Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/swHkjVq7RZNzEcVisnGFGjYgnHE.roa
File:                     swHkjVq7RZNzEcVisnGFGjYgnHE.roa (raw, json)
Hash identifier:          v2NIOt8hdQChRH7FztCLL0hgpR5RwLhWsaRLt1zTOYg=
Subject key identifier:   B3:01:E4:8D:5A:BB:45:93:73:11:C5:62:B2:71:85:1A:36:20:9C:71
Certificate issuer:       /CN=f8a966664ec96edbd12e8e82e940bfb9faec105e
Certificate serial:       0191B905114BE088689DE5E3AF1ADE556863
Authority key identifier: F8:A9:66:66:4E:C9:6E:DB:D1:2E:8E:82:E9:40:BF:B9:FA:EC:10:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/swHkjVq7RZNzEcVisnGFGjYgnHE.roa
Signing time:             Tue 03 Sep 2024 17:53:22 +0000
ROA not before:           Tue 03 Sep 2024 17:53:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47496
IP address blocks:        2a0a:4587:2040::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 02:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b9:05:11:4b:e0:88:68:9d:e5:e3:af:1a:de:55:68:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8a966664ec96edbd12e8e82e940bfb9faec105e
        Validity
            Not Before: Sep  3 17:53:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b301e48d5abb45937311c562b271851a36209c71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f5:14:05:7a:4f:03:b1:1b:e7:db:f1:4d:39:
                    58:d0:78:31:78:8d:52:db:17:f3:6d:ff:d2:ba:a1:
                    22:6d:31:f7:ce:d7:64:f5:75:76:bc:38:05:e9:48:
                    66:9a:39:01:8d:5e:69:20:c9:61:93:47:d2:c5:54:
                    00:dd:22:ed:7b:8c:e1:c4:2d:45:53:72:6f:02:48:
                    f5:99:8a:12:4c:ab:cd:06:98:8c:b3:ff:13:16:74:
                    97:ef:da:0a:32:b3:ee:93:40:be:b1:72:2e:65:25:
                    b2:1c:76:a4:ef:b8:3b:03:c6:4c:2d:5e:1f:20:60:
                    89:1b:d8:ba:d8:ad:31:1c:5c:33:fb:dd:71:48:1e:
                    94:52:e5:db:70:78:16:b7:3c:e9:ee:0d:11:39:3a:
                    06:90:05:92:e6:a7:ac:ef:79:e3:54:d0:57:6e:5d:
                    de:03:57:32:19:0e:32:f2:e3:60:d9:20:1f:38:81:
                    6d:02:d9:00:79:ba:4f:4d:3e:50:ba:8f:04:7f:fa:
                    a1:8f:7b:8b:06:04:ad:ac:ba:56:95:4c:5f:33:99:
                    3b:5e:db:a7:5b:0b:0e:4d:84:4b:89:e5:73:c5:24:
                    e3:8b:fe:d3:03:17:86:2f:ff:58:f9:8c:f4:e2:3a:
                    ba:11:3c:0a:7c:d6:ef:be:4b:06:52:a2:05:e6:3d:
                    4b:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:01:E4:8D:5A:BB:45:93:73:11:C5:62:B2:71:85:1A:36:20:9C:71
            X509v3 Authority Key Identifier:
                keyid:F8:A9:66:66:4E:C9:6E:DB:D1:2E:8E:82:E9:40:BF:B9:FA:EC:10:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/swHkjVq7RZNzEcVisnGFGjYgnHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:4587:2040::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:2f:2b:0b:b5:89:9a:d8:f6:7d:db:4c:4a:3c:a1:0b:d8:78:
         f2:68:db:d5:62:3a:ba:15:0d:de:66:32:44:7a:8b:e4:ca:9f:
         b8:b3:5a:26:76:95:17:56:53:d5:ca:11:c3:87:36:1a:ae:9c:
         28:4e:6f:b2:a7:a4:99:42:f6:22:ab:57:a5:cd:8f:8d:78:3a:
         6c:97:42:05:6d:bb:8b:e1:8d:85:25:b9:71:38:7c:db:7d:67:
         4b:2c:38:66:db:5a:99:a5:46:44:a2:47:e7:69:55:b4:38:54:
         5e:58:b7:2b:f8:e9:09:81:bf:56:7c:95:91:ae:f5:1d:b8:d5:
         3d:5a:61:d7:b0:1e:76:21:4f:b7:1b:8b:ab:3e:00:ce:46:77:
         23:65:8e:0e:ea:df:62:21:ec:68:9d:b9:d6:8c:dc:2d:1e:e9:
         0c:b5:1a:76:86:d1:21:9c:dc:39:b5:4d:6e:7f:50:2b:0f:23:
         46:3c:3c:71:34:a6:bd:87:25:c3:3c:f1:1e:55:3c:e5:15:9e:
         b3:ba:47:69:55:a2:dd:83:04:1f:a6:57:72:e2:52:b1:e1:5f:
         cb:60:ff:96:b7:d3:9b:a8:1e:3c:bd:bb:2d:c3:10:0c:81:2b:
         b6:29:ee:cb:8c:b8:46:ae:4c:27:f7:d1:a5:35:82:b4:67:4d:
         17:3e:f7:db
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZG5BRFL4IhoneXjrxreVWhjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YTk2NjY2NGVjOTZlZGJkMTJlOGU4MmU5NDBiZmI5ZmFl
YzEwNWUwHhcNMjQwOTAzMTc1MzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzAxZTQ4ZDVhYmI0NTkzNzMxMWM1NjJiMjcxODUxYTM2MjA5YzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPUUBXpPA7Eb59vxTTlY0HgxeI1S
2xfzbf/SuqEibTH3ztdk9XV2vDgF6UhmmjkBjV5pIMlhk0fSxVQA3SLte4zhxC1F
U3JvAkj1mYoSTKvNBpiMs/8TFnSX79oKMrPuk0C+sXIuZSWyHHak77g7A8ZMLV4f
IGCJG9i62K0xHFwz+91xSB6UUuXbcHgWtzzp7g0ROToGkAWS5qes73njVNBXbl3e
A1cyGQ4y8uNg2SAfOIFtAtkAebpPTT5Quo8Ef/qhj3uLBgStrLpWlUxfM5k7Xtun
WwsOTYRLieVzxSTji/7TAxeGL/9Y+Yz04jq6ETwKfNbvvksGUqIF5j1LHQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFLMB5I1au0WTcxHFYrJxhRo2IJxxMB8GA1UdIwQY
MBaAFPipZmZOyW7b0S6OgulAv7n67BBeMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1LbG1aazdKYnR2UkxvNkM2VUNfdWZyc0VGNC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUvNjRhYjk5LTQ5YWEtNGFhZS04ZGQ1
LTM4MjM1NWZjMmZmMS8xL3N3SGtqVnE3UlpOekVjVmlzbkdGR2pZZ25IRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDUvNjRhYjk5LTQ5YWEtNGFhZS04ZGQ1LTM4MjM1NWZjMmZm
MS8xLzEtS2xtWms3SmJ0dlJMbzZDNlVDX3VmcnNFRjQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqCkWH
IEAwDQYJKoZIhvcNAQELBQADggEBAFQvKwu1iZrY9n3bTEo8oQvYePJo29ViOroV
Dd5mMkR6i+TKn7izWiZ2lRdWU9XKEcOHNhqunChOb7KnpJlC9iKrV6XNj414OmyX
QgVtu4vhjYUluXE4fNt9Z0ssOGbbWpmlRkSiR+dpVbQ4VF5Ytyv46QmBv1Z8lZGu
9R241T1aYdewHnYhT7cbi6s+AM5GdyNljg7q32Ih7GidudaM3C0e6Qy1GnaG0SGc
3Dm1TW5/UCsPI0Y8PHE0pr2HJcM88R5VPOUVnrO6R2lVot2DBB+mV3LiUrHhX8tg
/5a305uoHjy9uy3DEAyBK7Yp7suMuEauTCf30aU1grRnTRc+99s=
-----END CERTIFICATE-----