Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/seE_QBv0ygPjzgaL3rSesYLY_0A.roa
File:                     seE_QBv0ygPjzgaL3rSesYLY_0A.roa (raw, json)
Hash identifier:          a0LlQt6AmApHnlV4lK2J/7kzRpmbLO4Rryqmz0kEEGc=
Subject key identifier:   B1:E1:3F:40:1B:F4:CA:03:E3:CE:06:8B:DE:B4:9E:B1:82:D8:FF:40
Certificate issuer:       /CN=d4375814344df0bf6d017733acdc488f002631b2
Certificate serial:       019685A89D1520D1922C57E84CF7F4B11112
Authority key identifier: D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/seE_QBv0ygPjzgaL3rSesYLY_0A.roa
Signing time:             Wed 30 Apr 2025 07:45:42 +0000
ROA not before:           Wed 30 Apr 2025 07:45:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        46.8.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:85:a8:9d:15:20:d1:92:2c:57:e8:4c:f7:f4:b1:11:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4375814344df0bf6d017733acdc488f002631b2
        Validity
            Not Before: Apr 30 07:45:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1e13f401bf4ca03e3ce068bdeb49eb182d8ff40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3c:a6:8f:27:e9:6f:75:52:2d:a6:c1:e8:f2:
                    50:07:df:a8:a1:d8:58:be:d3:ee:49:07:51:dd:de:
                    5c:97:ca:5b:9a:59:68:c2:70:ab:f8:30:d0:a1:4a:
                    04:9b:59:e8:27:f5:21:93:6a:ed:74:da:26:37:cc:
                    d4:6c:99:c6:f2:cb:0f:0f:c1:78:21:02:1d:68:d7:
                    a2:2a:f7:1a:cd:72:95:b0:e5:3c:db:00:d3:9a:28:
                    a9:d6:7e:8c:6f:16:f7:2b:be:35:f3:68:b2:6d:00:
                    0b:9c:89:9f:e8:d7:c8:e5:d6:9d:12:26:04:4a:5a:
                    ff:6d:11:84:fe:94:00:44:c2:ae:af:07:04:e2:b5:
                    79:9c:cc:49:1a:a9:58:d5:b2:c1:13:b6:11:8a:00:
                    aa:49:51:6f:11:9f:00:5f:41:d4:36:74:25:fb:0a:
                    37:08:98:31:4d:e5:7c:f9:15:d8:ab:07:37:6d:a5:
                    57:0a:1e:e1:a9:cf:30:84:87:49:87:9f:0f:ef:71:
                    07:1d:72:58:8b:13:20:d6:96:ae:d8:84:4e:6d:45:
                    3e:82:6e:fe:41:1b:53:45:39:d6:c0:ae:df:b6:bc:
                    4a:66:5e:ef:71:85:c6:da:cf:32:a7:8b:95:b0:79:
                    83:06:f4:b4:9e:87:a8:88:a3:90:b3:d2:75:24:91:
                    3b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:E1:3F:40:1B:F4:CA:03:E3:CE:06:8B:DE:B4:9E:B1:82:D8:FF:40
            X509v3 Authority Key Identifier:
                keyid:D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/seE_QBv0ygPjzgaL3rSesYLY_0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:75:80:a7:b5:f3:79:1d:cd:17:34:95:05:9f:2c:df:82:64:
         3a:ea:7c:6a:89:98:93:21:38:b4:88:70:99:3c:25:3b:62:78:
         3b:ca:f7:78:10:bb:91:cf:96:b5:7c:c1:74:6a:0e:43:53:b2:
         41:47:bf:59:ce:47:61:50:1c:3a:f8:ee:05:fb:65:21:5f:d3:
         08:6b:ee:9a:d0:b8:fb:e8:aa:b5:ab:d9:a8:37:66:61:1a:4a:
         26:5c:4f:a2:bb:9a:92:1b:1d:ca:50:d1:4a:e0:38:26:4d:d5:
         a6:15:cb:41:f0:dd:7c:46:2c:bd:81:81:39:dc:9a:06:05:2a:
         3e:36:fd:fe:a3:e0:ab:bf:7b:13:53:65:80:95:ef:f6:93:26:
         c6:93:7a:6b:d0:9c:d1:76:24:4a:96:50:b4:d9:4d:50:b0:2e:
         b2:b1:76:ae:28:3b:dc:64:be:23:81:97:16:3e:12:58:27:07:
         3e:0e:3b:61:52:38:64:db:66:6d:17:ee:73:70:33:7a:e0:4e:
         5c:e7:b1:fb:e8:82:8a:b3:4b:f9:e0:37:73:d5:69:78:4d:83:
         79:18:0f:91:77:e6:3f:ef:b8:6d:3c:e1:fc:35:2c:21:a3:75:
         71:c9:f8:69:11:64:2b:ea:8f:f8:ee:17:e0:92:12:11:71:2a:
         8a:d2:e9:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaFqJ0VINGSLFfoTPf0sRESMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Mzc1ODE0MzQ0ZGYwYmY2ZDAxNzczM2FjZGM0ODhmMDAy
NjMxYjIwHhcNMjUwNDMwMDc0NTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWUxM2Y0MDFiZjRjYTAzZTNjZTA2OGJkZWI0OWViMTgyZDhmZjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTymjyfpb3VSLabB6PJQB9+oodhY
vtPuSQdR3d5cl8pbmllownCr+DDQoUoEm1noJ/Uhk2rtdNomN8zUbJnG8ssPD8F4
IQIdaNeiKvcazXKVsOU82wDTmiip1n6Mbxb3K74182iybQALnImf6NfI5dadEiYE
Slr/bRGE/pQARMKurwcE4rV5nMxJGqlY1bLBE7YRigCqSVFvEZ8AX0HUNnQl+wo3
CJgxTeV8+RXYqwc3baVXCh7hqc8whIdJh58P73EHHXJYixMg1pau2IRObUU+gm7+
QRtTRTnWwK7ftrxKZl7vcYXG2s8yp4uVsHmDBvS0noeoiKOQs9J1JJE7KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHhP0Ab9MoD484Gi960nrGC2P9AMB8GA1UdIwQY
MBaAFNQ3WBQ0TfC/bQF3M6zcSI8AJjGyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2Yt
MzY3MWQ2N2ViOWY4LzEvc2VFX1FCdjB5Z1BqemdhTDNyU2VzWUxZXzBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2YtMzY3MWQ2N2ViOWY4
LzEvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALgh0MA0G
CSqGSIb3DQEBCwUAA4IBAQA2dYCntfN5Hc0XNJUFnyzfgmQ66nxqiZiTITi0iHCZ
PCU7Yng7yvd4ELuRz5a1fMF0ag5DU7JBR79ZzkdhUBw6+O4F+2UhX9MIa+6a0Lj7
6Kq1q9moN2ZhGkomXE+iu5qSGx3KUNFK4DgmTdWmFctB8N18Riy9gYE53JoGBSo+
Nv3+o+Crv3sTU2WAle/2kybGk3pr0JzRdiRKllC02U1QsC6ysXauKDvcZL4jgZcW
PhJYJwc+DjthUjhk22ZtF+5zcDN64E5c57H76IKKs0v54Ddz1Wl4TYN5GA+Rd+Y/
77htPOH8NSwho3VxyfhpEWQr6o/47hfgkhIRcSqK0ul+
-----END CERTIFICATE-----