Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/c6e217-03ff-4396-adfe-255f0c51bbe0/1/SwR7oupgf4ZtTS_v6AxFdA9WYeA.roa
File:                     SwR7oupgf4ZtTS_v6AxFdA9WYeA.roa (raw, json)
Hash identifier:          SbcNKyTEo9cNqRKmQbVgwRcEt5xPe/S7oDYl+DJNPLE=
Subject key identifier:   4B:04:7B:A2:EA:60:7F:86:6D:4D:2F:EF:E8:0C:45:74:0F:56:61:E0
Certificate issuer:       /CN=043692f2a1d1bc76ff7f9d29091beda08b7bc96c
Certificate serial:       018CC26D24CE6CA2051AF8E0175D8804362A
Authority key identifier: 04:36:92:F2:A1:D1:BC:76:FF:7F:9D:29:09:1B:ED:A0:8B:7B:C9:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BDaS8qHRvHb_f50pCRvtoIt7yWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/c6e217-03ff-4396-adfe-255f0c51bbe0/1/SwR7oupgf4ZtTS_v6AxFdA9WYeA.roa
Signing time:             Mon 01 Jan 2024 00:29:41 +0000
ROA not before:           Mon 01 Jan 2024 00:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204969
IP address blocks:        185.234.104.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/c6e217-03ff-4396-adfe-255f0c51bbe0/1/BDaS8qHRvHb_f50pCRvtoIt7yWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/c6e217-03ff-4396-adfe-255f0c51bbe0/1/BDaS8qHRvHb_f50pCRvtoIt7yWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BDaS8qHRvHb_f50pCRvtoIt7yWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 22:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:24:ce:6c:a2:05:1a:f8:e0:17:5d:88:04:36:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=043692f2a1d1bc76ff7f9d29091beda08b7bc96c
        Validity
            Not Before: Jan  1 00:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b047ba2ea607f866d4d2fefe80c45740f5661e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:af:a0:b4:74:e1:99:c3:29:f5:d7:63:a7:83:
                    05:83:1f:c1:9a:d6:ec:be:8f:0f:3d:fd:3a:21:c2:
                    76:59:09:47:93:a1:49:d6:b9:ab:07:40:92:2e:5c:
                    18:d6:5c:5a:3e:6c:17:63:ab:83:74:0a:f0:02:7c:
                    28:ca:27:72:39:14:8b:dc:81:e0:87:3f:1d:5a:df:
                    35:69:20:ba:32:99:ad:db:99:92:bf:53:86:12:f2:
                    8d:66:4c:06:8f:41:ad:31:8e:d3:c1:15:c3:38:06:
                    06:ca:62:35:4b:21:89:85:d3:2a:54:05:6d:a9:0f:
                    80:4b:00:56:53:20:78:14:16:c7:18:bb:60:92:01:
                    59:e8:fa:d3:8a:10:31:ac:d9:0d:5a:c1:c9:e5:42:
                    1a:87:aa:a5:a8:25:d4:62:51:86:b5:c9:44:f7:f7:
                    32:c7:28:d1:dd:25:e4:5d:78:4d:97:17:2a:38:b9:
                    37:db:27:56:f6:30:bf:c1:89:e8:5e:59:16:c6:40:
                    0f:ff:18:f2:d9:90:99:37:19:f2:54:cd:0e:50:7d:
                    73:c8:98:8b:4c:e6:ab:b6:f7:96:b5:d1:90:2f:59:
                    6b:5f:fe:39:8f:14:4c:fd:d6:7a:8e:08:7a:e8:ac:
                    99:08:63:56:c0:f0:33:b6:79:25:b6:72:28:0c:bb:
                    ec:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:04:7B:A2:EA:60:7F:86:6D:4D:2F:EF:E8:0C:45:74:0F:56:61:E0
            X509v3 Authority Key Identifier:
                keyid:04:36:92:F2:A1:D1:BC:76:FF:7F:9D:29:09:1B:ED:A0:8B:7B:C9:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BDaS8qHRvHb_f50pCRvtoIt7yWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/c6e217-03ff-4396-adfe-255f0c51bbe0/1/SwR7oupgf4ZtTS_v6AxFdA9WYeA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/c6e217-03ff-4396-adfe-255f0c51bbe0/1/BDaS8qHRvHb_f50pCRvtoIt7yWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:0a:69:fb:0f:9d:76:f6:66:9e:af:1f:86:2d:5c:c9:0c:9f:
         49:0d:b7:f1:64:4f:0c:b2:68:0b:d2:ad:eb:f7:8e:5d:a3:ea:
         01:7d:dd:4d:8f:07:60:60:29:0c:da:57:48:d4:56:01:7e:f4:
         08:b1:93:2f:71:15:78:f4:3b:69:6d:c5:02:b6:e0:7d:75:c1:
         ea:18:c6:fa:be:48:bc:64:db:87:a1:db:85:32:fc:fa:2e:0b:
         46:42:7f:74:16:d5:1c:d5:7e:91:fe:61:dc:91:7c:ce:ea:e3:
         8c:ec:1f:25:21:76:a0:3d:f5:6e:45:f1:7c:e1:d0:d1:1c:a1:
         29:2d:64:d2:71:16:79:be:87:3e:a9:f5:88:5c:22:c4:c2:57:
         51:b1:48:52:ac:ac:5c:9c:47:0f:3f:0f:3d:f1:22:ba:82:4d:
         db:8a:4e:48:1c:9c:35:43:74:7b:69:bc:51:4a:f4:3e:40:6b:
         2e:1a:5d:b6:8e:fc:d2:32:0e:3f:cb:13:23:31:3c:e6:0e:ed:
         a7:17:e4:b4:44:78:a4:b0:a6:88:0c:06:27:ed:db:b2:8a:6c:
         15:96:83:83:e8:d9:4e:06:b2:a9:22:b6:4a:ac:87:99:75:e8:
         1a:d0:3e:5c:df:af:41:f7:df:15:40:59:b4:41:6e:da:1d:d3:
         fd:40:21:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSTObKIFGvjgF12IBDYqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0MzY5MmYyYTFkMWJjNzZmZjdmOWQyOTA5MWJlZGEwOGI3
YmM5NmMwHhcNMjQwMTAxMDAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjA0N2JhMmVhNjA3Zjg2NmQ0ZDJmZWZlODBjNDU3NDBmNTY2MWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArK+gtHThmcMp9ddjp4MFgx/Bmtbs
vo8PPf06IcJ2WQlHk6FJ1rmrB0CSLlwY1lxaPmwXY6uDdArwAnwoyidyORSL3IHg
hz8dWt81aSC6Mpmt25mSv1OGEvKNZkwGj0GtMY7TwRXDOAYGymI1SyGJhdMqVAVt
qQ+ASwBWUyB4FBbHGLtgkgFZ6PrTihAxrNkNWsHJ5UIah6qlqCXUYlGGtclE9/cy
xyjR3SXkXXhNlxcqOLk32ydW9jC/wYnoXlkWxkAP/xjy2ZCZNxnyVM0OUH1zyJiL
TOartveWtdGQL1lrX/45jxRM/dZ6jgh66KyZCGNWwPAztnkltnIoDLvs8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEsEe6LqYH+GbU0v7+gMRXQPVmHgMB8GA1UdIwQY
MBaAFAQ2kvKh0bx2/3+dKQkb7aCLe8lsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkRhUzhxSFJ2SGJfZjUwcENSdnRvSXQ3eVd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9jNmUyMTctMDNmZi00Mzk2LWFkZmUt
MjU1ZjBjNTFiYmUwLzEvU3dSN291cGdmNFp0VFNfdjZBeEZkQTlXWWVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9jNmUyMTctMDNmZi00Mzk2LWFkZmUtMjU1ZjBjNTFiYmUw
LzEvQkRhUzhxSFJ2SGJfZjUwcENSdnRvSXQ3eVd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuepoMA0G
CSqGSIb3DQEBCwUAA4IBAQBxCmn7D5129maerx+GLVzJDJ9JDbfxZE8MsmgL0q3r
945do+oBfd1NjwdgYCkM2ldI1FYBfvQIsZMvcRV49DtpbcUCtuB9dcHqGMb6vki8
ZNuHoduFMvz6LgtGQn90FtUc1X6R/mHckXzO6uOM7B8lIXagPfVuRfF84dDRHKEp
LWTScRZ5voc+qfWIXCLEwldRsUhSrKxcnEcPPw898SK6gk3bik5IHJw1Q3R7abxR
SvQ+QGsuGl22jvzSMg4/yxMjMTzmDu2nF+S0RHiksKaIDAYn7duyimwVloOD6NlO
BrKpIrZKrIeZdega0D5c369B998VQFm0QW7aHdP9QCF/
-----END CERTIFICATE-----