Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/SwpsQIohJ5-uqhezc6fRHu8vDZI.roa
File:                     SwpsQIohJ5-uqhezc6fRHu8vDZI.roa (raw, json)
Hash identifier:          96JbmNw/DNYPpJkAC3HA1XT6lEOAvXYqxzvf3xGJlB8=
Subject key identifier:   4B:0A:6C:40:8A:21:27:9F:AE:AA:17:B3:73:A7:D1:1E:EF:2F:0D:92
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       018CCA2A39ADC49D97A335DC5A3952DE58AC
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/SwpsQIohJ5-uqhezc6fRHu8vDZI.roa
Signing time:             Tue 02 Jan 2024 12:33:33 +0000
ROA not before:           Tue 02 Jan 2024 12:33:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212860
IP address blocks:        176.221.28.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:39:ad:c4:9d:97:a3:35:dc:5a:39:52:de:58:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Jan  2 12:33:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b0a6c408a21279faeaa17b373a7d11eef2f0d92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:8a:0d:fa:39:cc:f6:8d:1f:eb:08:93:90:f2:
                    4f:a0:17:f8:77:fd:83:81:ba:65:8e:4d:16:99:6b:
                    4c:33:f9:53:71:76:f3:22:f5:23:62:ff:e1:ea:68:
                    d3:22:aa:f1:af:10:91:96:e8:07:89:7e:09:e2:e8:
                    30:0e:4b:a3:06:4c:6e:8f:50:16:62:44:56:a8:ef:
                    b2:c0:b0:d5:57:d0:f0:40:37:35:15:8e:b9:d4:6e:
                    db:26:f6:8c:1d:73:6f:3c:e1:47:e1:69:bc:9b:83:
                    0e:d1:d0:19:ff:43:09:21:f8:19:31:79:26:a8:b5:
                    82:20:98:0c:c2:c6:e4:df:50:ac:ca:12:5f:c6:fc:
                    a9:cc:7d:83:98:0e:2b:f9:96:5b:61:90:12:c1:90:
                    30:7a:ea:1c:de:80:2f:95:cd:af:d2:06:c0:67:a2:
                    0d:6f:25:6a:4e:b5:cb:54:89:e3:73:0b:ca:82:1e:
                    e0:93:38:45:51:db:d1:c2:4c:cf:1f:3b:7b:3d:5d:
                    de:a1:24:0b:79:7a:67:36:36:f1:a1:d5:0e:95:9b:
                    e9:71:6e:dc:37:cf:5e:93:af:a0:62:9d:83:c4:b2:
                    5a:ba:39:d3:9e:91:ab:5f:b2:b2:02:df:9a:f1:1a:
                    b1:41:a4:79:a4:22:ac:ea:8d:76:8b:83:79:90:aa:
                    55:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:0A:6C:40:8A:21:27:9F:AE:AA:17:B3:73:A7:D1:1E:EF:2F:0D:92
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/SwpsQIohJ5-uqhezc6fRHu8vDZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.221.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:f6:86:47:ad:a3:69:45:2c:b7:f9:c2:60:51:7b:f9:e6:4c:
         3c:97:15:5c:7b:90:92:63:25:32:2a:6e:48:d8:c1:10:2a:fc:
         57:70:73:15:93:c8:48:df:fd:14:70:6e:60:7c:b0:37:35:aa:
         39:f7:0b:23:52:28:ab:f8:a9:25:b5:4a:41:e4:14:32:ea:6e:
         19:e1:c8:43:bb:19:1d:9a:d8:e5:2f:d5:d3:00:03:d9:c9:55:
         63:0d:41:52:04:74:e6:c5:76:79:bb:7b:f8:10:87:44:63:02:
         08:47:4a:10:0a:13:db:88:62:67:c7:52:21:51:5a:32:13:06:
         16:38:20:d4:6d:ed:d9:76:7e:00:6b:ed:a6:2b:89:b4:16:49:
         70:0e:bd:ab:87:3e:32:a9:0a:c8:4a:5a:37:ae:b5:80:05:df:
         9d:fe:15:6a:70:c9:0d:69:87:78:d1:0d:01:40:18:0f:02:0e:
         a4:aa:74:2a:65:bf:54:50:7e:65:9c:77:16:d6:d9:6b:8c:ea:
         9b:d8:24:3e:c9:86:58:f3:10:f2:37:be:1a:0f:4a:d5:ca:82:
         da:ad:48:5a:44:83:84:5e:b3:f0:c5:4d:7b:7f:81:a0:99:f9:
         80:72:ff:db:cd:6f:74:a6:78:86:73:30:2e:f0:88:8a:cd:39:
         82:01:7b:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKjmtxJ2XozXcWjlS3lisMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwMTAyMTIzMzMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjBhNmM0MDhhMjEyNzlmYWVhYTE3YjM3M2E3ZDExZWVmMmYwZDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkooN+jnM9o0f6wiTkPJPoBf4d/2D
gbpljk0WmWtMM/lTcXbzIvUjYv/h6mjTIqrxrxCRlugHiX4J4ugwDkujBkxuj1AW
YkRWqO+ywLDVV9DwQDc1FY651G7bJvaMHXNvPOFH4Wm8m4MO0dAZ/0MJIfgZMXkm
qLWCIJgMwsbk31CsyhJfxvypzH2DmA4r+ZZbYZASwZAweuoc3oAvlc2v0gbAZ6IN
byVqTrXLVInjcwvKgh7gkzhFUdvRwkzPHzt7PV3eoSQLeXpnNjbxodUOlZvpcW7c
N89ek6+gYp2DxLJaujnTnpGrX7KyAt+a8RqxQaR5pCKs6o12i4N5kKpVMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEsKbECKISefrqoXs3On0R7vLw2SMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvU3dwc1FJb2hKNS11cWhlemM2ZlJIdTh2RFpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsN0cMA0G
CSqGSIb3DQEBCwUAA4IBAQCE9oZHraNpRSy3+cJgUXv55kw8lxVce5CSYyUyKm5I
2MEQKvxXcHMVk8hI3/0UcG5gfLA3Nao59wsjUiir+KkltUpB5BQy6m4Z4chDuxkd
mtjlL9XTAAPZyVVjDUFSBHTmxXZ5u3v4EIdEYwIIR0oQChPbiGJnx1IhUVoyEwYW
OCDUbe3Zdn4Aa+2mK4m0FklwDr2rhz4yqQrISlo3rrWABd+d/hVqcMkNaYd40Q0B
QBgPAg6kqnQqZb9UUH5lnHcW1tlrjOqb2CQ+yYZY8xDyN74aD0rVyoLarUhaRIOE
XrPwxU17f4GgmfmAcv/bzW90pniGczAu8IiKzTmCAXs7
-----END CERTIFICATE-----