Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/Sei-sj1CQvE-Ul2wwdvzFpnF-g0.roa
File:                     Sei-sj1CQvE-Ul2wwdvzFpnF-g0.roa (raw, json)
Hash identifier:          WiXd1nM7nsxzgtrABhl751kAMYkjqfd+vapup2nc3+4=
Subject key identifier:   49:E8:BE:B2:3D:42:42:F1:3E:52:5D:B0:C1:DB:F3:16:99:C5:FA:0D
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       01968B96FE95FEF694A2BE089853BE564F0B
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/Sei-sj1CQvE-Ul2wwdvzFpnF-g0.roa
Signing time:             Thu 01 May 2025 11:24:10 +0000
ROA not before:           Thu 01 May 2025 11:24:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34665
IP address blocks:        45.128.128.0/24 maxlen: 24
                          84.252.70.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:8b:96:fe:95:fe:f6:94:a2:be:08:98:53:be:56:4f:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: May  1 11:24:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=49e8beb23d4242f13e525db0c1dbf31699c5fa0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:97:ec:9a:4a:db:7a:80:5f:7c:48:1d:29:99:
                    ab:21:74:43:a9:38:d2:e7:3e:2c:5d:dd:17:9a:2a:
                    5f:69:70:14:6a:a5:1c:f7:54:26:15:63:49:1e:cf:
                    fc:af:8a:fc:46:f2:2e:52:b8:f9:c1:47:29:bd:8a:
                    5d:89:55:f5:b2:79:62:57:36:6b:42:3d:46:b1:a0:
                    9b:af:99:58:7b:69:75:40:78:f1:5e:c0:a0:d6:2f:
                    cd:94:93:4e:4b:48:e9:ec:bb:08:db:58:c8:b4:a0:
                    c0:d5:07:90:00:33:61:90:9a:70:de:2c:7f:7c:ed:
                    fa:31:53:9b:60:41:6d:06:e5:8c:30:07:20:18:f7:
                    f5:cf:eb:6f:d2:40:b5:1f:5f:9f:02:3d:dd:3c:c6:
                    b9:3b:44:8f:d5:e0:f1:a1:66:f0:5d:30:7e:d5:64:
                    2d:46:b1:16:19:bb:63:8b:8e:e7:b5:c9:55:50:4a:
                    0d:6b:84:19:eb:c0:16:03:fd:ba:17:2b:57:fd:99:
                    6b:53:bd:74:f9:5a:28:ed:e7:07:c0:9a:79:5d:01:
                    c9:47:df:18:46:8f:2e:14:b8:f3:6a:5e:f5:ab:65:
                    0d:b5:a3:3d:d5:a9:6c:1c:c5:1e:1f:0e:c0:e6:6e:
                    12:9e:3d:f4:b9:14:db:40:e6:8a:6c:09:29:ff:63:
                    81:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:E8:BE:B2:3D:42:42:F1:3E:52:5D:B0:C1:DB:F3:16:99:C5:FA:0D
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/Sei-sj1CQvE-Ul2wwdvzFpnF-g0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.128.0/24
                  84.252.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:6f:50:05:67:fd:d4:d8:cd:1b:65:43:a4:b8:c3:db:6a:92:
         18:c5:23:49:7c:23:88:b3:60:c6:04:53:d2:fe:63:72:19:29:
         90:d5:a2:7a:42:4a:f3:e7:b0:8a:4b:67:16:46:d2:7b:d4:00:
         ac:a5:03:c3:f3:3e:a4:1f:b4:66:0c:07:6a:3d:99:4d:7d:71:
         c2:7c:e6:2f:52:a9:8e:a6:0c:e3:77:c9:13:bb:b9:c4:09:90:
         b3:a9:23:35:10:35:b8:d2:29:f9:c1:db:e6:6b:f0:9b:6f:bf:
         44:61:80:32:0a:2d:3f:04:fc:fd:7f:03:cb:81:82:c4:b6:4f:
         a4:ee:b8:a4:3a:70:12:e0:6e:07:d3:90:62:9b:b0:52:fe:15:
         65:ba:7c:60:1a:69:7c:0e:53:38:d6:1f:4d:ef:d9:ce:2f:fd:
         89:01:40:c8:75:eb:d3:39:dd:93:82:42:a2:65:62:4e:48:f8:
         fa:9b:74:35:ee:55:86:77:9f:0a:38:c7:d7:0f:98:83:9a:fa:
         ac:eb:4b:ef:6b:e4:cf:f4:62:f7:b6:df:da:8e:54:f0:09:81:
         c2:d2:5d:ee:15:5b:3d:71:ae:91:1b:23:b4:3e:ff:d3:5a:0d:
         53:04:09:b3:35:f0:0b:09:b9:aa:6c:5f:b3:9d:b5:a9:58:75:
         f7:f4:29:8f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZaLlv6V/vaUor4ImFO+Vk8LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwNTAxMTEyNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWU4YmViMjNkNDI0MmYxM2U1MjVkYjBjMWRiZjMxNjk5YzVmYTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZfsmkrbeoBffEgdKZmrIXRDqTjS
5z4sXd0XmipfaXAUaqUc91QmFWNJHs/8r4r8RvIuUrj5wUcpvYpdiVX1snliVzZr
Qj1GsaCbr5lYe2l1QHjxXsCg1i/NlJNOS0jp7LsI21jItKDA1QeQADNhkJpw3ix/
fO36MVObYEFtBuWMMAcgGPf1z+tv0kC1H1+fAj3dPMa5O0SP1eDxoWbwXTB+1WQt
RrEWGbtji47ntclVUEoNa4QZ68AWA/26FytX/ZlrU710+Voo7ecHwJp5XQHJR98Y
Ro8uFLjzal71q2UNtaM91alsHMUeHw7A5m4Snj30uRTbQOaKbAkp/2OBHwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEnovrI9QkLxPlJdsMHb8xaZxfoNMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvU2VpLXNqMUNRdkUtVWwyd3dkdnpGcG5GLWcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYCAAwQB
VPxGMA0GCSqGSIb3DQEBCwUAA4IBAQCCb1AFZ/3U2M0bZUOkuMPbapIYxSNJfCOI
s2DGBFPS/mNyGSmQ1aJ6Qkrz57CKS2cWRtJ71ACspQPD8z6kH7RmDAdqPZlNfXHC
fOYvUqmOpgzjd8kTu7nECZCzqSM1EDW40in5wdvma/Cbb79EYYAyCi0/BPz9fwPL
gYLEtk+k7rikOnAS4G4H05Bim7BS/hVlunxgGml8DlM41h9N79nOL/2JAUDIdevT
Od2TgkKiZWJOSPj6m3Q17lWGd58KOMfXD5iDmvqs60vva+TP9GL3tt/ajlTwCYHC
0l3uFVs9ca6RGyO0Pv/TWg1TBAmzNfALCbmqbF+znbWpWHX39CmP
-----END CERTIFICATE-----