Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/SXWCnabocpdIDsu3QypmtrSOtJs.roa
File:                     SXWCnabocpdIDsu3QypmtrSOtJs.roa (raw, json)
Hash identifier:          etynZy/LD7DZduvuVZ/o9jzl31NJ450OoYB10W57bHQ=
Subject key identifier:   49:75:82:9D:A6:E8:72:97:48:0E:CB:B7:43:2A:66:B6:B4:8E:B4:9B
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       018F62EEA054CEB69067271D34C8F21A610B
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/SXWCnabocpdIDsu3QypmtrSOtJs.roa
Signing time:             Fri 10 May 2024 14:35:56 +0000
ROA not before:           Fri 10 May 2024 14:35:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        45.133.141.0/24 maxlen: 24
                          45.133.143.0/24 maxlen: 24
                          193.39.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:62:ee:a0:54:ce:b6:90:67:27:1d:34:c8:f2:1a:61:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: May 10 14:35:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4975829da6e87297480ecbb7432a66b6b48eb49b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:c9:9e:c7:24:d5:10:3e:9a:36:9b:f3:b9:30:
                    17:a1:0b:45:3f:8b:b7:b7:db:77:2f:3d:41:0d:d3:
                    43:47:74:2e:99:a1:0a:50:24:b3:ac:65:f1:26:44:
                    bd:6f:f7:a8:e9:bd:ad:62:99:07:a0:c7:86:de:8e:
                    15:c5:06:dd:a6:47:3c:04:5c:ea:a6:48:b9:01:77:
                    6d:c2:1b:a3:57:c4:10:e5:77:9c:29:76:e5:0a:67:
                    5e:aa:e5:a0:75:e5:24:81:cc:26:d0:ee:f0:85:11:
                    d6:20:e9:3e:d2:f9:49:a1:bc:de:df:2a:37:21:d6:
                    e5:38:69:79:05:c9:87:00:07:50:a7:ac:9f:bf:15:
                    5a:9d:3e:2a:e2:85:f0:e0:f0:3e:3f:ad:fe:ad:00:
                    28:08:3b:a2:05:9e:b9:56:c0:22:ed:26:67:1a:d8:
                    42:fe:73:12:d7:de:e7:78:ec:81:ea:f9:30:0d:1a:
                    35:f2:01:dc:9e:10:df:84:44:46:9c:02:9a:fb:15:
                    98:05:aa:6b:3f:fd:6b:d6:c8:9b:65:a1:41:7e:3d:
                    80:4f:e3:d9:06:55:8a:d2:ec:1e:13:3f:28:a7:95:
                    f4:57:53:79:7f:21:4c:06:1c:7a:c4:dd:03:60:08:
                    2e:33:55:c2:8f:cc:61:66:a0:48:a6:81:87:53:a6:
                    58:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:75:82:9D:A6:E8:72:97:48:0E:CB:B7:43:2A:66:B6:B4:8E:B4:9B
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/SXWCnabocpdIDsu3QypmtrSOtJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.141.0/24
                  45.133.143.0/24
                  193.39.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:b7:cc:d8:ac:73:67:cf:91:de:29:51:b9:a1:db:b0:54:92:
         83:69:05:a7:0e:fc:48:fc:2d:44:61:3b:fc:6e:98:7e:31:a1:
         bb:df:c4:ec:eb:f7:52:53:6b:31:33:83:b6:5f:88:87:ba:ec:
         ab:7b:ae:96:04:53:01:84:a5:79:c2:9c:02:1a:25:53:8f:45:
         7d:20:a0:1d:38:95:42:f3:5c:ec:11:14:80:00:9d:a9:d2:cb:
         31:64:a5:74:85:a3:3f:a2:db:4b:bb:17:cc:fc:c9:23:5a:5f:
         32:70:51:ec:87:e3:19:d9:b3:f2:10:99:80:a2:4d:f1:fd:d5:
         52:02:ca:aa:74:e7:33:fd:bb:b1:e5:7d:60:61:83:3f:8e:1c:
         86:71:12:72:2b:ab:a4:f2:f1:63:3d:2c:e5:b6:2f:7e:d2:23:
         cf:f0:f3:0a:07:f2:fd:2e:2b:e0:4a:1e:14:09:67:2d:cf:e2:
         30:21:3b:4e:28:de:7b:aa:75:8b:5d:ee:71:87:41:0e:b7:63:
         46:13:7b:9c:41:f6:57:2f:c6:d5:7d:37:c1:50:9f:1e:c3:e1:
         f9:39:63:53:5f:75:26:e1:fc:59:be:49:11:60:22:9f:45:b9:
         a8:1f:0f:70:0a:c1:c9:38:ef:eb:e0:54:a0:a2:99:c9:f4:91:
         47:3a:8b:82
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY9i7qBUzraQZycdNMjyGmELMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjQwNTEwMTQzNTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTc1ODI5ZGE2ZTg3Mjk3NDgwZWNiYjc0MzJhNjZiNmI0OGViNDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5cmexyTVED6aNpvzuTAXoQtFP4u3
t9t3Lz1BDdNDR3QumaEKUCSzrGXxJkS9b/eo6b2tYpkHoMeG3o4VxQbdpkc8BFzq
pki5AXdtwhujV8QQ5XecKXblCmdequWgdeUkgcwm0O7whRHWIOk+0vlJobze3yo3
IdblOGl5BcmHAAdQp6yfvxVanT4q4oXw4PA+P63+rQAoCDuiBZ65VsAi7SZnGthC
/nMS197neOyB6vkwDRo18gHcnhDfhERGnAKa+xWYBaprP/1r1sibZaFBfj2AT+PZ
BlWK0uweEz8op5X0V1N5fyFMBhx6xN0DYAguM1XCj8xhZqBIpoGHU6ZYOQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEl1gp2m6HKXSA7Lt0MqZra0jrSbMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvU1hXQ25hYm9jcGRJRHN1M1F5cG10clNPdEpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALYWNAwQA
LYWPAwQAwSfXMA0GCSqGSIb3DQEBCwUAA4IBAQArt8zYrHNnz5HeKVG5oduwVJKD
aQWnDvxI/C1EYTv8bph+MaG738Ts6/dSU2sxM4O2X4iHuuyre66WBFMBhKV5wpwC
GiVTj0V9IKAdOJVC81zsERSAAJ2p0ssxZKV0haM/ottLuxfM/MkjWl8ycFHsh+MZ
2bPyEJmAok3x/dVSAsqqdOcz/bux5X1gYYM/jhyGcRJyK6uk8vFjPSzlti9+0iPP
8PMKB/L9LivgSh4UCWctz+IwITtOKN57qnWLXe5xh0EOt2NGE3ucQfZXL8bVfTfB
UJ8ew+H5OWNTX3Um4fxZvkkRYCKfRbmoHw9wCsHJOO/r4FSgopnJ9JFHOouC
-----END CERTIFICATE-----