         fe:81:53:21:0e:e6:f9:74:95:d9:0c:4d:9a:f7:e8:4e:80:43:
         fc:37:db:dd:fd:9e:51:b1:98:a4:7e:f2:81:d7:dd:aa:81:02:
         ba:71:21:30:b6:c8:be:8f:d0:29:b1:90:be:69:eb:41:40:d8:
         18:b6:6e:cc:41:6d:25:4f:60:a0:29:ea:75:6d:e9:51:a2:75:
         33:31:b4:ee:8a:09:66:a6:8f:ba:c7:62:8e:da:8e:ba:b5:3f:
         79:bb:47:9c:cd:dd:e0:7c:d0:80:2f:95:9c:a9:7d:14:3a:9e:
         d1:3e:c1:8e:f8:3e:f3:67:33:e8:3d:4e:71:11:2f:0d:45:bd:
         bf:64:e2:71:1e:b6:0a:1e:ba:cf:41:86:45:64:bd:50:e9:e5:
         d1:58:20:71:61:25:a1:c4:91:a4:41:f1:06:7f:20:d0:8c:b6:
         c2:6c:9b:54:e6:4a:1a:11:1a:9c:cf:b0:15:34:ec:a8:97:9b:
         0b:26:39:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLQNl5DrsttmgrVzq8GW0SfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NGJmODA3MGNlZTQzMDVkMWEzODllOTEwZmI1MTAyYmJj
YzE5NDEwHhcNMjQxMDI3MjMwMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWU4YTc3ODcxOGFiZDk3NWE4Y2U2MTMzYTRlNDJmZDA2Y2JiNTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzREzGKG6rtv9FEUloEeyssu+DvVg
ymPkIZo9Ehb8bWUYadBjrKJQlYDhqPFXw1LYxgwxLYn7ys4yYxDWZF2DeCUtDQz9
y+M1fudGigOB2dR7evInwJWzDmr9KfBgxxdryYotAMbkfhBo2eFKYRlZ6++F1San
DVBzdsfAbQLff/XSyDMWTceIMRTdlyRm4aeM2ybNyHFkaUFdV/drgbmxVt2TZnQi
KJp5CpD7Elg3unqgOVkXa17JwHwoWLv/bsOyTblWIFEOdamrXYtAnCPELE5AOvnL
SHg80QqX/IeOrxb3z/3lFtjiO7DQ1gWJCO69n5qAq91MfEAQN+m+Grdd1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEnop3hxir2XWozmEzpOQv0Gy7WIMB8GA1UdIwQY
MBaAFIdL+AcM7kMF0aOJ6RD7UQK7zBlBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWIt
NmZlNGQ4ZmVkMTYwLzEvU2VpbmVIR0t2WmRhak9ZVE9rNUNfUWJMdFlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWItNmZlNGQ4ZmVkMTYw
LzEvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVe1QMA0G
CSqGSIb3DQEBCwUAA4IBAQASKUV9t1JB6RDDwIuwC+w6cACknhw7yKiS41U4Wdax
mydEdu5HqNA0uwGn7OKCHFqgGp7WD1iOkUA/x53nrPxSZW6CQV/HNQT+gVMhDub5
dJXZDE2a9+hOgEP8N9vd/Z5RsZikfvKB192qgQK6cSEwtsi+j9ApsZC+aetBQNgY
tm7MQW0lT2CgKep1belRonUzMbTuiglmpo+6x2KO2o66tT95u0eczd3gfNCAL5Wc
qX0UOp7RPsGO+D7zZzPoPU5xES8NRb2/ZOJxHrYKHrrPQYZFZL1Q6eXRWCBxYSWh
xJGkQfEGfyDQjLbCbJtU5koaERqcz7AVNOyol5sLJjm8
-----END CERTIFICATE-----